Monday, January 13, 2014, Hacks and Leaks

Hacks and Leaks

by Sinclair Noe

DOW – 179 = 16,257
SPX – 23 = 1819
NAS – 61 = 4113
10 YR YLD - .03 = 2.83%
OIL – 1.14 = 91.58
GOLD + 3.80 = 1253.40
SILV + .23 = 20.51

This week's economic calendar includes retail sales report and business inventories tomorrow; reports on wholesale inflation and the Fed Beige Book on Wednesday; Thursday we'll see the inflation numbers on the retail level; Friday brings an update on housing starts, industrial production, and an options expiration Friday.

We are smack dab in earnings reporting season. This week, the big banks report. Tomorrow we'll hear from JPMorgan and Wells Fargo; Bank of America on Wednesday; Goldman Sachs and Citigroup on Thursday; Morgan Stanley on Friday. The banks' reports will provide insight into how much activity there has been in both consumer and commercial lending and portfolios. Another area of interest is changes in the banks' trading portfolios, which are expected to decline. Financial companies announced more job cuts last year than any other corporate sector; those cuts can't continue indefinitely. Litigation costs will be the wild card in earnings reports as some of the big banks have been trying to clean out the skeletons from the closets.

Fourth-quarter earnings expectations are highest for health-care stocks, financials and consumer-discretionary names, as well as Industrial companies. Much like in the third-quarter, the financial sector is expected to have the best earnings growth in the fourth quarter, with an estimated growth rate of 22.6%. S&P 500 earnings as a whole are expected to grow 6.1%. Without the contribution of the financial sector, expected growth is 3%.

While some businesses have shown fundamental improvement, many corporate earnings have benefited from cost cutting, low interest rates to refinance debt, stock buybacks and other moves that might fall under the heading of financial engineering, and it's not just the banks. Many companies have not been investing in boosting their productivity. In order for the economy to grow, companies are going to have to start investing more in capital expenditures and job growth, the very things they have squeezed to achieve high margins.

One thing the banks could do is to tighten up their security on digital transaction. Last Friday, retailer Target announced that personal information on as many as 70 million additional customers was stolen as part of the company's payment card data breach. The information stolen includes names, mailing addresses, phone numbers, and e-mail addresses. Hackers infected Target's point-of-sale terminals with malware to steal the payment card information Over the weekend, the number of people impacted by the breach may have grown to as many as 110 million. This is the latest blow to Target, which in December revealed that hackers had stolen approximately 40 million credit and debit card numbers. Some of that 40 million may be overlap in the 110 million figure. Target said at the time that it believed the data stolen came from transactions made between November 27 and December 15.

The breach, in turn resulted in a 10 to 20 fold increase in stolen cards available on underground markets. Target says affected customers will suffer no liability for fraudulent charges, and they will offer one year of credit monitoring and identity theft protection. You can go to a Target website and enter an email address, and an activation code will be emailed to you.

Target partnered with credit card monitoring firm Experian to handle the monitoring for its customers. Once users get their activation codes they’ll be asked to enter a variety personal information into the Experian Web site to verify their identities for the credit monitoring. This includes information such as address, social security number and mother’s maiden name — all to ensure that consumers get the right credit reports. Target will not have access to the data.

Once users are signed up for the service, they will receive a complimentary copy of their credit report and the option to receive daily credit monitoring, access to fraud resolution services and identity theft insurance where available.

Target was not alone; Neiman Marcus has also been hacked. I haven't heard numbers on Neiman Marcus, but it apparently happened about the same time as the Target hack. Three other, as yet unnamed, retailers were also hacked.

Banks and card issuers are reportedly prohibited from naming any organization that's suffered a breach, unless that organization releases a public breach notification. Then it's up to the card issuers to notify affected customers.

Issuing new cards, however, reportedly costs at least $10 per card, which has led some card issuers to avoid reissuing cards after a breach. Notably, while JPMorgan Chase reportedly replaced up to 2 million cards for cardholders whose data was compromised during the Target breach, Wells Fargo has declined to do so, saying that it will instead monitor accounts for signs of fraud and add additional protections to any apparently compromised accounts.

Card issuers have long complained about their inability to hold retailers accountable for the cost of replacing cards following a breach. But retailers have long countered that card issuers should be doing more to protect cardholder data, for example by implementing the chip-and-PIN system known as EMV, which requires a cardholder to enter a personal identification number before the card can be used to authorize an in-person transaction. EMV is already in widespread use in many other parts of the world, including Europe.

We don’t know all of the details about what happened at Target and Neiman Marcus, but there’s a really obvious weak spot in the US payments infrastructure that should be corrected, irrespective of whether it would have prevented the Target and Neiman Marcus breaches: the use of two-factor authentication, namely chip-and-PIN cards, which are standard outside the US and have been effective in reducing fraud. The bottom line is that the retailers don't want to pay for secured transactions and the banks don't want to pay for secured transactions.

The Senate Banking Committee will hold hearings to try and determine if retailers or banks should foot the costs in the wake of a breach. Or maybe we should have something a little better than a third world payment system. It's normal for the US to be backward in retail banking. It’s in investment banking that she is a great innovator.

In the meantime, think cash.

From hacks to leaks. West Virginians are being told “DO NOT USE WATER”. Not just don't drink the water, do not use the water, no baths, no washing of clothes or dishes, almost nothing. A chemical used in coal processing has leaked from an old tank along the Elk River and leaked into the water supply, a crisis that has affected nearly 300,000 people in nine counties and effectively closed the largest city in the state. The shorthand name for the chemical is “crude MCHM.” The technical name is 4-methylcyclohexane methanol.  People line up for free water at the fire stations or buy it at the Dollar General — $1.60 for a 20-ounce Dasani, $39 for a flat of 24 bottles.

The leak happened on Thursday, so West Virginians are getting a little ripe by today. Two state employees tracked the leak to Freedom Industries, which owns a row of vintage storage tanks along the south bank of the Elk. The chemical had leaked from an inch-wide hole in the bottom of one tank, pooled in a containment area and then seeped through a porous cinder-block retaining wall, down the bank and into the river.

The infrastructure was primed for a water crisis. The intake for the water distribution system is downstream by a little more than a mile, and on the same side of the river, as the tanks containing the chemicals. The West Virginia American Water Co. sent out the do-not-use order late Thursday afternoon, but by then people had been drinking the water, cooking with it and bathing children with it.

Phrases such as "light at the end of the tunnel" are being used by officials in West Virginia as they give about 300,000 people there hope that they'll soon be able to use the water that's supplied to their homes and businesses. What this tells us is that out water infrastructure has some problems. It's easy to slough this off by thinking it's just West Virginia, but it could happen almost anywhere, and we are not prepared.

Hacks and leaks, just 2 areas where we could see major improvements and upgrades. And I'm thinking back to last Friday's jobs report and wondering why we aren't seeing many, many more jobs being created in this country.