In recent weeks, several retail companies and banks have announced efforts to boost payment security and find ways to ensure data protection. But what has really changed since the now-infamous data breach at Target last year?
Those at the top will be held accountable
There are clear signs that data protection is no longer just the domain of a retailer’s IT department or even its chief information officer.
Last week, proxy advisor firm Institutional Shareholder Services (ISS) took the unusual step of recommending that seven of Target Corp.’s 10 board members be fired for failing to properly oversee cybersecurity risks.That proposal, along with the ouster of Target’s CEO last month, is a sign that payment security must be a top concern for a company’s chief executive as well as its board of directors.
Credit card companies and retailers must stop bickering
Banks and retailers have been talking for a while about adopting cards with an added layer of security — a chip embedded in the card that spits out a unique code (or PIN) for every transaction. The technology is known as EMV — for Europay, MasterCard, and Visa — and has been nicknamed “chip and PIN” by the world’s fish-and-chips-eating economies, England and Ireland. But there has been a lot of bickering about liability and fees, which entities should shoulder fees, and when.
In the more subdued post-Target-breach atmosphere, banks, credit-card companies, and retailers seem chastened and more ready to cooperate. A group of retailers recently announced moves to increase security, including working with law enforcement to thwart and prevent cybercrime.
A few days after the announcement of a hack into eBay’s consumer data, Visa and MasterCard renewed their efforts to adopt chip-and-PIN technology. And many retailers now sound much more amenable to swiftly making the investments in point of sales systems that can take the cards.
Are mobile wallets safer?
Mobile payments are rising in the United States, but their adoption is actually slowing down. That may be because many consumers are unsure of the safety of mobile payments.
A survey of 25,000 American and European consumers by Bain & Co. found that only 25% of smartphone users are willing to use their phone for payment in a store. Some 40% said they were simply satisfied with their current methods of payment, and that is something that retailers or payment systems companies could work on. But it is the 80% of consumers who say they are worried about privacy and data protection with mobile payments that are likely the ones more difficult to persuade.
Hackers and thieves are wily
One of the confounding features of today’s payment security issues is the wiliness of the hackers and thieves, and the comparatively slow reactions of retailers. In May, for example, when eBay first discovered the attack on its network, it initially thought its customers’ data was safe. The company took a couple of weeks to figure out it was not and to alert customers.
Even security experts get bamboozled. A cybersecurity tool called Card Recon designed to find credit card numbers in improper places was being used by cybercriminals to, instead, improperly find — and use — credit card numbers for their own benefit.
And consumers have a role, too. Many studies show that even “complex” passwords are easy to hack, and all too many are too are too short and sweet — to hackers.
Retailers must step up the game
One quite maddening reality of the Target breach is the fact that it was the result of a flub by a vendor that could have been prevented if the right — already known — protocols had been followed. And it isn’t just Target. Several instances of cyber attacks stem from improper protocols or from effective protocols that are improperly followed.
In any case, there is no doubt that there is much work to be done. Now it's those at the very top of retail executive management who will also feel the pinch when data is pinched.
Would you like to see more retail news like this in your inbox on a daily basis? Subscribe to our Retail Dive email newsletter! You may also want to read Retail Dive's look at the changes Facebook is making to the marketing game.