Make us your home page

Target credit card breach breeds worry

Target revealed on Jan. 10 that about 70 million customers were affected in the credit card data heist from its stores at the end of last year, double the previous estimates.

Getty Images

Target revealed on Jan. 10 that about 70 million customers were affected in the credit card data heist from its stores at the end of last year, double the previous estimates.


Robert Spoden shops at Target a few times a month, usually spending $50 to $75 on food, clothes and sporting goods. But when Visa called last week to alert him about purchases totalling more than $2,700, he knew something was amiss.

"Initially, I was shocked that someone tried to do this with our credit card,'' he said. "But I wasn't surprised. It's a sign of the times and what's going on in our country.''

Spoden was aware of Target's data breach during the holiday shopping season. The retailer said cyber criminals stole data from 40 million credit and debit cards used between Nov. 27 and Dec. 15. The hackers also snatched personal information — including email addresses, phone numbers, names and home addresses — of another 70 million people.

On Monday, Chase Visa's fraud control department notified Spoden that his card had been used four times at a Target store in Tampa. Two of the transactions were for identical amounts: $640.93. The others were for $1,067.86 and $424. As a result, Visa was canceling his card and reissuing a new one.

As a courtesy to Target, he said, Spoden called the store along Gandy Boulevard, where he shops the most. Even though he knew he wasn't liable for the charges, he figured the store would want his information to help with the investigation.

They didn't. An employee instructed him to call Target's customer service line, sign up for a year of free credit monitoring and, most baffling to him, file a police report.

"Why should I be the one to call the police when they're incurring the loss?'' Spoden said. "What are the local police doing to do?''

• • •

Going after credit card fraud is a daunting task. Credit and debit card fraud losses worldwide reached more than $11 billion in 2012, up 15 percent over the previous year, according to the Nilson Report, a publication about the payment industry. Devoting resources to every case is impossible.

"We do investigations and are able to make arrests, but they are complicated cases and people should do what they can to protect themselves,'' said Tampa police spokesman Andrea Davis.

The Tampa Police Department has about three dozen detectives assigned to property-related crimes, a broad category that covers almost everything except murders and crimes involving sex, gangs and major drugs. Several other detectives work in the fraud unit but mostly investigate tax fraud and crimes against businesses.

In January, Tampa police received more than 100 reports of fraudulent credit card use — a small fraction of what actually occurs, Davis said.

Target has said it is working with law enforcement officials. On Wednesday, Attorney General Eric Holder said the Justice Department is committed to tracking down the thieves.

Spoden, 65, wonders what steps, if any, are being taken at the local level. Visa would not give him details, he said, but must know exactly where and when the illegal transactions took place. Did investigators look at surveillance video? Did they interview store employees?

Target isn't talking specifics about its investigation. A corporate spokeswoman said people suspecting suspicious activity should notify their credit card company.

The Minneapolis-based retailer hasn't said how many of its 110 million shoppers have been actual victims of the breach. So far among its REDcard Visa credit and debit card holders, Target has seen "low levels of incremental fraud'' beyond what normally occurs, said spokeswoman Molly Snyder.

Similarly, Visa, one of the major credit card companies picking up most of the tab for the heist, has not released an estimated amount. Spokeswoman Rosetta Jones said the company doesn't break out fraud data by retailer but, on average, fraud amounts to about 6 cents on every $100 transacted — 0.06 percent.


While the banks that issued the credit cards will absorb the cost of fraudulent sales initially, Target is not off the hook. Once the banks can tally their losses, they are expected to file lawsuits against Target and issue fines to recoup some of the money, said Jake Kouns, chief information security officer for Risk Based Security.

"Some of the lawsuits, penalties and fines could get ugly,'' he said. "We know that this is going to cost the banks and Target a lot of money.''

Already, dozens of lawsuits nationwide have been filed against Target by private individuals, including one from a Target shopper in Tampa alleging the retailer failed to protect her personal and private financial information.

Target has $100 million of cyber insurance and $65 million of directors and officers liability coverage, according to press reports. While seemingly a lot of money, Target could go through it quickly, Kouns said. Illegal cards made from the stolen information will likely continue coming into the market for the next few years. Many of the stolen card numbers don't expire until 2016.

Risk Based Security, a Richmond, Va.-based company that tracks data breaches, counted 2,164 breaches in 2013 that exposed more than 822 million records. That's the most since the company started recording breaches in 2005, when the number of incidents was 158.

And the future doesn't look much better. Since the Target breach, Neiman Marcus and Michaels have announced similar incidents.

"It's not slowing down,'' Kouns said. "What we're doing right now is not working. Attackers are moving faster and are better equipped than the defenders.''


In the end, the cost of security breaches will be passed on to consumers in the form of increased prices and credit cards fees, said Sajeev Varki, an associate marketing professor at the University of South Florida. Everyone will pay a few cents more as the cost of doing business on plastic.

But will Target's breach persuade shoppers to go elsewhere? Probably not, he said.

"If they think someone is targeting Target then consumers will be more likely to switch,'' Varki said. "But if they feel like it was a random attack, they will stay with the store and figure it will be someone else's turn.''

Spoden isn't blaming Target for his card getting hacked but has lost confidence in the retailer and fears similar breaches will just get more common.

He believes the most effective way to reduce checkout fraud would be to require shoppers to show identification when using a credit or debit card, a policy already in effect for some retailers. It could slow down the lines and offend some customers, but it might have stopped criminals from using his card.

In the meantime, he's no longer shopping at Target.

"We love Target but we're in a holding pattern," he said. "We're waiting for something to come back from Target that says, 'We've got this thing covered and you can have faith shopping in our stores.' ''

Susan Thurston can be reached at or (813) 225-3110. Follow @susan_thurston on Twitter.

Target credit card breach breeds worry 01/31/14 [Last modified: Friday, January 31, 2014 6:15pm]
Photo reprints | Article reprints

© 2017 Tampa Bay Times


Join the discussion: Click to view comments, add yours

  1. Trigaux: No more VinikVille as Water Street Tampa finally arrives


    Adios, VinikVille! Hello Water Street Tampa.

    An aerial rendering of the $3 billion redevelopment project that Jeff Vinik and Strategic Property Partners plan on 50-plus acres around Amalie Arena.
[Rendering courtesy of Strategic Property Partners]
  2. Unlicensed contractor accused of faking death triggers policy change at Pinellas construction licensing board

    Local Government

    The unlicensed contractor accused of faking his death to avoid angry homeowners has triggered an immediate change in policy at the Pinellas County Construction Licensing Board.

    Last year Glenn and Judith Holland said they paid a contractor thousands of dollars to renovate their future retirement home in Seminole. But when they tried to move in on Dec. 14, they said the home was in shambles and uninhabitable. They sent a text message to contractor Marc Anthony Perez at 12:36 p.m. looking for answers. Fourteen minutes later, they got back this text: "This is Marc's daughter, dad passed away on the 7th of December in a car accident. Sorry." Turns out Perez was still alive. Now the Hollands are suing him in Pinellas-Pasco circuit court. [LARA CERRI   |   Times]
  3. SeaWorld shares drop Monday to 2017 low after disclosure of federal subpoena


    The Orlando parent company of SeaWorld and Busch Gardens theme parks saw its stock drop 3.5 percent Monday to $15.10, its lowest price of this year.

    Killer whales perform at Shamu Stadium at SeaWorld in Orlando in 2011, before public pressure was placed on the theme park company to curtail its orca shows.SeaWorld has since announced an end to the traditional killer whale entertainment  at its theme parks. [AP Photo/Phelan M. Ebenhack]
  4. Rick Scott appoints longtime ally Jimmy Patronis as Florida CFO

    State Roundup
    Rick Scott appoints Jimmy Patronis (background) as CFO. [STEVE BOUSQUET | Tampa Bay Times]
  5. Local gas prices plummet as Fourth of July holiday travel approaches


    TAMPA — Local gas prices are enjoying an unseasonal dip around the $2 mark just in time for the hectic Fourth of July holiday travel weekend.

    The price of regular unleaded gasoline has dropped to $1.99 at a Rally station on Pasadena Ave. South and Gulfport Boulevard South, South Pasadena.
[SCOTT KEELER   |   Times]