A recent study warned that retailers with bad security would lose 64 percent of potential customers if they suffered a data breach that exposed financial information such as card details.
Data breaches are bad for customer loyalty. So what?
The fact is that consumers are ready to place the blame for loss of data, hacks etc on merchants and won’t shop with them if there has been a breach.
What’s interesting is that consumers are not prepared to take control or responsibility. According to Gemalto’s report, 69 percent think it’s the organization’s responsibility to protect sensitive data, while just 31 percent think it could be down to them. It echoes a report from TSYS that showed while people blame a merchant for a breach, they expect their bank or card network to fix it – at no point do they appear to look at their actions.
Can this be right? Do customers really not think they need to ensure their data is protected? The data suggests the public are not pulling their weight.
The study found just over half (54 percent) of consumers use the same password for all or some of their online accounts. Just one in four use two-factor authentication to secure all of their social media accounts.
Consumers need to take personal responsibility for security. Education by financial institutions plays a big part but it’s two-way street as banks and retailers also need to do more.
It’s a particular concern in the online, card-not-present space, where the bulk of fraud is migrating following the advent of EMV chip card technology.
SplashData recently revealed that the number one password remains ‘123456’, followed closely by ‘password’. But even then, passwords are vulnerable – open to hacks and easily forgotten. Visa and MasterCard are now in the process of ditching their online password systems in favour of text message alerts, which will ultimately be phased out in favour of biometric authentication methods.
However systems like Verified by Visa and MasterCard SecureCode can only help if the merchant puts them in place and the poll suggests retailers may be falling short.
Only one in four said all of the online retail apps/websites they use require two-factor authentication to secure online transactions.
The report also suggests financial institutions are hardly setting a great example. For online and mobile banking, just 58 percent of the respondents said their banks use two-factor authentication to secure their services.
Some would argue it’s up to consumers to only use websites that offer this kind of authentication. It is worrying that consumers are prepared to input their credit card details into websites that don’t offer the top-grade security features. Others would say it’s the merchant’s fault and they need to do more for their consumers. It would certainly be in their interests in terms of customer loyalty. But in terms of pure financial losses – why bother if issuing banks are ignoring the merits of two-factor authentication?
In any event, multi-factor authentication is a key way to stop fraudsters and it’s not being used enough.
But multiple verification steps every time puts people off, which is why we also need to take a risk-based approach to authentication, applying dynamic rules to transactions to ensure the process is both secure and, importantly for consumers, seamless. Consumers are not very good at security (easy passwords) because they want things to be quick and simple. Better education can help, but really it’s up to merchants and banks to help drive this.