2. Houston we have a problem!
2
Target Credit Card Data Breach
o Target’s CEO Gregg Steinhafel
announced his retirement
o Significant fall in profits
o $100 Million POS revamp
o Possible $3.6 Billion in PCI liability
o Currently being sued by shoppers
3. Typical Card Based Transaction
3
1
1. A customer provides the merchant with
payment card information.
2. The transaction information is then routed
through the required CC network.
3. The Issuing bank receives the transaction
information and either approves or declines
it.
4. The response code from the issuing bank is
then routed back through the CC network
back to the merchant.
5. The merchant then completes the sale and
the transaction is then settled via the
merchant’s bank.Customer Merchant Issuing Bank
CC Network
2 3
4
5
4. Symptoms of a Problem
4
o Card based payments is a 50 year old concept
o Card based payment data is easily stolen
o Card based fraud resulted in losses amounted to $11.27 billion globally during 2012
o Another $6.47 billion was spent on card based fraud prevention during 2012
o Globally out of 691 data breach investigations during 2013: e-commerce accounted for 54% and PoS
systems accounted for 33% of the breaches
o Of these intrusions over 50% specifically targeted payment-card data
o 67% more Americans were impacted by financial data breaches in 2012 than in 2010
o In 2012, the US accounted for 47.3% of the worldwide payment card fraud losses but generated only
23.5% of total volume of card based transactions
o Identity theft is the No. 1 consumer complaint (per FTC)
5. Looking Deeper
5
Identity Theft / Fraud Statistics
Average number of U.S. identity fraud victims annually 11,571,900
Percent of U.S. households that reported some type of
identity fraud
7 %
Average financial loss per identity theft incident $4,930
Total financial loss attributed to identity theft in 2013 $24,700,000,000
Total financial loss attributed to identity theft in 2012 $21,000,000,000
Total financial loss attributed to identity theft in 2010 $13,200,000,000
$0
$5
$10
$15
1 2 3 4 5 6 7
BILLIONS
Annual Global Fraud Losses (Credit & Debit Cards)
Other Statistics
14% of persons experienced identity theft at some point
during their lives
10% of persons experienced identity theft spent more
than a month dealing with an incident.
14% of identity theft victims suffered an out-of-
pocket financial loss
85% involved the fraudulent use of existing account
information
Merchants and Issuers
6. The Rabbit Hole Continues
6
Company Year Number of Accounts Affected
CardSystems Solutions 2005 40 million
TJX Companies, Inc. 2006 94 million
U.S. Veterans Affairs 2006 17.5 million
Certegy 2007 8.5 million
Fidelity National Information
Services
2007 3.2 million
Heartland Payment Systems 2008 134 million
Bank of New York Mellon 2008 12.5 million
Hannaford Bros. Supermarket Chain 2008 4.2 million (credit & debit)
Sony 2011 12 million
Global Payments 2012 1 million
Signature PIN Difference
Revenues $14.20 $6.70 $7.50
Interchange Fees $14.20 $6.50 $7.70
Account Fees N/A $0.20 N/A
Costs $4.50 $1.10 $3.40
Network Fees $1.70 $0.50 $1.20
Processing Fees $0.80 $0.20 $0.60
Rewards Programs $1.20 $0.00 $1.20
Fraud $0.80 $0.40 $0.40
Profit Margin to
Issuing Banks
$9.70 $5.60 $4.10
Largest Credit Card Data Breaches Issuers’ Profit and Loss Analysis
Per $1,000 in transactions
8. The Future
8
Imperial London College
Timeline of Emerging Science and Technology
2015 – 2030
Physical payment cards
become obsolete
9. Current Investment Activity
9
o The payments space is ripe for disruption as evident by investment activities and
consumer demands for new payment methods.
o Payments startups raised $1.2 billion in 2013 (A Five Year High!).
o Deal growth in the payments marketplace has been heavily concentrated at the
early stage (Seed/Series A).
o Investment is coming from all areas, and not just the typical players (Google,
Amazon, AT&T, Telefonica, American Express, Visa, Mastercard, First Data, etc.).
Notas del editor
Target’s CEO Gregg Steinhafel announced his retirement.
Profits fell 16% in the first quarter of 2014, this followed a 46% fall in profits in the last quarter of 2013 when compared with the same period in 2012.
POS system revamp will cost Target $100 million.
Target could be fined $90 for every individual breach: that equates to Target facing a $3.6 billion liability.
Target has also been sued by shoppers.
U.S. Department of Justice, Javelin Strategy & Research (2103)
http://www.cardhub.com/edu/credit-debit-card-fraud-statistics/
https://identity.utexas.edu/assets/2014-ID360-Presentations/rusch.pdf
http://www.bjs.gov/content/pub/pdf/vit12.pdf