The latest eCustomerServiceIndex (eCSI) Survey produced by IMRG and eDigitalResearch suggests that online shoppers are far more interested in enhanced online security than the latest deals and discounts. Mark Kedgley (CTO at New Net Technologies) has the detail.
Tesco, Target, eBay, Office – all are major retailers with a significant online presence seeking to understand what their customers want to buy, how they want to buy it and what would make them buy more. Indeed, the delivered retail experience and an intimate understanding of consumer psychology is where the retail battles are being fought in 2014.
However, the latest eCustomerServiceIndex (eCSI) Survey1 conducted by IMRG and eDigitalResearch reveals that more than half of those online shoppers surveyed didn’t ask for more loyalty cards, coupon schemes or bigger discounts. What they requested is better online security.
Of course, all of the retailers mentioned have something else in common in that they have all recently been subject to security breaches involving customer payment cards or personal information.
Retailers must improve security measures
The main conclusion drawn by eDigitalResearch from the survey findings is as follows: “Onus is very much on retailers to invest in and improve their security measures for their online customers. Over two thirds (67%) expect organisations to contact them immediately (within six hours) by e-mail or phone if security has been breached and it leads to a potential loss of data.”
In other words, customers don’t just expect to be better protected, but are savvy enough to appreciate that breaches can still happen even with appropriate security Best Practices in place. They want to see contingency plans in place that allow them to be notified within the same business day in the event of a breach occurring.
It speaks of a very realistic view on cyber security and one that’s encompassed not only by the PCI DSS (which online retailers should be operating in order to meet agreements with their banks and the payment card brands), but all other security Best Practice frameworks.
If you consider that the breach at Target was only acted on after it had been operational for two-and-a-half weeks, but during that period over 40 million payment card details were stolen and 70 million customers had their personal identifiable information compromised, you can see why speed of detection is essential. If the six-hour detection and notification deadline expected by customers had been met in this case then the damage would have been minimal, rather than catastrophic as it has been.
Retailers would do well to listen to customers’ expectations and pay heed to the lessons learned by their peers.
The growing consumer awareness of online security will ultimately expose those organisations that fail to take online security seriously to significant repercussions of brand damage that reach far beyond the financial implications of a breach.