Sony breach could cost card lenders $300 million

Analysts have previously estimated that the incident could cost Sony more than $1.5 billion, but this is the first time they have put a price tag on how much major lenders will also suffer.

The FBI is working with federal prosecutors in San Diego as agents try to determine the facts and circumstances surrounding the alleged crimes.

Each customer request to replace a credit card would cost lenders about $3 to $5 per card, several analysts told Reuters. Those costs would include the new piece of plastic itself, postage, and various customer service costs.

Hackers, earlier in April, broke into Sony’s PlayStation Network, stealing names, addresses and possibly credit card details from 77 million users. Sony shut down the network on April 19 but waited about a week to disclose that the system had been hacked and users' data could have been stolen.

Credit card lenders could also lose business from the customers affected by the breach, even if they were quick to replace the cards. New cards take time to be activated, and in the meantime consumers could use a different card, said Aite Group analyst Julie Conroy McNelley.

Consumers may also be reluctant to use a card that they perceive as higher risk because it might have been involved in a hacking episode, even if the breach of security was not the issuer's fault, Conroy McNelley said. By some measures, $300 million is a relatively small amount for the credit card industry. US credit card banks that issue Visa cards and MasterCards made about $2.12 billion in after-tax profit in 2010, according to the industry publication PaymentsSource.

That figure excludes American Express Co and Discover Financial Services, which both lend directly to consumers and process the transactions on those cards themselves.

The Sony breach was one of the biggest online data infiltrations ever and is a sign that the industry may face new threats. “As we move into the digital world, we put more and more of our digital identity into the cloud, or digital devices ... Security is going to be a tremendously important part of what we do,” Daniel Schulman, American Express Group President of Enterprise Growth, said.

Global credit card security standards are increasingly necessary as payment technology evolves, MasterCard Chief Emerging Payments Officer Ed McLaughlin said. Payments security is evolving along with "intelligent devices," like smartphones and contactless cards, he said.

Upgrading certain security standards -- for example, adopting chip-and-pin credit cards, which are widely used outside the United States -- also depends on merchants, who typically only upgrade their terminals every five to seven years, he said.

“Security breaches happen, they’re going to continue to happen ... the mission of the banking industry is to keep the customer base safe and customers feeling secure about their financial transactions and payments,” he added.

Discover and JPMorgan Chase & Co said in statements they are aware of the Sony situation and are determining whether there is any impact on their customers.

JPMorgan also declined to speculate on the potential cost of customers replacing cards.

Bank of America Corp said in an email that the bank “proactively” monitors credit card accounts for fraud, “and if we believe a customer's card may have been compromised at a third-party merchant location, we will notify the customer and block and reissue the card.”