Data breaches may accelerate move to new technology

by. Glen Sarvady

If you’re looking for the gory details of the recent customer data breaches at Target and Neiman Marcus, there are countless sources that continue to provide blow-by-blow accounts.

The ubiquity of their coverage is largely my point.

Very few outside this industry are aware of the 2008 Heartland Payment Systems breach, while a reference to the T.J. Maxx breach from 2007 might register a glimmer of recognition. By contrast, everyone knows about the Target fiasco. There are likely many reasons for this including the increased disclosure requirements, a growing awareness of data security issues, and the prominence of these retailers in the retail landscape. This leads to a couple of observations:

Data breaches are almost always worse then first thought

Last Friday, Neiman Marcus announced that its breach was more severe than initially reported; Target had done the same a couple of weeks earlier. These revisions were about as inevitable as the Miami Heat’s prospects for a winning season. The first rule of crisis management is to reveal all the bad news at once, as promptly as possible. Unfortunately, this goal is at odds with the legal obligation to disclose breach info as soon as it is known. Initial awareness almost inevitably uncovers only the tip of the iceberg, while subsequent disclosures chip away at the victim’s credibility. I feel for these companies. I’m reminded of the counter-terrorism line: they have to get it right every time; the bad guys need only get it right once.

This paves the way for a chip-and-PIN technology push

These incidents have provided the hook for general media coverage of chip and PIN technology, explaining how most of the developed world has moved on to a more secure card solution. Chip and PIN adoption in the US has been painfully slow, for logical reasons- chief among them the exorbitant cost for merchants large and small to replace all of its card terminals (a cost that exceeds fraud loss exposure over the short and medium term). Large retailers have also voiced concerns over potential slowdowns at checkout under the new technology, and early adopters of the new cards face the risk of incompatibility at old-school merchants.

continue reading »