The Top 500 retailer buys Campus Deals, which offers mobile coupons to college students.
Payment security compliance should differentiate merchants, report says
After security breaches such as TJX’s, consumer worry about secure transactions is up. Online merchants have an opportunity to turn compliance with payment card industry data security standards into a competitive edge, Javelin analyst Bruce Cundiff says.
Managing Editor, B2B E-commerce
The January discovery of a data breach at TJX Companies Inc. is a reason for merchants to stop dragging their feet on compliance with the payment card industry data security standards, according to a report from Javelin Strategy and Research. In a climate of heightened consumer concern about identity fraud, consumers perceive merchants are the weakest link in the payments processing chain that also includes processing networks and card issuers, according to Javelin’s report.
The TJX breach may have exposed as many as 45.7 million credit and debit card numbers and 455,000 personal records during a period of years while undetected hackers stole data from a network that handles payment transactions. Yet some merchants have been slow to comply with payment card industry data security standards, or PCI DSS, a set of best practices governing payments transactions, because of associated cost and effort. But now consumers’ worries about the security of their personal and financial information has increased. That could drive consumer behavior to merchants’ detriment, Javelin’s data show.
Specifically, 77% of 1,200 consumers polled in the study believe identity fraud is increasing. And though previous Javelin studies have revealed that only a fraction of fraud is actually due to data breaches, 77% of the consumers surveyed also said it was unlikely they’d keep shopping at a merchant that suffered a data breach. 63% of consumers believe merchants are the least secure entity among all those involved in the payments processing system, and when little is known about who or what is responsible for a data breach, half of consumers automatically consider the merchant to be at fault.
However, 85% of consumers surveyed will reward with future purchases merchants perceived as security leaders-one reason why Javelin senior analyst Bruce Cundiff says merchants have an opportunity in their online channel. In the same way that displaying the logos of security services providers such as buySafe Inc. can lift online sales, a branded logo on a site indicating the retailer has met rigorous standards of PCI DSS compliance could pay off in increased consumer trust and higher sales, he says. The Javelin study concludes by making a case for such branding by the Payment Card Industry Data Security Standards Council.
“Based on linking consumer data with the burden that merchants see in PCI compliance, this is a viable path,” he says. For card networks to be able to enforce compliance among merchants, “PCI compliance has to involve some value proposition to merchants beyond simply fine avoidance,” he adds.