Technology: Target on Your Back
High-profile data breaches put retailers in public crosshairs
Years from now, when the topic of data security comes up, retailers may talk of the time before Target, and the time after, as the ripple effect of 110 million compromised consumer credit-card numbers flows outward.
Clearly, the breach at the Minneapolis-based mass merchant, and subsequently those of high-profile retailers Neiman Marcus, Nordstrom and Michael’s—and even the revelation from several state’s attorneys offices that convenience stores have fallen victim—ignited a media firestorm, renewed public debate over identity theft and eventually led to Congressional hearings that brought retailers, association leaders and financial executives to the Hill to testify.
“It’s definitely an eye-opener,” says Maximo Ricardo Alvarez, vice president of Sunshine Gasoline Distributors, Miami. “It shows that any retailer, no matter how big or small, can experience that nightmare and be [compromised] in the blink of an eye.”
For Alvarez’s chain of more than 200 c-stores in South Florida, finding solid third-party suppliers to help manage the payment process is critical. “[It’s about] good partnerships with security and technology companies and being confident in their products,” he says. “They’re IT professionals … who know a lot more than I do.”
While retailers have had to comply with mandated credit-card standards that went live for many as of 2010, recent headline-grabbing breaches have rained down near-term repercussions, including:
▶ Fueling debate and support for security measures, some of which require significant investments for retailers. This is on top of millions of dollars already invested in mandated upgrades just a few years ago.
▶ Increasing public awareness and scrutiny of the decisions retailers make regarding data security.
▶ Sparking Congressional hearings, which may lead to legislative regulation.
For c-store and petroleum retailers, the real concern is awareness—or lack thereof, according to Nizam Uddin, director of security and compliance for MegaPath Corp., Pleasanton, Calif. One of Alvarez’s vendor partners, MegaPath, secures and manages his data transmission network.
“Retailers handle their cash securely,” Uddin says. “They have cash drawers and know who’s [authorized] to handle the safe. It’s all monitored, all accounted for, so they’re not short $10 or $15 every day. But they don’t do that with credit-card machines or the environment around it.”
Having the tools in place and the training to create a secure data environment on a daily basis is the skill set more retailers need, Uddin says.
“You have to be vigilant,” Alvarez says. “[Incidents such as Target’s] make everyone more conscious, more aware of that kind of threat and take it seriously.”