News of data breaches in companies large and small has been regularly making the weekly headlines over the last few months. One survey estimates that 43 percent of all companies have experienced some type of data breach in 2013. The spate of bad news is getting under the skin of consumers who want more to be done to secure their personal data.
Not Playing Fair
One of the fairest arguments against the companies is that consumers often willingly agree to let stores use their personal information for marketing and sales purposes. Companies are eager to gather and use such information but apparently have done little to secure it. With retailers as large as Home Depot and Target having been breached, the issue is not one of resources or money, but of willingness. Management by crisis seems to be the rule of thumb in dealing with consumer data.
Consumers Aren’t Helping
Consumers are not blameless in this situation however because convenience is paramount when dealing with credit and debit card transactions. “Shop and swipe” is the preferred method of shopping for many consumers. Transactions under $20 paid for by credit card can be made with no signature required in many locations. Credit cards that require a signature are often allowed with a graphic scrawl instead of a legible signature. “Keep the lines moving” is a common mantra of consumers and businesses, particularly when the holiday season arrives.
It’s No Excuse
None of this excuses companies from securing consumer data. Solutions that have been proposed, such as 2FA, involve matching a customer’s card number, PIN, and an outside device such as a cell phone before authorizing a purchase have been in place in certain companies and have a high degree of success. However, this system has a number of disadvantages, including inconvenience to the consumer. So in pursuit of arriving at a safe and secure solution there will likely have to be some changes in consumer behavior.
The notion that every problem has a solution may be good marketing but is distant from reality. Should consumers suggest that they can shop as usual and have their information secured by the company, the response from companies will likely be that it will cost more to accomplish that feat. The idea of securely using credit cards has been an afterthought for the most part until a few years ago. It was an expected, part-of-the-package deal that came with issuing a credit or debit card. The idea of having to pay more for credit card security was and is patently absurd.
Someone Has To Pay
Someone will have to pay for this additional security, and that cost will either be incurred by the shareholders or the consumer. The drop in stock prices for the companies that have been publicly involved in data breaches may be more than it would cost the company to handle lawsuits and other litigation issues. Consumers would have to pay out of pocket for the increased security through higher prices at the store. While banks could bump up their annual fees to cover increased security costs, store cards do not have the same option since most do not have annual fees.
The cry by consumers to secure their data is more than reasonable. Criticism that stores do not do enough to protect consumer data needs to be balanced by how much companies are willing to, or can, spend to meet the demand. For the company, security is a vulnerability in two areas – the company headquarters and the individual store. Target’s breach took place at the local stores while Home Depot involved a corporate scheme.
Available security technology leans towards requiring consumers to change their buying habits. A question companies will soon have to face is how much is the collection of personal customer data is actually worth to the overall business plan. Common business sense tends to answer this question as a no-brainer, but the cost of cleaning up a data breach and the number of customers that are potentially lost as a result may change the “common sense” response. There is a correlation between a diminishing customer list and a diminishing return on investment.