“Well written and an interesting perspective.” Clan Rossi --- “Your article is too good about Japanese business pushing nuclear power.” Consulting Group --- “Thank you for the article. It was quite useful for me to wrap up things quickly and effectively.” Taylor Johnson, Credit Union Lobby Management --- “Great information! I love your blog! You always post interesting things!” Jonathan N.

Saturday, December 28, 2013

Target’s Senior Managers in Damage Control Mode: A Forensic Appraisal

The number of transactions at Target, a major American retailer, during the weekend before Christmas in 2013 came in at between 3 to 4 percent lower than for the same weekend in 2012.[1] That the number of shopping days between Thanksgiving and Christmas in 2013 are five less than in the previous year and number of transactions at other retailers during the weekend in 2013 is slightly higher than for the previous year suggests that Target did indeed take a financial hit due to the massive breach in electronic security. The debit and credit-card numbers of up to 40 million customers (between November 27th and December 15th) could have been compromised by hackers who immediately began selling the “secured” information from abroad.[2] Lest this lesson in the downsides of electronic commerce and globalization be enough bitter medicine to swallow, Target’s damage control gives us a rare opportunity to glimpse the mentality of the company’s corporate-level managers by inference.

The first piece of evidence concerns the customers’ PIN numbers—the four digits you enter after swiping your card. During the final days before Christmas, Target’s management denied that the PIN numbers had been compromised. “We continue to have no reason to believe that PIN data, whether encrypted or unencrypted, was compromised,” Molly Snyder, a company spokeswoman, said, no doubt in anticipation of a hoped-for frenzy just before Christmas; to minimize continuing damage, existing and potential understandably nervous customers would need to be assuaged and pacified, lest the company lose its shirt (without payment!)[3]

Woefully convenient, a Target spokesperson “confirmed” two days after Christmas that encrypted PIN data had indeed been stolen. “While we previously shared that encrypted data was obtained, this morning through additional forensics we were able to confirm that strongly encrypted PIN data was removed. We remain confident that PIN numbers are safe and secure. The PIN information was fully encrypted at the keypad, remained encrypted within our system, and remained encrypted when it was removed from our systems.”[4] Because the company did at the time store information that hackers would need to decrypt the PIN numbers, the debit card accounts had “not been compromised due to the encrypted PIN numbers being taken.”[5] The key word here is compromised, for in Molly’s pre-Christmas mollifying and no doubt legally-crafted words, “We continue to have no reason to believe that PIN data, whether encrypted or unencrypted, was compromised.”[6] Parsing the “before and after” company statements, it becomes clear that just because the PIN numbers were stolen after all does not mean this theft compromised the debit cards. That is to say, in terms of legalese, the second statement does not contradict the first.[7]

The narrow mountain pass was likely dug before Christmas in order to assuage customer fears before Christmas by holding off on as much of the bad news as possible until after even the day after Christmas—not a light retail day to be sure. For support, I submit for your esteemed consideration Reuters’s report that a senior payment executive at Target said a few days before Christmas, as Molly was mollifying, that the hackers had indeed taken PIN data.[8] We can thus deduce that Target’s senior managers were aware of the PIN thefts even as the spokeswoman was assuring the public that the PIN data had not been compromised.

The asseveration is at the very least misleading. To be stolen is a sort of compromised condition. Perhaps the hackers had gotten their hands on some software that would decrypt the numbers without the company’s management’s knowledge. After all, it had taken managers until December 15th just to realize that the debit and credit-card numbers were being lifted.  Furthermore, Molly could easily have said “stolen but not compromised.” The fact that she did not include “stolen” indicates an intent to withhold the additional information that Target’s managers would undoubtedly have presumed would hurt sales leading up to Christmas and the day after that. The sin of omission often reveals more than what meets the eye.

Besides being liars intent on manipulating actual and potential customers, Target’s senior managers minimized what they would give up pricewise to stem the exodus of weary customers. As though misers, the corporate managers showed themselves to be selfishly cheap, or niggardly, even in making up for their own mistakes.

Specifically, the strategists conveniently presumed that a measly 10% discount would be sufficient, or good enough, to bring back in any timid buyers. To be sure, many in Target's market segment may indeed be inclined to overreact, swallowing the company line on a 10 percent discount being a big deal. The company's corporate managers undoubtedly had a sense of the makeup of their typical shopper. Playing on the herd mentality may have kept the 3 or 4 percent reduction in transactions from being something like 15 or even 20 percent.
It is important, however, to put the managerial decision to go with only 10 percent into perspective. The truncated "shopping season," still-stubborn real unemployment rate, and two immobilizing winter storms were putting pressure on retailers to offer steep discounts, albeit on selected items. "The real economy spoke this holiday season," lamented Brian Sozzi of Belus Capital Advisors just after Christmas. "Consumers are not financially strong enough to go out there and spend willy-nilly. . . . If the customer didn't need to shop, they didn't go out and shop."[9] Accordingly, retailers extended selective, well advertised sales well beyond the day after Thanksgiving, stretching even through the weekend before Christmas. As if Target's trumped up 10 percent were not sufficiently dwarfed by these deals, retailors tried desperately to draw shoppers in on the day after Christmas by offering still deeper discounts (on selected items). Old Navy, H&M, and Forever 21 brandished 75% Off signs, Armani Exchange and Abercrombie came in at 60 percent, and the Gap went with half off.[10] Who would not naturally look back by then on Target's "redemptive" discount as a slap on the face, given the managerial lapse at the customers' expense (both literally and figuratively)?

Besides the sheer cheapness, the 10 percent figure may intimate an underlying refusal to fully admit being responsible for one's mistakes. The management’s smallness may also imply a certain, rather disparaging, and thus insulting, attitude toward Target's customers—that they are only worth getting 10 percent off even when the management is at fault.

Moreover, how Target’s senior managers view the company’s customers may be much worse than disrespect; a subterranean level of passive aggression may silently undergird the squalid mentality. browsing through a Target store a few days before Thanksgiving, thus within the period in which the card and PIN numbers were being stolen, I could not but notice two college-student aged guys wearing what looked like police uniforms, complete with badges and American flags.  The clincher came as I noticed handcuffs in black leather containers hanging off the belts.  Concluding that the two guys, one of whom sported the already out-of-date “Justin Bieber” pre-teen "wind sheer" hairstyle, were indeed police officers, I was perplexed as to why one was lifting a product off a shelf to a waiting customer while the other officer was ringing up sales at the department’s cash register. The managerial overkill dressed up in false pretense felt like naked aggression poised to spring into the open at any provocation, real or imagined. At the very least, I felt the store manager had been a bit excessive in anticipating a riot in the electronics department after Black Friday.  

As it happened, the cashier in the store’s cashier area who rung up my purchase of underwear had been a police woman for fourteen years before she had an operation on her knees. She informed me that the two “officers” were actually sales associates. They could not actually use the handcuffs; the props were meant to intimidate customers. Not exactly the best in customer service.

At the time, I just assumed that store's manager must have invented the heavy-handed and deceitful ploy. Hesitating just before swiping my card, I just could not ignore the store manager's  presumptuousness in having two young employees impersonate police officers as though even the law were merely an obstacle to be dismissed as applying only to others. I suppose my disgust, nay anger, made me think of the latent passive aggression that must have been sourced in the store manager's psyche. As though coming out of a momentary daze, I found myself thinking out loud to the cashier. "I would be an utter hypocrite, were I, being an ethicist, to complete this purchase." As it turned out, standing on principle saved me from being one of up to 40 million victims of the electronic theft. In hindsight, I wish I had told the sympathetic cashier that I could not in right mind buy clean underwear from a company with so much dirty underwear behind the scenes.
A month later, a banker no doubt with much experience in business told me that the police-impersonate-intimidation decision must have come from Target’s corporate level. He also had no doubt whatsoever that Target’s senior management had known of the PIN numbers thefts well before Christmas and were therefore lying about the “additional forensics” conveniently done the day after the day after Christmas.

With the additional information, I could then put together the pieces of the bizarre puzzle to glimpse a truly sordid corporate-level culture consisting of too many creatures all too willing to let a greedy instinctual urge, aided by egocentricity and arrogance, get out of control, all to ready to lie, manipulate, and even inflict passive aggression as if with utter impunity and thus no ethical or legal delimiting constraints. Perceiving the external world selectively, only those things or people who appear as potential props or easy marks to be manipulated for gain, greed is utterly impervious to the restraint that comes out of conscience. Put another way, greed does not recognize should. Nor does it recognize itself as being subject to rules or the law. The indifference to ethics and criminal law can even become sociopathic. Moreover, greed assumes that any possible hindrance is a semi-permeable membrane allowing avarice to pass through with ease.

Perhaps the dirty underwear at Target has enjoyed a shelf-life far beyond the expiration date, and therefore should be summarily thrown away so it will not be inflicted on the unsuspecting customers in the future. Easier said than done.

1. The figures come from the retail consultancy, Customer Growth Partners.
2. Reuters, “Target Inevitably Loses Shoppers in Wake of Data Breach,” December 23, 2013.
3. The Huffington Post, “Target Confirms Encrypted PIN Data Was Stolen in Data Breach,” December 27, 2013.
4.  Ibid.
5. Ibid.
6. Ibid, emphasis added.
7. Bill Clinton’s “I did not have sexual relations” might come to mind here.
8. The Huffington Post, “Target Confirms Encrypted PIN Data Was Stolen in Data Breach,” December 27, 2013.
9. Natalie BiBlasio, "Deal Hunters' Adrenaline Hits Peak," USA Today, December 27, 2013.
10. Ibid.