Target Hack: One Year On “56%” of Black Friday shoppers will buy online

To quote USA Today: “Up to 110 million customers had their card data or personal information stolen during the [Target] breach, which occurred late last November through mid-December, the most important time of year for retailers. Shoppers were angry, and Target’s foot traffic and sales suffered.” [Source: Target leaves breach behind this holiday season, USA Today, 9:12 p.m. EDT October 21, 2014.]

The Target breach has cost the company $148 million so far, minus a $38 million insurance payment. Profits for the first six months of the fiscal year were down 41% from the same period a year ago – but Target’s executives are insisting that, 11 months later, customers are no longer so concerned.

The view on Wall Street matches this optimism: on October 22, Target Corp. (TGT.N) shares were at $62.25. Target shares on December 18 — the day before the breach was made public – closed at $63.55. The 52-week low of $54.67 is hardly what I would call a rout. In fact, the impact of problems at Target relating to its Canadian operation (nothing to do with the data breach) had a much greater impact than the $110 million in costs due to the largest retail hack in human history, as Bloomberg aptly described the massive cyber attack and its aftermath. On this evidence, hacking has zero effect on the confidence of investors and their taste for retail expansion.

So what about the buying public? A National Retail Federation holiday spending survey of 7,500 consumers released last week found that nearly 42% of respondents said they felt ‘neutral’ when asked whether a retail data breach would affect their shopping and spending habits over the coming holiday season.

Online spend to increase, but is there a hidden reason?

It seems shoppers are pretty bullish about shopping with their payment cards, regardless of the cyber threat posed by organized gangs. Interestingly, though, they have plans to do this online in ever greater numbers. 56% of holiday shoppers expect to do at least some part of their holiday shopping online and online holiday shoppers plan to spend 16% more than all holiday shoppers on gifts, decorations and food for the holidays. The survey shows that American retailers have invested significantly this year in everything from mobile-optimized websites and improved cross-selling to remarketing campaigns, paid search and reviews.

But what about the effect of the card data thefts on retail outlets? Are stores feeling the cold wind from the lack of Chip and PIN terminals and the robustness of information security policies and procedures that have been found lacking in post-breach investigative reports?

Who wants to shop in stores that leak credit card data?

The fact is, a lot of shoppers have had their card details swiped in stores that unwittingly sent the data to hardened fraudsters.

Could it be that Americans are finding the prospect of shopping online not just more convenient, but possibly even safer?

A report out Monday that surveyed credit and debit card holders found that 45% of shoppers ‘would definitely or probably not shop at a retailer that’s suffered a breach’.16% said they definitely would not return to a retailer if the store had been hacked and 29% said they probably would not shop at such stores. Just one in eight said they are more likely to shop with credit cards this season.

The researchers say that the survey has a margin of error of plus or minus 3.9%, which suggests that quite a few retailers need to take this data into account and not rely too heavily on their own industry group’s forecasts for growth.  [Source: Nearly half of cardholders likely to avoid stores hit by data breaches, survey.]

Given the fact that major data breaches in the retail sector have been in the news regularly in the past year, with cyber criminals making off with sensitive data from literally tens of millions of US consumers’ payment cards, is it surprising that the stores affected make some shoppers wary of their security?

Big-name retailers whose data has allegedly been plundered include Home Depot, Michaels, Kmart, Staples, and Target.

Who is next? And will US shoppers make a beeline for their home shopping icons in place of a trip to the affected stores?

I predict that security will be a factor in consumers’ choices of retail outlet and shopping method (online versus megastore).

You could check your card systems before Black Friday with a vulnerability scan or full penetration test by our ethical hackers to find out whether your stores are the hackers’ next Target.

We are an international company and can supply pen tests wherever you have stores –EU, Asia, India… you name it!

We will bring more news on the US retail card safety story as it breaks.

Follow this blog!

#   #   #

Not ready to talk money but want to find out what I’m talking about?

Download our green paper discussing Penetration Testing & ISO 27001– even if you know you have A1 security in your stores, you will be glad that you did!


Put your detailed questions to our consultants and learn from the experts:

Call us on 1-877-317-3454 today.