Is the Target Breach the Chernobyl of Payments?

Formada Social

February 27, 2014

Chernobyl is certainly at the top of the list of man-made disasters.  In light of recent events, I’ve been thinking that the Target breach has become the Chernobyl of the payments world.

As a group, we Americans never thought that much about payment security – we really didn’t have to.  We are protected by federal laws limiting our liability for lost/stolen cards, while at the same time, the card networks’ rules give us even better “zero liability” protection, and have educated us about that protection with hundreds of millions of dollars (if not billions) of TV ads over the years. 

Joe Shmoe Merchant from Whoknowswhere, Illinois wants your MasterCard account number for an ecommerce purchase?  No problem, you’re protected.  Give my card to a hot dog vendor on the street who swipes it though (or even keys it into) his smartphone?  No problem – mustard and relish please, and hurry up with my hot dog.  Put my Visa credit card on file with an airline that can’t even run its planes on schedule?  Sure, why not, it’s quite convenient.

Look at all the card issuers that have, over the years, tried to differentiate themselves based on security – Bank of America, Citi, and others have all tried it on and off, without much visible success in moving market share.

But after the Target breach, my sense is that things are changing.  I’m wondering if we, who unlike Europeans and others, can’t be bothered to use Verified by Visa and MasterCard SecureCode because “we’re protected anyway”, may be taking a different view of who we give our payment credentials to after “Payments Chernobyl” and what steps we’ll be willing to take to protect our accounts.

I say this because the Target breach is different than all the others – huge numbers of people affected coupled with unprecedented news coverage and congressional hearings.  We just didn’t’ see that with the TJ Maxx, Heartland, Global Payments, Hannaford Brothers, Michaels (twice), Marriott, and other breaches.

Collectively, these breaches have now affected virtually every cardholder in the U.S.  We are largely driven by convenience, and let me tell you, it sure isn’t convenient to have to log in or call all the places that store our card numbers for recurring payments. 

Sure, it’s no big deal getting a notice from my wireless carrier, cable company, and favorite eRetailer when the auth request fails, but what about all the other places we forget about?   My son was thrown off a San Francisco bus when my card of file was declined and his monthly contactless bus pass didn’t renew (and yes, to my fellow payment geeks, I haven’t forgotten about the networks’ account updater services, but we all know they are far from a panacea).

So I’ve been thinking a lot about whether U.S. consumers will alter their payments behavior after Payments Chernobyl, and if so, how.

Anecdotally, I’ve been hearing about people now preferring signature versus PIN debit, and of other people who are switching from signature debit to PINs.  I’ve spoken to people who are not worried too much about leaving a credit card on file (“hey, it’s the bank’s money anyway”) but are now quite reticent to put a debit card on file (“sure, I’ll get the money back, but my rent check will be bouncing in the meantime”).  And how about those people who have a Target or another merchant’s decoupled debit card – you know, the ones that have your checking account number on file so that they can route the purchase thought the ACH?  I suspect a number of those folks are watching their checking accounts pretty closely now.

So I’m reaching out to everyone, asking you to let me know what you’re thinking, seeing in your own data, and hearing.  Have you changed your payments behavior after Payments Chernobyl?  Changing your use of PIN vs. signature debit?  Using credit vs. debit more?  Rethinking whom you say its OK to keep your account number on file for faster checkout or recurring payments?  Will your “chip and PIN” or “chip and signature” card be top of your wallet when EMV comes to market? Or even, and I hate to say this, using cash more?

I’d love hear from you – please track me down at Allen@Glenbrook.com!

Recent Payment Views

Payments Post #17: Cutting Costs

Payments Post #17: Cutting Costs

In this Payments Post, we discuss the DOJ bringing a lawsuit against Visa that alleges the company operates an illegal monopoly in the debit card space. Does the argument have merit in our non-legal minds? And if so, what could the DOJ’s move mean for an evolving payments landscape?

read more
Payments Post #17: Cutting Costs

Payments Post #16: The Apple Drops

It’s time for another edition of Payments Post and (surprise!) we’re thinking about the Visa Flexible Credential again. Now that Apple has plans to open up the NFC chip and Secure Element to third party developers, we’re scratching our heads. Who benefits from this newfound NFC access? What opportunities can fintechs unlock? How will conventional financial institutions react? And to tie it all back, does the VFC still matter?

read more
Payments Post #17: Cutting Costs

Payments Post #15: BNPL Battles

In this month’s Payments Post, we revisit the prime use case for Visa Flexible Credential (VFC): BNPL. How are buy now pay later providers positioning themselves in the current environment, how are consumers using their tools, and how are regulators and issuers responding?

read more

Glenbrook Payments Boot CampTM workshop

Register for the next Glenbrook Payments Boot Camp®

An intensive and comprehensive overview of the payments industry.

Train your Team

Customized, private Payments Boot CampsTM workshops tailored to meet your team’s unique needs.

OnDemand Modules

Recorded, one-hour videos covering a broad array of payments concepts.

GlenbrookTM Company Press

Comprehensive books that detail the systems and innovations shaping the payments industry.

Launch, improve & grow your payments business