Data Breach Just One Challenge Awaiting Target's Next CEO

Target CEO
Matt Rourke/AP
By Matthew Rocco

In its search for a new chief executive, Target (TGT) is expected to look near and far for someone to take charge of its response to last year's wide-scale data breach.

The surprise announcement of Gregg Steinhafel's departure on Monday came five months after a massive hack during the holiday season. Steinhafel, a 35-year veteran of the company, resigned as chairman, president and CEO on Monday. Chief financial officer John Mulligan will serve as CEO on an interim basis.

The cyberattack, which compromised 40 million credit cards and 70 million accounts containing personal information, still hangs over Target. The company's stock is down about 5.5 percent since the company revealed details of the hack on Dec. 19.

But the breach is just one of the challenges awaiting Target's next CEO.

The company has gotten off to a lackluster start in Canada, where Target opened its first stores last year. While Target was a familiar brand to Canadians who would travel across the border to shop at the third-largest U.S. retailer, many shoppers have balked at higher prices back home.

Target has also fallen behind in the e-commerce battle with rivals like Walmart Stores (WMT), the world's top retailer.

The retailer has "faced its share of difficulties, from the worst recession in our lifetime, to a high profile proxy context, and most recently, a slow start in Canada and the 2013 data breach," Steinhafel wrote in a letter to Target's board.

Last week, the company named Bob DeRodes to the new position of chief information officer to lead Target's technology operations. Target plans to incorporate MasterCard (MA) chip-and-PIN technology, hoping to bolster the security of its own REDcard program.

The data breach helped drag earnings 46 percent lower in the fourth quarter. Sales came in stronger than expected during the holiday season but "softened meaningfully" following Target's disclosure of a breach, Steinhafel said in the earnings report.

At the same time, his abrupt exit caught Wall Street off-guard. Target shares dropped 3.5 percent to $59.87 on the news.

"When the breach occurred, it was all hands on deck to find a solution. I wouldn't have expected [Steinhafel's resignation] any earlier, but I was surprised it happened today," said Paul Trussell, a retail analyst at Deutsche Bank (DB). "This is quite the surprise. I would have expected more of a transitional phase."

Target spokeswoman Dustee Jenkins declined to provide specifics regarding Steinhafel's resignation but said the decision "did happen recently."

Who's Next in Line?

Analysts anticipate that an outsider will take the helm at Target. Trussell said the company lacks a deep bench to choose from. David Strasser, an analyst at Janney Montgomery Scott, also believes the company will look elsewhere for a new CEO.

Trussell cautioned that finding an external candidate within the retail industry may prove to be difficult, given non-compete clauses that prevent executives from quickly jumping to a rival company.

He said Gerald Storch, Target's former vice chairman, is a possible candidate. Storch helped create before becoming CEO of Toys "R" Us. He now runs an advisory firm, Storch Advisors. In January, Storch was named chairman of grocery chain Supervalu (SVU).

%VIRTUAL-article-sponsoredlinks%"Storch is maybe a best of both worlds for Target," Trussell said.

Jenkins said Target is conducting a comprehensive CEO search and will look inside and outside the Minneapolis-based company. Target will also consider candidates from outside the retail industry.

The company retained executive search firm Korn/Ferry (KFY) to help Target find a new top executive.

"With Target, it would definitely have to be someone outside the company. And it doesn't have to be someone in retail," Strasser said. "It could be anybody, even somebody who's happy with their current job. This is a pretty interesting opportunity."

Strasser noted the success Best Buy has experienced since Hubert Joly, former CEO of hotel operator Carlson, took over as CEO.

Home Depot's (HD) Frank Blake, who was named to the top post in 2007, came to the home-improvement retailer in 2002 with experience as a government official and General Electric (GE) executive.

During Steinhafel's tenure as the head of Target, the stock was up 14.9 percent compared to a 35.3 percent gain for the broader S&P 500 (^GPSC). A fresh face at Target could help assuage concerns over the retailer, which has only had two CEOs since 1994, and the continued cyberattack fallout.

Trussell said Target's next CEO needs to address missteps online, where Walmart has superior fulfillment options and a faster website, and reset the bar on its earnings outlook, which runs through 2017.

"I don't believe they're on track to hit their long-term guidance," he added.

Steinhafel's departure also reignited worries over the near-term. The retailer is due to report first-quarter results later this month, and Target appeared to be turning a corner after a bumpy end to 2013.

With the change at CEO, the market is showing concerns that Target could actually be falling back, Trussell said.

Why Your Bank Thinks Someone Stole Your Credit Card
See Gallery
Data Breach Just One Challenge Awaiting Target's Next CEO

One reason why Marquis' gas purchases might have triggered a fraud lockdown? Filling their tank is a common first move for credit card thieves.

"Some of the things they look at are small-dollar transactions at gas stations, followed by an attempt to make a larger purchase," explains Adam Levin of Identity Theft 911.

The idea is that thieves want to confirm that the card actually works before going on a buying spree, so they'll make a small purchase that wouldn't catch the attention of the cardholder. Popular methods include buying gas or making a small donation to charity, so banks have started scrutinizing those transactions.

Of course, it's not a simple matter of buying gas or giving to charity -- if those tasks triggered alerts constantly, no one would do either with a credit card. But Levin points to another possible explanation: Purchases made in a high-crime area are going to be held to a higher standard by the bank.

"It's almost a form of redlining," he says. "If there are certain [neighborhoods] where they've experienced an enormous amount of fraud, then anytime they see a transaction in the neighborhood, it sends an alert."

(Indeed, Erin tells me that one of the gas purchases that triggered an alert took place in a rough part of Detroit, which she visited specifically for the cheap gas.)

People who steal credit cards and credit card numbers usually aren't doing it so they can outfit their home with electronics and appliances. They don't want the actual products they're fraudulently buying; they're just in it to make money. So banks are always on the lookout for purchases of items that can easily be re-sold.

"Anytime a product can be turned around quickly for cash value, those are going to be the items that you would probably assume that, if you were a thief, you would want to get to first," says Karisse Hendrick of the Merchant Risk Council, which helps online merchants cut down on fraud. Levin says electronics are common choices for fraudsters, as are precious metals and jewelry.

Many thieves don't want to go through the rigmarole of buying laptops and jewelry, then selling them online or at pawnshops. They'd much prefer to just turn your stolen card directly into cold, hard cash.

There are a few ways that they can do that, and all of them will raise red flags at your bank or credit union. Using a credit card to buy a pricey gift card or load a bunch of money on a prepaid debit card is a fast way to attract the suspicions of your credit card issuer. Levin adds that some identity thieves also use stolen or cloned credit cards to buy chips at a casino, which they can then cash out (or, if they're feeling lucky, gamble away).

When assessing whether a purchase might be fraudulent, banks aren't just looking at what you bought and where you bought it. They're also asking if it's something you usually buy.

"The issuers know the buying patterns of a cardholder," says Hendrick. "They know the typical dollar amount of transaction and the type of purchase they put on a credit card."

Your bank sees a fairly high percentage of your purchases, so it knows if one is out of character for you. A thrifty individual who suddenly drops $500 on designer clothes should expect to get a call -- or have to make one when the bank flags the transaction. If you rarely travel and your card is suddenly used to purchase a flight to Europe, that's going to raise some red flags.

Speaking of Europe, the other big factor in banks' risk equations is whether you're making a purchase in a new area. I bought a computer just days after moving from Boston to New York, and had to confirm to the bank that I was indeed trying to make the purchase. Levin likewise says that making purchases in two different cities over a short period of time raises suspicions.

"I go from New York to California a lot, and invariably someone will call me [from the bank], " he says. Since one person can't go shopping in New York and California at the same time, any time a bank sees multiple purchases in multiple locations in a short period, it's going to be suspicious.

Read Full Story