Last week, in the midst of the Christmas shopping rush, the mega-retailer Target confirmed that it had been the, ahem, target of a massive hacking effort that resulted in information for about 40 million credit and debit card accounts being stolen. Since then, Target has seen its reputation plummet. According to the polling site YouGov, the store's brand popularity has taken a huge hit, which is very bad news during the time of the year when companies hope to be making big profits.
The debacle has led to everything from lawsuits to a Justice Department investigation. And in the short term, things will likely get worse before they get better, as Target confirmed today that Personal Identification Number, or PIN, data has been stolen, too.
But in the longer-term, will anything change, either for Target or for the debit cards that Americans – particularly young Americans – increasingly use? Don't bet on it.
According to YouGov, two other companies that experienced large data breaches – the bank Citigroup and Playstation, of gaming fame – only took a few weeks to rebound in terms of brand reputation. Especially given that consumers usually aren't liable for unauthorized purchases made with stolen card data, I'd expect the controversy to swirl for a few days and then swiftly be forgotten.
After all, does anyone really remember which company was the victim of the largest credit card breach in American history? That would be TJX Cos., owner of TJ Maxx and Marshalls, among others, both of which are still wide open for business. The company lost data for some 90 million accounts in 2007, and while it faced hefty legal fees, it has not been drummed out of business. In fact, as the Motley Fool's Joseph Gacinga put it, following the credit card data theft, "customers just shrugged off the incident as a minor annoyance, and continued flocking to the company's stores undeterred." Sales barely took a hit at all.
The TJX Cos. data theft also didn't slow the inexorable march away from cash and towards credit and debit cards. In fact, the only thing that seems likely to dissuade Americans from using their debit cards is if banks start charging fees on their accounts. (It doesn't hurt that banks have put a lot of time and effort recently into marketing the benefits of debit cards and online banking, targeting the so-called "millennials" – myself included – who are much less-inclined to carry cash.)
So what should be done in the wake of the Target mess? Well, it'd be nice if the U.S. caught up to rest of the world when it came to digital payment security. As the Associated Press noted, most countries other than the U.S. use credit and debit cards with their information stored on chips, rather than magnetic strips, which makes the information much more difficult to steal. But that change hasn't taken hold here because banks, stores and credit card companies all want someone else to pay for it. Options such as digital wallets and using smartphones to make payments – skipping the cards altogether – are even less popular.
"We are using 20th century cards against 21st century hackers," said Mallory Duncan of the National Retail Federation. "The thieves have moved on but the cards have not." Credit card companies are planning to release cards with digital chips in 2015, but that's small solace to those who have their information stolen between now and then.
Hopefully, the incident also entices other retailers to boost their own security procedures, though since history has shown that getting hacked doesn't really affect the bottom line, I wouldn't hold my breath. In the meantime, make sure to check your bank account if you've been shopping at Target recently. Just in case.