Retailers face a significant mistrust issue when it comes to data breaches: only 11% of consumers trust retailers to properly handle data breaches, according to a survey by First Data. High-profile events, such as the HBC data breach that affected as many a 5 million shoppers in 2018, can erode trust across the entire industry. But retailers have many tools to help them build up shoppers’ trust.
“The media continues to give breach events a public profile, and they pounce when they discover them and disseminate that information pretty broadly,” said EJ Jackson, SVP and GM of Security and Fraud Solutions at First Data in an interview with Retail TouchPoints. “I think that’s also a reflection that fraudsters are getting more sophisticated and more successful, and I think retailers aren’t quite keeping pace. They really have to solidify their efforts to protect trust.”
The most important step retailers can take to build trust with shoppers is also the most straightforward: protect themselves from data breaches before they can happen. While this is a complex process with no single solution, adhering to best practices can help retailers rise to the challenge:
- Ensure anti-fraud efforts are properly funded. The first step in building trust is making sure infrastructure is up-to-date, data is properly encrypted, the right third-party solutions are implemented and other basic security measures are in place;
- Let shoppers know security is in place. People care about their data, and telling customers that their concerns are being taken seriously (while also explaining how it is being protected) can help build goodwill and trust;
- Protect shoppers from themselves. Retailers need to recognize that customers often practice poor security management and act accordingly. Tools like two-factor authentication and one-time passwords, while potentially inconvenient, can keep shoppers from accidentally exposing themselves to fraudsters; and
- Use machine learning to ease friction. Harnessing AI can help retailers not only detect fraudulent activity but also determine when regular shoppers access a site, which allows inconvenient security protocols to be waived at checkout.
- 34% prefer a text;
- 33% prefer an email; and
- 28% prefer a phone call.
Mobile Commerce Creates New Security Challenges
Mobile commerce presents new and different data security challenges than those posed by traditional e-Commerce. Shoppers already have mixed feelings about whether mobile payments can be as safe as other methods. While 49% of those aged 24 to 34 believe mobile payment channels can protect their information — the highest trust rate of any demographic — shoppers aged 55 and older display the least amount of trust, at 40%.
Some of that trust might be misplaced: the amount of time shoppers spend on mobile devices can make them feel the platform is more mature than it really is, according to Jackson. As omnichannel shopping journeys become more common, retailers should be prepared to accept that new solutions are needed; iterate them quickly; and work to improve their security practices on mobile.
“Just like e-Commerce, there are a lot of lessons and investments involved in learning, and being good at e-Commerce doesn’t necessarily translate into being an expert on mobile commerce,” said Jackson. “There’s a new learning curve you have to go through — infrastructure, capabilities, tools, processes, operating procedures and so forth — and I think most retailers are going with great speed, but truthfully it’s new for them.”
Breaches Happen, But A Rapid Response Minimizes Fallout
When a breach does occur, good communication is paramount for retaining trust. Time is of the essence: 45% of all consumers expect to be notified that their data may have been accessed within one hour. Retailers should be prepared to send messages on different channels, as shopper preferences vary with regard to how they want to receive their alert:
“I think speed is the issue,” said Jackson. “The quicker you find a breach, and the quicker you identify the parties affected by it, the better. Your ability to communicate confidently that you’re aware of the breach, you’ve identified what was hit, you’ve taken corrective actions, you’ve remediated the problem and that it won’t happen again, is important.”
Identifying the affected parties is the linchpin of this communication — a message sent only to those who actually had data stolen will generate much less panic than an email blast to everyone who shopped during the event. Messages also should include assurances when possible, as well as remediation steps such as offering free credit monitoring. If the stolen data was encrypted, let shoppers know their information is still safe despite the breach.
A combination of preventative measures and intelligent responses can help the retail industry as a whole build trust with shoppers. While these stories are likely to always make the news, reducing their overall impact can make customers feel more secure, and build loyalty with the retailers that keep their data safe.