Stores and card processing companies have reported a steady stream of security breaches for years without a major backlash from consumers, such as those disclosed by TJX Cos in 2007 and by Heartland Payment Systems in 2009.
But the latest thefts including attacks on Target and Neiman Marcus have involved a broad set of merchants and could mark a watershed moment for security standards as calls grow for changes in the protection of consumer information.
One sign of the change is a new enthusiasm for payment cards that store customer information on computer chips and require users to type in personal identification numbers.
Mallory Duncan, general counsel of the National Retail Federation that represents Target, Wal-Mart and other big stores, said on Sunday that the trade group encouraged its members to upgrade to the higher-security cards even though they cost more than old systems that store data on magnetic stripes. The breaches are unfortunate but were not entirely surprised, Duncan said. The technology that exists in cards out there is 20th-century technology and weve got 21st-century hackers, he said.
Duncan said the trade group had only made its backing for the higher-security cards public since the Target breach. Banks have quietly begun to offer the cards but mainly for customers to use while travelling. Big US card networks led by Visa will not require the higher security until next year at the earliest.