Europe’s Retailers Feel Target-style Attack Unlikely
Europe’s retailers and payment systems operators believe a security breach of the magnitude that affected
US chain store Target
late last year, and more recently saw the
departure of the group’s chief information officer (CIO)
, is less of a threat on the other side of the Atlantic.
“We’ve not seen anything specific to the Target breach,” says Kieran Hines, content director for London-based business information group Datamonitor International. “Issues like mass compromises cause a lot of issues for fraud prevention teams, and the impact of the Target [breach] is big in the States. But from the perspective here, there’s not a lot of effect.”
According to a recent Datamonitor survey of 27,000 consumers in 21 countries, 21.9% of US consumers report having been a victim of payments fraud at some time during the past three years against a figure of 11.3% for their European counterparts.
Target has now accelerated plans to convert to Europay, MasterCard and Visa (EMV)-chip technology, which improve security over magnetic stripe cards, in the US. Prior to the group’s recent breach, Visa, MasterCard, American Express and Discover had already begun converting most or all of their US cards to chip by October 2015, after which time fraud liability will shift to any retailers who did not migrate their technology.
Meanwhile, Europe appears not to have seen any shifts in security strategy resulting from Target breach, or even a shift from the current security strategies attributable to other causes, said Gilles Ubaghs, senior analyst for financial services technology at the London-based research firm Ovum.
“In many ways European attitudes to security have become quite relaxed following the initial success of EMV,” said Ubaghs. “On many major metrics, particularly for cloned cards, the value of fraud has fallen off a cliff. For many payment providers this has really taken their focus off of fraud as they perceive it as an issue that has in large part been dealt with.”
There appears to be a wider perception that fraud in Europe is “quite manageable” and anecdotally, annual attendance at fraud conferences seems to be in steady decline, he added.
However, Michelle Evans, senior analyst of consumer finance for Euromonitor International warns that there is a danger of complacency. She believes that European payment providers will need to continuously implement new layers of security to protect cardholder data. These measures include tokenisation to obscure data, real-time fraud alert programmes to provide earlier detection and stronger systems that ensure that vendor’s access to systems does not compromise the security of important customer data.
“Ultimately, victory over fraud is about staying one step ahead of the cyber crooks,” said Evans, “But as the US moves towards EMV that will change the payment landscape and make every other EMV market an equal target for fraud.”