Is Your Credit Card Reader A Ticking Time Bomb?

Data breach, identity protection, customer security – these are terms that never concerned business owners and marketers much. The breaches that large retailers and restaurants like Target, PF Chang, Neiman Marcus, Zappos, and other brands like Evernote, Living Social, LinkedIn, and Adobe suffered last year have impacted the way consumers are interacting with brands. Security is no longer only a worry for the chief information officer (CIO) or chief technology officer (CTO).

The challenge for businesses is not making sure the CTO has bought the latest firewalls and verified all third-party vendors; the real issue is that today it is not if your brand will be breached but only when it will be breached.
More importantly, businesses have a new deadline to make sure their credit card readers fix a critical vulnerability by October 1st, 2015. If you don’t you could be increase your liability substantially. Banks are in the process of replacing all their customers’ cards with new ones that have added security chips

along with the magnetic stripes. Businesses will be required to have new readers to process the information on those chips.

According to the Washington Post, a survey by Manta,  with almost four months before the deadline, more than 28 percent of small business owners who process payment cards are not even aware of the new technology or how it affects their business. Of those who did accept cards, the majority did not even know about the new payment technology, or why they needed to install it, the survey found. More than 16 percent of owners also said they had not seen customers using the new chip cards.

“For some small business owners, the cost of the new technology could be a potential burden, though prices have fallen sharply as competition has ramped up. Ortega said businesses that rely on more sophisticated point-of-sale systems, with multiple locations, could be harder hit. She estimates that switching over to a new reader would only cost her a few hundred dollars.”

The Target breach that affected nearly 30 percent of all Americans has been keeping their CMO Jeffrey Jones up at night. Target’s data breach enabled the theft of millions of customers’ payment information had lowered fourth-quarter profit down 46 percent. The final cost will be significant but no one can quantify the exact damage to the brand. No amount of marketing or PR is going to change the anxiety that customers feel when they walk into the store and think about paying with their credit card for fear of paying with their identities being stolen. Cashiers can see and hear the anxiety but of course online marketers will never observe it.

Even before the Target breach and the NSA eavesdropping allegations, 66 percent of consumers expressed concern about identity theft, if the data they share with business is compromised. According to the Washington Post, Target has spent $61 million to cover costs associated with the breach, including the cost of providing credit monitoring services to its customers. Even the choice of credit monitoring may have an impact on the Target brand. Target chose to offer a service from the same company that sells customers’ data (Target happens to be one of their large customers as well) to also protect their customers’ data. Something about that just doesn’t seem right. In fact, Consumer Reports severely criticized Target’s Experian offering by saying that the retailer’s free credit monitoring could give you a false sense of security and the offering just seems a way for Experian to upsell additional services. They have not been the only ones to criticize Experian’s credit monitoring service; the community at the University of Maryland was shocked at what they found was going on:

“The retailer said it couldn’t provide an estimate of how much the breach would ultimately cost because of an ongoing government investigation.

If the government’s probe finds Target at fault for not complying with industry-specific security standards, the company faces fines in the range of $400 million to $1.1 billion, according to an estimate by Jefferies, an equity research company. That figure did not include lost sales or customer goodwill, the firm said.”

To understand how much the retailer stands to lose, analysts point to the 2007 attack that hit TJX, of more than 45 million customers by exploiting an unsecured wireless network. TJX’s initial estimates put the damage at about $25 million, but once the dust settled, the company ended up paying more than $250 million.

What will this mean if a retailer is found to not have upgraded their technology by the deadline?

Bo Holland, CEO of security firm AllClearID (who offers a solution), suggests, “Brands have the opportunity to stand out for proactively addressing it, and those who do not will very soon be far behind. Align your brand with the changing consumer mindset and be a leader in customer security.”

Have you checked to make sure you reader can handle these new chip enabled cards?