Mike Cassidy, storyteller and retail analyst, Signifyd
Recently, there has been a flurry of major, highly publicized consumer data breaches. They seem almost like a weekly occurrence. While few of the cases have involved online merchants, the collective threat and publicity have caused a massive problem for retailers. Quite simply, consumers have little trust that retailers are keeping them and their data safe, and they assign blame to a retailer no matter what the result.
Because we’re curious about the challenges retailers face, we commissioned a third-party market research firm to study 2,000 U.S. online shoppers over the busiest shopping season of the year—Thanksgiving through Cyber Monday. The goal was to get a sense of how consumers perceive the security of their own data. Are they apathetic? Is there a sense of urgency to protect themselves? Where are the biggest threats?
At the same time, we wanted to know more about fraud (i.e. fraudulent charges on consumer credit cards or retailer accounts), which is often the goal and/or end result of cyber criminals hacking into systems for consumer data. Needless to say, the data suggests that online retailers have a problem on their hands. Consider some of the top findings.
The study uncovered that an astonishing 62 percent of consumers aren’t confident their personal data is secure with retailers. Of that, approximately 25 percent said they knew their data wasn’t safe and 37 percent weren’t sure. Nearly half of consumers, 43 percent, report being a victim of a fraudulent charge from a retailer.
Digging a bit deeper into which specific industries consumers report as the most common source of fraud, the top eight most-common industries were electronics (40 percent); fashion and apparel (38 percent); makeup, fragrance, skin and hair care (21 percent); children’s items and toys (21 percent); home furnishings and improvement (20 percent); jewelry, watches and accessories (20 percent); sports and recreation goods (19 percent); and pet products (16 percent).
But, here’s the rub for all online retailers. A majority of consumers who reported being victims of fraud (52 percent) said that the fraudulent charge—whether on their credit card or direct retailer account—negatively affected their view of the retailer. In short, regardless of who was responsible, how the charge got on there, or if it was easily resolved, most felt that retailers should shoulder some of the blame. That’s a significant finding when, as any smart retailer would know, it could have absolutely nothing to do with them.
Moreover, when retailers erect barriers in an effort to prevent fraud, they face a different problem with customers. Presenting extra steps or verification requirements at checkout is frustrating. Consumers are penalizing retailers’ digital experience at at a time when they perceive hardly any friction in the Amazon shopping experience.
The bottom line is that these consumer data breaches are leading to more consumer mistrust, more fraud—specifically account takeover fraud as I wrote about before—and potentially adding some friction into a retailer’s experience.
The trend won’t fix itself either, as most consumers don’t appear to be mitigating the threat on their own. Even with all of the highly publicized data breaches, 55 percent report using the same login information (username, email, password) across multiple retailer accounts. Of those that do change their login information even if not required, approximately 42 percent say they try to change login information semi-annually. Around one in eight only change their login information annually.
So, what can retailers do? Here are three things:
Cyber Security is Digital Experience: Online retailers need to view their cyber-security strategy as a digital-experience challenge. At conference after conference, there are hundreds of expert panels preaching about how DX is the best weapon in a post-Amazon world. But, if consumers don’t trust retailers with their data—or partially blame DX when there is fraud—then it’s incumbent on them to make password changes, sign-on verification and the check-out process as important and frictionless as site search or product filtering.
Keep Consumers Informed: No one wants to pile onto another business’ problem, but when there are high-profile consumer data breaches, retailers should think to notify their customers about the larger threat. Many already do this, as I saw some proactive notifications via email, site pop-up or likewise after the Equifax breach. But it shouldn’t take hundreds of millions of potentially compromised accounts before it merits proactivity. No, you definitely shouldn’t do it after every measley breach, but maybe consider a standing web page where consumers can easily be directed to get tips to protect themselves.
Be Clear on the Fraud-Reporting Process: Working in this business, the one thing I know is that many retailers don’t want to whisper a word to their customers—or publicly for that matter—about anything fraud-related. But, it happens, and many consumers struggle to figure out what to do. This is a friction challenge, as they’ll likely penalize you twice if they cannot figure out what to do. This also means making the post-reporting process—like changing information, filling out forms, etc. —as painless as possible. The reason consumers shop online is to save time, and there’s nothing more frustrating than having to spend minutes on something that has no payoff, like a purchase.
The past two years were painful with the frequency and velocity of consumer data breaches, and I don’t think 2019 will be any more kind. Even if it is, the way these things are covered means that even a lesser year would still ding consumer trust. It’s up to retailers to better elevate and marry cyber security to digital experience, or the blame game will burn worse.
Signifyd provides fraud-prevention services to online retailers.