Data And I.D. Theft: Killing E-Commerce Dead

Customer Inter@ction Solutions, May 2007 by Schelmetic, Tracey E

Eastern supermarket grocery chain Stop & Shop has been dealing with a big headache as of late - the theft of an undetermined amount of credit and debit card numbers. The "entrepreneurs'' removed the legitimate point-of-sale keypads and installed fake keypads in the physical stores with the express goal of collecting numbers and PIN info. My mother e-mailed me in a tizzy and asked, "What's going on with all this credit card theft? Why is this happening?"

I responded, "Because the criminals are smarter than the companies."

This is not a traditional case. It won't stop people from buying groceries, it'll just make a few people think twice before using credit and debit cards to pay for groceries. Bad news for die financial services companies, not for grocery stores.

Shortly after I had that e-mail exchange, clothing retailer TJ Maxx's parent company revealed die Rill extent of the damage of a breach they announced several months ago: over 45 million credit card numbers compromised. The card information was accessed and stolen from transactions beginning in January 2003 and ending in November 2003, said TJX said in its filing with the sec. The breach, unfortunately, was not actually discovered until January 2007. Oops. Many of the credit card numbers were encrypted. That's good news, right? No, actually, because die hackers made off with the company's encryption codes, as well. Oops again.

Granted, TJ Maxx's breach exposed card numbers that were used during in-store visits, as the company does not sell clothing off its Web site. But shoppers at a physical store have the option to pay with cash. E-commerce shoppers, on the other hand, do not.

I realize it's easy to say that this kind ofthing must stop when you're not the one charged with finding die very complex and thus-far elusive solution, but I'm going to say it anyway: this kind ofthing must stop. If it doesn't, it will kill e-commerce. Not put a dent in it, not require ecommerce organizations to come up with perkier ad campaigns to win back business, but kill it stone dead. When customers start to feel that using credit and debit card numbers online offers the same odds of making them victims of identity theft as the chance that it will rain on a Thursday in April, the retail industry, particularly its online component, is in trouble.

How much trouble? Let's look at some numbers.

* Online retail spending grew from $81 billion in 2005 to $95 billion in 2006, and is predicted to reach $144 billion in 2010 (Jupiter Research). Forrester Research plots the 2006 number at about $138 billion, not including travel.

* $9.6 billion worth of apparel was sold online in the U.S. in 2006 (Forrester Research).

* Teenagers alone spent $3 billion online in 2006 (Jupiter Research).

* Total online retail sales for "Black Friday" 2006 (the day after Thanksgiving) were $8.96 billion.

* The aggregate sales figures for cosmetics and fragrances bought online in 2006 was $800 million, up 38 percent from 2005 (Forrester Research).

Here's a final statistic: According to Gartner, approximately $913 million in e-commerce sales was lost in 2006 because of security concerns among online shoppers Do you want to see that number multiply itself many times over? A few more high-profile instances like that which occurred with TJ Maxx will do it. According to die same Gartner study, nearly nine million Americans have stopped online banking altogether, while another estimated 23.7 million consumers will never start online banking because of security concerns.

Sure, you might say, so the e-commerce model collapses, people will just return to shopping in stores. Maybe. For some things, like consumer electronics, this will certainly be the case. But there are lot of people who buy less hardware-oriented items on sheer impulse. Ever browse eBay because you were bored and find something cool that you bought on the spot without thinking too hard about it? You and several other million people. Ever buy books online dut you might never have found in a retailers shop? How about paid content like ring tones, premium news or entertainment? Online stock trading? Online community gaming, such as World of Warcraft, which now boasts some eight and a half million players? Playing poker for money online? How about paid online adult content? Of course, nobody knows anybody who buys it.. .which is why it's a muldbillion-dollar industry in the U.S. alone.

Lets talk about automatic online bill payment. Companies the world over have been able to radically reduce the amount of back-office effort they need to take on sorting through paper checks and hiring armies of people to process payments manually. Paper billing is becoming as quaint as writing letters by hand and sending them through the postal mail. But it's back to die checkbook and the stamps we all go if solutions are not found to online I.D. dieft.

Not to mention, back to the mall, the parking lots, the big box stores, the strip malls, the travel agent's office, the clothing dressing rooms, the crowds, the bookstores, die music stores (when's the last time you bought a CD from a music store??) and the insurance agents office.