With a new year comes new opportunities, new challenges and new trends. And on the minds of beauty retailers and brands, alike, is how to position business for growth in 2015 while tackling growing public and political concerns regarding data security. Despite retailers accounting for just one in 10 data breach incidents, retailers draw the biggest headlines.
As we begin the new year, taking a look back at the House Financial Services Committee’s Subcommittee on Financial Institutions and Consumer Credit hearing : “Data Security: Examining Efforts to Protect Americans’ Financial Information” held in March of 2014, is key to identify “falsehoods, inaccuracies and half-truths” according to the National Retail Federation (NRF).
The NRF identified four lies from the hearing “to get to the bottom of these data thefts perpetrated against some of the largest retailers in the country and affecting millions of consumers”:
- Lie #1: Retailers are not properly incentivized to protect their data: this is why “assigning liability” for these data breaches is important.
- Truth: Retailers pay a very large price for data breaches and are very well incented by the market to protect their customers and protect their brand reputation.
- Retailers have a vested interest in protecting consumers’ financial information – customers won’t shop in a store they don’t trust. Retailers MUST—and do—comply with the PCI Standard, designed by financial institutions, to protect sensitive information first, before they are even able to process payments in the first place. “Assigning liability” is not the issue, the fundamental problem is that the current card number system is too easily monetized by thieves. Thieves wouldn’t be so quick to steal card data online if it were nearly impossible to convert into credit cards and make fraudulent purchases. Requiring a PIN will quickly render this kind of card data theft fruitless.
- Lie #2: Retailers are in the best position to discover and disclose breaches, but they are reluctant to do so as it could adversely impact sales, stock price or reputation.
- In fact, financial institutions are the ones who typically spot breaches, as their fraud detection systems usually trace back suspicious activity to the source from their fraud-prone cards.
- In many cases, the reports of fraudulent card activity provide the first signs (even to the financial institutions) of a sophisticated breach. Even when hacked companies discover they have been breached, they may not immediately disclose it for fear of compromising an undercover “sting” or making the breach worse. A total of 46 states and the District of Columbia legally require retailers to notify customers of data breaches and retailers comply with all laws.
- Lie #3: Financial institutions’ systems are better protected than retailers’ systems, and financial institutions have to adhere to much higher standards.
- Truth: Financial institutions are the ones who suffer more breaches than retailers.
- Data breaches at retailers account for only 24 percent of incidents, while 37 percent happen at financial institutions, according to the most recent report from Verizon. And that’s true even though there are many more retailers than financial institutions. Retailers spend billions to protect data. Different types of data receive different levels of protection. Payment card data is subject to the PCI-DSS standard in addition to the retailers’ own requirements.
- Lie#4: Retailers unnecessarily store credit card information which creates more opportunities for thieves to steal data.
- Truth: In 2007, it was NRF that argued to the card companies that merchants shouldn’t be forced to keep data. However, the card companies insist that merchants retain data, or else they would be required to accept charge-backs and absorb the fraud. The rules established by the payment card industry encourage retailers to keep card data.
The impact of these myths or lies could have a long lasting impact on retailers. Why? According to a recent Version report , 39% percent of consumers say they shop less frequently after being exposed to a breach and 70% say they are more likely to use cash, which often means less sales.