A series of truly massive data thefts rocked the North American retail world over the course of the holiday season in 2013, with a staggering number of personal consumer details stolen from a range of US-based retailers such as high-end retailer Neiman Marcus and department store Target, which is also the third largest retailer in the United States. With what appears to have been over 100 million credit card records stolen, and Target potentially facing a $1 billion USD fine from governmental agencies, data security in both the online and offline world has become a major focus retailers hoping to avoid similar blunders.
For quite a while, a disconcerting number of US retailers have been operating under the 'school of fish' mentality, employing the bare minimum of data security in the hopes that someone else will be breached instead of them, but after the number of breaches that have been seen recently, it's clear that strategy is collapsing under the sheer volume of attempted thefts and lax procedures when it comes to online data security.
This largely stems from the antiquated credit card processes still used in much of the United States, where a magnetic swipe and signature is all that's required to make a purchase. US Senator Amy Klobuchar, speaking to the media over the weekend, said "“Now you see Europe is using it and has a much less lower incidence of credit card fraud, in fact in America we are 25 percent of credit card transactions in the world but we are 50 percent of the fraud. And that is just a ridiculous situation. It is clear we have to go to this new type of technology.”
Target, for one, has finally decided to accelerate the rollout of 'chip and pin' style credit card machines that are the norm in Europe and Canada, but this is only one element of the security problem they face. While many online-only retailers are extremely careful about the security of their user's information while the transactions are taking place, security standards often slip once the data has been stored somewhere on company servers - or, increasingly, being handed off to a third-party payment processor who has more limited accountability to the consumer. Visa and Mastercard have given retailers until 2015 to upgrade their systems, but US retailers spend as little as 2% of their tech budgets for online security, a number which is remarkably small considering the huge negative potential of data breaches. As consumer backlash grows against repeated failures in this arena, expect retailers to smarten up and focus on beefing up security both on and offline.