New York: Target Corp’s decision to speed up a $100 million programme to adopt the use of chip-enabled smart cards is just a drop in the bucket when it comes to what retailers need to do to defend themselves against future cyber attacks.
The pressure to boost security spending comes at a time when merchants are already spending millions to fend off online retailer Amazon.com and facing an October 2015 deadline set by payment networks Visa Inc. and MasterCard Inc. to accept new payment cards that store information on computer chips rather than on traditional magnetic stripes.
Target, the No. 3 US retailer, has said it hoped to finish upgrading its payment card network to the more secure “chip and PIN” standard by early 2015, some six months ahead of its previous plan. The system, already widely used in Europe and Asia, can accommodate cards carrying tiny microprocessors, which makes it harder for cyber crooks to use stolen data.
US retailers have been so focused on cutting costs and expanding their online presence in the past decade that they have not spent enough of their technology budgets on protecting customer data. While retail spending on overall technology was expected to rise 4 per cent annually between 2012 and 2017, US stores spend only roughly 2 per cent of their tech budgets on security, with the bulk going to improving their e-commerce, technology advisory firm IDC Retail Insights said.
Unlike their peers in other industries, most retailers still focus on just meeting the basic standards set by the payment card industry rather than substantially beefing up safeguards against increasingly sophisticated attacks, security experts said. “Retailers have to assume that they are constantly being targeted and actually constantly being penetrated,” said Eddie Schwartz, a vice-president at Verizon Enterprise Solutions, who urged retailers to take a more proactive approach.
Pressure from Congress, consumer groups and the banking industry following recent theft of customer data at Target, Neiman Marcus and others may be the turning point to get the retail industry to spend more on security.
For example, Dinesh Bajaj, vice-president of retail and logistics practice in Americas for Infosys Ltd, expects retailers to spend more in coming months on encrypting credit card data while storing it in multiple systems.
IDC Retail Insights expects spending by retailers in 2014 specifically for security in the US to be $720.3 million, an increase of 5.7 per cent from last year in part because of the recent breaches. Total tech spending by retailers this year is expected to hit $36.34 billion.
“It’s clear that companies need to do a lot more, that they continue to make basic mistakes,” Federal Trade Commission chairwoman Edith Ramirez said at a hearing looking into massive data breaches at Target and Neiman that affected millions of shoppers.