Restoring the Faith: Rebuilding Consumer Confidence in the Wake of a Data Breach

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://smallbusiness.yahoo.com/advisor/restoring-faith-rebuilding-consumer-confidence-wake-data-breach-175515514.html

A while ago we wrote an evolving story about what financial institutions
could learn from Target's response to its 2013 holiday season data breach
in which the personal information of upwards of 70M customers and 40M
credit or debit card records were stolen by hackers.

Theoretically affecting 34 percent of the U.S. adult population, the Target
breach certainly captured consumer attention and, driven by the news, still
does months later.

In looking back, one can measure the impact on purchase behavior and
cardholder confidence by assessing cardholder payment choice in the wake of
a data breach. Recent Associated Press and GfK Public Affairs & Corporate
Communications research found that 37 percent of Americans have expressed a
preference to use cash in lieu of credit or debit cards to pay for
purchases because of the thefts. Understandably, financial institutions
have withheld proprietary corroborating data, but anecdotal articles share
stories of consumers limiting their card spend or adjusting to cash when it
is convenient. A recent breach-related article in the New York Times quoted
a shopper as "...starting the week with $100 [in cash] and when the money in
her wallet is low, has found herself forgoing purchases she wouldn't have
hesitated to buy with a card."

A different survey published by Ipsos/Reuters measured roughly the same
period following the Target breach. That poll seems to confirm the
Associated Press/GfK findings and indicated 64 percent of breach victims
claim they still use their credit and debit cards.

For financial services marketers, it is an imperative to restore eroded
confidences quickly as a short-term marketing goal, while continuously
managing your long-term communication efforts to educate and remind
cardholders of your card's security and liability benefits. Due to the
on-going sensitivity surrounding the breach, right now is a strategically
critical time to audit your current and future messaging strategies with an
eye on really looking at "what you are saying" to whom and to ask yourself
if you are really doing everything possible to refocus your card product
messaging to increase emphasis on its security features.

Here's a quick list of questions that you can refer to when reviewing your
security messaging:

1. Does your content provide assurances?
Financial institutions cannot eliminate fraud or breaches - and data losses
will likely continue to occur. If you do a good job of reassuring your
cardholders that you take security seriously - and convey and reinforce
those product benefits that are in place to protect the cardholder in the
event of a breach - you may lessen any adverse consumer response and
protect card volume and loyalty. The hierarchy of your messaging should not
downplay your product's security features in exchange for highlighting
promotional offers or other benefits. Design and layout of your materials
should work to strategically "weight" and draw attention to all your
important points.

2. How does your message resonate with your various audience segments and
product offering?
Knowing how your marketing and product offering plays out among differing
products, perspectives, and cardholder behaviors may make a big difference
in your customer's understanding and receptivity of your content.
Versioning your message to emphasize security benefits by product (credit
vs. debit) and by audience segment is essential. Debit requires far more
effort in terms of education and reassurance given that consumers feel
increased vulnerability using debit vs. credit. Additionally, older
audience segments, heavy credit users, etc. are prone to greater security
concerns even under normal circumstances.

3. Is your copy alarmist in tone? Does it strike a defensive posture?
Inviting worry or fear-mongering sends the wrong message. Consumers will
focus on what could go wrong rather than the benefit that would otherwise
make your product attractive. Remain focused on the positive attributes of
your card products, clarify your benefits - and be deliberate in your
messaging.

4. Are you taking advantage of the full product lifecycle?
New prospects need assurances, just the same as long-term cardholders.
Reviewing and refining your message for consistency and appropriateness at
various lifecycle stages - from acquisition, onboarding, activation, and
routine communication is critical.

5. Are you effectively using all of your channels?
Cardholders may tune into or be responsive to select channels and could
miss your message if you limit the outlets through which you reach out to
them. Not everyone has the same level of technological prowess or
connectivity (i.e.,; older audiences may not have a smartphone to receive
texted fraud alert notifications.) Be sure to review and utilize all of the
resources at your disposal, such as SMS messages, email, direct mail,
statement inserts, websites notices, post-login account messages,
electronic fraud alerts, in-branch signage, employee training and
scripting, public relations, etc.

Being prepared to immediately emphasize and reiterate your security
benefits is one of the most important marketing objectives you can reach
for in the event of a data breach. If you and your cardholders should fall
victim to a breach, it is also critical to tell cardholders exactly what
you're doing, what they should do and what they should expect. Your job, as
a financial institution marketer, is to use your product's benefits to
reassure your cardholders that they are safe and that you are ready and
capable to actively addressing a data breach incident.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!