Bill Farmer, CEO of Mako Networks, the network security specialist, says retailers can increase consumer loyalty and sales by protecting their customers’ data
In this tough economic situation, everyone is fighting to win consumer interest. Competition is high between retailers, and whether it’s a local store or a global e-retailer, they are all fighting to win customers and better their rival’s profit margins. From choice of stock to pricing, store or site layouts and even staff training, everything a merchant does is because customer loyalty is the number one priority.
Never before has the retailer/customer relationship been so vital. With the growth of interactive social media and personal loyalty schemes, the retail industry is surging forward in terms of customer experience. Yet, with competition so intense and consumers becoming ever more cautious, many retailers are unknowingly, and unnecessarily, putting this tenuous customer relationship into serious jeopardy.
The issue: data security. There have been plenty of news reports recently of major incidents where customer credit card data has been stolen from well-known retailers. These headlines about hacking and leaks should be ringing alarm bells for big businesses, but small and medium enterprises (SMEs) are often even more vulnerable.
All merchants need to take data security seriously. Careless handling of credit card details imperils the financial stability and customer base of any business. Yes, there are the obvious damaging financial consequences such as penalties, fines, and the cost of implementing improved security, but the ongoing loss of customer trust and the fear personal details have been leaked to criminals have more significant long-term consequences. The security of shoppers and their credit card details has been repeatedly shown to be a top concern. Consider:
A global survey found 50% of consumers worry about credit card fraud 1
More than a third of consumers in the UK have experienced some form of card fraud2
A survey of consumers in the UK found 42% had been discouraged from making a purchase because they were worried about card fraud 3
Banks, credit card companies and retailers have all responded by taking steps to improve security. For example, EMV (chip-and-PIN) cards were introduced five years ago to help reduce the risk of card fraud, but these alone do not secure merchants. Even though the payment cards are more difficult to clone and copy, the card data is still susceptible to breaches while it’s on a merchant’s payment system.
In an attempt to secure the whole environment in which the transaction takes place, the Payment Card Industry Data Security Standards (PCI DSS) were introduced in 2006 by the major credit card companies. These standards help ensure a basic level of security is in place at merchant businesses to reduce the risk of card fraud.
By now, all UK merchants should be aware of PCI DSS, and many merchants that process, transmit or store credit card data are required to be PCI DSS-compliant.
In theory, with these new security standards the retail industry should be a safe haven for consumer data, with criminals forced to turn their attention elsewhere. Instead, a serious data breach happens every week on average and the number of hacking incidents seems only to be increasing. So what’s going wrong?
For many merchants, PCI DSS compliance has become a bit like setting a house alarm, but using 1234 as an access code. The intention to protect against theft is there, but the execution is poor. Retailers just aren’t giving enough attention to compliance. It’s one thing just to fill out a self-assessment compliance form and tick the correct boxes, which on the surface indicates compliance, but it’s another to keep up-to-date and be absolutely certain that a business is protected.
Small and medium-sized businesses seldom consider themselves to be targets for card fraud criminals. But these businesses in particular must be warned, criminals do not only target big organisations. Larger companies are naturally richer targets, however, most have accompanying budgets and an IT department dedicated to protecting their vital customer information. Therefore, as PCI DSS regulations take hold, fraudsters are shifting their attention to softer, less well-defended targets like small businesses. In fact, nearly 96% of PCI DSS breaches take place with Level 3 and 4 merchants – typically smaller businesses that accept less than 1m card transactions annually. Along with satellite branches of larger organisations, these are proven to be the most vulnerable organisations for attacks.
According to research from Javelin, cybercrime in the US targeted at SMEs totaled more than $8bn in 2010.
It can be very difficult as a smaller organisation to dedicate the time to ensuring proper and thorough PCI DSS compliance, but that doesn’t mean there aren’t options. Network management systems can be used to make PCI DSS compliance a simple, cost-effective and continual process with minimal fuss.
At Mako Networks our focus is on a holistic approach to data security, ensuring every element of the business network is protected from the inside out and relieving the pain of the business owner from having to oversee the technical aspects of compliance on their own. The systems are managed remotely to make sure they are secure and constantly up-to-date, streamlining the process and taking away stress from the merchant for a minimal cost.
Nobody said compliance was easy, but compliance is not an option; it’s essential. UK retailers must begin to explore the opportunities, do what’s best for the business, and avoid being next on the hacker’s hit list.
1 ACI Worldwide: Card Fraud Survey March 2011
2 ACI Worldwide: Card Fraud Survey March 2011
3 Connected World: Card Fraud Survey Jan 2011