Many of you may remember the unauthorized access to payment card data at Target between Nov. 27 and Dec. 15, 2013. Many of you might even be among the 40 million credit and debit card holders who decided to shop at Target in that time frame – I am. I received notifications both from Target and my bank in December that my data was indeed, compromised, and was issued a new card. Ok, a little inconvenient, but no harm done, right?
Unfortunately for me and many of those 40 million card holders, my card was used in fraudulent transactions in that time period. Again, nothing that serious – the damage was less than $500 total between two retailers, Best Buy and Kmart, which I disputed with the bank. My bank is a local, small establishment, but submitting a dispute tends to be similar across all banks: at the minimum, it involves some paperwork, your statement and a signature. It wasn’t stressful, annoying or invasive, and the entire process only took about 15 minutes in person.
Two months later, I received a call from my bank, notifying me that Kmart is disputing my claim! The fix is (theoretically) quick and simple – I had to sign and fax a letter to my bank reaffirming the fraudulent transaction, including transaction and account details.
My point of the story is two-fold: The first and bigger focus is on the ramifications of a data breach. The failure to keep customer data secure can result in lost revenue, potential fines and an impacted company reputation. It is so important for retailers and any organization managing customer and payment information to ensure they are using secure, reliable systems. This breach has definitely tainted Target’s name, even if just a little bit, and the millions of people affected by the hack are still fixing something that wasn’t even their fault in the first place.
This leads me to my second point, which is not to scowl at Kmart or any retailer that may be taking extra precautions to ensure they are not getting scammed by opportunists, but why did I have to resend the same information I originally sent to Kmart? My bank contacted me and informed me Kmart needed more information to investigate the report…but told me to send over exactly what I originally filed with my claim: No, I did not use my card or authorize that transaction. Yes, this is the amount I’m disputing. Here is my card number.
What does that say about Kmart’s data management abilities?
This can all be tied back to the effect on the customer experience. For starters, I just had to give Kmart the same information to resolve something that should have been settled two months ago. Technology exists to avoid this redundancy and optimize multichannel customer service. I also haven’t actually received any communication from Kmart about this dispute, or a reason as to why it is even delayed. This is the opposite of transparency and keeping customers informed – even though I was technically never even a customer, I was a potential customer up until this point. You can bet I won’t shop there in the future after this.
These are impacts that go deeper than a few (OK, a lot…40 million) compromised credit and debit cards. A data breach can mean lost customers, both existing and potential, a damaged reputation, insight into mismanaged processes and overall loss of business. To ensure you’re not putting customer data at risk, make sure you are keeping up with system updates, compliance audits and the latest technology.
Edited by Cassandra Tucker