Target Breach Lessons Learned: The Straw that (Maybe) Broke the Camel’s Back

Actimize Fraud Product Team, Fraud Detection & Prevention

There is a routine that most fraud/risk executives should be following after any large loss or event that erodes customer confidence or even after a large implementation. As part of this routine, understanding what could have been done better underlines the direction of these actions so that history does not repeat itself.

What I noticed during the recent Target event was that some of the “lessons learned” from past data breaches were not applied to ensure the best possible customer experience. From what I’ve seen, banks can experience a 15-20% attrition rate from a fraud event, however any attrition rate in the industry will have variances depending on how customers are treated in the after-care process. In my opinion, this is where a fraud event can turn to a loyalty building opportunity – if managed well.

Here is the list of routine actions that reflect lessons learned from the recent Target data breach, as well as previous incidents, that should be applied in the event of a similar critical data breach:

1. Resist the “Sledge Hammer” Effect of Lowered Limits

Some banks lower limits for cash withdrawals and merchandise for all or many of their customers. While I applaud these banks for taking action, there is a better way. Ensuring you have the tools to segment the population at risk and channel this population to a watch list for scoring or rules is a much better approach. This way, the customers “at risk” are protected, and the remaining customers are not adversely and unnecessarily affected. Ensure your technology is updated to put this more focused strategy into place.

2. Prevent Customer Attrition through Education

I had several family members who suffered from both fraud and attempted fraud over the holidays; in one case, a family member closed his account. It seems that some customers have “gut reactions” to fraud events that can be damaging to your business, so it is critical to equip your customer-facing teams to be trained and empowered to handle customer concerns. This training should be delivered not only as a onetime event, but also as part of on-going fraud awareness education. In addition, an educated, aware, and well-equipped customer provides one of the most effective lines of defense.

3. Prepare for the Next Large Data Breach

All merchants and banks should have a crisis “game plan” in place to manage a large breach. It is not a matter of if, it is a matter of when the next large breach will occur. The customers who are on the receiving end of a well prepared organization appreciate this and expect to experience seamless aftercare as a victim of fraud.

4. Protect Customers in all channels, it’s not just about cards

Often, after a large data breach event, one channel or product will get the “all the attention,” resources, and investment. It is not just about card transactions per se; it is about protecting across channels and products.

If the Target data breach does not teach us anything else, it should teach us that having a comprehensive strategy to protect customers on all channels and all devices is critical — and possible with the right cross-channel crisis strategy in place.

Addressing Fraud Risk from COVID-19 Relief Efforts

May 7th, 2020
Rob Tharle, Fraud & Authentication Subject Matter Expert, NICE Actimize EMEA

A Changing Fraud Landscape: Navigating the Risks Amid COVID-19

April 17th, 2020
Rob Tharle, Fraud & Authentication Subject Matter Expert, NICE Actimize EMEA

UK Fraud Losses – What happened in 2019 and where are we headed now?

April 17th, 2020
Rob Tharle, Fraud & Authentication Subject Matter Expert, NICE Actimize EMEA
Speak to an Expert


We use cookies to ensure that we give you the best experience on this website. If you continue without changing your settings, we’ll assume that you are happy to receive all on the NICE website. However, if you would like, you can change your cookie settings at any time. To find out more about how we use this information, see ourPrivacy Policy.