Strategies for Ensuring Payment, Data Security

By Hakan Nordfjell

Shifting consumer purchasing decisions can loom large in today’s breach-laden world. You’ve likely heard about high-profile personal data breaches at corporations or government agencies, or more specifically of major retailers being hacked and credit card information of thousands of consumers being exposed or fraudulently used. Gemalto recently commissioned a global survey, conducted by independent technology market research specialist Vanson Bourne, part of which explored the impact of such financial data breaches on customer loyalty and buying behaviors.

Consider some of the harsh ramifications revealed by the data: nearly two-thirds (64 percent) of consumers surveyed worldwide say they're unlikely to shop or do business again with a company that experienced a breach where financial information was stolen. That’s a pretty resounding majority that would leverage their purchasing power in a way that would cause further financial loss for any retailer that's been breached.

Consumers are actually much more informed about security and resulting events than we probably give them credit for, and therein lies part of the issue. While consumers are more informed, only 25 percent of all respondents feel that companies take the protection and security of customer data very seriously. Merchants may not be taking security seriously enough, but consumers are certainly expecting them to. In fact, 69 percent feel that the onus for securing customer data falls on the retailer rather than the customer.

So what does this amalgamation of fear, hyperinformed consumers and willingness to take action that could degrade (or even sever) relationships with retailers all amount to? It means that it's prime time for retailers to pay closer attention to security and strengthen their defenses. Here are a few ways retailers can do that:

Realize that payments are part of an ecosystem. The burden to protect financial data shouldn't fall wholly on the shoulders of merchants, but you do play a key role. Do your part by collaborating with banks, other card providers, payment acquirers and even consumers so that no one has to deal with the effects of breaches.
Fire up those EMV terminals. The most effective technology available in the marketplace to prevent counterfeit card fraud at the register or point of sale is installing EMV-ready terminals. It may be an expensive one-time cost to upgrade, but it’s nothing compared to the long-term revenue lost if a customer’s financial data is stolen and they choose never to shop with you again as a result.
Always ask for CVV codes to verify online transactions. Banks are coming out with cards and mobile apps that have digital, ever-changing three-digit CVV numbers, supplanting the static ones printed on the backs of current credit cards. This helps make stolen financial data useless, but only if all retailers ask for that CVV code prior to authorizing a transaction.
Encrypt and tokenize customer financial information being stored. This might be the most important measure for merchants. While it may be advantageous to keep patterned data and payment credentials to make customers’ purchase experiences more seamless, you must make sure they're adequately secured.

It’s pretty black and white for retailers: If you don’t do as much as you can to protect consumers’ financial data, you risk leaving yourself open to a breach that could ruin your customer relationship with one out of every two individuals affected. Sound like something that’s easy to recover from? Time do some quick math and reconsider how seriously you’re taking security.

Hakan Nordfjell is the senior vice president of e-banking and e-commerce at Gemalto, a provider of digital security software, services and devices.