Just as the dust was beginning to settle from last year’s massive data breach at Target stores that exposed about 40M credit and debit cards, the industry is reeling from an even larger breach. Home Depot stores have confirmed that about 56M payment cards have been exposed through an attack on their POS system during April-September 2014. The Home Depot credit card breach has, according to Home Depot, only affected customers who purchased in-store and not those who purchased online.
This article was first published on the PLC Blog
What we learned from the Target data breach is that certain major issuers, in this case Chase and Capital One, among others, will proactively be reissuing cards to anyone who may have had their accounts exposed. Other card issuers will take a wait-and-see approach, preferring to reissue only upon detecting fraudulent activity on an account rather than incurring the expense to them of about $10 per reissued card.
Luckily for recurring merchants taking advantage of account updater services, both Chase and Capital One participate in the program. However, we can still expect to see the same trends we saw with the previous breach, but on a much greater scale – an increase in hard declined cards, including Lost/Stolen and Invalid Account; an increase in the catchall decline code of Do Not Honor; a spike in the volume of accounts running through and being updated through account updater. Merchants with a high portion of debit cards in their portfolio might see an increase in insufficient funds declines. Based on the Target breach, certain debit issuers reduced the amount allowable for debit cards to be billed in a given time period. The net result for recurring merchants is expected to be about 10-15% less overall approval, after all recycling and updating is complete, with a higher cost of processing as fees for updater and retrying authorizations increase.
Employing the ultimate best practices for decline recovery is critical to success for a recurring merchant. Now is the time to review your current procedures and evaluate whether there is room for improvement.
Paul Larsen, our INSIDER Guide to Payment Processing, is the Founder and Managing Partner of Paul Larson Consulting (PLC), a consulting company focused exclusively in the area of payment processing – specifically on recurring and installment billing merchants in the card-not-present (CNP) space. With over 700 clients, PLC’s expertise helping card not present businesses significantly improving their bottom line by both reducing costs and increasing customer retention. (Read Paul’s full Bio)