Pumping Gas

And while they are taking precautions to be safe, shoppers still place the responsibility for data breaches and their safety from them on retailers.

While security breaches are more common than ever before, proving to be an alarming concern for retailers today, they appear to have become a very normal reality for a majority of Americans. According to the latest Retail Perceptions report from experiential marketing firm Interactions, nearly two-thirds (64 percent) of shoppers have accepted security breaches to be part of the shopping process, and more than half (53 percent) are willing to risk a security breach in exchange for convenience.

“Customers are not happy about it, but have come to the realization that it’s a possibility when shopping,” Lance Eliot, global vice president of information technology with Interactions, tells Retail Leader.

And unfortunately for retailers, three quarters of shoppers believe keeping their information safe is the retailer’s responsibility, the report notes.

“Interactions first studied the effects of security breaches in 2014,” Eliot said in a press release. “What we have found in the years since then is threefold: shoppers have overwhelmingly become accustomed to security breaches, shoppers are more cautious and are changing their behavior, and finally, shoppers hold retailers accountable.”

This news should concern retailers. The report notes that 40 percent of shoppers avoid retailers that have been hit by security breaches, while 34 percent and 50 percent avoid shopping online and on their mobile phones, respectively, due to security breaches. For those who shop at a retailer that has experienced a security breach, 60 percent shop online with one specific card designated to online purchases to monitor its activity, and 67 percent use cash instead of debit or credit cards. Moreover, 39 percent of these people spend less per trip than before. This reality puts the pressure on stores to invest in and implement payment security technologies such as EMV or fraud intrusion prevention and detection, Eliot points out.

“In fact, the study found that almost half of shoppers—43 percent—don’t trust companies to keep their personal information safe,” he says. “Of these, one-third (30 percent) of shoppers doubt that companies are investing enough in security measures.”

The report indicates that shoppers take a short- and long-term dim view of retailers that have suffered security breaches; not only will shoppers buy less at a breached retailer, but they also might avoid signing up for loyalty programs (56 percent) or opting out of retailer-branded credit cards (69 percent). What’s more, Eliot says he anticipates that as stores adopt more digital technology such as beacons and in-store digital display, fraudsters will be using them as ways to attempt breaking into either shoppers’ smartphones or the store’s network and technology. This could make shoppers even more wary about sharing information or interacting with retailers via their phone or e-mail.

“In other words, a security breach will hurt when it happens, and can also have an impact on shoppers, which can have a long-lasting negative effect on a retailer’s brand,” he says. “It’s key that retailers understand that security is not a one-time investment—it is something that retailers should constantly be assessing and improving. This proactive approach will help retailers gain loyalty and trust with their customer base.”

Take EMV chips, for example. It’s true that while they do improve security, gaps remain that can leave customers vulnerable, Eliot says. For instance, fraudsters can still use lost or stolen EMV cards because doing so does not require a PIN in the U.S., or retailers might not be encouraging shoppers to insert their cards when they are given the option between that and swiping. Still, the report says that 71 percent of shoppers indicated that they feel more secure when using an EMV card.

“EMV might not be the end-all-be-all to security breaches,” he explains. “But if retailers don’t comply with these new regulations, they will be held liable for the information and money jeopardized during a breach, as opposed to the banks. If staff is steering savvy shoppers away from using the chip, it can cause confusion for shoppers and make them think twice about how protected their personal information is. The gaps are not only about technology, but also about the proper processes and training. Retailers should take the time to develop these procedures and train staff to make sure they’re encouraging use of the EMV chip technology—as opposed to swiping—and making sure security is top of mind.”

In the end, most shoppers are aware that security breaches are a cat-and-mouse game with cyber crooks, and it’s difficult for retailers to continually stay ahead of criminals. However, this awareness doesn’t negate the fact that retailers still need to go above and beyond to audit their security systems, checking where the gaps exist so they can fix and improve the systems.