Fallout from Target's Data Breach Felt Industrywide
Written by Joe Keenan
Feb 19, 2014
The retail industry has been buzzing lately with talk of data security following the high-profile breaches suffered by Target, Neiman Marcus, Michaels and others. While those companies were directly affected, the entire retail industry is dealing with the fallout.
Here are some of the repercussions for all retailers following this recent spate of data breaches:
Tougher Standards for Data Security
U.S. Senators Dianne Feinstein (D-Calif.), John Rockefeller (D-W. Va.), Mark Pryor (D-Ark.) and Bill Nelson (D-Fla.) introduced legislation in late January that would create federal standards for securing personal information and for quickly notifying consumers in the event of a data breach. The Data Security and Breach Notification Act addresses security vulnerabilities that were exploited by cybercriminals in the recent data breaches, resulting in over a hundred million U.S. consumers being left vulnerable to identify theft and security fraud.
The bill would establish security standards for databases, which the Federal Trade Commission (FTC) would be responsible for enforcing. Standards such as the following:
- Require breach notification to potentially affected consumers in a timely manner.
- Increase the use of technology to combat hackers; for instance, encryption software that would render stolen customer data unusable.
- Strengthen law enforcement efforts to curtail data theft by having the FTC and state Attorneys General work together to enforce the law.
Fast Tracking of "Chip-and-PIN" Payment Cards
The National Retail Federation, among others, is leading the charge for retailers to replace today's outdated, easy-to-hack, magnetic stripe credit cards with cards that store data in an embedded computer microchip and require the use of a PIN rather than a signature. Chip-and-PIN technology is widely used throughout Europe, Asia and Africa.
The downside for retailers in implementing chip-and-PIN technology? It's expensive.
Photo courtesy of The Washington Post
However, after being burned this past holiday season with the biggest of the data breaches, Target is making the switch. Target's CFO testified before the Senate Judiciary Committee earlier this month that the retailer will speed up its implementation of the more secure chip system (at a price tag of roughly $100 million) to have it ready by early 2015.
Decline of Loyalty Programs
One of the most damaging consequences to emerge from the recent data breaches is that consumers are less likely to share personal information (e.g., an email address) with brands. Retailers rely on customer participation in loyalty programs to drive sales and to inform future marketing efforts. Loyalty programs across the industry have been compromised by a lack of trust amongst consumers in retailers being able to keep their data safe and out of the hands of criminals.
Target is just now beginning to experience what TJX Companies (parent company of T.J. Maxx, Marshalls and Home Goods) went through following its well-publicized data breach in 2007. It's safe to assume Target will incur sizable fines and legal costs in the coming months related to the breach, including settlements with victims, not to mention lost sales and customer good will.
Furthermore, lower usage among its current loyalty cardholders as well as fewer sign-ups in the program going forward will diminish future earnings.
Data security has always been an important consideration for retailers, but never more so than now. Take a long, hard look at your company's security policies, procedures and systems to see where improvements are needed. Your future may well depend on it.
Related security articles