Chernobyl is certainly at the top of the list of man-made disasters. In light of recent events, I’ve been thinking that the Target breach has become the Chernobyl of the payments world.
As a group, we Americans never thought that much about payment security – we really didn’t have to. We are protected by federal laws limiting our liability for lost/stolen cards, while at the same time, the card networks’ rules give us even better “zero liability” protection, and have educated us about that protection with hundreds of millions of dollars (if not billions) of TV ads over the years.
Joe Shmoe Merchant from Whoknowswhere, Illinois wants your MasterCard account number for an ecommerce purchase? No problem, you’re protected. Give my card to a hot dog vendor on the street who swipes it though (or even keys it into) his smartphone? No problem – mustard and relish please, and hurry up with my hot dog. Put my Visa credit card on file with an airline that can’t even run its planes on schedule? Sure, why not, it’s quite convenient.
Look at all the card issuers that have, over the years, tried to differentiate themselves based on security – Bank of America, Citi, and others have all tried it on and off, without much visible success in moving market share.
But after the Target breach, my sense is that things are changing. I’m wondering if we, who unlike Europeans and others, can’t be bothered to use Verified by Visa and MasterCard SecureCode because “we’re protected anyway”, may be taking a different view of who we give our payment credentials to after “Payments Chernobyl” and what steps we’ll be willing to take to protect our accounts.
I say this because the Target breach is different than all the others – huge numbers of people affected coupled with unprecedented news coverage and congressional hearings. We just didn’t’ see that with the TJ Maxx, Heartland, Global Payments, Hannaford Brothers, Michaels (twice), Marriott, and other breaches.
Collectively, these breaches have now affected virtually every cardholder in the U.S. We are largely driven by convenience, and let me tell you, it sure isn’t convenient to have to log in or call all the places that store our card numbers for recurring payments.
Sure, it’s no big deal getting a notice from my wireless carrier, cable company, and favorite eRetailer when the auth request fails, but what about all the other places we forget about? My son was thrown off a San Francisco bus when my card of file was declined and his monthly contactless bus pass didn’t renew (and yes, to my fellow payment geeks, I haven’t forgotten about the networks’ account updater services, but we all know they are far from a panacea).
So I’ve been thinking a lot about whether U.S. consumers will alter their payments behavior after Payments Chernobyl, and if so, how.
Anecdotally, I’ve been hearing about people now preferring signature versus PIN debit, and of other people who are switching from signature debit to PINs. I’ve spoken to people who are not worried too much about leaving a credit card on file (“hey, it’s the bank’s money anyway”) but are now quite reticent to put a debit card on file (“sure, I’ll get the money back, but my rent check will be bouncing in the meantime”). And how about those people who have a Target or another merchant’s decoupled debit card – you know, the ones that have your checking account number on file so that they can route the purchase thought the ACH? I suspect a number of those folks are watching their checking accounts pretty closely now.
So I’m reaching out to everyone, asking you to let me know what you’re thinking, seeing in your own data, and hearing. Have you changed your payments behavior after Payments Chernobyl? Changing your use of PIN vs. signature debit? Using credit vs. debit more? Rethinking whom you say its OK to keep your account number on file for faster checkout or recurring payments? Will your “chip and PIN” or “chip and signature” card be top of your wallet when EMV comes to market? Or even, and I hate to say this, using cash more?
I’d love hear from you – please track me down at Allen@Glenbrook.com!