It’s a sign of the times that when retailer Sally Beauty reported this week that “fewer than 25,000” cardholders were impacted by a recent data breach it was met with a sigh of relief. The exposure pales in comparison to the 100 million card holders impacted by the Target data breach or the 1 million victims of the Neiman Marcus breach.
The company believes that the breach occurred while upgrading the Point of Sale (POS) systems at its over 2,700 retail outlets worldwide, including in all 50 US States. If the scope of the breach is indeed limited to the strip data of “only” 25,000 cardholders, the retailer is indeed fortunate.
However, we should be wary of becoming complacent about such events. This is a very large number of customers to be impacted by any measure and, much worse; it is a cause of concern for any customer paying by card during the period. As with these larger breaches, the only way for a customer to be sure they are safe is to have the cards cancelled and reissued.
The effect of a data breach can go beyond the direct impacts, shaking customer confidence. There are indications that Target’s retail sales have been impacted by the data breach as some customers are reluctant to trust their card data to the company. If such data breaches become routine, a new normal, it could threaten the very foundation of electronic commerce.
Target and other retailers are pushing for the replacement of today’s magnetic strip technology with the much more secure embedded microchip technology used in payment cards in Europe for many years. With the microchip card, if someone steal data from a single transaction and makes a card from it, that card would be identified as data used before and the counterfeiter would be caught.
The conversion to the new technology has been slow due to the cost and, well, inertia. The US invented the Credit Card industry, but became saddled with early generation technology that up to now has been “good enough”. The frequency that major retail data breaches are occurring will hopefully create a sense of urgency to deal with this gap in security once and for all.