CONTINUE TO SITE »
or wait 15 seconds

Article

Securing the retail experience: Tips to avoid the disastrous data breach

Shoppers love convenience, but as one security expert relates, convenience should never be viewed as more important than data and transaction security.

September 18, 2015 by Judy Mottl — Editor, RetailCustomerExperience.com & DigitalSignageToday.com

Data breaches, stolen credit card data and hacking into databases are becoming everyday scenarios for both small and large retailers. No customer, online or in the brick-and-mortar shopping environment, wants to patronize any retailer where their data and financial information may not be secured or protected. It's a critical issue, but oftentimes retailers aren't sure where to start or what to know before embarking on a security strategy.

So Retail Customer Experiencereached out to Michael Bruemmer, VP of consumer protection at Experian to get some expert insight on security basics that need to be in place and his view on how retailers are handling necessary and critical data security efforts.
 

RCE: What is the very minimum retail establishments should be doing to ensure a secure customer interaction?

Bruemmer: The steady drumbeat of large data breaches in the retail sector has proven this issue is not going to go away. Merchants need to understand this and ensure they communicate to their employees and customers that they take cybersecurity very seriously and are willing do everything they can do to increase security. This includes not only updating payment terminals for the upcoming EMV liability shift in October, but also only collecting customer information only when necessary, and taking steps to secure personally identifiable information. The minimum standard today to be secure is to have an incident response plan in place and a cyber-insurance policy.

 

RCE:Are today’s retail consumers savvier about potential online security given all the news on data breaches or are they not as knowledgeable as they need to be?

Bruemmer: Customers are indeed savvier and expect more from retailers today. So I believe it would make a positive impact on consumers if the retailer shared from a corporate perspective what they are doing to shore up their security. It would also be great relationship-building with customers to help them protect themselves from identity theft as an ongoing practice and if they are a victim of a data breach. According to a 2014 study from the Ponemon Institute, more than one-third of consumers reported they ignored data breach notification letters. This is attributed to a phenomenon coined as “data breach fatigue,” in which consumers — inundated by news of mega breaches — do little or nothing when a data breach occurs.

To address this issue, retailers need to prioritize sincere communication with customers if they have been breached. The notification should include an apology, a clear explanation of what happened, what the retailer is doing to address the issue, and guidance on what actions the customer should take to be protected.

 

RCE:A retail data breach can happen in the store, online and during a mobile checkout process, making security more complex and challenging for the retailer. Any specific advice about what not to do, or issues retailers need to know about in establishing a strong security infrastructure?

Bruemmer: Retailers face a huge challenge in reconciling the convenience of new payment technologies with data security. A recent survey, Experian Data Breach Resolution conducted with the Ponemon Institute, revealed more than half of professionals in the payment sector prioritize customer convenience over security. This is concerning, as the transition to adopt any type of new payment technology can add risk. Retailers should think carefully before implementing new transaction systems, and ensure all data is moved securely during the transition. Retailers should also keep in mind that credit card data is not the only type of information they need to protect. All consumer data — including usernames and passwords — should be secured. Some of the best ways to establish a strong security posture is to have a Chief Information Security Officer in place, a preparedness plan that is updated and practiced at least twice per year, encrypting data, and training employees on security protocols.

About Judy Mottl

Judy Mottl is editor of Retail Customer Experience and Digital Signage Today. She has decades of experience as a reporter, writer and editor covering technology and business for top media including AOL, InformationWeek, InternetNews and Food Truck Operator.

Connect with Judy:

Related Media

Recent Posts
Criminal gang stole millions from Home Depot over several years
Warby Parker teams with QB Arch Manning for brand ambassador strategy
Spirit enters Chapter 11, issues letter to travelers
Consumers prioritizing convenience, flexibility, hybrid shopping
Amazon Just Walk Out Cafe debuts at South Carolina hospital


©2025 Networld Media Group, LLC. All rights reserved.
b'S1-NEW'