Friday, May 22, 2009

Heartland Breach Ramifications Thousands Don't Subscribe To

An interesting ramification to the Heartland Breach...because banks have "canceled" untold thousands of credit and debit cards, and reissued new ones, companies are seeing losses "in the millions of dollars" from automatic billing revenue that, is, well...not so automatic anymore. 

Automatic Billing which results in monthly subscription revenue has been, and is, being severely impacted.  The Heartland Breach has caused that bird in the hand to fly the coop...and it's safe to say some will litigiously blame the "non"payment processor.  Here's a great story from the Washington Post Blog "Security Fix:"


Security Fix - Heartland Breach Blamed for Failed Membership Renewals

Heartland Breach Blamed for Failed Membership Renewals - Brian Krebs | Security Fix

In February, Bill Oesterle began seeing nearly twice the normal number of transactions being declined for customers who had set up auto-billing on their accounts. The co-founder of Angie's List -- a service that aggregates consumer reviews of local contractors and physicians -- said he originally assumed more customers were simply having trouble making ends meet in a down economy.

But as that trend continued into March and April, the company shifted its suspicions to another probable culprit: credit card processing giant Heartland Payment Systems.

The data breach last year at Heartland -- a company that processes roughly 100 million card transactions a month for more than 175,000 businesses, has forced at least 600 banks to re-issue untold thousands of new cards in a bid to stave off fraud.

For consumers, receiving a new credit or debit card number means contacting companies that have those credentials on file to charge for monthly or periodic bill payments. Less well understood, however, is the economic impact that large scale processor breaches and the inevitable waves of re-issues by banks may have on companies when customers simply fail to reset that automatic billing when they receive a new card number.

The Heartland breach happened late in 2008 and was quietly announced in late January. Since then, Oesterle said, Angie's List has seen an increase of two to four percentage points in the rejection of auto-billed payments.

"We estimate that we're seeing an impact of perhaps as much as $1 million in revenue as a result of the increased turnover in card turnover," Oesterle said.

Oesterle said the possibility of the Heartland breach as the source of the increased turnover became clear at a recent staff meeting, when he discovered that three out of four of the people around the table had recently been re-issued new credit cards by their banks, which had attributed the action to the Heartland breach.

"So we started doing some random sampling, and took a look at people [whose cards were] being declined, and started contacting them," Oesterle said. "Most of the people we contacted said they were happy with the service, but had had their credit card re-issued by their bank as a result of the Heartland breach."

The trouble is that convincing customers who had once set up auto-billing to reestablish that relationship after such a disruption is tricky, as many people simply don't respond well to companies phoning or e-mailing them asking for credit card information, Oesterle said.

"We have processes in place to track these rejections that allow us to go back to members, asking for updated information, but we generally accept that some rejected auto-bills will never be recouped," he said. "We'll work hard to re-capture those members, but it will cost us additional resources to do so - and some will be lost."

Avivah Litan, a fraud analyst with Gartner Inc., said no doubt much of the attrition companies like Angie's List are seeing is in fact due to cards being re-issued by banks in response to the Heartland breach. But she said Heartland is likely also being wrongly blamed as the source of cards compromised in other -- less publicized -- data breaches that happened at the same time.

Continue Reading at Security Fix




Reblog this post [with Zemanta]

Disqus for ePayment News