Please ensure Javascript is enabled for purposes of website accessibility

Target's Biggest Problem May Not Be What You Think

By Rich Duprey - Dec 31, 2013 at 1:05PM

You’re reading a free article with opinions that may differ from The Motley Fool’s Premium Investing Services. Become a Motley Fool member today to get instant access to our top analyst recommendations, in-depth research, investing resources, and more. Learn More

The retailer's reputation will remain intact, but investors won't like what the hack attack has in store for them.

I was one of the 40 million people whose credit and debit card accounts were compromised by the massive hacking attack and theft at Target (TGT 1.13%). The sophisticated attack at the retailer occurred on Black Friday and included accounts that were used up to Dec. 15, compromising data from Target's own private-label REDcard, as well as major issuer brands including American Express, Visa, and MasterCard.

Warning signs
I got an inkling something was amiss in mid-December after receiving a bland, computer-generated call telling me I needed to talk to someone about my debit card account. Because the disembodied voice making the call didn't identify what institution it was from and the Caller ID was blank, I thought it more likely a scam, so I hung up and dialed my bank instead. They hadn't heard anything about a problem, but said if my card had been compromised a real, live person would have called and not some anonymous, computerized voice. 

I thought no more about it, even after Target's hacking attack made the news, until a week ago when I got a call from my bank -- from that real, live person they warned about -- telling me I was one of the lucky 40 million and they were immediately imposing a $300-a-day limit on purchases and cash withdrawals and issuing a new card. Coming as it did right before Christmas, that could have been a real hardship had I not already completed my holiday shopping, but the highly unusual move also indicated they saw something more damaging than just personal account information getting swiped. As Target has since admitted, encrypted PIN data was stolen.

A code worthy of DaVinci
Although the information is likely now for sale on some international, underground websites, because various fail-safe measures have been built into the system, the likelihood there will be any fraudulent activity on my account -- or that of any of the other 40 million victims -- is small.

As at retailers throughout the country, PIN numbers entered during a transaction at Target are encrypted at the keypad using the Triple Data Encryption Standard, or TDES, a process that codes the data three times at the point of entry. While the encrypted data is stored on Target's system, the key to decode the information is held at the payment processor. MasterCard previously mandated that all PIN-entry devices, including those at ATMs, had to be TDES compliant by April 2005, while Visa mandated compliance by July 2010. The prior once-only data encryption system was deemed too vulnerable to hacks, and merchants risked losing the ability to accept PIN transactions if they didn't meet the deadlines.

Hacked to the max
Although the Target data breach is large, it's not the biggest. That distinction belongs to TJX, the owner of discount stores T.J. Maxx, HomeGoods, and Marshalls, which in 2007 saw the theft of data from more than 90 million credit cards over an 18-month period. That episode could be instructive for how it will impact Target, because while the actual losses were small, it cost the retailer more than $100 million in investigation costs, security system upgrades, customer communications, and legal fees, and some $1.6 billion over the lifetime of the case.

Yet there are important differences between the two hack attacks beyond the size of the theft. Foremost was that TJX stored unencrypted personal account data on its system, and then when the breach was discovered, it waited a whole month before alerting customers. No, the real problem for Target will come at earnings time when all the money it thought it generated from Christmas sales will have evaporated to cover the costs of this debacle.

Trailing revenues through Nov. 2 had only been up 2.7% over the same period in 2012, and analysts are expecting current-quarter revenues to fall 2.6% below the year-ago quarter. 

Fortunately, while its REDcard accounts for about 5% of its total revenues, because the crime also took in major credit card companies too, it's unlikely to cause consumers to stop using the private-label cards or even hold it again Target. TJX, after all, which was much more cavalier with its response to the theft, continued on without any apparent significant backlash. 

Cash on the barrelhead
Sadly, in a world of electronic and online transactions, such hacking and theft is almost expected by consumers, and giant corporations including AT&T, BJ's Wholesale Club, and DSW have all fallen victim to such attacks. Perhaps the latest incident, though, will spur the industry to advance to more state-of-the-art technology, such as chips on cards rather than magnetic stripes. 

Until then, though, unless you're willing to go back to an all-cash society (not a bad idea, really, considering this country's massive consumer debt load), hack attacks and theft will just be a part of our everyday reality. Target's reality will be a lump of coal in its Christmas-sales stocking  -- and for some time to come thereafter.

Invest Smarter with The Motley Fool

Join Over 1 Million Premium Members Receiving…

  • New Stock Picks Each Month
  • Detailed Analysis of Companies
  • Model Portfolios
  • Live Streaming During Market Hours
  • And Much More
Get Started Now

Stocks Mentioned

Target Corporation Stock Quote
Target Corporation
$219.73 (1.13%) $2.46

*Average returns of all recommendations since inception. Cost basis and return based on previous market day close.

Related Articles

Motley Fool Returns

Motley Fool Stock Advisor

Market-beating stocks from our award-winning service.

Stock Advisor Returns
S&P 500 Returns

Calculated by average return of all stock recommendations since inception of the Stock Advisor service in February of 2002. Returns as of 05/16/2022.

Discounted offers are only available to new members. Stock Advisor list price is $199 per year.

Premium Investing Services

Invest better with The Motley Fool. Get stock recommendations, portfolio guidance, and more from The Motley Fool's premium services.