Javelin study narrows down consumer cost to Global Payments breach
Major cyber attacks on global corporations certainly cost those businesses a lot in image and shoring up security infrastructures -- but the financial impact on the little people is significant too.
To shed more light on this side of cyber crime that often gets forgotten in the months following a major breach, Javelin Strategy & Research has published a case study about the attack on Global Payments last spring.
To recall, card processor Global Payments (a third-party payments processor for Visa and MasterCard credit and debit cards) was struck late March 2012 by a security breach that at the time was reported to have put initially 50,000 cardholders at risk. That estimate was soon bumped up to closer to 1.5 million.
The breach was said to have been contained within a few days, but questions remained about how much personal data was at risk through at least July.
Soon thereafter, The Wall Street Journal reported that the event would cost $84.4 million in damages to the credit card processing agency.
Turns out, according to Javelin, it was $92.7 million thanks to court battles and reduced business activity.
But in the end, how much did it cost to consumers?
To put this into perspective, Javelin researchers described the Global Payments incident as the "largest breach of a payment processor since that of Heartland Payment Systems in 2008."
But the estimated damage is much more simple (and unnerving) than that. Taking 1.5 million cards into account, Javelin estimated that $707 million in fraud will occur through the misuse of the card data that was breached.
Predicting that there will be roughly 428,000 of related cases of reported fraud, the end cost that consumers will still be expected to pay for various reasons is closer to $152 million.
Javelin researchers concluded:
Payment card information is of immense value to criminals, as among all types of PII it is the easiest to monetize through misuse or sale. While the advent of zero liability policies and Regulation E have reduced the costs to consumers that will result from associated frauds, victims of this breach who suffer identity fraud will still incur $152 million in costs and spend nearly 5 million hours resolving these cases. As evidenced by this incident and others like it, payment card data is under siege, affecting the financial industry, retailers, and consumers alike.