Loyalty programs could feel Target data breach fallout
Shoppers might hesitate the next time a cashier asks for their phone number or they're prompted to enter an email address to register for a promotion, following news that as many as 70 million Target customers might have had personal information stolen in a massive data breach.
It's a serious blow to retailers, especially as they rely more on loyalty program participation to drive sales and gather data about their customer base.
"Consumers definitely already have concerns about sharing data," said Emily Collins, an analyst with Forrester Research. "From a consumer perspective, perception is the reality," she said. "Consumers generally are most concerned about phishing scams and their identity being stolen."
More from NBC News:
Beanie Babies billionaire to be sentenced for tax evasion
Ford lightens up with all-new aluminum F-150 truck
US journalist expelled from Russia, joins small group to be barred since Cold War
Experts in loyalty marketing say other retailers are keeping a wary eye on the still-unfolding Target saga and the impact it could have on consumer perceptions of loyalty programs in general.
"Retailers are certainly concerned," said Joe Easley, senior director of business development and product strategy at Kobie Marketing. "Look at what happened to TJX years ago. It impacted everybody," he said, referring to an extensive data breach involving T.J. Maxx stores in 2007.
Target chairman and CEO Gregg Steinhafel told CNBC the company was hit with malware at its point-of-sale terminals, but that it is still investigating to see if the crooks wormed their way in elsewhere.
In an interview with the network, cybersecurity expert Rodney Joffe speculated that the hackers might have broken into a marketing database, based on the nature of the information that was taken.
By grabbing customers' personal information, the thieves hit the heart of Target's promotional strategy, said retail consultant Howard Davidowitz. "The main arrow they have in their quiver is the REDcard," he said, characterizing the breach as "a tremendous blow and loss of confidence" that could prompt skittish customers to stop participating.
Replacing those customers could take up to a year and would require a significant marketing investment, he predicted.
Steinhafel told CNBC that customers love Target's REDcard, and the company's most recent quarterly filing shows that penetration of the branded debit card nearly doubled from a year ago, and that combined credit plus debit REDcard transactions make up nearly 20 percent of sales. "A meaningful portion of the incremental purchases on REDcards are also incremental sales for Target," the company noted in its filing.
Easley said other retailers with loyalty programs tied to payment cards have the highest risk of a negative image. "Anything tied to a bank instrument of any kind is high risk." He suggested retailers might explore decoupling their card programs from their loyalty programs if a broader backlash lingers.
Retailers won't want to do that unless they have to, though. They tend to like combining loyalty and card programs because they get more detail about what these shoppers are buying; plus, cardholders tend to shop more often and spend more, Davidowitz said.
Collins said any further disclosures could make fixing consumers' broken trust even harder. "If the numbers keep changing, I think they're going to have a longer recovery than they expected," she said. "It makes it harder for them to repair the damage."
—By Martha C. White, NBC News contributor