Retailers Fear More Target-Like Customer Data Breaches

Target is reeling from a data heist perpetrated at the peak of holiday shopping season. Could other big retailers like Wal-Mart and Costco be next?

Jan 28, 2014 at 3:08PM

We've all heard the news, and after the initial panic had started to relax. But now, a new report suggests that 70 million additional customers may be affected by the Target (NYSE:TGT) data breach at the peak of the Christmas shopping season, Nov. 27 to Dec. 15.

According to Reuters, the FBI just sent a confidential memo to retailers warning them of more malware-based data breach shenanigans on the horizon. Here's the issue. If hackers can use a "memory-parsing" malware to steal sensitive customer data from Target, the number three retailer in the U.S., in all likelihood, they'll also go after other leading retailers, like Wal-Mart (NYSE:WMT) or Costco (NASDAQ: COST)

Most retailers were already nervous wondering if they would be the next Target, suffering a malicious cyber attack that compromises millions of customers' data and damages their bottom lines. The last big breach in 2007 cost the TJX Companies (NYSE:TJX) $130 million due to investigation costs and having to make legal settlements with banks, card issuers, and customers who joined class action filings. 

Target

PIN and chip security
In fact, the National Retail Federation, the industry's largest advocacy group, just sent a letter to Congress on Jan. 21 pushing for banks to adopt credit card security technologies that are tougher to crack. In the letter, NRF President and CEO Matthew Shay sang the praises of European-type credit card security that utilizes "PIN and chip" technology instead of the U.S. method of magnetic strip and signature security. PIN and chip cards are also known as EMV (Europay, Mastercard, Visa) cards.

PINs, unlike signatures, can be encrypted so that data is extra secure even if criminal hackers access it. The letter pointed out that the U.K. had decreased fraud 70% by implementing this type of next-generation security, while in the U.S. credit card fraud is still on the rise.

According to Shay, this fraud cost retailers, along with their financial institutions, over $11 billion in 2012.

According to Verizon's 2013 Data Breach Investigations Report (DBIR), 24% of the data breaches took place in retail and restaurant environments. The DBIR also found that 92% of the attacks were by those outside a business. Hacking caused 52% of the breaches, while 40% also used some type of malware to perpetrate the data theft.

Cost of data breaches
In its 2013 Cost of Data Breach Study, the Ponemon Institute, an independent research group that studies privacy, data protection, and information security policy, found that malicious criminal cyber attacks cost U.S. companies about $277 per jeopardized record. Its research also indicated that a U.S. company could reduce the cost by $42 a record if it had an incidence response plan in place.

On the other hand, notifying victims and regulators within 30 days can actually increase the cost of the breach $37 per record for the company. Also, the cost goes up as the number of records affected by the data breach increases.

Unfortunately, with potentially 110 million compromised records, Target has a huge problem on it hands.

PI estimated the lost business cost averaged over $3 million for U.S. companies. This includes losing customers as a direct result of the breach, increased spending to replace those customers with new ones, and intangibles, such as loss of reputation and goodwill.

Obviously, the cost for Target will be much more and it could take some time to unravel the full impact of the breach. Some estimates are that the damage will run in the hundreds of millions once everything is settled, including class action suits. 

So why are retailers dragging their feet?
Many retailers have been nervous about the transition due to the cost of setting up a new credit card infrastructure. Javelin Strategy and Research estimates that the cost of implementing the EMV system would run $8.6 billion. Merchants would take on the bulk of the cost, $6.75 billion, for deploying new POS terminals. That's $400 to $600 per unit. The cost of issuing new cards would fall on card issuers and is estimated to run about $1.4 billion. $500 million would go toward updating ATMs to accept the new cards and ATM owners would cover this outlay. 

Card networks, like Visa and MasterCard, have set a deadline of October 2015 for retailers to migrate to the pin and chip system. Otherwise, they will hold the retailer liable for disputed credit card charges. 

It took Canada over seven years to implement the EMV, and the U.S. implementation is more complex. David Hogan, executive technology advisor for the National Retail Federation, predicts it could take 10 or more years in the U.S.

Wal-Mart leads the charge
In May of 2011, Wal-Mart's senior payment director, Jamie Henry, told a Smart Card Alliance audience that the number one retailer had already bought POS terminals equipped for EMV for its more than 4,000 stores in the U.S. As the leading retailer in the U.S., Wal-Mart has the financial resources to transition to the EMV.

Unfortunately, other retailers may not be in the same position, and the migration could take a bite out of earnings and profitability, adding substantial equipment and financing costs. Some retailers have already made equipment purchases; others have not.

The takeaway
So as you review company financials, factor in the extra expenses associated with the move to EMV, as well as any costs, like credit card fraud, that may decrease. Also be aware that if a company does not move to the EMV, it's taking on increased liability for credit card disputes and potential lawsuits associated with the liability of data breaches. 

Leading retailers quick to implement the next-generation security technologies should benefit from more customers and revenue later, especially if more high-profile cyber attacks come to light.

Another angle? Companies such as VeriFone (NYSE:PAY), a leading POS terminal provider, stand to benefit from increased investments in EMV. In fact, VeriFone's stock jumped 25% after the Target data breach. 

The next step
Want to figure out how to profit on business analysis like this? The key is to learn how to turn business insights into portfolio gold by taking your first steps as an investor. Those who wait on the sidelines are missing out on huge gains and putting their financial futures in jeopardy. In our brand-new special report, "Your Essential Guide to Start Investing Today," The Motley Fool's personal-finance experts show you what you need to get started, and even gives you access to some stocks to buy first. Click here to get your copy today -- it's absolutely free.

Fool contributor Chris Brantley has no position in any stocks mentioned. The Motley Fool recommends Costco Wholesale and Home Depot. The Motley Fool owns shares of Costco Wholesale. Try any of our Foolish newsletter services free for 30 days. We Fools may not all hold the same opinions, but we all believe that considering a diverse range of insights makes us better investors. The Motley Fool has a disclosure policy.

Money to your ears - A great FREE investing resource for you

The best way to get your regular dose of market and money insights is our suite of free podcasts ... what we like to think of as “binge-worthy finance.”

Feb 1, 2016 at 5:03PM

Whether we're in the midst of earnings season or riding out the market's lulls, you want to know the best strategies for your money.

And you'll want to go beyond the hype of screaming TV personalities, fear-mongering ads, and "analysis" from people who might have your email address ... but no track record of success.

In short, you want a voice of reason you can count on.

A 2015 Business Insider article titled, "11 websites to bookmark if you want to get rich," rated The Motley Fool as the #1 place online to get smarter about investing.

And one of the easiest, most enjoyable, most valuable ways to get your regular dose of market and money insights is our suite of free podcasts ... what we like to think of as "binge-worthy finance."

Whether you make it part of your daily commute or you save up and listen to a handful of episodes for your 50-mile bike rides or long soaks in a bubble bath (or both!), the podcasts make sense of your money.

And unlike so many who want to make the subjects of personal finance and investing complicated and scary, our podcasts are clear, insightful, and (yes, it's true) fun.

Our free suite of podcasts

Motley Fool Money features a team of our analysts discussing the week's top business and investing stories, interviews, and an inside look at the stocks on our radar. The show is also heard weekly on dozens of radio stations across the country.

The hosts of Motley Fool Answers challenge the conventional wisdom on life's biggest financial issues to reveal what you really need to know to make smart money moves.

David Gardner, co-founder of The Motley Fool, is among the most respected and trusted sources on investing. And he's the host of Rule Breaker Investing, in which he shares his insights into today's most innovative and disruptive companies ... and how to profit from them.

Market Foolery is our daily look at stocks in the news, as well as the top business and investing stories.

And Industry Focus offers a deeper dive into a specific industry and the stories making headlines. Healthcare, technology, energy, consumer goods, and other industries take turns in the spotlight.

They're all informative, entertaining, and eminently listenable. Rule Breaker Investing and Answers are timeless, so it's worth going back to and listening from the very start; the other three are focused more on today's events, so listen to the most recent first.

All are available for free at www.fool.com/podcasts.

If you're looking for a friendly voice ... with great advice on how to make the most of your money ... from a business with a lengthy track record of success ... in clear, compelling language ... I encourage you to give a listen to our free podcasts.

Head to www.fool.com/podcasts, give them a spin, and you can subscribe there (at iTunes, Stitcher, or our other partners) if you want to receive them regularly.

It's money to your ears.

 


Compare Brokers