The retailer said Friday that it is “hearing very few reports of actual fraud” involving the credit breach.
Target Corp. tried Friday to head off the continuing crisis over its giant data breach and customer service struggles with a CEO apology and a discount.
The nation’s No. 2 discount retailer said shoppers in Target’s U.S. stores will get the same 10 percent discount that employees normally receive this Saturday and Sunday. The company also is offering one year of free credit monitoring for the 40 million customers whose credit or debit card information was exposed during one of the largest known U.S. data breaches.
“We take this crime seriously,” CEO Gregg Steinhafel said in a statement. “It was a crime against Target, our team members, and most importantly, our guests.”
Steinhafel’s apology for the theft and ensuing communications breakdown came as worried customers continued to overwhelm the Minneapolis-based retailer’s phone systems and the portion of its website dedicated to its Redcard operations. Meanwhile, some financial service executives expressed their own frustrations with how Target is handling the mess.
“Our guests’ trust is our top priority at Target and we are committed to making this right,” Steinhafel said. “We want our guests to understand that just because they shopped at Target during the impacted time frame, it doesn’t mean they are victims of fraud.”
He reiterated that cardholders won’t be held financially responsible for any fraud within their accounts.
Target was still working Friday to meet the “unprecedented” call volume and said it has quadrupled the capacity of its online Redcard account management site. It has also begun notifying shoppers who bought merchandise in its U.S. stores between Nov. 27 and Dec. 15, the period of the breach.
It’s not clear how far the company’s gestures will go to quell the rising anger over the security breach, which remains under investigation by the Secret Service and Target’s own team.
Target shopper Ted Benjamin said the discount offer felt hollow. Benjamin, a retired grocery store worker in Elk Grove, Calif., said he’s tried in vain for two days to get through to someone to close his Redcard debit card. He couldn’t do it online, or at a store, he said.
“I don’t need a 10 percent discount,” he said. “What I need is to protect myself from thousands of dollars that could be fraudulently claimed. It’s Christmas. That’s all they’re trying to do is keep the business up.”
Akshay Rao, marketing professor at the U’s Carlson School of Management, also felt that Target’s moves didn’t hit the mark. “I think those are weak signals,” Rao said. “Ten percent off is a promotion to get you to come into the store and buy stuff.”
A more appropriate response would have been to tell people the company would pay them double whatever money might be taken from their accounts as the result of fraud, he said.
As Target battles to keep customers’ goodwill, the stolen credit and debit card information has apparently been actively trading on the underground market.
“[Accounts] have been flooding underground black markets in recent weeks, selling in batches of one million cards and going for anywhere from $20 to more than $100 per card,” security expert Brian Krebs wrote Friday on his blog, KrebsOnSecurity.com.
Krebs, who was the first to reveal the data breach on Wednesday, said the cards pose a heightened challenge for banks because they included locations and ZIP codes. That information allows people buying the hacked card numbers to make counterfeit cards and use them only in the states where the cards were issued, thus averting systems that help banks detect unusual activity.
Daniel Ingevaldson, chief technology officer at Easy Solutions Inc., an antifraud company in Miami that works with banks, said he was monitoring international black market forums online that cater to stolen cards. He noticed a “huge spike” in card volume around Dec. 11, and later found out it was linked to Target. The crooks peddling the cards on the underground forums were “having a party” as a result of the breach, he said.
“They were quoting how much money they were making … $10,000 a day.”