Target Red card, Visa logo and $20 bills

Who Pays for the Target Breach?

By R. Alan Clanton | published Wednesday, January 15, 2014 |
Thursday Review editor

Call it fee and fine inflation. Consumers may ultimately pay a higher cost for a lot of products as an indirect result of Target’s massive security breach, according to some business analysts and technology experts.

Why? Because dozens of the payment vendors and partner companies connected directly with Target may get hit with millions of dollars in lawsuits, adverse class action outcomes, and a variety of government fines and state-imposed fees. Some of the class actions lawsuits are already working their way through the early stages of the legal processes, but in the end—some believe—the ultimate cost will passed along to consumers in the form of higher prices, and not just at Target stores.

The problem is more complex than just Target’s failure to protect the data of the estimated 110 million store visitors whose account information was stolen by hackers.

Each time a customer swipes a card through a card reader at a Target retail location, a wide variety of financial interactions may take place, including electronic conversations between that card reader and vendors for the store, often either Bank of America, based in Charlotte, N.C., or First Data Corporation (First Data is owned by Kohlberg Kravis Roberts), based in Atlanta, Georgia.

Credit card activity at Target also interacts with the complex networks owned by MasterCard, Visa, American Express and others. In the case of debit cards, hundreds of banks and credit unions may also be involved, including the specialized vendor who handles PIN number verifications, Vantiv, which is based in Cincinnati, Ohio. Then there are the hundreds of credit card issuers, ranging in size from giants like JP Morgan Chase, Well Fargo and Citi Group, to smaller regional banks and credit unions.

Days after Target revealed that its data breach was much deeper, and took place over a longer time span, than originally thought, the luxury store Neiman Marcus announced that it too had been hacked during the holidays. Further, reports have been circulating in the financial press for over week that two other major retailers experienced security breaches in November and December, but no formal announcements have been made.

Target originally said that its security breach took place beginning on Black Friday and ending on December 15, 2013, but later acknowledged that the time frame of the hacking may go back 18 months or more. The FBI and the U.S. Secret Service are each investigating the massive hacking incident.

Related Thursday Review articles:

Can You Protect Yourself From Credit Card Fraud?; R. Alan Clanton; Saturday, January 11, 2014.

Target's Woes Get Worse; R. Alan Clanton, January 11, 2014.