Executives at Target and Neiman Marcus are reeling from breaks in data security systems that compromised millions of customers’ credit and debit card records. Now Michaels Stores is investigating a possible breach of payment network data. The U.S.
Federal Bureau of Investigation has reviewed 20 incidents over the past year similar to these recent security violations, according to Reuters, and has warned retailers to expect more attacks.
Retail TouchPoints unveiled exclusive insights specifically on the Target and Neiman Marcus breaches, based on Q&A interviews with two financial market experts:
- Rick Oglesby, Senior Analyst, Aite Group, a consulting firm specializing in the payments industry, and
- Chris Wang, Owner and Portfolio Manager, Runnymede Capital Management.
RTP: What are the near and far implications on retailers of the Target and Neiman Marcus security breaches?
Oglesby: The biggest implications are the potential brand impacts. Target and Neiman Marcus will suffer short term financial impacts that are directly related to the cost of the breach and associated clean-up, but the impact that has the most potential to be long-lasting is that to the brand and the potential that customers will be more hesitant to shop at these businesses moving forward. This is something that every retailer needs to keep in mind: When you are a target (no pun intended) of organized crime, getting “hit” can have much more significant impacts than just the cost of the fraud itself. Target and Neiman Marcus probably will survive this and thrive in the future, but a lot of merchants would not.
Wang: The negative headlines definitely have a short term impact on sales and Target has admitted to a poor holiday season. Neiman seems to have lucked out as the media hasn’t covered their data leak nearly as closely as Target’s. My wife just received a notice and it appears that anyone that shopped in Neiman stores in 2013 may have had their data exposed. Their breach actually sounds like it could have been much worse than Target. Overall both companies have established brand recognition. Consumers tend to have short memories and will likely return quickly.
RTP: What do these breaches mean to the retail industry as a whole?
Oglesby: It’s an eye-opener for most. Retailers need to realize that they are prime targets for international organized crime and they need to protect themselves accordingly. Fraud rings are equal opportunity thieves: They will steal from anyone who has security vulnerabilities.
Wang: Cybercrime is on the rise and the industry must do its best to stay a step ahead of the criminals. Retailers, banks and processing companies need to work together to strengthen the security of their systems to prevent further breaches.
RTP: News of the recent breaches brings renewed attention to the value of chip-and-pin-based credit cards. A recent WSJ article noted Target’s decision 10 years ago to end a move towards chip-based credit cards. Reportedly some Target executives “worried the technology slowed checkout speeds and didn’t offer enough marketing benefits. Since then, retailers and banks have been caught in a chicken-and-egg dilemma with retailers reluctant to invest billions of dollars on the needed infrastructure unless banks commit to spending the billions of dollars needed to issue the new cards.” Comments?
Oglesby: For merchants, there has been a zero business case for chip cards because the banks shoulder most of the fraud losses where chip cards are relevant. There are also downsides for merchants, as stated in the WSJ article. However, all of this is changing due to increased counterfeit card fraud in the
RTP: What significant and dramatic steps can/should Target and Neiman Marcus take to regain consumer confidence?
Oglesby: They obviously need to do something very public on security. I believe that chip card support is the most public thing they can do and it seems therefore to be a likely candidate. However, chip cards would not have prevented the breaches: Chip cards are effective at preventing counterfeit cards from being made/used. The breaches at Target and Neiman Marcus weren’t about counterfeit cards ― they were about having legitimate card numbers stolen from their computer systems. Organized fraud rings must execute their strategies in two steps: 1) steal card data, and 2) use the data to make purchases. Chip cards are effective at making Step 2 more difficult, but they have little effect on Step 1, which is what happened at Target and Neiman Marcus.
Regardless, both breaches may serve as accelerants towards chip card adoption in the
For more on the recent data breaches and their effect on the retail industry, click here to read the article, titled: Trend Watch: Data Security And Its Impact On Retail Innovation In 2014.