As Target Upgrades Credit Cards, It May Stand Alone
Target took an active step in trying to reassure shoppers that their information would be safe when making purchases at its stores, by saying it would upgrade its store-branded cards with Mastercard's (MA) chip-and-PIN technology starting early next year.
But don't expect other retailers to immediately follow suit.
Though experts said Target's move is a step in the right direction, the fact that its cards are issued by Target (TGT) puts it in a unique position to be able to expedite these security measures for its shoppers, according to Brian Riley, research director with CEB TowerGroup.
What's more, since it fell victim to a very public data breach, the discounter has more incentive to act with extreme caution.
"I think Target's in a position where they're trying to look at everything as quickly as they can," Riley said.
Target on Tuesday said that it will enable its entire REDcard portfolio, which includes Target-branded credit and debit cards, to include the new chip-and-PIN technology beginning in early 2015. The system is said to be safer than what is currently used for U.S. credit cards, as the chip makes the card harder to counterfeit, while the PIN combats against fraud when cards are lost or stolen.
Although the discounter's consumer credit card portfolio was sold to TD Bank last year, the company said in a release that it "will maintain the current deep integration between its financial services operations and its retail operations." This gives Target more leverage when it comes to the processes behind its store-branded cards, Riley said.
Because only a few retailers have the same sort of leverage -- Nordstrom (JWN) and Talbots are two companies on the short list of big-name retailers that have an affiliated bank -- it puts them in a unique position.
But there's another reason Riley doesn't expect other retailers to follow Target's lead: The fact that there is so much change under way involving new technologies in the payment category.
"In fact, if they do, I think it's a little bit premature," he said.
Riley would, however, see more reason for a quick reaction from stores that also underwent recent breaches, he said. Neiman Marcus and Michaels Stores also recently reported data breaches, but neither responded to requests for comment as to whether they will expedite their move to chip-and-PIN technology. Michaels doesn't offer its own store-branded credit card.
Walmart (WMT) said all of its U.S. stores will be able to accept EMV cards before the end of the year. That's because its point-of-sale machines are already compatible with the technology, so there is no material cost for the retailer.
Banks and retailers are facing an October 2015 deadline when they need to be compliant with EMV technology -- a global set of standards for secure payments that uses a different set of digital data for every transaction. After that date, the liability of counterfeit card transaction will fall on either the card's issuing bank or the retailer, depending on who does not meet the set standards.
But the cost of switching over to EMV technology will be costly for retailers. Ramesh Siromani, a partner in the financial institutions practice at global management consultant A.T. Kearney, said upgrading point-of-sale terminals to read the chips could cost anywhere between $300 and $600 per terminal, which adds up when accounting for retailers with hundreds -- even thousands -- of stores.
Target said its plan to switch its REDcard portfolio, which includes more than 20 million cards used at nearly 1,800 stores, over to chip-and-PIN technology will cost $100 million.
Industrywide, Mallory Duncan, senior vice president and general counsel of The National Retail Federation, said it will cost retailers between $25 billion and $30 billion to switch over to chip-and-PIN technology, mainly because of the cost associated with upgrading sales terminals.
%VIRTUAL-article-sponsoredlinks%He said the most significant piece of Target's announcement is that it will be including the PIN requirement with its security upgrades. He said this is the fastest, most effective step the industry can take in helping to reduce fraud, as it's a less costly undertaking and still protects consumers.
By switching over to PINs, and postponing or eliminating the change to chips, the move toward more secure payments would only cost retailers about $4 billion, Duncan said.
"What you want to do is fix the weakest link first, and the weakest link is the signature," Duncan said. "[Target is] leading the charge to fix the weakest link ... it's the banks that have to follow suit."
Still, the new technology isn't perfect. Many point out that the new point-of-sale terminals only secure in-store transactions, leaving online sales vulnerable. Jason Oxman, CEO of the Electronic Transactions Association, also pointed out that the Target breach affected the retailer's systems that stored card data, so EMV technology would not have stopped it.
Target has been working to restore the confidence of shoppers, who stopped spending -- and, in some cases, visiting its stores altogether -- following the data breach that affected up to 110 million shoppers.
Last month, a report from Kantar Retail found that only 33 percent of U.S. households shopped at a Target or SuperTarget in January. That was the retailer's lowest level of shopper penetration in the past three years.
The pullback in foot traffic was also reflected in the retailer's fourth-quarter earnings report. The company said its domestic comparable-store sales fell 2.5 percent from the same period a year earlier, and were affected by "meaningfully softer results" following the Dec. 19 news of the data breach.
However, CEO Gregg Steinhafel also said in the release that he was "encouraged that sales trends have improved in recent weeks."
Recent data from YouGov's BrandIndex also indicate that consumers are slowly forgiving the discounter. According to the firm, Target's consumer perception currently stands at 15, after plummeting as low as -35 in wake of the breach. Though the company is still only about halfway back to its pre-breach score of 26, YouGov said it is only several points below what they consider a recovery.
Scores range from 100 to -100 and are calculated by subtracting negative feedback from positive. A score of zero means that a company has received equal positive and negative feedback from respondents. The index interviews 4,300 people each weekday to draw its conclusions.