Positioning your Institution’s Response in the Face of Data Breach
Unless you’ve been living under a rock in North America, it’s pretty hard to have missed news of recent high profile data breaches.
I’d venture to say these stories have made their way into the wider, global purview (note: as I write this, another report regarding a massive data breach in South Korea affecting 20M cardholders was released). While the number of retailers and account holders impacted by these events continues to increase and make headlines, issuers and merchants alike must address ways to instill confidence in their customers in short order.
Upon hearing this type of news, cardholders immediately think “Was I impacted? What do I need to do? Will my account be closed? Will I get a new account number and new debit or credit card?” These and many more questions likely flood the support lines as customers want to understand their real-life implications and steps they need to take to protect themselves.
When associations, banks, issuers and retailers identify significant and/or high profile data breaches, they must first identify the nature of the problem, recognize the potential impact and then develop the correct course of action for their institution. Following this, they need to best determine how to communicate with their impacted customers. When financial institutions have a well-coordinated strategy (i.e. email, SMS, voice, mobile app, etc.) in making their customers aware of the institution’s vigilance, posture and plan, they win. It goes beyond just reassuring a customer, it is an opportunity to assert a distinctive leadership role in the marketplace.
In instances where a mass block and reissue event is warranted, proactive communication — identifying the problem, how it’s going to impact your customer and what you’re doing to put it right — can be an opportunity to stand out as a financial institution, distinguished in your customer relationships. When a breach is made public, the ability to keep your customers informed, via multiple channels, whatever the event or scenario, can be true differentiator in customer satisfaction, and speed to response. For banks and processors who are solely evaluating high profile breaches through the lens of a risk or security response, this can be a segmentation opportunity.
An unfortunate reality of being in the payments business is fraud. Most in the industry accept that these events can and do happen. A lot. I would say that there were at least many hundreds (if not well into the thousands) of data breaches last year of varying size, some which are never reported, some that are reported and then intentionally buried. In fact, a recent Infosec study suggested that 57% of malware self-detected in business was not reported. Further, law enforcement believes they only have visibility to a fraction of these breaches. These incidents happen to businesses of all sizes, in many geographic locations and when you are in the trenches of fraud monitoring, these are constant issues that may require your attention. they’re exhausting and so common, recently “breach fatigue” was coined to describe the condition.
The expectation that breach fatigue is something new, however, shouldn’t be. One of the most sound things said over the last few week came from a sage veteran law-enforcement officer who now only consults for banks…and we’ve heard this before; the working assumption should be that all cards may already or at any time be breached, at risk and carry the potential for fraud. Using this as a baseline assumption, and then utilizing another industry standard of layered security/controls, issuers should be able to assume the posture to manage this situation effectively. The position is this: that the financial services industry can set controls that are tied to this specific breach, as well controls that are tied to the one that came before it and finally create controls that will protect us from the next one. Deploying a risk-based, compromise-centric and layered framework is one way to prevent data breaches from stunning us in the future.
Coupling that with a proactive customer communication management plan is paramount and elevates that framework. This combined path best positions the institution in support of their customers and against the fraudsters who are trying to exploit the system. Breaches are now quite common, but the response to them is what makes an institution uncommon in the environment.
Related Blog Posts
Payments and Fraud: The Paradox Twins
Digital commerce through web and mobile is where merchants predominantly experience shopper growth today. This has become a hugely important domain for their focus. It offers a means for international growth, new market penetration and a way to engage with shopper-hungry Millennials in their culture. Merchants frequently adopt a Digital-First, eCommerce-First or Mobile-First strategy to ensure full corporate buy-in to this strategy.
Knowing New Customers – And How Shared Data Helps in Fighting Fraud
As the eCommerce industry continues its rapid growth, the lines between physical and digital shopping are becoming increasingly blurred. These changes are creating a number of challenges for merchants, not least around customer visibility and fraud prevention.
Adding a Global Payments Layer for Future Growth
Digitization has changed the payments industry completely and irrevocably. Cash payments are in full retreat, as more people pay digitally – with more than 1.6 billion people now shopping online. The digital customer expects an extremely fast and convenient payment experience, with high security standards, and immediate availability of payments information.
Let’s Get Phygital: eCommerce Is Coming To A Store Near You
While payments vendors continue to pitch and strategize with a focus on omnichannel, the omnichannel story has already moved on.
Make no mistake – omnichannel remains important and the best vendors have solutions that provide a single cloud payments service capable of delivering a single view of the customer across stores and digital channels. And the best retailers utilize these solutions to deliver efficient cross-channel shopping experiences. Meanwhile, many other retailers get by (though seldom rise to the top) with a siloed approach.
Around The World: Taking Stock of Global eCommerce in 2019
As I head to #NRF2019 in New York City next week, I’m excited to see how some of the biggest retailers and merchants see the industry evolving over the coming year. What trends they think are going to shape 2019, and which of 2018’s buzzwords can be put to bed.
Fraudsters Don’t Wait for Peak, So Neither Should You: 2019 Fraud Strategy Starts Now!
In existence for barely two decades, eCommerce has transformed not only the way we shop, but also how retailers plan and execute their marketing strategies around the peak shopping season. Now that we’re deep into this period, retailers will have prepared for changes in buyer behaviors, relaxed their strategies to be within the limits of manageable review rate, and most important of all, put strategies in place for increased fraud attempts.
The Power Behind Payments – Is It Time for the ‘Slow Fintech’ Movement?
According to a freshly-minted piece of research from the Dutch central bank, choosing card payments over cash is not only convenient, it’s also good for the environment. The study considers everything from the origin of cotton that goes into the production of (Euro) banknotes and the environmental impact of armored vehicles to transport cash, through to the energy usage of POS card payment terminals in standby mode.
‘Soup To Nuts’ – A Multi-Layered Fraud Menu for the Holiday Season
The holiday shopping season is well underway, with Black Friday now behind us and many retailers around the world braced for higher levels of eCommerce fraud, from Cyber Monday all the way though until Christmas.
The ‘Internet of Things’ is the Game-Changing Next Step for Telcos… But What Are They Missing?
As I travel to meet new telcos and attend an array of trade shows around the globe, one discussion that comes up again and again is how the telco industry can gear up for the world of IoT. And it’s not just a topic that telcos are “a bit” interested in – the sector believes that IoT will drive the fourth industrial revolution, likening it in importance to the discovery of steam power.
The Challenge of Catering to the Anything, Anywhere, Anytime Retail Shopper
Ten years ago, retail eCommerce was a fairly simple provision; most retailers’ websites offered a small range of products with long lead times, local delivery and postal returns. Payments were mostly completed by card in the local currency, and the online customer experience was less than slick.