WASHINGTON -- Leaders of major banks, retailers, and financial institutions met here today to discuss the growing loss of trust among credit card customers -- and how to get it back.
In a summit hosted by Visa, key members of the retail credit supply chain discussed their efforts to combat online phishing and fraud as well as data breaches that lead to the loss of customers' personal information. "We have to recognize that when a theft or breach occurs, the most valuable thing that is lost is not the money, but the trust of the consumer," said John Philip Coghlan, president and CEO of Visa USA.
And while Coghlan called the industry to action, two market researchers unveiled new data to suggest that consumer attitudes are becoming more sensitive to security issues than ever. In a report released today, Javelin Strategy & Research found that 75 percent of consumers believe identity fraud is increasing.
While 85 percent of the respondents said they would shop more at a merchant that distinguished itself as a security leader, 78 percent said they would not continue shopping at a retailer if they learned that it had compromised their data through a security breach. "The interesting thing is that there is a wide perception that fraud is on the increase, even though statistics indicate that the actual incidence of fraud has leveled off," said James Van Dyke, founder and president of Javelin.
And while large banks and retailers are pushing new security initiatives, a separate study suggests that small retailers are still at risk. In research released here today, the National Federation of Independent Business and Visa USA reported that small businesses are generally confident about their ability to protect their customer data -- more than half (52 percent) are currently storing credit card numbers, bank account information, and/or Social Security numbers onsite.
Retailers, in general, are the weakest link in the consumer trust chain, according to the Javelin study. Sixty-three percent of the respondents in the study cited merchants as less secure than banks or payment processors, and most consumers said they are most likely to identify their retailer -- not the bank or credit card company -- as the one at fault when fraud occurs.
But no matter who gets the blame, the entire transaction chain is being hurt by negative perceptions caused by online fraud, said Meg Whitman, president and CEO of eBay Inc., in a keynote address.
"There are bad guys targeting our systems every day -- it's an arms race in its most classic form," she said. "People see phishing attacks in their email on a regular basis. Some people are fooled by them. Some people learn to ignore them. Some people just get tired of seeing them and decide not to buy online anymore. Companies like eBay are targets. It's not our fault, but it's definitely our problem."
Companies such as eBay and Visa are taking steps to reduce online consumers' risk, according to top executives. EBay worked with Microsoft to implement Extended Validation SSL features in Internet Explorer 7 to help users identify phishing sites, Whitman observed. The online auction company is also implementing a technology called domain key signing, which helps ISPs separate legitimate eBay and Paypal email from phishing attacks and spam, she said.
Visa, for its part, is testing new technology that would attach a dynamic, unique identifier to each transaction, making it difficult for an attacker to duplicate. Visa will be working with credit card issuers and merchants to pilot this dynamic form of authentication "in the coming months," but any solution will have to have industry-wide participation to be successful, Coghlan observed.
While large companies are experimenting with these new technologies, however, customer confidence continues to erode. In a study conducted last year, the CMO (chief marketing officer) Council found that about 40 percent of customers already have disconnected from online transactions because of concerns about security, said Donovan Neale-May, executive director of the council.
"In the United States -- and this is different from Europe -- people are actually more concerned about their digital security than about the physical security of their homes and themselves," Neale-May said.
Some panelists at the event said that such a high level of consumer fear may be unwarranted. Javelin's Van Dyke noted that Internet-caused crimes and corporate data breaches collectively accounted for only about 19 percent of fraud last year, while the majority of consumer identity fraud occurred through traditional physical channels, such as lost checkbooks and stolen wallets.
There are similar misperceptions in the world of data breaches, according to Bruce Hansen, chairman and CEO of ID Analytics, which studies breaches and risk. "On average, we've found that the rate of actual fraud occurring from data breaches is less than one tenth of 1 percent," Hansen said. "A breach is much more about loss of trust than actual financial loss."
But in the world of banking and credit, perception is reality, experts said. "Our studies show that the number one factor in choosing a financial institution is trust," said Van Dyke. "If you can't maintain that trust, you're going to lose customers."
Tim Wilson, Site Editor, Dark Reading