A Forrester Research report analyzes the early successes and failures of Apple’s mobile payments system.
(Page 5 of 5)
While some data security experts argue that merchants cannot afford a data breach of any kind and fraud-prevention experts recommend that retailers keep fraud losses under 1% of overall transactions, there is no hard and fast rule about how much to spend on data protection and fraud prevention.
"How much needs to be spent really does vary by merchant," says Jennie Verduzco, director of compliance for Litle & Co. "The best practice is for the merchant to talk with their processor about the potential threats from criminals and hackers, what technologies are needed to thwart those threats, and weigh the cost of those technologies against their risk tolerance."
Retailers will want to keep in mind that spending on fraud prevention and data protection will vary over time, especially as a business grows. "The larger a merchant gets the more their risk tolerance changes," says Kount's Rouse. "Adjustments in spending should always be made accordingly."
Finally, before choosing any provider of fraud-prevention and data-protection services, it is recommended that retailers make certain the provider, and all other vendors that could touch card data, are PCI-compliant. Other questions to ask include how the vendor intends to remain PCI-compliant, how the company will protect the retailer's data, and how many departments inside the company and its outside vendors will have access to transaction data.
Nor should retailers be afraid to ask to conduct an independent audit of the provider's systems to spot any potential loopholes that criminals and hackers could exploit.
"Fraud is constantly evolving and criminals are constantly probing for weak points in the system," says FIS's Roese. "Any reputable provider of fraud-prevention and data-protection services should be able to show they have a plan to do more than just be PCI-compliant so they can stay ahead of the fraud curve."
With fraud prevention and data protection playing a more strategic role in a retailer's business, retailers that take the proper steps to protect their web sites from hackers and organized criminal fraud rings will increase consumer confidence in shopping at their web sites.
"That's a big benefit," says Chase's Nadeau. "When consumers are confident a retailer's site is secure, they will shop more often and spend more over time."