In the wake of highly publicized payments breaches, a few recent reports might have bankers feeling somewhat reassured: It seems that customers generally blame the retailers, not their banks, for lax security measures.
Brunswick Group, a business communications firm, among other conclusions finds that 70% of consumers it polled “believe that retailers should be held financially responsible for consumer losses that result from a breach, not banks or card issuers.”
(That’s not the most damning of its findings. Brunswick says 61% of respondents believe retailers are directly responsible for the breaches in the first place, almost as many as those—79%—who put the blame on the criminals themselves.)
Javelin Strategy & Research, in its own survey, concludes that, in cases of breaches, “consumers tend to avoid retailers the most, compared to other industries such as banking and credit card issuers.”
But before bankers take too deep a breath, yet another, global, survey by ACI Worldwide and Aite Group finds not only that fully one in four consumers has been victimized by card fraud in the past year, but that almost a fourth of these have changed their financial institution because of it.
“Given this latest data, financial institutions have their work cut out for them, both in terms of educational and preventative measures,” says Shirley Inscoe, senior analyst, Aite Group. “Consumers lack confidence in their bank’s ability to protect them from fraud, so banks must remain vigilant in their fraud migration efforts or face increased customer attrition.”
Which brings up one more study, this one by Radius Global Market Research, which indicates that online security “ranks supreme on consumers’ social issues radar, and they are ready to abandon brands that they feel cannot be trusted.”
(What’s particularly startling is how other issues on the list ranked as No. 1: Online security (87%); health insurance (78%); unemployment (71%); bullying (66%); gun control (61%).)
Furthermore, says Radius, “When asked which industry they feel is doing the best job at keeping their information safe, no clear leader emerged, with ʻNo industry’ ranking the highest (29%).”
So the obvious conclusion is what probably everyone already knows: Cybersecurity is everybody’s problem. Given that, then, it makes sense that banks and retailers—which, in turn, usually are bank customers themselves—need to continue to work together to thwart the real bad guys, the cybercriminals.
What is heartening, at least in a somewhat perverse way, is that all the bad breach incidents and the equally alarming press accounts of them have started to incentivize consumers, banks, and businesses to work together to provide information safety.
A few recent examples, among undoubtedly many more, serve to illustrate:
• Mercator Advisory Group finds that half of consumers now would prefer to control their payment cards themselves through the use of remote on/off switches and other features.
“It is worth noting that such a seemingly simple and intuitive tool has taken such a long time to come to market. In reality the concept has been around for years, but it took the data breaches of 2013 to bring consumers’ need for control over transactions on their own debit cards into the mainstream,” says Ron Mazursky, director, Debit Advisory Service, at Mercator.
• Mercator, in a separate study, attributes the recent data breaches to having stimulated many financial institutions to evaluate the need and impact of issuing debit cards in their branches in real time—so-called “instant issuance.”
“As the attitudes of the customer shift toward instant, online, and digital, enabling the customer to walk out of a branch with a fully functional debit card will soon become an expected practice for debit card issuers and retail bankers,” Mazursky says in this report.
• Trustwave and First Data will work together to help businesses secure sensitive information including payment card data. Businesses that use First Data payment processing services will have access to Trustwave’s cloud-based TrustKeeper platform. This offers an array of protections for businesses, including, specifically, file integrity monitoring by scanning critical systems and components for changes that may be caused by a data breach or malware. It also gives businesses access to Trustwave Managed Security Services, which is endorsed by ABA’s Corporation for American Banking. For more information, go to http://www.aba.com/Products/Endorsed/Pages/network-security.aspx.
Dan Kaplan writes in the Trustwave Blog about something absolutely everybody knows to do, and ought to do, but surprisingly many don’t do, to protect themselves: Use passwords that are hard to crack.
Recently, he says, the company analyzed the records of one particularly vicious botnet server that contained 2 million stolen account credentials. The most-used consumer passwords were: “123456,” “123456789,” and “1234.” The fourth most used password: “password”.
Kaplan recommends using passwords at least ten characters long that include alphanumeric and other symbols. Alternatively, he says, use a passphrase instead of a password. An example might be “imso$ecureithurtz,” or something along those lines.
Mark Menne, senior vice president at Radius, has the last word here: “It is clear that online security is an issue that will be looming large for the foreseeable future. It’s important for companies to have a current pulse on how consumers perceive their brands and actively manage marketing messages whether they are enjoying success or facing a crisis.”
Sources used for this article include: