NEW YORK - VeriFone Systems, EMC’s RSA and Ingenico are poised for a gain in sales as U.S. retailers turn to makers of payment terminals and security software for help shoring up their anti-hacking defenses.
Ever since Target disclosed in December that hackers stole financial data from 40 million customer accounts, companies as disparate as casinos, grocers and luxury-goods stores have requested help to make customer data more secure, say payment-technology executives.
Interest surged anew when Neiman Marcus said it too had been hit and Michaels Stores also reported its customer data may have been compromised. Concerns over consumer data took center stage again last week as Target and Neiman Marcus executives testified before Congress.
VeriFone’s revenue from point-of-sale hardware bought by big retailers in North America will surge 15 percent this year starting in April, estimates Wayne Johnson, an analyst at Raymond James & Associates. By the end of 2013, as many as 50 percent of U.S. retailers will have installed terminals capable of handling more secure chip-based cards, Gil Luria, a Wedbush Securities analyst, said in a note.
“This will get retailers to spend more on security, which is good for VeriFone and Ingenico,” Luria said in an interview. “These hacks will encourage retailers to buy more new chip-enabled terminals.”
For retailers, options include beefing up efforts to stave off phishing attacks, accelerating a move to credit cards with embedded microchips rather than magnetic strips, and encrypting data as it moves from checkout terminals to remote servers.
Such purchases would indicate an increase in spending by U.S. chains, which for years have invested far less than other industries on data security, making them more vulnerable to attacks than retailers in Europe. The United States accounts for almost half of $12.42 billion in annual global fraud losses on payment cards, according to the Nilson Report, an industry newsletter in Carpinteria, Calif.
Constrained by thin margins, U.S. retailers traditionally have focused technology investments on building customer-friendly websites, among other priorities, said Greg Buzek, president of IHL Group, a retail-technology consulting firm based in Franklin, Tenn.
They also were aware that the effects of data breaches typically faded fast, including one at TJX Cos. that affected more than 100 million people last decade.
U.S. chains can shrug off data breaches no longer. Last month, the FBI warned some retailers that attacks are on the rise, said Jenny Shearer, a spokesman.
There is evidence that the attacks are spooking some consumers. While many retailers struggled to lure shoppers this past Christmas shopping season, Target said sales at its U.S. unit were “meaningfully weaker” after disclosing the data theft.
John Mulligan, chief financial officer of the chain, apologized to U.S. lawmakers at a hearing Tuesday for the data breach and said security will be improved as Target speeds up implementation of chip-enabled card technology.
“I want to reiterate how sorry we are that this has happened,” Mulligan said.
The chain also could face as much as $1.1 billion in payments to banks related to the data breach, Jason Kupferberg, a Jefferies analyst, said in a Jan. 29 report.
“All the large retailers are looking to ensure this doesn’t happen to them,” said Thierry Denis, president of Ingenico North America, a French maker of payment terminals.“Before they would have said, ‘No, we don’t want to spend money on security.’ Now they know they’d better spend more.”
In the past few years, retailers have begun preparing for a switch from cards with magnetic stripes to ones based on chips already widely used in Europe. Holders of such cards typically enter passwords when making a purchase, adding an extra layer of security.
Chains may now accelerate installations of EMV - for Europay, MasterCard and Visa - terminals, which work with chip-based cards, Luria said.
He expects the surge in the technology’s adoption to increase VeriFone’s sales by $50 million in fiscal 2015, and another $50 million in fiscal2016. That would add about 15 cents to VeriFone’s earnings for each of those years, Luria said in a Jan. 28 note.
Since Target disclosed the breach, shares of VeriFone have gained 21 percent. Ingenico has gained 9.7 percent while EMC is little changed. The Standard & Poor’s 500 Index has declined 3.1 percent in the period.
Industry analysts say chip-based cards wouldn’t have stopped the hackers from gaining access to Target customer data. In that case, the criminals likely sneaked in after the cards were swiped and during the brief period unencrypted data moved to the chain’s servers, Kupferberg said in the report.
Now retailers are shopping for software that encrypts data for the entire payment process, according to Ingenico’s Denis.
“Encryption may not have been at the forefront of discussions, as EMV was,” he said. “Now they’re asking about both.”
So-called point-to-point encryption can cost “millions of dollars,” said Robert Sadowski, director of technology solutions for RSA, which is based in Bedford, Mass.
Those purchases may be approved now that retailers’ executives and board members are getting involved in overseeing the efforts to protect their companies from breaches.
“There’s more interest by the boardroom, more interest by the CEO, by the CTO,” said Tiffany Jones, senior vice president of client solutions for iSight Partners, a Dallas-based data-security firm.
Defenses against phishing attacks - when criminals lure unsuspecting shoppers to bogus sites that trick them into typing in their passwords - are another top priority for retailers, according to Steve Ward, the marketing chief at Invincea, a data-security company based in Fairfax, Va.
After the government issued a warning on Jan. 2 identifying phishing as a big security risk, Invincea saw a spike in calls from what Ward calls a who’s who of retailers.
“We’ve had seven or eight calls where they literally say, ‘Can you come in tomorrow?’” Ward said. “We’ve seen an insane flood of interest.” Information for this article was contributed by Christopher Palmeri of Bloomberg News.
Business, Pages 19 on 02/10/2014