Card-related financial fraud continues to make more and more headlines, even as we get closer to EMV™ migration. Companies such as Apple, Home Depot, Target and K-Mart fell victim to major breaches, leaking sensitive items from private photos to customer account information. However, these attacks are not limited to merchants. JP Morgan Chase announced this summer that it was a victim of a cyber-attack that compromised the account data of more than 76 million households.
The costs from such attacks continue to mount. Annual costs of card fraud in the United States alone are estimated at $8.6 billion per year, a figure expected to rise to $10 billion or more in 2015, especially if the U.S. does not make significant progress with chip card adoption.
A (Cyber) Run on the Banks
A (Cyber) run on the Banks via EMV credit card fraud
As the October 2015 Payment Networks’ Liability Shift associated with EMV chip cards looms near, hackers seem to be increasing their breach attempts. According to a recent Ponemon Institute (P.I.) study, a staggering 43% of companies have experienced a data breach in the past year. That’s up 10% from the previous year and expected to increase. What could be causing the uptick? Fraudsters understand that when EMV compliance saturates the market, it will be a different landscape and therefore harder to breach and harder to hack and use sensitive information. In the meantime, hackers are now trying to take full advantage of the current infrastructure.
The industry has begun to address security breaches more seriously as the cost of dealing with each one climbs. This year, the average cost is $3.5 million, up 15% from last year, according to P.I. Those numbers may be low, however, as it can be hard to tell what consumers think following a breach. If customers change their spending habits or merchants of choice due to a breach, the losses can be far more damaging.
Who to Blame? The Non-Compliant Merchant, or the Bank?
Some consumers blame the merchant they were shopping at in the event of a breach. A smaller percentage blames their financial institution. At the present moment, it is difficult to gauge whether breaches will ultimately affect their spending habits. Fortunately for financial institutions and merchants alike, those spending habits haven’t changed so far. With the recent flood of security hacking, it seems that consumers actually are becoming apathetic to breaches. According to research on the topic of consumer attitude towards fraud and privacy, most consumers do not even change their password in the wake of a security breach. Most respond that they are “very concerned” with security breaches but still prefer to swipe their plastic as opposed to paying in cash.
It’s no surprise, however, that consumers don’t want to shop at merchants they believe do not take their private information seriously. To fight that concern, consumers should be reminded that they are protected from card fraud losses by the financial institutions their cards are issued from – a significant consumer benefit. In fact, card issuers take responsibility for the large majority of fraud exposure and often foot the bill of reissuing to prevent further losses associated with compromised account numbers.
Retailers, like Target, offered discounts to their customers to show they are committed to consumer privacy and protection. Others, like Home Depot, have offered credit monitoring to help consumers catch fraud if it occurs due to their security breach. The question of if and to what degree consumers will avoid merchants associated with breaches remains outstanding, but, with a little education and positive PR, issuing financial institutions can help ensure their card/brand aren’t adversely impacted.