For Your Review

Industry Stands Ground Against Retailers on Data Breaches

Data breaches at Target Corp. and The Home Depot Inc. may be in the distant past for consumers, but banks are still dealing with the financial fallout.

In late May, financial institutions soundly rejected a settlement between Target and MasterCard Inc. that would award $19 million to MasterCard issuers to cover the financial injury caused by the retailer’s 2013 data breach, in which hackers accessed 70 million credit and debit card accounts due to malware introduced into Target’s point of sale terminals. The deal had to be approved by 90 percent of eligible MasterCard issuers. The true cost of the breach has been difficult to pin down. The American Bankers Association (ABA) estimates that its member banks have spent at least $200 million due to the Target data breach alone, but this is a conservative estimate, says Doug Johnson, ABA senior vice president, payments and cybersecurity policy.

In early June, banks and credit unions filed suit against Home Depot. Last year, hackers used vendor credentials to install malware on 7,500 self-checkout registers to syphon payment data, which went undetected for five months while hackers accessed 56 million accounts. The lawsuit alleges that the home improvement retailer neglected to protect consumer data by using outdated security systems: On July 1, Home Depot moved to dismiss the lawsuit, claiming there was no “concrete injury traceable” to Home Depot.

Banks have long borne a huge cost of retailer data breaches. The ABA estimates that each reissued card costs a bank anywhere from $3 to $13. With 126 million accounts impacted by the Target and Home Depot breaches, the industry has spent a minimum of $378 million just to reissue debit and credit cards. That cost doesn’t include the resources that financial institutions have devoted to account monitoring and additional customer service staffing.

Target and Home Depot have paid heavily for these breaches. Target has accrued a net of $166 million in expenses related to its breach. Insurance covered an additional $90 million. Home Depot, so far, has spent $40 million on breach-related expenses, and another $39 million was insured.

A survey conducted by the ABA last year found that just one-third of responding banks were reimbursed for data breaches within the past five years. Every bank with more than $50 billion in assets was reimbursed, while just one-quarter of banks with less than $1 billion in assets were compensated for their loss. But these banks didn’t receive much: Forty-six percent recouped less than 1 percent of the costs related to a breach.

Solving the blame game on data breach liability could soon take a few steps in the right direction. Replacing long outdated magnetic stripe cards with chip and pin cards should protect consumers and their banks, and retailers that don’t update their systems will be held liable for the oversight. Legislation has also been introduced that, if passed, would establish nationwide data security standards, regulated by the Federal Trade Commission, which could then fine organizations that are breached due to neglect. It’s regulation that bankers support, says Johnson. “Those that are responsible for the breach should pay the costs associated with the breach.”

Brand Loyalty: Is There an App For That?

Can a strong mobile offering help financial institutions generate the kind of loyalty seen by companies like Starbucks? Yes, it can, say 71 percent of the more than 175 bank senior executives and directors participating in an audience poll at Bank Director’s recent Bank Audit & Risk Committees Conference in Chicago.

Twelve million customers actively use Starbucks’ mobile app, according to the company’s December 2014 investor presentation. The app allows coffee connoisseurs to make purchases in stores through prepaid Starbucks cards and, in select markets, order ahead and bypass long lines for the barista. They can also send electronic gift cards to friends and family—Starbucks’ way of tackling peer-to-peer (P2P) payments—and earn rewards. Thirty-three percent of in-store purchases are made using a Starbucks card, and almost half of those occurred using the company’s app. That’s a lot of lattes.

For banks, generating this level of brand loyalty isn’t as simple as offering basic transaction services. Customers often interact through multiple channels. “If a customer starts something on mobile and wants to then pick it up online or in the branch, [then] they should be able to do that,” says Dan Latimore, senior vice president in the banking practice at research and consulting firm Celent. Customers also need a compelling reason to return to the app. Starbucks offers a “pick of the week,” in which Starbucks offers a weekly free download of an app, song or e-book. “What gets you to check in with your bank when you don’t have a specific transaction to execute?” Latimore says.

Among smartphone or tablet users who switched their primary bank in 2013, 60 percent cited the bank’s mobile offering, according to a survey by the advisory firm AlixPartners. Big banks have lead the charge in mobile, says Dave DeFazio, partner at Brentwood, Tennessee-based StrategyCorps, which works with financial institutions to improve their mobile and online offerings. Bank of America Corp. offers cash back on credit and debit card purchases through its BankAmeriDeals program. In an era of low interest rates, helping customers save money can be as good as earning interest on a checking or savings account, DeFazio says.

J.D. Power and Associates’ 2015 U.S. Retail Banking Satisfaction Study found that these types of benefits play a large role in a customer’s satisfaction with the bank’s mobile app. “The big banks have recognized an opportunity to make strong connections with their customers,” says DeFazio. J.D. Power also reported that, for the first time, customer satisfaction in mobile banking apps has declined slightly. Consumers will continue to demand more and more from their bank’s mobile channel, so banks will be working even harder to stay ahead—and keep customers loyal.

Do Boards With Women Have Better Governance Practices?

Could the addition of a female board member be the gateway to better board practices? A study of corporate directors released in May by PricewaterhouseCoopers (PwC) suggests this may be the case—or, that boards with diverse membership may already be more prone to having investor-friendly practices in place.

Female directors were more likely than men to report that their boards have adopted many practices that certain stakeholders like to see. Sixty-three percent of women, and half of men, report their board has mandatory retirement policies in place. Fifty-eight percent of women report their company separates the chairman and CEO roles; half of men report the same. Twenty percent of women report their board has director term limits in place, compared to just 12 percent of men. PwC surveyed 863 public company directors last year, of which 14 percent were women.

Some of these governance practices can create opportunities for more diverse boards. Mandatory retirement policies and director term limits ensure that board seats open up, making it easier to find room on the board for a more diverse candidate.

The study also finds that male and female directors may not see eye to eye on a number of issues related to board governance. Female board members indicate they’re more willing to engage with shareholders on issues such as executive compensation, risk management oversight and board compensation. Women are more critical of their company’s board evaluation process, and see more obstacles to dealing with underperforming directors. Women are more concerned about information technology issues, including strategy and oversight.

The diverging perspectives and experiences of male and female directors spotlight the value of board diversity. “Boards, like companies, are finding that diversity matters,” says Paula Loop, who leads PwC’s Center for Board Governance. “Diversity seems to provide a richer conversation or dialogue, and I think that certainly could be helpful for a group of individuals that are focused on oversight.”

Bank regulators are keeping a closer eye on the issue. A set of standards governing diversity, released by the Federal Deposit Insurance Corp., Office of the Comptroller of Currency, the Federal Reserve, the Consumer Financial Protection Bureau, the Securities and Exchange Commission and the National Credit Union Association, recommends that financial institutions look at a diverse pool of candidates, including women and minorities, when hiring senior personnel or selecting new board members. The standards were effective on June 10, and impact banks and credit unions with more than 100 employees.

The Architect of the Dodd-Frank Act Joins Signature Board

Do high-profile former government officials bring value when they are appointed to corporate boards? For example, former Secretary of State Colin Powell serves on the board of, which sells a popular sales management system used by many businesses. What does Powell, a retired four-star general in the U.S. Army who also served as chairman of the Joint Chiefs of Staff, know about sales? Not that much, in all likelihood. But it’s not what he knows, says Peter Crist, chairman of Wintrust Financial Corp. and a veteran executive recruiter who is also chairman of Crist/Kolder Associates in Chicago—it’s who he knows. “If you can bring Colin Powell into a meeting, it helps build relationships,” says Crist.

In the case of former U.S. Congressman Barney Frank—the man who put the “Frank” in the landmark Dodd-Frank Act—it might actually be what he knows that led Signature Bank to appoint him as a replacement for the late Al DelBello, a former lieutenant governor of the State of New York, and before that the chief executive of Westchester County, who had served on Signature’s board since 2003. Frank will join another prominent former elected official on the board—former New York Senator Alfonse D’Amato, who spent 18 years in the upper chamber, where he earned the title of “Senator Pothole” because of his skill in delivering benefits to his local constituents.

As one of the architects of the Dodd-Frank Act, Frank will no doubt be of great value to the Signature board in the area of regulatory compliance and relations. Interestingly, he’ll also have the opportunity to experience the effects of his handiwork from the industry’s perspective. The Act is often cited as a major contributor to the banking industry’s increased compliance costs since it was passed in 2010.

Although Frank is a Democrat (as was DelBello) and D’Amato is a Republican, they have at least one thing in common. D’Amato was also a one-time chairman of the Senate Committee on Banking, Housing and Urban Affairs, while Frank was once the leading Democrat on the House Financial Services Committee. No doubt they will have much to talk about on the subject of bank regulation, not to mention politics.

Bank Director Staff Writer

Join OUr Community

Bank Director’s annual Bank Services Membership Program combines Bank Director’s extensive online library of director training materials, conferences, our quarterly publication, and access to FinXTech Connect.

Become a Member

Our commitment to those leaders who believe a strong board makes a strong bank never wavers.