Home Business Retail Data Theft—Who’s Responsible & What’s Changing?
Retail Data Theft—Who’s Responsible & What’s Changing?

Retail Data Theft—Who’s Responsible & What’s Changing?


retail-data-theft-changesBy Paul Potter
Faculty Member, Retail Management at American Public University

What do hotels, retail stores, and internet services have in common? They’ve all been victims of a data breach. I’m sure the 2013 Target breach is still fresh in your mind, considering it remains the largest data breach in retail history with over 70 million customer’s information compromised. Some estimate that as many as 110 million people are affected. While many find fault in Target’s processes—are they the only ones to blame?

It’s easy to blame the merchant for the stolen credit card information. Unfortunately for Target, they’re now the brand name associated with the worst retail cybersecurity debacle to date. It led to former CEO Gregg Steinhafel stepping down in May and Target’s 62% decline in earnings for the fiscal second quarter according to most analysts. While each situation is unique, there are actually many parties involved. There is the merchant, the credit card company, the bank, and the processing company. Each has liability involved with credit cards and the renewed push for chip-based credit cards versus magnetic stripes may help to prevent future data breaches. In fact, the technology is widely used in Europe and provides enhanced data protection for consumers and corporations alike.

According to Bree Fowler in a USA Today article, the liability regarding a data breach is moving to a risk-based system in October 2015. What this ultimately will mean is that the party with the least amount of security protection will ultimately be responsible for the financial loss. So, if your retailer installed chip-based credit card machines, but the credit card company did not issue cards with this technology—the liability then lies with the credit card company. While most consumers are protected from fraud, it does not give comfort to know someone has your information and is possibly using it.

I’m personally a fan of this proposed system. It gives incentive for everyone involved to move forward and protect the public at large. If a company wants to save an extra dollar by not investing in technology to protect their clients, then they deserve to take on the lion’s share of the financial loss. I recommend that you make yourself aware of how this will affect how you shop. Here’s an informative YouTube video, “How to use EMV smart chip credit cards,” which offers an excellent overview of what to expect.

On a recent trip to Walmart, I attempted to use a new credit card with chip technology. When I inserted my card, it asked me for my PIN number. Of course I had not created one or paid attention to the fact I was required to create one. I thought I could press cancel and move on since this is my credit card and not my debit card. No such luck. While I was aggravated in the moment, I was happy to know if someone stole my card, they would not be able to use it somewhere that is already capable of processing chip-enabled cards. It’s a welcomed security change, but one that we’ll all need to get used and soon.

About the Author

Paul Potter is full-time faculty member in the Retail Management program. He holds an MBA with a human resources concentration. He has spent the last 17 years in retail, holding a variety of positions including store manager, food operations specialist, and regional compliance manager with Dicks Sporting Goods, Target, and currently Walmart.