retail news in context, analysis with attitude

Some thoughts about the Target data breach…

One MNB user wrote:

I think the Secret Service and Justice Department need not open an investigation into Target, but instead open investigations on the Financial Industry that caused our economy to tank.  Should Target be fined because hackers got into their system In my mind, no.

They need to do everything they can to ensure it doesn't happen again and make their customers whole again if their information was stolen and possibly add some goodwill gift cards.  Not only did Wall Street and Big Banks screw our economy, but they also received tax payer money for bailouts and then used that money to pay out bonuses.  Something is terribly, terribly wrong with this picture.

From another reader:

Kevin, the issue of credit card data theft is rampant, not just limited to Target. Due to their footprint of stores and the fact that their guest is more likely to use credit cards, they will be the poster child for credit card reform. What I don’t understand is why the credit card companies don’t take it upon themselves to change standards which are already in place worldwide.  For example, I do work in Africa and my credit cards issued there have tight but user-friendly security levels. Every transaction requires me to use a PIN number. I have to change my PIN every 3 months. If I leave the country, I notify the issuer so that my transactions will be processed while overseas. I get an immediate text message indicating the transaction amount, merchant and location for any money charged to my credit or debit card. (When I say immediate, I mean that, nearly always, if I’m in the store and the card is swiped, I have a text before I get out of the store.)  These standards have existed in Africa for many years. Why? Because the credit card issuers had to change or risk extinction because of creative data theft. I’m not saying this is the gold standard but it is at least a step above where issuers in the US play. Nearly 2 years ago, I asked AMEX when they would issue my US card with a PIN and they told me this was consideration and they would put my name on a list due to my international travels. They did send me an AMEX with a (still) unactivated PIN chip.  I can’t get the attention of my Visa or MasterCard provider on this topic. I’m lucky to not have had an issue but I feel much more secure with my Africa issued cards than my US issued credit cards.

Credit / debit card fees have long been an issue for retailers as they measure the impact on their bottom line. You’ve written much about this in MNB; it also became a legislative topic. However, what gets missed is the cost of credit card fraud, which has also been quantified. In June, Symantec reported that the global cost of a compromised record was USD $136 per record, whilst the cost in the US alone sitting at around $194 per record. Anyone can do the math to realize the enormous costs of a data breach.

There is no doubt Target can do more to protect guest credit card information (just as any other retailer can). However, if the credit card issuers just do what they do in other parts of the world that have long dealt with this issue, it will begin to give shopper confidence that using credit cards is safe and secure.

And another:

Before we start fining retailers, perhaps we should look at the financial institutions issuing the credit cards. There is a pretty simple solution that would dramatically increase the safety  if the banks would get on board. We could move to encrypted credit cards that rely on microchips vs. magnetic card strips, which have been standard in Europe since 2002.  And the likely reason why we don't have them - costs the banks too much.  Makes you wonder why the cyber criminals target US retailers, doesn't it?

And still another:

Government put into effect a broadly sweeping healthcare privacy act (HIPAA) with high monetary fines for violations. Policies and procedures were put in place by healthcare agencies and insurance companies, training was implemented. Still, there have been on-going privacy leaks in the health care industry. Point is…there is nothing private once it is connected to the Internet…and no manner of regulation will disturb this truth. Privacy has not been an important issue with the individuals, companies that developed and are developing the Internet communication/connection medium. Is this scary, no, unless your life is tuned upside down. Can we do anything about it, no, unless we log off…and that’s not going to happen. We need to find a new way to fight a new crime. I can only imagine how rich class-action attorneys will get off this debacle.

Responding to yesterday's piece about Maine passing GMO labeling legislation, MNB user Bob Bartels wrote:

GMO transparency can be achieved much more efficiently by labeling GMO free items.  It works for gluten free.  Given the overwhelming number of items with some GMO connection, it might be better communicated with the perceived  benefit being emphasized.  Just a thought.

As I've often said here, I am agnostic on the subject of whether GMOs can be a good thing, and I'm frankly agnostic on whether the label should say "contains GMOs" or "GMO free." Whatever works best and easiest. It doesn't really matter much to me … I'm flexible.

The other day, we had a story about how McDonald's is vowing that it will slowly begin purchasing verified-sustainable beef in 2016, with the goal of eventually buying all its beef from sustainable sources.

I commented:

Seems to me that McDonald's burgers always have been sustainable, in that you leave the meat out for decades and not have anything happen to it.

Which prompted one MNB user to write:

I am sure you will receive emails stating you are taking a cheap shot at McDonald's, but I thought it was funny. Don't ever stop expressing these comments.

Trust me. I won't. Even when people accuse me of only being half as funny as I think I am.

Finally, yesterday when writing about the departure of A&P CEO Sam Martin, I noted that I'd been getting some email criticizing me for a positive column that I wrote last summer about Martin. (You can read it here.)

I continue to believe that the column's focus was right …and I got an email from a reader that agreed:

I reread the column…Key phrase, “The number one enemy of any new culture is the old culture…”

How true…how sad…and how many CEOs have lost because they couldn’t change a toxic culture.

KC's View: