4 Ways Consumers, Banks and Retailers Can Collaborate to Stop Data Breaches
The issue of online data breaches is out of hand, according to CIO.com blogger Bill Snyder, and something needs to be done. Here are four ways banks, retailers and their customers can work together to address the problem.
Enough is enough. It is time that the banks, credit card companies, retailers, and yes, their customers, work together to solve a problem that is undermining the online – even the brick and mortar – economy. Here’s my four-step plan.
1) Move aggressively to replace credit and debit cards that use easily-hacked magnetic strips with more secure chip-and-PIN cards. These cards contain embedded chips that hold information and require PINs for access. If you travelled in Europe recently, you’ve likely seen these cards, and you may have heard that fraud dropped dramatically (34 percent in the United Kingdom) after they were introduced. The Target data breach brought this issue to the forefront, and there’s a target (no pun intended) date of October, 2015, to implement chip-in-pin in the United States. Whether or not the financial services industry and the large retailers actually follow through remains to be seen.
Sure, it will cost money to make the switch; merchants will have to install new point-of-sale devices capable of reading them, and the cards have to be manufactured and distributed. There’s also resistance from retailers because it is easier to get marketing data from a magnetic strip than from chip-and-pin cards. But I say it’s time for the change, and the sooner the better.
2) So who should foot the bill? Everybody! I think it is only fair that a portion of the cost to be borne by consumers via a small, temporary transaction fee that credit card companies would then rebate to merchants. This is especially important for small businesses, which are sometimes dropped as customers by the credit card companies if they pass on too many fraudulent charges. The alternative is higher prices for everybody.
3) Make retailers more accountable. Banks currently bear the brunt of the costs associated with credit card fraud. Retailers have some accountability because when fraud piles up, the card companies charge them more per transaction. But those fees are tiny and aren’t large enough to act as a deterrent. So, at the very least – and this is an idea that already has some traction in Congress – retailers should be required to immediately notify customers of a data breach. Some states already require immediately disclosure to customers; others don’t. There should be a uniform law that addresses, and mandates, that disclosure. Retailers should also be required to offer customers free credit watch services when there’s a data breach, just as Target did.
4) Force consumers to take security seriously. You’ve probably seen stories about the most commonly-used passwords: the word “password” and “1,2,3,4,” etc. That has to stop. Online commerce sites, including those of the credit card companies, should make consumers change passwords at least once a year. If they don’t, their access to the site should be blocked or revoked. That might really bother some consumers, but having their identities stolen could be much, much worse.
San Francisco journalist Bill Snyder writes frequently about business and technology. His work appears regularly in CIO.com and the publications of Stanford's Graduate School of Business and the Haas School of Business at the University of California at Berkeley. He welcomes your comments and suggestions.