Just as the dust was beginning to settle from last year’s massive data breach at Target stores that exposed about 40M credit and debit cards, the industry is reeling from an even larger breach. Home Depot stores have confirmed that about 56M payment cards have been exposed through an attack on their POS system during April-September 2014. The Home Depot credit card breach has, according to Home Depot, only affected customers who purchased in-store and not those who purchased online.
What we learned from the Target data breach is that certain major issuers, in this case Chase and Capital One, among others, will proactively be reissuing cards to anyone who may have had their accounts exposed. Other card issuers will take a wait-and-see approach, preferring to reissue only upon detecting fraudulent activity on an account rather than incurring the expense to them of about $10 per reissued card.
Luckily for recurring merchants taking advantage of account updater services, both Chase and Capital One participate in the program. However, we can still expect to see the same trends we saw with the previous breach, but on a much greater scale – an increase in hard declined cards, including Lost/Stolen and Invalid Account; an increase in the catchall decline code of Do Not Honor; a spike in the volume of accounts running through and being updated through account updater. Merchants with a high portion of debit cards in their portfolio might see an increase in insufficient funds declines. Based on the Target breach, certain debit issuers reduced the amount allowable for debit cards to be billed in a given time period. The net result for recurring merchants is expected to […]