Search results

In November 2005 Fidelity Homestead, a savings bank in Louisiana, began noticing suspicious charges from Mexico and southern California on its customers' credit cards. More than a year later, an audit revealed peculiarities in the credit card data in the computer systems of TJX Companies, the parent company of more than 2,600 discount fashion and home accessories retail stores in the United States, Canada, and Europe.

The U.S. Secret Service, the U.S. Justice Department, and the Royal Canadian Mounted Police found that hackers had penetrated TJX's systems in mid-2005, accessing information that dated as far back as 2003. TJX had violated industry security standards by failing to update its in-store wireless networks and by storing credit card numbers and expiration dates without adequate encryption. When TJX announced the intrusion in January 2007, it admitted that hackers had compromised nearly 46 million debit and credit card numbers, the largest-ever data breach in the United States.

After analyzing and discussing the case, students should be able to:

• Understand imbedded operational risks

• Analyze how operational risk decisions are made in a firm

• Understand the challenges in the electronic payment transmission process, which relies on each participant in the process to operate best-in-class safety systems to ensure the safety of the entire process

• Recognize the sophistication of IT security threats

Understand imbedded operational risks

Analyze how operational risk decisions are made in a firm

Understand the challenges in the electronic payment transmission process, which relies on each participant in the process to operate best-in-class safety systems to ensure the safety of the entire process

Recognize the sophistication of IT security threats

This case features Stripe, a startup that enables merchants to accept payments from customers on the web, on mobile devices, and at the point of sale (POS). Stripe was launched in 2011 by the Collison brothers and quickly gained traction with e-commerce startups, particularly software and platform developers who needed help building their payment processing infrastructures. Stripe incurred high fixed costs in developing its platform and had low margins per transaction, so the company needed to reach high processing volumes (i.e., scale) to survive. This was challenging, as Stripe competed with large payment processors and traditional banks that had high processing volumes and were able to offer merchants significantly lower rates than Stripe. Still, merchants valued Stripe#x0027;s solution because it was simple and versatile. Students assume the role of the Collisons to think about possible strategies Stripe could pursue to process higher volumes of transactions. Students are challenged to think about the potential response of the incumbents to Stripe's different growth alternatives. The teaching note presents the Value Net framework and discusses the importance of considering complementors and their effect on a firm's strategy. Finally, a discussion about Stripe's potential entry into the Indian market allows students to apply the concepts they learned in the discussion of a new market.

In January, 2007, TJX reported that it had suffered from a computer intrusion. The company was sure neither of the identity of the perpetrators nor of how many customers were affected. A deeper analysis revealed that the intrusion had started earlier and affected more customers than previously thought. Ensuing investigation concluded that TJX was collecting unnecessary information, keeping it for too long and employing obsolete and insufficient safeguards. TJX denied any wrongdoing but implemented most of the recommended remedies to strengthen their security.

Razorpay is a four-year-old Indian B2B fintech startup in digital payments which is venturing into digital lending. It aims to simplify digital payment flows involved in acceptance, processing, and disbursement of payments through superior technology and automation. This case details how Razorpay creates value for businesses by offering service convenience in B2B space. Razorpay started as a payment solutions provider, primarily known for their payment gateway. Over time the market for digital payment in India has matured, with multiple providers offering similar products making it difficult for Razorpay to sustain its growth by using technological leadership and service differentiation. To maintain its growth trajectory, Razorpay has launched multiple new products in the digital payment space as well as announced a foray into creating a marketplace for digital lending through launch of Razorpay Capital. The case provides details of the growth of Razorpay and its move from its core strength of payment gateway