Data breach could cost $300M
Credit card replacement is in addition to Sony's $1.5B
4/29/2011NEW YORK -- Credit card lenders could be facing more than $300 million of card replacement costs if customers affected by the Sony Corp. data breach decide to replace their credit cards.
Analysts have estimated the incident could cost Sony more than $1.5 billion, but this is the first time they have put a price tag on how much major lenders also will suffer.
"It's not insignificant," said Sanjay Sakhrani, analyst at Keefe, Bruyette & Woods.
Each customer request to replace a credit card would cost lenders about $3 to $5 per card, several analysts told Reuters this week. Those costs would include the new piece of plastic itself, postage, and various customer service costs.
Hackers earlier in April broke into Sony's PlayStation Network, stealing names, addresses, and possibly credit card details from 77 million users. Sony shut down the network on April 19 but waited about a week to disclose that the system had been hacked and users' data could have been stolen.
Credit card lenders also could lose business from the customers affected by the breach, even if they were quick to replace the cards. New cards take time to be activated, and in the meantime consumers could use a different card, Aite Group analyst Julie Conroy McNelley said.
Consumers also may be reluctant to use a card they perceive as higher risk because it might have been involved in a hacking episode, even if the breach of security was not the issuer's fault, she said.
By some measures, $300 million is a relatively small amount for the industry. U.S. credit card banks that issue Visa cards and MasterCards made about $2.12 billion in after-tax profit in 2010, according to the industry publication PaymentsSource.
That figure excludes American Express Co. and Discover Financial Services, which lend directly to consumers and process the transactions on those cards themselves.
The Sony breach is a sign that the industry may face new threats.
"As we move into the digital world, we put more and more of our digital identity into the cloud, or digital devices ... Security is going to be a tremendously important part of what we do," said Daniel Schulman, American Express group president of enterprise growth.
Ed McLaughlin, MasterCard's chief emerging payments officer, said payments security is evolving along with "intelligent devices," such as smartphones and contactless cards, he said.
Upgrading certain security standards -- for example, adopting chip-and-pin credit cards, widely used outside the United States -- also depends on merchants, who typically only upgrade their terminals every five to seven years, one analyst said.
Citigroup Inc. global enterprise payments head Paul Galant, who previously ran the bank's credit card unit, said security breaches are a fact of life for financial institutions.
"Security breaches happen, they're going to continue to happen ... the mission of the banking industry is to keep the customer base safe and customers feeling secure about their financial transactions and payments," he said.