Target’s publicly disclosed data breach at the height of the 2013 holiday shopping season impacted millions and millions of customers. Since I don't often shop there, I was spared the aggravation from dealing with any customer related issues until today, Sunday, August 3, 2014 – nearly 8 months after the reported incident.
While on vacation with my family I stopped into the Target store in North Haven, Connecticut to stock up for the week ahead. After finding everything on my list ranging from sunscreen, groceries, batteries and more the cash register rang up a total of $250.05. I swiped my credit card and provided the clerk the last four digits to be entered into the POS for verification. To my surprise, the card was declined. Hmm. We tried it again. Declined again.
People in line behind me looked and chuckled at the guy with the declined card. My combined embarrassment and frustration grew exponentially as each of the next three cards I tried were also promptly declined. Not knowing what the issue may be with my cards, a colleague provided his card to try in an effort to get us out of the store. Also declined.
Then… I remembered the breach.
I called the number for customer services on the back of my credit card as the people around me watched. Sure enough, after verifying my identity via the usual security checks the customer service representative on the other end of the phone asked if I was at Target. Upon saying yes, I was notified the account freeze which had been automatically triggered by my attempted transaction would be lifted. This was the case for each of the five cards I had attempted to use.
The Target manager whose attention had been diverted to my issue had made comments of reported computer issues throughout the morning. Upon hearing me say the problem was actually driven by an automatic reaction related to the banks’ fraud detection triggers the manager simply blurted out “C’mon… that breach was a year ago! Won’t it end already?”
There were no apologies, no explanations, no nothing. Honestly there was only a look of hopeful desperation that the transaction would now complete successfully or the potential we may simply leave. Forty minutes after getting to the cash register I finally walked away with a completed transaction without even a "Thank You for shopping at Target".
I took away many insightful thoughts and observations from my experience:
- This long after the breach it can still impact people for the first time
- How could it be that the manager presumably had no idea what the issue was and had no scripted education or training to speak to it effectively
- The ongoing costs hit everyone:
- The retailer via lost sales and consumer frustration: how many people would have walked way
- The card issuers: they maintain support staff that must deal with this time and time again; what can the cost per call be and how much can it add up to
- The customer: until the account is unlocked, all charges would be declined…. an unacceptable consequence for having provided payment information to a merchant they thought they could trust
When does the impact and cost of a breach go away – it doesn’t. It lingers and lingers. As the busy back to school season approaches, I can only wonder how Target shoppers will have the same experience as I when they choose to shop at Target stores to furnish college dorms and more.