2018 has belonged to Marriott no doubt, at least for us travelers and point earners. The news today of Marriott’s new claim as the largest breach in history could have ripple effects for some time. These effects will be felt by not only all consumers who may have frequented Starwood properties but also just about every financial institution. Unfortunately, I will feel both as I’m a part-time travel blogger and a full-time financial executive. Even this morning walking into my 9-5, I could feel it was going to be a topic of conversation. But of course the conversation between the two audiences are vastly different in scope and concern. But the reality is the same on both fronts, which is Marriott is now a major headache for many and will not feel near the pain that others, FIs included may have to endure. Marriott’s interpretation of the breach can be found here.

If you’re reading this you probably already know that you could easily fall into one of the categories of the breach.  The exact timeframe of the data exposure is yet to be confirmed, however, there are indications the timeframe of exposure started sometime in 2014 and concluded in September 2018. With that suggested timeframe, it is noteworthy to point out a previously disclosed data breach by Starwood of their point-of-sale (POS) terminals, with exposure dates of November 2014 through November 2015. Obviously, lesson not learned and warnings not heeded. Your personal information may have been hacked which would include address, phone, gender, passport info and any other identifiable info such as all info related to your SPG loyalty items. The second, and possibly more critical hack being credit card information that could have been compromised. This is the major fear for not only the consumers but the financial institutions that issue the credit cards. Now I’m sure many of you are out there saying, Meh, these folks have tons of money so it can never really hurt them. Well these breaches cause significant damage to the bigger institutions but look no further than the smaller institutions that will really feel the pains of these catastrophic breaches.

What Happens Within the Banking Walls

Unless you have the knowledge of the industry or possibly work in the industry like I do, you wouldn’t know how this affects you.  And even if your card isn’t one of the many that are affected by this breach or any of the others that have taken place, you in fact are affected. You hear about the breaches and you probably know someone who has been affected by a breach, but do you know what happens when these cards are identified? What starts out as a moment of trepidation for financial institutions can snowball into a major cash induced crisis that touches all aspects of the industry. It’s a bit of a waiting game at first as the anxiety takes hold waiting to see if there are irregularities in your card portfolio. All fraud is watched as the pieces are put together to find similarities in the individual cases. Is there a central theme surrounding this number of fraud that suddenly popped up. Did they all shop in one place? Was there a demographic link? Is this card present or not? Where is the fraud originating from, our backyard, another state or another country. We’ve seen them all but the true fraud experts can dissect the information much easier.

Once a fraud has been identified, the real work begins. Institutions must decide how to alert these customers? How can you do it in a way that causes the least disruption to your contact center people. If you put the fraud out there for all to see, you could possibly cause a second wave of panic at every channel of communication. The first wave of course being all of the customers who, for instance, have ever stayed at a Starwood property in the last 100 years asking if they were compromised. Then other decisions must be made such as do you reissue one card at a time or if it appears a large swath of customers are affected, do you offer a mass reissue. A mass reissue, as you can expect is a large cost that can literally throw your budget into pure chaos. Yes, we make allowances for fraud and loan losses but when a major event occurs, you may as well be ready to open the vault for a minute.

And so let’s assume that your card has several thousand in fraud losses on it and yours is just one of many. Who is covering that loss, Marriott? Nope, you guessed it. It’s your financial institution. But wait, wait you say. All of you are covered by insurance for those losses. And yes, theoretically you are right. We’re covered on fraud losses…as long as they are of the catastrophic kind that can possibly take an institution down. Very few if any rise to this level, so we do what we must do, eat it. And in effect, you the consumer eats it. Because what we must endure in terms of losses will get spread out in the products and rates you see on a daily basis. We can only offer what we can afford, so even though Bank Central in Anytown USA has CD rates at 2.30% and you wonder why your bank does not? Many factors can cause this, of which fraud is one. And when you are a small institution with very limited capital, you are find yourself simply trying to steady the boat.

So while many consumers are waking up to one headache, financial institutions are waking up to one as well. And for some of us, we’re dealing with both. Either way, this isn’t an attempt to show compassion for the money holders out there, just a reality check on the inner workings of fraud and the amount of damage they do in general. So, yes, Marriott will, and is, taking a hit in their stock and deservedly so, their impact will be felt in terms of anger and empty apologies about something that has been occurring for the last 4 years. The real pain is held out for those who are compromised. Leave it to Marriott to be the gift that keeps on giving this year. Son of a breach!

 

“Live within your means, Travel beyond them!”