Target, other U.S. breaches may spur security spending -executives
BOSTON Jan 13 (Reuters) - A rash of data breaches at big U.S. retailers may accelerate spending on high-tech payment cards, a MasterCard Inc executive and other industry specialists said on Monday, as companies look to keep the faith of their customers.
Retailers and their banks face a deadline set by payment networks Visa Inc and MasterCard of October 2015 to accept new payment cards that store information on computer chips rather than on traditional magnetic stripes. The multibillion-dollar safety upgrade has many companies dragging their feet, and analysts estimated only 60 percent of U.S. sales terminals would meet the schedule.
Now the loss of customer data reported at Target Corp, Neiman Marcus and other stores since December could move companies to the new standard more quickly, said Carolyn Balfany, head of U.S. product delivery for MasterCard in a telephone interview on Monday.
The risks created by the breaches will clarify to companies the benefit of moving quickly to the new standard, she said. "That's the clarity," she said.
Among companies that could profit from a faster switch to chip-based cards are those that make equipment used to swipe them, such as the United States' VeriFone Systems Inc and France's Ingenico.
MasterCard, of Purchase, N.Y., is the second-largest payment network operator behind Visa of Foster City, California. Visa has not made executives available to be interviewed since Target first reported its breach on Dec. 19.
A response gaining attention among security specialists has been the conversion of U.S. sales terminals to a card standard widely used in Europe and Asia, sometimes known as "EMV" after the initials of its creator companies Europay, MasterCard and Visa.
Cards meeting the standard carry chips to make them harder to counterfeit, and to protect sensitive data with encryption. They can also require users to enter a personal identification number, or PIN, to make purchases, an extra layer of security compared to the signatures used by traditional credit cards.
Although the new technology may not have prevented the data thefts from Target and elsewhere, it would make any stolen data harder to re-use and has cut fraud where it has been adopted.
BANKS AND RETAILERS AT ODDS
In an interview with CNBC on Monday, Target Chief Executive Gregg Steinhafel said the company wanted to lead the retail industry's move to adopt the new cards. His remarks echoed those made by the general counsel of the National Retail Federation on Sunday. [ ID: nL2N0KN110 ]
To date U.S. banks and retailers have been at odds over who should bear the costs of the upgrades, which could approach $10 billion in all. Retailers have made headway with a federal lawsuit that could help them reduce the fees that banks can charge to process transactions - fees the banks had counted on to pay for new technology. [ ID:nL2N0K004A ]
The new enthusiasm from retailers like Target and the trade group after the breaches could mean they will install the equipment more quickly, said Roel Schouwenberg, a senior cyber security researcher for Kaspersky Lab. "If EMV now receives a broad industry push then I don't see why we couldn't beat some of the set deadlines," he said.
MEMORY DRIVES COSTS
The cost of switching would have to cover new sales terminals and the issuing of new plastic to replace the roughly 1.1 billion credit, debit and prepaid cards now circulating in the United States.
A traditional card costs about $1 to print, personalize and mail to a consumer, whereas the new cards can cost up to $10 each depending on the volume printed and the memory in their chips, estimated Javelin Strategy analyst Al Pascual.
Still, the changes are coming. Large banks have begun to mail new chip cards to customers for traveling including Citigroup Inc and Wells Fargo & Co.. Big equipment makers like VeriFone and Ingenico have already wound down sales of their older magnetic-stripe-only card readers in the U.S.
Thierry Denis, president of Ingenico's North American unit, said the breaches have focused attention on the retailers to upgrade their systems but that banks also need to issue the cards customers will need for the new card readers to catch on. "It's chicken and egg," he said.
A VeriFone spokesman said the company would not comment on sales projections. One analyst, Andrew Jeffrey of SunTrust Robinson Humphrey, wrote in a report on Jan. 7 that the Target breach could speed up the sale of new terminals. (He wrote another possibility could be consumers abandon debit cards for cash, but called that unlikely).
"(T)he Target breach could make the October 2015 deadline more realistic," Jeffrey wrote.
He added that "For the first time, we get the feeling that the cost of conversion is being outweighed by the open-ended liability associated with making consumers whole when their accounts are compromised and the potential damage done to retailers' brands."