Tesco, Target, eBay, Office – all major retailers that have a significant on-line presence and that are, in turn, always seeking to understand what their customers want to buy, how they want to buy it, and what would make them buy more. These companies use their experience and understandings of consumer psychology to continue to wage retail battles against one another.
However, the latest eCustomerServiceIndex (eCSI)* survey from IMRG and eDigitalResearch revealed that more than half of the online shoppers surveyed asked not for more loyalty cards or coupon schemes but for better on-line security.
(Of course, all of the retailers mentioned above also have something else in common: they were all recently the victims of security breaches involving customer payment cards or personal information.)
The conclusion drawn from the findings by eDigitalResearch is as follows:
“Onus is very much on retailers to invest in and improve their security measures for their online customers – over two thirds (67%) expect organisations to contact them immediately (within 6 hours) by email or phone if security had been breached and it leads to a potential loss of data”
In other words, customers don’t just expect to be better protected; they are savvy enough to appreciate that breaches can still happen even with appropriate security best practices in place. As a result, they want contingency plans in place that will require retailers to notify them on the same day in the event of a breach.
It speaks of a very realistic view on cyber security and one that is encompassed not only by the PCI DSS (under which on-line retailers should be operating in order to meet agreements with their banks and the major payment card companies) but also all other security best practice frameworks.
If you consider that Target acted on its data breach after two and a half weeks, a period during which over 40 million payment card details were stolen and 70 million customers had their personal identifiable information compromised, you can see why speed of detection is essential. If the 6-hour detection and notification deadline desired by customers had been met in this case, the damage would have been significantly smaller than what it eventually became.
Retailers would do well to listen to customers’ expectations and pay heed to the lessons learned by their peers. Growing consumer awareness of online security will ultimately expose those organisations that fail to take online security seriously to reputation loss, the effects of which will reach far beyond the financial costs of a breach.
By Mark Kedgley, CTO, New Net Technologies
About New Net Technologies
New Net Technologies is a global provider of data security and compliance solutions. The company is firmly focused on helping organizations protect their sensitive data against security threats and network breaches in the most efficient and cost effective manner.
New Net Technologies’ easy to use security monitoring and change detection software combines Device Hardening, SIEM, CCM and FIM in one integrated solution, making it straightforward and affordable for organizations of any size to ensure their IT systems remain secure, malware-proof and compliant with the corporate build-standard at all times.
New Net Technologies safeguards customers’ systems and data, freeing their clients to focus on delivering on their corporate goals.