Cyber attackers secured more than 61 million records in the 2014 year, providing a growing increase in concern among consumers regarding the security of their personal finances, intellectual property and personal identity. A few years ago, consumers had only to worry about the safety of their credit card or bank card safety. With the use of cloud-based storage and data collection, the risk of data theft has increased and consumers now have to worry about much more than the security of their personal finances but also their personal, identifiable information, intellectual property, etc. Cyberattacks are becoming much more efficient, organized and sophisticated (i.e. Target, Sony, Neiman Marcus or Home Depot), obtaining massive amounts of personal and confidential records. Target’s breach at the end of 2013 was big news but was not the worst recent breach that we have seen. In that case, about 40 million customer debit and credit cards were stolen due from in-store transactions. But Home Depot reported that they got hit even harder in 2014 with a total of 56 million stolen cards from April to September.
In most of these cases, not just one store is affected, tens to hundreds of store locations or franchises get affected making the communication and dissemination of information very challenging. Retailers may not always have direct contact information in order to notify consumers who have been affected by a breach. And what makes matters worse is the outreach of the media, reporting on incidents prior to the company’s information release so direct contact may be out of the retailer’s control from the very beginning and leads to distrust from their consumers. Retailers need to put the concerns and needs of their consumer first and at the center of response planning and execution.
In a recent survey conducted by Bizrate Insights, results showed high percentages (below) of consumers believe that current measures in place to protect personal financial and identity information at retailers (physical and digital) are not strong enough.
- 62% Brick-and-Mortar Transactions
- 60% Website Transactions
- 65% Mobile Transactions
Cybersecurity: Do companies now understand the imperative need for security measures?
It is not a matter of “if” anymore, it is a matter of “when” so what are retailers/brands doing to go on the “offensive” about the risk of their customer’s information. The reality of the situation is that most companies are not going to be able to prevent a breach but they do need to be as prepared as possible if one occurs. The challenge has been that the companies that have experienced a data breach become aware of it only when someone notifies them, often too late as the criminals have already been in their system for a significant amount of time. Companies will need to secure systems that will help detect breaches making it more difficult for the criminal to get into their system and work their way through it (stopping them before any real damage can be done). Companies must take the time to create a pro-active, customer-centric plan into place that will help preserve the trust of the consumer when a breach does occur.
Another thing that companies are recognizing is their return on investment. They are paying to protect their business and data systems and they are increasing their investments due to cyber risks. Many breaches have not only involved the company but vendors and user access, both items that companies need to invest in to really improve their position against cyber threats and attacks. Unfortunately, not all companies are up to speed on these type of investments due to timing and cost which is why we have seen the massive amounts of damage and theft that cyberattacks have executed.
New Payment systems – could this be the end of big retail data breaches?
Banks and credit card companies are developing new security technologies to deter and defeat cyber attackers. The utilization of one time codes or tokens instead of actual account details during the transaction have already been put into place with technologies such as Apple Pay. Apple Pay is not only another wallet, it is a new form of two-factor authentication. Allowing to two-factor uniquely identify individuals, it will help the action of transactions more secure. The actual data is not stored on the device or cloud but instead encrypted and stored in a “secure element”. When making a transaction, Apple Pay will generate a one-time key based on the encryption and shares that with the POS system. Cyber attackers would not be able to use the code if they intercepted it and the cashier never sees a credit card number or code, securing data much better than before. iPhones have an additional protective measure requiring a Touch ID authentication which also prevents anyone from making transactions from an individual’s device.
As we move towards the impeding date of October 2015 to standardize EMV (EuroPay, Mastercard, Visa) and chip-and-pin credit cards, the hope is that these innovative new payment solutions will provide more security for transactions. These types of cards require a user code for the transaction rather than a swipe. This is a huge transition for banks/credit card companies and retailers alike – banks focusing on replacing cards and retailers replacing their POS systems (chip terminals) and both are going to be an expensive investment. Retailers will need to invest in these new terminals that read the chips otherwise the cards do not add any safety value than the previous swipe cards.
All in all, the most effective way that retailers can respond to data breaches is by putting their customer first. An overall theme in the consumer markets industry – customer centric! Consumers want convenience, minimal friction and a seamless experience and retailers need to decide (and fast) what kind of risk they are willing to take with their consumer’s data and unique identities. Some of the top priorities that we will see the rest of this year coming from retailers in response or prevent cyberattacks are:
- Consumer protection needs to be much more than an “empty” marketing promise.
- Investment in technology to increase security from the store to mobile to the cloud.
- Provide end-to-end payment security (EMV, ApplePay)
- Protect company profits by reducing fraud
- Upgrade Point-of-Sale Systems
- Transparency is key!!