* Sony breach could cost card lenders $300 mln-analysts
* Visa, MasterCard banks made $2.12 bln profit in 2010
* Each replacement card costs $3 to $5, plus lost business
* Sony hackers stole personal data on 77 million people
(Adds comment from American Express )
By Maria Aspan and Clare Baldwin
MIAMI BEACH, Fla./NEW YORK, April 28 Credit
card lenders could be facing more than $300 million of card
replacement costs if customers affected by the Sony Corp
(6758.T) data breach decide to replace their credit cards.
Analysts have previously estimated that the incident could
cost Sony more than $1.5 billion, but this is the first time
they have put a price tag on how much major lenders will also
"It's not insignificant," Sanjay Sakhrani, analyst at
Keefe, Bruyette & Woods, told Reuters at the sidelines of a
payments industry conference in Miami Beach on Wednesday
The FBI is working with federal prosecutors in San Diego as
agents try to determine the facts and circumstances surrounding
the alleged crimes, FBI spokesman Darrell Foxworth said on
Each customer request to replace a credit card would cost
lenders about $3 to $5 per card, several analysts told Reuters
on Wednesday and Thursday. Those costs would include the new
piece of plastic itself, postage, and various customer service
Hackers earlier in April broke into Sony's PlayStation
Network, stealing names, addresses and possibly credit card
details from 77 million users. Sony shut down the network on
April 19 but waited about a week to disclose that the system
had been hacked and users' data could have been stolen.
INTO THE CLOUD
Credit card lenders could also lose business from the
customers affected by the breach, even if they were quick to
replace the cards. New cards take time to be activated, and in
the meantime consumers could use a different card, said Aite
Group analyst Julie Conroy McNelley in an email to Reuters on
Consumers may also be reluctant to use a card that they
perceive as higher risk because it might have been involved in
a hacking episode, even if the breach of security was not the
issuer's fault, Conroy McNelley said.
By some measures, $300 million is a relatively small amount
for the credit card industry. U.S. credit card banks that issue
Visa (V.N) cards and MasterCards (MA.N) made about $2.12
billion in after-tax profit in 2010, according to the industry
That figure excludes American Express Co (AXP.N) and
Discover Financial Services (DFS.N), which both lend directly
to consumers and process the transactions on those cards
The Sony breach was one of the biggest online data
infiltrations ever and is a sign that the industry may face new
"As we move into the digital world, we put more and more of
our digital identity into the cloud, or digital devices ...
Security is going to be a tremendously important part of what
we do," Daniel Schulman, American Express group president of
enterprise growth, told Reuters at the sidelines of the annual
conference, hosted by PaymentsSource publisher SourceMedia.
A FACT OF LIFE
Schulman and other credit card executives speaking at the
conference declined to comment directly on the breach or the
implications for their security standards, but they said there
generally is increased attention being paid to protecting
Global credit card security standards are increasingly
necessary as payment technology evolves, MasterCard Chief
Emerging Payments Officer Ed McLaughlin told Reuters.
Payments security is evolving along with "intelligent
devices," like smartphones and contactless cards, he said.
Upgrading certain security standards -- for example,
adopting chip-and-pin credit cards, which are widely used
outside the United States -- also depends on merchants, who
typically only upgrade their terminals every five to seven
years, he said.
Citigroup Inc <C.N global enterprise payments head Paul
Galant, who previously ran the bank's credit card unit, said
security breaches are a fact of life for financial
"Security breaches happen, they're going to continue to
happen ... the mission of the banking industry is to keep the
customer base safe and customers feeling secure about their
financial transactions and payments," he told Reuters in an
Citigroup spends "a tremendous amount of money on security.
We take it very, very seriously -- I don't know that there's a
way we could take it more seriously," he said.
Citigroup declined to comment about the bank's specific
costs to cover replacement cards.
Discover and JPMorgan Chase & Co (JPM.N) said in statements
they are aware of the Sony situation and are determining
whether there is any impact on their customers. JPMorgan also
declined to speculate on the potential cost of customers
Bank of America Corp (BAC.N) said in an email that the bank
"proactively" monitors credit card accounts for fraud, "and if
we believe a customer's card may have been compromised at a
third-party merchant location, we will notify the customer and
block and reissue the card."
American Express spokeswoman Marina Norville declined to
comment on replacement costs and said in an email that the
lender had "no indication right now that any AXP information
was compromised. If a cardmember would like to have their card
replaced, we're happy to do so."
Capital One Financial Corp (COF.N) was not available for
(Additional reporting by Joe Rauch in Charlotte, N.C. and Dan
Levine in San Francisco; Editing by Steve Orlofsky, Bernard