Retailers beefing up security against data breaches
In a world where customers don't think twice about paying with plastic or purchasing items online or with mobile devices, data breaches have become a growing threat.
According to information compiled by the nonprofit consumer advocacy Identity Theft Resource Center, as of Nov. 19, there had been 679 major data breaches reported this year, up about 25 percent over this time last year.
With the holiday shopping season getting underway, retailers have taken steps to prevent new breaches, although it remains to be seen whether they have done enough, said Eva Velasquez, CEO of the San Diego-based center.
"The hackers are definitely out there in full force. But there are a lot of other vulnerabilities, which is why we encourage best practices for businesses and (shoppers)," said Velasquez.
Cybersecurity is a growing concern for businesses large and small.
This year, $4.1 billion was spent to keep hackers at bay across hundreds of U.S. companies, according to a PricewaterhouseCoopers survey of 758 American companies. That survey suggests the amount spent could increase by $2 billion in 2017.
"There's no doubt that it will require a substantial investment to protect the global networks that house the privileged information of American consumers," Karl Volkman, chief technology officer at SRV Network Inc., said in a statement. "And part of that includes bringing on security consultants, expanding cybersecurity staffing, and researching the newest trends to stay ahead of cybercriminals."
Volkman, whose company provides a variety of IT services, expects investments in cybersecurity worldwide to continue rising — in both global and smaller companies — as more and more businesses go online.
"As hackers become more advanced, global institutions will have no choice to keep up," says Volkman. "Dollars spent on cybersecurity could eclipse dollars spent on marketing or employee benefits. Nothing is out of the realm of possibility at this point."
A data breach affects customers and retailers, who are both victimized by the crimes. To combat data breaches, many retailers large and small are having to put in place an entirely new infrastructure for payment systems. This can get costly and is far more complicated than it might seem, said Velasquez.
"The consumers have to deal with the aftermath, but the consumers are being made whole," she said. "We appreciate the move to chip-and-pin technology, but that is a huge undertaking, and there is an expense to the retailers."
According to eBay Enterprise's 2014 Holiday Retail Audit, protecting consumer data this holiday season is a major focus for many retailers. With good reason.
"We're in a data-driven environment now, especially with retail," said Craig Peasley, head of product marketing for eBay Enterprise. "Retailers need to make security and privacy of utmost importance. And if they do, they can leverage this data to provide a better customer experience that ultimately increases loyalty."
During last year's holiday shopping season, Target Corp. announced it had a major breach that involved 40 million customers. Retailers with major breaches this year include Kmart, Home Depot, Neiman Marcus, Walgreens and eBay. On Nov. 10, the U.S. Postal Service disclosed that employee and customer data was compromised when its computers were hacked.
Of the companies eBay Enterprise surveyed, 65 percent of larger retailers said they had heightened concerns about data security, and 77 percent said they have not experienced a security breach.
In the case of Target, putting the data breach behind it has been a key focus for new CEO Brian Cornell.
Cornell said the company has bolstered its IT and compliance staffs and invested in new technology to better protect data. However, like many companies, Target will not begin accepting EVM cards, which include a special chip to better safeguard credit card data, until early next year. The retailer also is beefing up security on Target debit cards; the rollout for that is also planned for early next year.
"The threat is a challenge, not just for retail, but for all industries, and we are determined and committed to being an industry leader in this evolving space," Cornell said in a statement.
Target's breach: $148M
In a filing with the U.S. Securities and Exchange Commission earlier this summer, Target put the cost of the data breach at $148 million.
As for consumers, according to a National Retail Federation survey, 42 percent of the 7,500 holiday shoppers polled said they felt "neutral" about how data breaches will affect their purchasing this year. Fewer than 20 percent of those surveyed said breaches were "somewhat" or "very likely" to influence their shopping habits.
Mallory Duncan, senior vice president for the NRF, said retailers choose payment methods that are best for their companies and their customers.
"Data security is paramount, but so is flexibility, cost and ease of use."
Protecting personal data
Eva Velasquez, CEO of the nonprofit Identity Theft Resource Center, offers the following tips for protecting your personal information this holiday season:
■Don't compromise your bank account. Always use a credit card instead of a debit card whenever possible.
■Know the limits of cash. While making all holiday purchases with cash can prevent your personal information from being stolen, carrying large amounts while you shop could make you a likely target for robbers.
■Limit the information you give out. Weigh whether giving out your email and phone number is worth the risk. If you do want ads and coupons from a store, using a separate email account from the one you use for banking is a good idea. Never use the same password for multiple email accounts.
■Treat your mobile device like the computer it is. Always password-protect your phone and individually password-protect apps that store financial information. If you are going to be making purchases, always use a secured network or invest in your own VPN to prevent your information from being hacked.
For more tips and information on preventing data theft, visit idtheftcenter.org.