Just when you think card compliance and security are leveling off, we hear of the largest credit card breach in history – from the same person who hacked into TJX Companies. This time, he stole 130 million card numbers from another repeat victim, Heartland Payment Systems. Add to this number 4.2 million card numbers from East Coast grocery chain Hannaford Brothers and an indeterminate number from retailer 7-Eleven.
This news broke in mid-August, as the CARD Act of 2009 is kicking in with new disclosure requirements. More requirements from the CARD Act will also come into effect in February of 2010.
Add to all of this a very tumultuous time in Washington, D.C. as the nation drifts from one critical issue to another. For the card industry, banks couldn’t have a darker cloud over them as consumers continue to view them with skepticism and anger over the mortgage crisis. This is of concern to anyone in the card industry as many reposition their businesses to accommodate the new requirements. But the new requirements are only part of the worry. Long standing security breaches just won’t go away. The hangover from it all just doesn’t seem to go away either.
So, looking ahead, is security still the biggest worry in the card industry in the months ahead?
Brad Caldwell, CEO of Security-Metrics thinks so. “I just attended the DefCon show in Las Vegas,” he says. “Hackers are creating new tools and learning new techniques to steal credit card data. Staying ahead of credit card compromises is the biggest worry in the credit card industry. We see hackers making huge improvements in hacking but merchants will not take time to learn simple processes that will help keep their customer data safe. All of the credit card brands are working hard to help merchants understand the importance of keeping online spending healthy. Merchants, ISOs and acquirers must take time to learn how to keep their customer data secure.”
Bryan Ansley, President and CEO of FNB Merchants, also believes that security is the greatest threat. Ansley says that the TJX breach followed by the Heartland breach has caused consumers to be very wary of the industry’s ability to safeguard their data. He felt this way, even before the latter breach by the same hacker. He cautions that the pathways that hackers take to invade privacy cause trepidation with consumers.
“This is especially important as debit cards are being used more than credit cards,” says Ansley. “Cardholders are not as upset when the bank has a fraud, but when their funds are taken out of their checking account fraudulently, that is a far different story and now consumers take notice. Lately we are seeing PCI compliant merchants hacked—that is a big threat going forward.”
How could this influence elected and appointed officials in Washington, DC? When consumers lose trust and become wary, it can affect how they buy. When it affects how they buy, legislators are alarmed and start to think about regulating.
Steve Schneider, a Partner with the law firm Mitchell Silberberg & Knupp, sees legislation as being a great concern to the card industry in the present climate. He feels that delinquency rates on top of security issues will prompt much of this legislation.
“In two words, survival and legislation,” Schneider explains the greatest concerns in the card industry in his view. “Cardholder delinquencies will continue to increase and many retail merchants not already out of business are struggling to continue. Thanks to Congress, more of the cost of defaulting cardholders will soon have to be spread across all cardholders, which will increase the cost of consumer credit as well as the cost of card industry operations. Growth in card volume will at best be slow as consumers continue to stash money under their mattress instead of buying new mattresses.”
Month by month, the future of the acquiring and ISO industry will be heavily influenced by the economy. There are signals that the economy could be forming a bottom and convalescing. While too early to tell, how the economy changes will undoubtedly determine how acquirers and ISOs change. Many are not optimistic about the near term.
“My own view is that we are in for one ‘L’ of a recession, pun clearly intended,” says Schneider. “While a bottom, if not the bottom, has been reached in most sectors, with the noticeable exceptions of unemployment and commercial real estate, we probably will bounce along the bottom for quite some time, perhaps until late 2011 or early 2012. After all, the American economy had quite a long and riotous financial party from about early 2003 until mid-2007, and long parties unfortunately lend themselves to long hangovers. The negatives all said, the glacially slow recovery will be a good time to start a well-planned business. ISOs should focus intensely on businesses in those economic niches that are likely to perform reasonably well, which probably will vary considerably area to area. Once the sun pops through the economic clouds in a couple of years, acquirers will face less competition.”
Bryan Ansley feels that fallout in the ISO and acquiring industry has already occurred. Long-term things should improve; like Schneider, he doesn’t see things shaping up too well in the near term.
“All indications are that we have hit bottom in Q2 2009 and we expect modest growth the remainder of the year,” he says. “The housing market appears to be doing better as a combination of low interest rates and soft prices, and the one-time $8,000 tax rebate has spurred the market. Job creation is still slow, but that is a lagging indicator.”
Ansley says that surviving merchants have been hit hard with many smaller merchants either closing their doors or declaring bankruptcy. “Consumer spending is way off and probably will stay that way for
at least the next six months until confidence in the economy and stock market returns. That said, we should see a modest increase in volume throughout 2009 and a nice bump in 2010. This increase will go almost directly to bottom-line profits and will be a big relief.”
On the heels of the recent data breach of Hannaford, Heartland and 7-Eleven, Caldwell sees security as a concern right alongside the health of the economy.
“We are seeing signs of improvement in the economy,” he says. “A larger concern is the lack of interest many ISOs and acquirers are taking with credit card security. They don’t want to take time to present new data security information to their merchants who, in many cases, are storing their customers’ sensitive credit card data. This shortsighted thinking could reduce customer confidence in online spending and reduce business growth more than will a stagnant economy.”
Caldwell believes that inadequate security could lead to the next wave of legislation that will affect the card industry. “If ISOs and acquirers will not take the time to reduce credit card data security threats then the government will feel they must intervene and create expensive processes and requirements that will hinder business and increase merchant expenses,” adds Caldwell. “If the payment card industry cannot safeguard customer data then the government will.”
With an environment of security risk and an economy that is sluggish to recover, what should an ISO be doing in times like these?
“Today ISOs need to be as lean as possible to compete with the larger competitors that are in the marketplace,” says Ansley. “The only way to do that is to constantly analyze expenses and ensure every dollar spent goes toward achieving a satisfactory return-on-investment. You have to challenge staff to find new, creative ways to service merchants and customers in the most economic ways possible. This will put you in a position to capture a new deal that may not have the best margin today, but will achieve results in the future.”
Schneider doesn’t have a slam dunk answer but says an ISO should try to limit expenses and merchant default risk without limiting growth. He admits that’s no easy task.
“Just as some economic niches area by area will continue to perform reasonably well, or at least relatively well, others such as mid-range restaurants, some clothing stores and the like will not for some time.” says Schneider. “However, Americans do not like to sit on the couch for very long. Many new businesses are being established as the formerly employed try their hand at being entrepreneurs. Some of those new businesses, in some product or service niches, will survive their start-up period. ISOs probably will need to pick up an even better feel for which businesses are likely
to do so.” 
|
