Updated below: Three in four consumers say they will stop shopping at a merchant if a data breach occurs, according to a study be Javelin Strategy & Research.
That finding could be especially painful for TJX, which operates T.J. Maxx and Marshalls. TJX has said 45.7 million accounts were compromised over two years. Javelin notes that data breaches account for only 3 percent of known ID-fraud, but merchants nevertheless take the hit.
According to the Javelin report:
- 77 percent of consumers intend to stop shopping at merchants that had data breaches.
- 63 percent of consumers see retailers and merchants as the least secure about protecting data. For comparison, 16 percent saw processors as least secure and 5 percent cited credit card networks and issuers.
- 85 percent of consumers said they would reward merchants who are security leaders.
Those findings sound damning--if they were believable. What consumers say they will do and their actual behavior are two different things. If Javelin's findings were on target retailers would be a lot more secure. TJX would be on the ropes. Why? The bottom line would actually suffer if three out of four customers stopped shopping. Instead, breach occurs, merchant apologizes and offers credit report monitoring and life--and the shopping--goes on.
The reality is the shopping continues at TJX and other places where data breaches have occurred. TJX shares are higher than they were in late March when it disclosed the full extent of its data breach. The company also increased its dividend. TJX is likely to take a financial hit as it beefs up security--and pays IBM and General Dynamics for their time--but it may not be that material. TJX's finances haven't been dinged at all.
The true test of Javelin's survey will appear in TJX's same store sales in upcoming months. My bet: The effects of the data breach will result in a blip at best.
Update 4/13: TJX had no ill effects from their data breach. In fact, same store sales were pretty strong. I guess any publicity is good publicity. Also there's some additional commentary on the Javelin study on Techmeme.