Although most have concerns about their privacy, historically consumers at large have been bystanders in the battle against cybercrime. Whether it was a matter of trust or feelings of helplessness, the general public has left it to those who have their data to protect their data.
In 2015, we will see the individual assert more influence over information security. The Age of the Customer is in full force and will extend its influence to expect more from the business community when it comes to information privacy and security. Data breaches were once rare and largely ignored by the consumer. Now they’ve become more frequent, larger, and more damaging. This year was one of awakening. 2015 will be the year of high expectation and zero tolerance. Merchants and others in possession of personal information will find that trust has never been more brutally hard to build, or more easily fractured and lost.
The battle to win over breach-weary customers and the battle to keep them as customers will be a focus and a driver of security actions and initiatives in 2015. Here are five we believe will stand out.
Stepped-up Enforcement and Accountability
The Federal government isn’t like to contribute much of anything new to security measures or enforcement until the economy is showing steady growth and the Federal government is less divided.
Instead, industries will redouble their enforcement of security rules and regulations upon their constituent members and service providers. In the wake of the Target and Home Depot breaches, more pressure will be placed upon credit card issuers, who will apply more pressure on merchants to fully embrace the Payment Card Industry Data Security Standard. Extraordinarily large patient data breaches in 2014 are forcing the healthcare industry to take a hard look at information security. HIPAA enforcement has been ratcheting up, forcing a closer look at healthcare providers as well as the “business associates” who may touch protected health information (PHI) in conducting their business.
Companies will demand that developers build applications with security as a central requirement. Downstream contracts with supply chain partners will be have stronger privacy and security provisions and more onerous penalties for violations.
Partnerships will increasingly focus on information security controls and eliminating gaps between the protections each organization has established.
The Target Stores breach at the end of 2013 marks a change in the marketplace. This major security failure combined with others in quick succession, has led to consumer scandal fatigue. Regardless of how positive a consumer feels about the experience crafted for them by an organization, that bond will be gone if the unwritten security-trust contract is violated. Customers are increasingly impatient with security failures and will be more vocal in the future.
According to Javelin surveys in the U.S., when an existing credit card is exposed and then used for fraud, the average loss is $1,251. When a social security number is exposed and then used to open new accounts, the average loss is $2,330. Frightening statistics given that the number of victims exposed for any give breach can easily exceed one million. And it can take a consumer months to unravel the damage done from identity theft.
As mentioned above, the consumer expects that not only will the retailer or service provider be secure, but the maintenance company, freight company, electrical and painting contractors, law offices, accounting firms and others with which the retailer does business will be secure as well … additional fallout from the Target breach, which is believed to have originated with a third-party contractor.
Security at Point of Sale
After 20 years of procrastination, chip & PIN technology in credit cards is slowly gaining a foothold in the U.S., first with embedded chips and PINs o follow. For the time being, it’s chip & sign.
Other technologies are rushing in to fill the security void. Apple is taking the lead with thumbprint verification required to log onto to their newest mobile devices. Apple’s IOS and Google’s Android also encrypt data stored on mobile platforms, rendering devices useless if lost or stolen.
Another impressive technology introduction, from a POS security point of view, is Apple Pay. This contactless payment method combined with security features built into iPads, iPhones and Apple watches makes a credit transaction authorization unique to each purchase with no opportunity to capture credit card information. Banks and retailers are quickly getting behind this simple and effective payment method; as of mid-November nearly 20 banks were supporting Apple Pay and dozens more retail chains.
Another emerging payment method is CurrentC, which is a merchant-led attempt to get around credit cards transaction and their associated fees altogether. The app is getting off to a bumpy start, having been hacked in trials. However, it is indicative of the new security products that will be coming to market and no doubt adopted by consumers once they’ve proven their worth.
Can You Hear Me Now?
Businesses that do not listen to the Voice of the Customer may be doomed to suffer for it. Consumer sensitivity is piqued, and their expectations of the entities that handle their personal information are unforgiving, giving rise to the customer standard of acceptable performance.
Consumers will place increasing pressure on the companies they engage with, as well as the service providers used by the companies they engage with. Failure to satisfy the customer standard will be met swiftly and harshly in social media. News of violations of trust and scandals will burn hotter and quicker than in the past.
Whose Data is it, Anyway?
The amount of personal information freely offered up is prized by companies that use it for more efficient marketing. Is it their data or yours? It’s may become theirs because you checked the box and gave it to them.
Consumers are coming around to the notion that they are exposed. Realizing the value of their personal information, people will want to regain control over it, perhaps using it as leverage for greater value without ceding all rights to it beyond.
Last year, McAfee introduced a mobile security feature that instantly checks for apps that use extensive data collection and overshare personal information. It seems 2015 will be witness to more products and tools that will help people retake control over who uses their personal information and how it is used.