Jane Goodayle, VP Global Marketing, PCI Pal
Awareness of data security has been a hot topic for some time. With every high profile data breach that occurs, the issue is pushed further to the fore of public discourse, and consumers are becoming more and more aware of the steps they need to take to ensure the safety of their personal information, especially their payment details.
While people on both sides of the Atlantic are similarly concerned about data breaches and issues of payment security, a recent survey by PCI Pal, which polled over 4,000 residents in both the UK and US, has highlighted a number of interesting cultural differences between the geographies. In particular, in how they react to data breaches and payment security issues, and some interesting findings emerged for the financial industry.
When asked what industries they thought were most likely to suffer a breach – or those that were most prone to them – the financial sector came out on top in the UK with 41% of respondents pointing to the finance industry. In contrast, only 12.8% of those in the US suggested the same, and instead retail came out with largest proportion of concerns (and was considered the second highest risk in the UK). In all, 41% of UK respondents aired their concerns
The surveys suggest that there is much work to do within those industries if they are to inspire confidence within an increasingly savvy and selective consumer base.
In the current market, it’s imperative that a business should understand the potential damage done by a data breach, and more companies are switching on to the importance of the issue and looking to deepen their understanding. Businesses must however be aware of the possible fallout, which has the potential to cause serious damage to reputation and losses long into the future.
According to the survey, some 79% of people polled agreed that trust in a brand’s data security played a part in how much they opted to spend with them, highlighting the public’s increasing awareness and knowledge of data security issues.
The survey found that 41% of Britons said that they would stop spending with a brand forever, following a data security breach, compared to 21% of Americans, highlighting a much more unforgiving attitude to data loss on this side of the Atlantic.
Interestingly, 44% of Brits and 62% of Americans who didn’t express a want to cease trading with a company forever following security issues indicated that they would stop spending with them “for at least a few months”. This suggests that even a best-case scenario would result in notable reputational damage and loss of earnings.
One of the more surprising findings of the survey was that respondents have more trust in local businesses than they do large national and multinationals. 55% of those polled in the UK said that they felt they could trust local stores more, and 30% elaborated, saying that they felt smaller companies have more consideration for their reputation, despite not having as much money to invest in data security.
The opposite was true in the United States, where only 47% of respondents felt that they could trust local businesses more than a national company, and those polled stated that increased investment in security and adherence to more strict security rules were the reasons for their trust.
Another topic discussed in the survey was that of paying for goods and services over the telephone, and it was found that 55% of respondents were unhappy with some portion of the process. 32% stated that they were generally unhappy reading their credit card details over the phone to complete a transaction but did so because they had no choice, and 23% stated that they flatly refused to give out their payment details over the telephone, opting instead to deal with businesses face-to-face or use online services.
Building consumer confidence in dealing with telephone payments should rank highly among businesses, and the general lack of faith that consumers appear to have should be cause for concern. Adhering strictly to PCI DSS guidelines should be an absolute priority, if companies are to thrive amid the myriad threats that currently exist towards their customers’ personal data.
Simply put, by ignoring these threats companies are opening themselves up to the possibility of immeasurable damage to their brand, loss of earnings and continued loss of business; perhaps even years after the initial data breach has occurred. Not to mention the huge fines that failing to comply with the EU’s GDPR (General Data Protection Regulation) may bring.
By enlisting professional assistance to ensure PCI DSS compliance, businesses are already on a healthy path towards reducing data security risk. , Critically, they will be able to ensure the safety of customer’s payment card data from phone-based transactions, and by advertising PCI DSS compliance, a business can inspire confidence in areas that it appears to be most lacking.