Mounting breaches increase consumer apprehension
According to a survey by CreditCards.com, 45 percent of consumers would definitely or probably avoid one of their regular stores over the holidays if that retailer had experienced a data breach.
Sixteen percent said they definitely would not return to a retailer if the store had been hacked and 29 percent said they probably would not shop at such stores. Forty-eight percent said security breaches would make them more likely to pay with cash.
Home Depot, Michaels, Neiman Marcus, Staples, Kmart, Albertsons, Dairy Queen, Jimmy John’s, and P.F. Chang’s have all seen their customers’ credit and debit cards compromised. These followed the widely covered breach last holiday season at Target.
Although much depends on whether the shopper experienced fraudulent charges or identity theft, the survey suggests the impact of a breach could extend to lost revenue. But CreditCards.com noted that many factors go into the where-to-shop decision, including the lack of another nearby sale, a shopper’s habit and sales incentives.
"I think there is the possibility that it could make people nervous, but there are enough things that go into the decision of where to buy and data breaches may not rank as 1 or 1a on that list," Matt Schulz, senior analyst CreditCards.com told Cedar Valley Business. "If it is 1 or 1a, we will see a significant impact. If not, it may not be quite as much as we might think."
On the positive side, the survey found that only 31 percent of those in households earning $75,000 or more annually said they would definitely or probably avoid retailers who experienced a data breach, compared to 56 percent of those in households earning less than $30,000 a year. College graduates, younger consumers and women were also seen as less apprehensive.
Princeton Survey Research Associates International conducted the survey of 865 randomly selected American adults earlier this month.
- Poll: Nearly half of cardholders likely to avoid stores hit by data breaches – creditcards.com
- Data breaches have shoppers nervous, survey says – Cedar Valley Business
- Many Americans Say They Will Avoid Breached Retailers, Study Shows – eweek
- Are data breaches creating smarter consumers? – The Washington Post
Discussion Questions
Is the steady stream of breaches increasing apprehension around shopping to a degree that will affect holiday sales? Are retailers doing enough to allay concerns?
I would want to shop a store that has had a data breach because most likely the problem has been solved. What would scare me is the stores that haven’t had one yet. I’d feel like I was playing Russian Roulette. If a retailer can guarantee there will be no data breach, I think it would help with decreasing apprehension.
I recently managed a dinner discussion where one participant, who works at a company with 8,500 stores, said that they had doubled their data security staff: To TWO.
Many retailers are hard at work on securing their networks, but a lot more needs to be done. And while customers may be leery of a retailer who’s had a high-profile breach, imagine if it happens again at the same company.
Apprehension exists and is not necessarily related to those retailers who have already been hacked. Consumers may be concerned that those stores that have not been hacked will now be targeted. It is critical that retailers, whether they have been hacked or not, do what they can to establish their credibility with consumers, demonstrate concern for their consumers’ welfare, and continue their vigilance to maintain security. In general, retailers need to do more.
Sooner or later customers are going to figure out that all systems are hackable and all retail systems are under constant attack.
Will that change their behavior? I don’t think so. I just can’t see the mass of the consumer market shifting back to using cash or checks. The allure of convenience is just too strong.
Will concerns over breaches negatively impact sales this Christmas? Not so you’d notice, although if sales are slow you can count on retailers to blame breaches at their peers for their own poor operating results.
Barring a major breach in the next few weeks, I doubt that there will be a serious negative impact on holiday sales overall. But those consumers that have been stung are likely to shift payment type or stay away from the hacked retailers.
Are retailers doing enough? The large brand names are starting to take steps. Hackers go for big names with large consumer bases, so these retailers have to continue their investments in security.
There is probably increasing apprehension and no, retailers aren’t doing enough as the breaches keep happening. Staples was the latest victim.
That being said, I personally think the likelihood of a breach happening two times or more to the same company in under a year is highly unlikely, as once a retailer has to publicly acknowledge a breach has occurred, their attention and IT resources will be focused on this for quite awhile.
Interesting conversation going on here. I reviewed the list in Tom’s article and was surprised the only one I continue to think about is Target. I have been reluctant to shop there since the breach. More importantly, I have always used cash since the breach when I do have to shop there. I wonder why Target is the only one I think about? Could it be because they received the most negative publicity? Or was it because they took so long to resolve the problem? Either way, they were not the only major company hacked. The concern is who is next, and have enough measures been put in place to minimize the problem. Too bad the bad guys are faster and smarter than the good guys.
I do want to add a plus to all this. Last week we received a call from a major credit card company asking if my wife had asked for another card in her name, and to have the card shipped immediately to a Miami address. The company suspected something and called my wife. We put a stop on the card and a block on any future activity that happens without us being contacted first. This company (Visa) did a heck of a good job preventing this fraud. But the police told us (Yes, we did report it) it is almost impossible to catch the bad guys doing this.
I wonder how many retailers have been hacked and don’t even know it?
I don’t think it will directly affect holiday sales, which I predict will be horrible, but I do think that consumers will exercise some precautions when using credit instruments at retail. I personally will not use anything but American Express as my experience has proved them to be vigilant in protecting my credit. Over the years I have received numerous calls from AmEx asking if I had made certain purchases. In every case the attempted charge has been fraudulent and no damage was done. Never had this experience with MasterCard or Visa. The retailers themselves can’t do much to allay concerns as it is apparent that they don’t consider protecting consumer data a high priority. As with everything else, you are responsible for doing everything possible to protect yourself. Dealing with companies that have a reputation for protecting their customers is a great way to start. I might add that the absence of security at retail will further insure the success of Apple’s new payment system if it does insure insulation from hackers and data thieves as advertised.
Ironic this article appeared today. I blogged about this on my company’s site right before I read this. Does the typical shopper think of security breaches as they go through the store or browse online? I don’t believe so. Therefore I don’t think it will in any way affect holiday shopping sales.
I think retailers are responding as swiftly as they can to address these breaches that are guaranteed to increase in number and severity as hackers get more adept at their “trade.” That’s a fact of life today and for the foreseeable future.
Our family has already made changes in our buying related to Home depot and Target more as a result of their poor handling and length of the breaches than that the breaches were allowed to occur. Related to some breach or other we’ve received two “replacement” cards from major issuers in just the past six weeks and everybody I talk to has received at least one replacement card if not several. The ongoing bad news about breaches coupled with the hassle of changing out passwords, updating recurring payment arrangements with utilities, etc., as a result of all the breaches is having a cumulative negative effect on buyers’ psyches.
I honestly don’t know what retailers can do to instill confidence at this point and I do believe it’s going to have an downward effect on holiday sales.
The key here is that retail is finally saying, we HAVE to move into the 21st century when it comes to payment methods and security. This is not something they can do alone either so it is great to see that all parties are finally stepping up to the plate instead of pointing fingers.
Now, anyone who reads me here knows that I do not think chip & pin is the answer. It is still a yesterday answer but hey, it’s better than what we’ve got.
In the mean time, as long as retail and the card companies have the consumer’s back, the consumer will continue to spend this season.
And that’s what you get for my 2 cents.
It’s a tough call for a retailer to rekindle the stigma of having come through a credit breach with shoppers to alleviate any fears affecting holiday shopping. Moreover, consumers most likely don’t know all the stores that have been affected, unless directly notified by the store or through news reports, so why go there?
Best that the consumer be proactive and put holiday purchases on a limited number of credit cards that they monitor regularly, or—use cash.
I’ve recently shopped at Albertsons, Home Depot, and other major chains that have experienced data breaches and I have not witnessed a 45% reduction in store traffic. I think we’re seeing that most consumers have now reached the point where they realize all retailers (online and off) will eventually have a security breach—and they have to shop somewhere.
The PR initiatives of affected retailers have evolved and helped to blunt the impact of breaches in the news and with the customer base. However, the solution to cyber crime will be a long-time coming as this is not an issue that will be solved with something that resembles a single inoculation. Combating the security breaches to retail networks require a mentality of many treatments that will have to be applied continuously and adjusted over time as the issue mutates. There is a lot more work needing to be done by retailers and solutions vendors to stem all types of security breaches.
Thieves are notorious for using the same methods over and over again until it will no longer work. There is no reason to believe that the data breaches are no longer possible and therefore they will most likely increase in November and December.