I ran across this article online the other day — its from NBC news and it talks about the data breach at Target, Neiman’s and Michael’s last month. Everyone has heard about it by now, although the finally tally on the card numbers compromised in the breach may never be revealed, and probably shouldn’t be; the battle between credit card fraudsters and merchant data security has been raging since the beginning of time as we know it on the internet, so giving would-be thieves ideas is as bad as giving real thieves too much credit.
Main street retailers are easier targets than big department stores, mostly because they tend to use older, less secure, equipment that can be compromised either physically or via wired/wireless communications, and are a lot less likely to realize they’ve been targeted since the number of cards compromised would be miniscule compared to the Target situation. But given the sheer number of cards being run through the big systems, that has its own reward as well.
Crooks don’t want retailers to know they’re in jeopardy; keeping a low profile is the preferred method of continuing to keep one’s hand in the proverbial cookie jar, and the banks haven’t been all that forceful with the US merchants in forcing them to upgrade their systems to Chip and PIN instead of stripe and signature. That is most likely about to change, and the rumbling of an impending 2015 deadline that’s been making noise for several months will more than likely prove to be true. This poses an issuing bank problem as well, since all their issued cards will need to be swapped over to Chip and PIN as well, and that’s going to cost big bucks to replace cards that are just getting replaced now because of the breach. In the end, consumers will foot the bill if they want to keep the convenience of credit and debit card usage as it is.
Alternative billing mechanisms such as Square and Paypal card readers won’t be any good with Chip and PIN, those transactions will have to be sorted into some other, as yet un-designed and implemented bit of kit for the smallest of the small merchants doing retail or face to face business. ATM’s will all need to be replaced or upgraded as well. So it’s really a massive undertaking when you get down to it.
Which doesn’t really offer a good counter to the fact that somewhere in the neighborhood of 100 million credit cards that we know about have been compromised and I’d be willing to take wagers that it’s more like double that amount, and there are large retailers who have no idea yet they’ve been hit, or if they do, are trying their best to keep it on the down low. And their banks and terminal companies are in league with them to keep it quiet for as long as possible. This is the kind of thing that fires up a Congressional investigation and doesn’t allow for much brand protection on the part of the Visa and Mastercard issuers in the US.
Smart merchants should begin to look at any and every alternative available to them – Google Wallet, Apple’s possible transition of Passbook into a wallet, any other method of transacting without physically taking a stripe card and swiping it in a terminal. If merchants are going to have to get new terminals, they should start researching what other features they’d like to have in them before crunch time comes and they’re forced to make a snap decision that might not be the best for their situation.
We’ll stay on this in the upcoming months as the data breach story continues to develop and other players start announcing their payments intentions. It’s unavoidable given the scale of the data that’s been compromised and the cost to cover it up.