Target’s security breach isn’t bad news for everyone.
One company that stands to benefit: Experian, a credit data company whose investors include BlackRock and Artisan Partners Holdings.
Target announced this week that it had hired Experian to provide customers with a free year of credit-monitoring in the wake of a security breach that left at least 70 million people vulnerable to identity theft. Consumers have until April 23 to sign up for the service, which will entitle them to a free copy of their credit report and daily credit monitoring.
Experian and Target declined to comment on how much Target would pay for the service. Experian will be providing Target customers with its ProtectMyID alert product, which typically costs $15.95 a month and $159.95 for the full year.
Friday, Target raised the number of people it said may have been affected by the security breach to 70 million to 110 million customers. The stolen credit card and other private information represents one of the largest retail data thefts in history.
Target has also hired security firms including Mandiant, which was recently acquired by the security software company FireEye for $1 billion, to help with its internal investigation into the breach. Mandiant declined to comment on the companies’ payment arrangement, but comparable services could cost anywhere from $200,000 to more than $1 million.
Manufacturers of security chips used in credit cards, a standard known as EMV (for Europay, MasterCard and Visa), could also stand to benefit. The United States has been slow to adopt the chips, which are widely used across Europe. Brandon Kuehl, the product manager at the Members Group, a card processing and payment solutions company, estimated that perhaps 5 percent of all American credit cards are equipped with the technology, which makes it harder to use credit card information after it’s been stolen.
Credit card issuers and their affiliated companies have entrenched payment infrastructure systems in place, and putting EMV chips on every card could be expensive. But in the wake of a major identity theft, consumers could put more pressure on banks and other credit card companies to institute a change.
“You kind of need everybody to collectively get their act together before you’ll see real full penetration in this area,” said Justin Cappos, a computer security expert at New York University’s Polytechnic School of Engineering. “But judging by the number of high-profile breaches we’ve had in the past couple of years, I would think there might be some momentum building to make a change.”
Additionally, Visa, MasterCard and other credit card companies have warned that card issuers, merchants and processors could be liable for security breaches if they aren’t equipped with EMV protections by 2015.
“We’re still a long way away from that,” Kuehl said. “Even on that date we only anticipate that 60 percent of both issuers and merchants will be EMV capable.”