Gone in 60 Seconds
Less than 60 seconds—that’s how long it took me to discover I could be a criminal. All I needed was a little plastic card. Locked out of my house on a blustery morning, I borrowed a neighbor’s expired credit card and approached the task of breaking into my home with great skepticism. I had no clue what to do after inserting the card between the door and its frame. Surprisingly, I barely moved the card and learned that tripping a lock was even easier than it appears in the movies.
As quick and easy as it was to open a locked door with a credit card, it was nothing compared to how easy it has become for criminally astute minds to steal credit-card data. The recent security breach at TJX Cos. sent another warning of payment systems’ vulnerability. Retailers face a myriad of immediate risks—some of which may not even be on your radar screen.
Bob Carr, chairman and CEO of Heartland Payment Systems, Princeton, N.J., cautioned that retailers are likely oblivious to what he considers the single- greatest security risk: the storage of data contained on track two of credit cards, including the individual cardholder’s name, account number and CVV (card verification value) security codes.
“Although storing track-two data is prohibited by Visa and MasterCard, many software developers, either knowingly or unknowingly, broke the rules for storing data,” he explained. “If a fraudster hacks into the system and accesses that track-two data, they have enough information to create a ‘white plastic’ card that will act exactly like the actual credit card. With a credit-card number, a fraudster can make purchases on the Internet; with a white card, they can walk into any store and make purchases.”
For the most part, retailers probably do not know whether their systems store track-two data, and particularly in the 1980s and ’90s (when many of the systems currently in place were written) it was not unusual for software developers to want to save all the data that was captured. At that time, confidence in the security of systems was running high, and professionally developed firewalls were thought to be virtually impenetrable.
Carr offered two recommendations for retailers. First, confirm that the software being used meets Visa’s Cardholder Information Security Program (CISP-certified) and MasterCard’s Data Security Standards (DSS-certified). Second, obtain a letter from the software developer stating that the rules have not been violated and track-two data is not being stored.
Additionally, retailers relying on payment processors should confirm that their partners are managing credit-card transactions with the greatest levels of security. One option is to request that all data comply with Data Encryption Standards (DES) before they are stored. The encryption process scrambles numbers prior to storage, and a secure code is required to restore the authenticity of data. The cost of encryption is modest when compared to the potential risk of compromised data. Heartland Payment Systems, which processes 1 billion credit-card transactions annually, added sufficient encryption abilities, with a $150,000 investment in hardware.
Home Depot Projects Lower Profit in 2007
Atlanta, The Home Depot Inc. said Wednesday it will pump $2.2 billion into improving its business this year even as it expects lower earnings and slim sales growth. Home Depot said that for fiscal 2007 it expects sales growth in the range of flat to an increase of 2%, a decline in comp-store sales in the middle single digit percentages and an earnings per share decline of 4% to 9%.
Including the effect of a 53rd week in its fiscal year, consolidated sales are expected to increase by 1% to 2%, and earnings per share are expected to decline by 3% to 8%, Home Depot said.
CEO Frank Blake told investors at Wednesday’s conference that like last year, “2007 also will be a difficult year.” But he said it will be a year of focus on Home Depot’s priorities and a year with “hopefully less noise.”
The “noise” was apparently a reference to the investor furor over former CEO Bob Nardelli’s hefty compensation in light of the company’s lagging stock price. Nardelli resigned in early January after six years at the helm of the company. He took with him a severance package valued at $210 million.
To improve its business, Home Depot said it will invest $2.2 billion this fiscal year in key priorities, including the opening of 115 stores. The investment includes $1.6 billion in capital spending and $600 million in expense.
Home Depot said it will recruit master trade specialists, simplify its staffing model, use more technology to aid customer service, and redesign employee compensation and reward plans. It also will invest in new merchandise and review its pricing strategies. Additionally, the chain will spend money on customer loyalty programs, direct-ship programs, credit programs and other specialty sales initiatives.
Federated Plans Name Change
New York City, Federated Department Stores on Tuesday said it would ask shareholders to approve changing the company’s corporate name to Macy’s Group Inc. A vote to amend the corporation’s charter to accommodate the new name will be held in conjunction with Federated’s annual meeting on May 18. If approved, the company will be known as Macy’s Group Inc., effective June 1. The move comes on the heels of the company changing most of its store nameplates to Macy’s.
“Macy’s Group is the appropriate name for our company, given that about 90% of our sales involve the Macy’s brand. That said, Bloomingdale’s is—and will remain—a very important part of our company,” said Terry J. Lundgren, Federated’s chief executive. Federated Department Stores also said stronger sales at established stores and lower costs drove a 5% rise in fourth-quarter earnings. For the quarter ended Feb. 3, net income rose to $733 million from $699 million the prior-year period. Sales fell 4% to $9.16 billion from $9.57 billion, as the company shuttered 80 “duplicative” store locations. Comp-store sales rose 6.1% in the quarter.
During the quarter, Federated lowered its selling, general and administrative costs 11% to $2.31 billion.
The company also announced a $4 billion increase to its stock buyback program and said it will immediately repurchase 45 million shares for $2 billion under the plan.