An estimated 1.1M customers have had their personal and financial information compromised, thanks to the security breach via the malware now known as BlackPOS at Target, Neiman Marcus, Michael’s, and potentially other retailers. That number could climb as additional retailers come forward.
The impact could be long-reaching for consumers, merchants, and financial institutions. Target may be on the hook for fines anywhere from $400M-1B, not to mention potential lost revenue as consumer confidence wanes and usage of the Target labeled cards decreases. The consumer confidence issue is something that could impact other retailers, too. As fears of privacy mount, consumers are less likely to make purchases in stores, online, and via mobile devices. Financial institutions are already bearing a brunt of the cost as they are reissuing cards, to the tune of $10 per card reissued. So far, about 15.1M cards have been reissued for a cost of $150M. They also stand to lose some revenue as consumers revert to cash for more purchases and save their credit cards for higher ticket items only.
Every player has skin in the game here, but one solution that is being touted by the card associations as providing much more security for brick and mortar stores could actually open up online and CNP merchants to additional fraud. EMV (Europay,MasterCard, and Visa) chip technology (also called chip and PIN) has been in use in Europe and other industrialized nations for more than 20 years. While it has proven effective at reducing fraud at the point of sale, CNP fraud has increased with the adoption of EMV. Fraudsters are more able to get fraudulent transactions through in a card not present space with chip cards than they are in person, thereby driving these fraudsters online. Visa has set a deadline of October 2015 for merchants in the US to be EMV-enabled, or pay the consequences of fraudulent transactions. As this deadline is approaching, it behooves CNP merchants to evaluate their fraud prevention tactics to ensure they are using all of the best practices and tools at their disposal.