Data breaches continue to vex marketers. Three men were indicted this month for stealing more than 130 million credit and debit card numbers, according to the US Department of Justice. The breach was discovered in January and is the largest hacking and identity theft case ever prosecuted by the Justice Department.
The information was hacked from five corporate entities: Heartland Payment Systems, 7-Eleven Inc. and Hannaford Brothers Co., and two unidentified corporations. The two-count indictment alleges that Albert Gonzalez of Miami and two unnamed co-conspirators orchestrated the attacks.
Gonzalez is a repeat offender. He was previously indicted in May 2008 and again in August 2008 for his involvement in data breaches of companies such as TJX Companies, Dave & Busters and OfficeMax.
This recent arrest is the latest in a long line of these incidents, and the danger is that consumers, wary of divulging personal information, could reach a breaking point. According to Forrester Research, consumers’ perception of online security continues to color their behavior online. Security concerns are the number two reason consumers cite for not transacting online. This reflects a broader unease about e-commerce security, and it plays a role in keeping some consumers from migrating online for activities such as online banking.
“The biggest challenge to a marketer is, with the amount of fraud, any transaction online is at risk,” said Jeff Jurick, VP-compliance and critical communications at agency Direct Group. “E-commerce companies have to be diligent in the protection of their customers’ data and they have to communicate and deliver confidence to consumers that their data is safe.” Jurick added the direct marketing industry needs to “make a better effort with consumers on best practices.”
That is easier said than done. With the trust gap widening, alleviating consumer concerns has become more complicated for marketers. Marketers need to build security into their networks, Web sites and point-of-sale environments, in addition to developing processes for customer data usage.
“Good custodianship is no longer a matter of what processes you have in place or how you use the data,” said Jonathan Penn, an analyst at Forrester Research. “It’s also about what security you have around the data.”
Kristen Mathews, partner, Privacy and Data Security Practice Group at Proskauer rose LLP, said once a breach does happen, what matters most is having a plan. “You need to be upfront and honest about what happened,” she said. Companies also need a remedy. “It’s common to offer reimbursement for credit monitoring services depending on the data compromised.”
Mathews said a checklist of things to do once the breach occurs includes coordinating with law enforcement, identifying the nature and scope of the problem, containing the incident, and deciding about external communications, including whether to notify the media. Penn has developed a series of recommendations for marketers to manage concerns and improve consumer trust. (see below). l
