Americans are gearing up to do battle on their doorsteps this weekend. The foe takes the form of tiny superheroes, movie baddies and zombies demanding candy. It’s OK, though; we know that underneath the masks are sweet kiddies, not real monsters. But increasingly, many people are worried about the real threats that lurk under the bed – ghouls who can take your life savings with a keystroke, derail your carefully-laid plans for retirement or your kids’ education, or even destroy your reputation.
Within the past week, news of two separate studies (from Bankrate.com and the American Bankers Association) hit my inbox, highlighting the fact that Americans are worried about their financial and information security and feel vulnerable to predators.
Much of the angst stems from recent data breaches, which have exposed the security vulnerabilities in a system trusted to protect vital information. Hardly a day goes by that we don’t hear about some new breach, whether it’s customer contact information, credit card numbers, or embarrassing publication of names from sites like Ashleymadison.com. All this bad news is eroding our trust in the financial system at a time in which technology should be giving us more security than ever.
According to Bankrate’s study, nearly eight in 10 Americans worry about having their identity stolen. Nearly a quarter of consumers described themselves “very frightened” about the prospect of identity theft. Then there’s this shocking claim: about half of Americans (46 percent) report that they’ve either been a victim of identity theft or know someone who was. That’s up significantly (12 percent) from just a few years ago.
While about one in five consumers (many of them Millennials) appear oblivious to or unconcerned about the threat, many have taken it seriously. Many in the Bankrate.com study say they aren’t checking their credit reports regularly, and 41 percent say they conduct banking and other sensitive tasks on unprotected Wi-Fi networks that don’t require a password. Both of these activities could help detect fraud, or prevent it from happening in the first place.
“When asked where cardholders feel most vulnerable to fraud following a credit card purchase,” the ABA’s study concluded, “64 percent say they are most concerned about hackers breaking into retailers’ computer systems, compared to just 16 percent who cite physical card theft and 13 percent who cite “phishing” scams.”
Similarly, the ABA study found that many worried consumers are holding the system responsible. Nearly eight in 10 consumers believe the government should “hold retailers, banks and other companies involved in the payments system to the same security standards.”
“Millions of Americans have had their most sensitive information compromised in retailer data breaches, so it’s understandable that consumers are concerned that retailers aren’t doing more to prevent future hacking incidents,” said Doug Johnson, ABA’s senior vice president of payments and cybersecurity policy. “These survey results reaffirm what we’ve believed all along. Retailers need to join with banks and payment networks to combat fraud and focus on the future by updating their payment security systems and proactively working to address emerging threats head-on.”
The recent card conversion was part of a “liability shift” for credit and debit-card fraud, in which merchants could bear the cost of fraud if they don’t take sufficient steps to secure the data. Previously, such liability was borne almost exclusively by banks and the financial system.
That’s especially true with the recent conversion to new card reader (EMV) technology; the messy transition has confused customers and reinforced existing security concerns. “Following high-profile data breaches at major retailers including Target and Home Depot, 94 percent of consumers say it is important for retailers to upgrade their security controls, and 70 percent say retailers should be installing EMV chip-enabled card readers as soon as possible,” the ABA noted.
But many merchants and industry groups have protested that the new technology – while a step in the right direction – is vulnerable because it doesn’t take full advantage of the security features available, besides being expensive and difficult to implement. For example, the new EMV cards still in many cases don’t require the use of a PIN, a feature which could enhance security.
The National Retail Federation (NRF) and other industry groups have been vocal about these concerns. “EMV is all new to me, and banks and the networks are not contacting small businesses to help the transition in any way,” noted small business owner Keith Lipert, who recently testified before Congress on behalf of the NRF to protest the new requirements. “No one from my bank, processor or existing supplier even contacted me about the need to add a new EMV device, let alone a deadline by which to do so.”
The NRF’s David French recently stated that credit and debit card fees are the second-largest expense for many small businesses after labor, and that the card industry imposes “a multitude of complex rules on small businesses.” Chip-card readers and installation can vary from “a few hundred dollars to thousands of dollars” per terminal, he said, with an industry average of $2,000.
Whatever the outcome of this battle will be, consumers are looking for a hero to protect them from the very real monsters that wait to prey upon their livelihoods, identities and futures. So far, said hero remains out of sight.