Consumers Care About Security A Lot Less Than They Say They Do
Written by Evan SchumanDespite surveys showing that consumers say they would shun merchants who have lax security methods, a new earnings report from famed security bad boy TJX on Thursday showed a better-than-expected 11 percent boost in revenue.
With all of the investigations and probes surrounding the massive TJX data breach?including class-action lawsuits, dozens of state Attorney General probes, congressional inquiries and a Federal Trade Commission investigation, to name just a few?there are only two constituencies that the $16 billion retailer cares about: Wall Street and its customers.
Indeed, that short list can be cut in half because Wall Street also overwhelmingly cares about the retailer’s customers, which is equal to revenue. If the customers are happy, Wall Street is happy.
So are customers happy? They tell pollsters they’re not, but the earnings report suggests they are talking with those pollsters on their cellphone as they are buying jeans at Marshalls.
This is nothing new. This column has written before about the huge unintended impact that credit card zero liability plans have had on retail security efforts. Consumers believe that they will personally never be ripped off, but if they are, their credit cards will somehow protect them.
The vicious cycle comes down to this: large retailers are watching the TJX case very closely and they are going to learn some very bad lessons. They already assume that they probably won’t get hacked and that if they do, it won’t be bad. And if it is bad, they’ll be able to keep it somewhat quiet (reality is not the exec’s friend in these thought processes). And if it does get out, what’s the worst that could happen? TJX has gotten an avalanche of horrible publicity and their revenue grew 11 percent.
Yes, the various probes and the credit card folk will likely assess some fines, but it’s not likely to be anything that will materially impact profits (heaven forbid). Even the class-action lawsuits will likely merge, fizzle and quietly settle out of court with lots of confidentiality agreements. Here again, the zero liability programs limit how much financial harm any consumer is likely to feel, which makes it difficult to get huge settlements.
But consumers don’t always understand how they’ll act. In a report this week from Javelin Strategy & Research, a nationwide survey of 1,200 credit or debit cardholders found that “only 20 percent said they would likely continue shopping at a store if they learned it had a data breach that may have compromised their card account information, while 78 percent said they would be unlikely to continue to shop there.”
The problem with analyzing such results is that people make decisions about survey answers in a hypothetical ideal state. Indeed, they may like to say that they would never frequent such a merchant. But when they need clothing for their child and there’s this awesome sale at TJ Maxx two blocks away, the platonic ideal of punishing reckless security deployments pales in comparison to finding jeans that fit well at a good price.
Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code.
-Marc
