Earning Consumer Trust in the Age of Data Security

Recent security breaches and new emerging payment alternatives such as Apple Pay and Google Wallet are expanding the exposure of personal information in ways that we haven't seen before. The key question that consumers are now asking is, "Do I trust you enough to share my personal information and will you keep it secure?"

It's not just a single payment method at risk. If a credit or debit card is lost, it can be cancelled and individual liability is limited. However, today's data security breaches and the growth of e-commerce are exposing more information to potential fraudulent use. Emerging mobile wallets may house multiple payment cards and other personal information, but consumers are now trying to determine who is ultimately responsible for the security of that information.

Consumers learn quickly about data breaches when they happen. However, consumers may not yet fully recognize the scope of permission they're granting to participate in some of the emerging payment alternatives and the number of methods and places their personal information may be used. This spans beyond just payments, such as legitimate marketing and consumer engagement efforts.

Many of the emerging payment alternatives are requesting personal information including name, address and social security numbers that haven't previously been a traditional part of the exchange of payment for goods and services. According to Verizon's 2014 Data Breach Investigations Report, there were almost 150 retail data breaches in 2013 with confirmed data loss — and that's just the most recent report available. Understanding the total extent of the breaches is challenging because retailers may not be aware of or know for sure what was taken. The extent of the exposure and fallout extends beyond fraudulent use of a credit card. Signing up for a loyalty card with a bank check or driver license exposes consumers to additional avenues of fraudulent activity.

Consumers and retailers need to think about the implications. If you ask for permission to collect and use both personal information and purchase history, how will you build trust with consumers if you cannot secure their personal information? While securing data is important, how you use it for consumer engagement is just as important. Consumers will trust you only if you use their personal information to create an intimate and personal experience. If you use data that they didn't give permission to you to share (or even data they didn't realize they gave you permission to share), you will have violated their trust. The result could be pushback to the sharing of information and even loss of business.

The amount of fraud is unlikely to decrease anytime soon. As soon as new payment services and methods are introduced, such as Europay, MasterCard, Visa (EMV) credit cards also known as chip-and-pin, fraudsters will find new ways to violate security. For example, online fraud may surge after EMV chip card rollout, according to Tony Mecia of CreditCards.com. While chip-and-pin will reduce counterfeit payment cards, the fraud will move to new places of vulnerability.

Jacob Jegher, a research director at Celent, is seeing "massive" increases in spending on security and fraud technology initiatives among U.S. banks. A recent benchmark study from Cornerstone Advisors found that banks spent 29 percent more on fraud detection in 2014 than they did the previous year; this was their biggest jump in spending. To that point, Terry Roche, a partner at the firm, states, "Fraud is so front and center in people's minds, both from a loss and an audit and compliance regulatory standpoint, I'm not surprised that went up. Particularly in things like payment fraud where you've got card-not-present fraud jumping heavily."

Retailers are also spending significantly on security, but much of it's currently focused on the payment card and not across customer relationship management systems where they're storing customer information. As security is tightened on payments, the more information retailers collect creates additional exposure to data breaches.

For retailers, it's critical to develop overall payment and consumer data protections, as well as clear descriptions of what data can be collected and how it will be used in an overarching strategy. As this is defined, retailers will gain better insight into consumer engagement and how best to interact with them. A clearly articulated strategy can help support developing the funding to mitigate the technology and business investments for building a trusting relationship with consumers.

Chuck Winter is a principal with North Highland, a worldwide management consulting firm, with deep experience in delivering retail systems strategies and implementations globally.