Over the weekend, I was shopping in a popular high street store when I was asked for my email address to receive a receipt. Slightly taken aback, I declined and asked for a paper receipt instead. My decision was based largely on my desire to save time — if I gave out my email address, I would have had to spend time unsubscribing from emails later on. However, this decision also reflected something else: My personal information is valuable to me, and the fact that I like your jeans doesn’t necessarily mean I trust you with my data.
A day later, I was shopping again, this time on a handbag retailer’s online store. When I reached the checkout, I glanced up and noticed a warning in my browser’s web address bar. There was no lock symbol, meaning that my connection was not secure. I was in no particular hurry, so I went back to my search engine, found the store website again and finished my transaction when I was satisfied the connection was safe. However, if I had been busier, this could have meant a lost sale for the retailer.
Rising Consumer Expectations Around Data Security
My recent shopping experiences demonstrate a growing trend: Consumers are becoming more security-savvy and realizing that their data is valuable and needs protection, particularly due to recent news headlines detailing high-profile data breaches and emerging cybercrime trends. This means that retailers, in particular, need to up their data security game, especially given the perception that these companies are less secure than organizations in other sectors. According to IBM Security’s “Future of Identity Study,” only 19 percent of U.S. consumers, 23 percent of consumers in the European Union (EU) and 28 percent of consumers in Asia-Pacific (APAC) would trust a retail organization to protect their biometric data. A much larger portion of respondents — 42 percent, 44 percent and 57 percent in the U.S., EU and APAC, respectively — said they would trust financial institutions to properly house this data.
It’s possible that working in the security industry has made me particularly security-conscious and general consumers are less concerned with their online security, but the evidence suggests otherwise. The “Future of Identity” study noted that, of the respondents who said they had heard about a data breach, millennials were more likely than other generations to delete an account held by a breached service provider. In addition, 25 percent of millennials, as opposed to 21 percent of the general population, said they would stop using an app or service that had been compromised. This suggests that younger buyers are more concerned about data security — and more willing to take their business elsewhere if security expectations are not met.
The Risk of Reusing Passwords
Apart from age and the industry I work in, there is another factor that makes me more security-conscious than before: I have personally experienced the frustration of having an account compromised. A few months ago, I was getting on a train when I tried to open a music streaming service for which I pay monthly and discovered that I was unable to log in. After a couple of minutes of investigation, I opened my email inbox and found a message from the provider thanking me for changing my email address and password. Someone had taken over my account.
Though this provider hadn’t suffered a known data breach, it’s easy to see how my email address and password combination, which I unwisely used on multiple sites, could have been leaked elsewhere — a quick online search revealed that my email address had potentially been exposed in at least four data breaches. I was able to retrieve my account within a couple of hours thanks to the customer service team, but this experience made me even warier of giving out my personal data.
My experience is far from unique, and it is becoming more common. The “Future of Identity Study” revealed that 41 percent of millennials reuse passwords to access numerous accounts, meaning that one compromised password could give malicious actors access to multiple accounts. Consumers who have experienced this type of fraud are more likely to think carefully about the security of their personal data.
Data Security Is Key to the Customer Experience
Retailers can use data to create a simpler, more personalized customer experience, but they also need to protect this data to earn the trust of consumers. If they don’t, they risk missing out on would-be customers who wonder whether this enhanced user experience is really worth downloading a potentially insecure app, signing up for a new account or allowing the company to track everything they buy.
Read the complete IBM Study on The Future of Identity
IBM Security Solution Specialist
Louise Byrne is a contributor for SecurityIntelligence.