Progressive Grocer Independent

FEB 2016

Issue link:

Contents of this Issue


Page 26 of 43

February 2016 | Defining the Independent Market | 27 Customer Response Since the source of the DeCicco & Sons breach took a while to fnd, some customers ended up having multiple cards hacked. For the most part, though, they were under- standing. "I would say overall, the customers were really great with us and really supported us throughout," DeCicco says. Te store didn't issue a blanket solution to appease customers whose cards were hacked, but rather left it up to the store managers and store directors to decide what would make each customer happy. Tat could range from an apology and a cup of cofee to gift cards in denomi- nations varying from $25 to $100 and up, if multiple cards were involved. Tis understanding on the part of the customer falls in line with data from NGA's "2015 Consumer Survey Report," which found that nearly 59 percent of consumers indicated that they wouldn't desert a retailer due to a data breach and that the retailer deserved another chance. Fewer than 5 percent said they would shop else- where after a frst breach, while more than 8 percent said a breach would have no impact on their shopping habits at a store. However, if a second breach were to occur at the store, consumers' feelings change a bit. Nearly 15 percent said they would switch stores, while nearly the same percent said they would con- tinue to shop there but pay cash. Nearly 28 percent said they would likely seek another store, while more than one-third (37 percent) still felt that it depended on the circumstances. Real Costs Te cost of a hack isn't just in cus- tomer loyalty, but also in money. Data breaches cost small businesses $36,000 on average, and can exceed $50,000, according to First Data. Tese costs accrue from the mandatory forensic examination that must be conducted by an outside examiner, notifcation of customers and a PCI assessment by an external qualifed security assessor. De- pending on the situation, retailers may also be liable for up to a year's worth of credit monitoring for afected custom- ers, card replacement costs and PCI compliance fnes. Retailers generally assume that they don't have liability in the fraudulent use of cards, but that may not be the case, as lawsuits may claim retailers are liable for security breaches, First Data notes. Te unsettling truth of data security is that no matter how many steps a retailer takes to protect its information, that information is never 100 percent secure. "I'm not foolish enough to say it won't ever happen again, but we're in a much better place now," Heskestad says. "Don't assume that you're protected or safe, even if you've been told that you are. Dig deeper, even if you have to do it yourself. Te security of the operation is one of the most important things to educate yourself on." PGI Quick Stats on Data Security Retail accounted for 43% of fraud investigations in 2014. Of those, 13% were in the food and beverage industry. 64% of the retail breaches were e-commerce, and 27% were POS. 28% of breaches were due to weak passwords, and 28% were from weak remote-access security. 49% of investigations involved the theft of personally identifiable information (PII) and cardholder data. 81% of companies didn't detect the breach themselves. It took a median 86 days to detect the breach and 111 days to fix , from intrusion to containment. 60% of emails observed were spam, and 6% of that spam included a malicious attachment or link. 98% of a company's applications were vulnerable. "Password1" is still the most common password. 39% of passwords were only eight letters long. Time it takes to hack an eight-character password: one day. Time it takes to hack a 10-character password: 591 days. Source: Trustwave

Articles in this issue

Archives of this issue

view archives of Progressive Grocer Independent - FEB 2016