To my query of what is hot in security business processes and reputation that will interest our IAFS members, Bob said this: data security. This is why. The new poster child for data security is Heartland Payment Systems, (NYSE:HPY). Heartland, the sixth-largest payments processor of credit and debit card transactions in the U.S., announced in January that its records were hacked. A recently apprehended cyber-gang, according to the Justice Department, compromised 130 million Heartland accounts.
What are the lessons of interest for IAFS members? There are two lessons covering, respectively, the costs of reputation loss and the potential for reputation restoration.
The first lesson is that this was an expensive breach with growing costs. Heartland reported in May that the breach had cost it $12. 6 million so far, which included legal costs and fines from Visa and MasterCard, who said the company was not compliant with payment-card–industry rules. Then, In filings for the Securities and Exchange Commission, Heartland said the 2008 data security breach cost it $32 million as of June 30. Most recently, as of 30 Sept in the 10-Q filing, the Company recorded pre-tax expenses of $105.3 million or about $1.74 per share, associated with the security breach, aka, the Processing System Intrusion.
The majority of these charges, or approximately $90.8 million, related to: (i) assessments imposed in April 2009 by MasterCard and VISA against us and our sponsor banks, (ii) settlement offers we made to certain card brands in an attempt to resolve certain of the claims asserted against our sponsor banks (who have asserted rights to indemnification from us pursuant to our agreements with them), and (iii) expected costs of settling with certain claimants with whom settlement discussions are underway.
There is more. The Heartland breach – which has so far resulted in 28 class-action lawsuits filed against the company precipitated a near-immediate 50 percent drop in Heartland's share price (shown in red). Total equity value lost, rebased against the S&P500 Index (shown in blue) as of today, is about $300 million. Data source: Big Charts.com.
The second lesson is that following its near-death experience, Heartland is now committed to building reputation resilience by establishing the new standard for data security processes. Heartland is raising the bar in retail payments security by bringing end-to-end encryption to its network. It will be expensive and a big logistical challenge to execute. However, as long as it's accompanied by good policy and process, Heartland's encryption initiative will plug a definite security gap in the payments system.
In turning to processes to cure the defects that led to the reputation loss, and by creating a new standard for best practices, Heartland is following the model established by Johnson and Johnson with their product security issue, and El-Al Israel Airlines with their hijacking-related security issues. It is a best practice that examplifies the values of the IAFS and its members. Won't you consider joining us?
Heads up: IAM magazine, the official publication partner of the Society, will feature a reputation-focused case study on Johnnson & Johnson (NYSE:JNJ) in the January 2010 issue, #40.
Comments
Post has no comments.