We spend a lot of time talking about what to do to prevent a breach of networks or computer systems.  This discussion has been, and continues to be, very valuable.  It is discussions like this that have allowed the payments industry to develop solutions like ProtectPay, ProPay’s secure payment solution.  ProtectPay, for instance, allows merchants to accept payment card transactions without storing, processing, or transmitting payment card data.  The benefit of such a system is tremendous.  Not only does it allow companies to significantly reduce the costs and resources necessary to achieve PCI DSS compliance, but it also reduces the risk associated with a breach.  If a merchant using a properly configured tokenization solution is breached, there is no data there to be stolen.  The merchant has only value-less tokens, not valuable cardholder data.  Unfortunately, tokenization isn’t yet universally employed.  That means that there are quite a few merchants operating today that still have cardholder data in their systems.  And while the conversation about preventing a data compromise is important, an important question still remains: What happens after the breach?

Experian and the Ponemon Institute teamed to answer that question.  The results can be found in “The Aftermath of a Data Breach.” (Registration is required to download the study.)  Of the companies studied, 45% indicated that the company lost bank or credit card information, and 60% of respondents indicated that the data that was stolen was unencrypted.  Additionally, the study found that 34% of breaches studies were the result of a “negligent insider.” This seems to support the notion of using a tokenization solution.    It should be noted that 19% of responding companies suggested that “outsourcing data” was the cause of their breach.  Most tokenization solutions do require the outsourcing of data, so how can these two findings be reconciled?  There are two important concepts that readers should keep in mind.  The first are the statistics and the second is due diligence.

The statistics are interesting.  The findings tell us that 60% of respondents lost unencrypted data.  That likely means that at least some of the outsourced providers that were cited as a cause of the breach were not securely storing the data.  Another interesting finding is that a full 50% of breaches were caused by insiders (negligent insiders 34% and malicious insiders 16%).  The other concept that one should keep in mind when reading the study is the concept of due diligence.  Outsourcing data is a big decision for any company.  It is advisable to do a significant amount of research into the potential vendor.  For example in the payments industry, companies that store, process or transmit cardholder data on behalf of a merchant is called a service provider or a data storage entity.  Regardless of the terminology, the company must be compliant with the PCI DSS and be registered with the card brands.  Ensuring that potential partners meet these requirements can substantially mitigate potential risk on behalf of the merchant.

The study is a very interesting read and has important lessons for those companies that store sensitive data.  Perhaps the most important lesson is this: If you don’t need the data, don’t store it!

Dr. Heather Mark, PhD; Sr. Vice President Market Strategy

As someone that watches with great interest as the great privacy debate unfolds, this article really caught my attention.  The issue in question is the trade-off between online privacy and discounts or special offers.  According to  a study by KPMG (Consumers and Convergence V: The Converged Lifestyle survey) a majority of US shoppers would offer up their online activity history in exchange for discounts on goods or even digital content.  Further, 43% of those surveyed would be willing to receive advertising, if they didn’t have to offer up personal details, in exchange for lower fees.

This is an interesting juxtaposition to the privacy hearings that have been occupying the US Congress of late.  Legislators have been greatly concerned with things like smartphone tracking and browsing histories.  It’s interesting to note that the issue may not be that consumers are upset about these activities on the part of merchants, but that they are not currently getting anything out of the bargain.  It is true that organizations should not be tracking consumer behavior, at least individual consumer behavior, without the consent of said individual, but there are benefits to sharing browsing history  and shopping behavior and consumers are recognizing those.  The question becomes, how can one  leverage the consumers’ self-interest to help the merchant?

It is important not to lose sight of the fact that consumer notification, awareness and choice remain priorities.  Tracking consumers without letting them know and providing them with the ability to opt out is a major faux-pas.  However, providing them some quid-pro-quo seems to ease many consumer qualms. What would be interesting to know though, is the consumer “break-even point.”  In other words, what sort of discount or service is the minimum for sharing their online behaviors?  That is not included in the KPMG survey, and is likely much more difficult to ferret out.

In today’s world, the balance between marketing research and a breach of consumer privacy can be difficult to measure.  For organizations that have questions about managing consumer privacy, there are a number of resources that can be referenced. Included is a short, certainly not exhaustive, list of privacy guidelines.

1) OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data

2) Federal Trade Commission Fair Information Practice Principles

3) Generally Accepted Privacy Principles

4) Privacy by Design

Dr. Heather Mark, PhD; SVP of Market Strategy

The season is upon us.  Analysts and media have made their predictions for what the holiday shopping season will bring.  Not surprisingly, most surveys reveal that consumers plan to be “careful” with their spending this holiday season.  They are looking for the best value, with many respondents indicating that they’d like to be able to buy more, but spend less.  A neat trick if you can manage it.  Given the nature of consumer spending in general, and particularly over the holidays, how can merchants manage these trends to their benefit?

A variety of consumer spending surveys released over the last few months, reveal a few tips for merchants to help their consumers realize value during this harried holiday season.  Among their advice for businesses was:

1) Free Shipping - This is a theme that is played out in a variety of sources and has been extremely prevalent over the last three years or so.  Consumers are searching for value and becoming more savvy about the “cost” of purchasing.  If a buyer can get an item for $5 less online than in the store, they are more likely to do so.  However, that savings  can be erased by adding a shipping charge.  Buyers would then be incented to go to their local store and purchase the at the higher price.

2) Highlighting Value – Help shoppers find the product and the price that they are looking for.  Online retailers can accomplish this by featuring sale items and specials on their home pages.   The GfK survey finds that online shoppers are using more and more resources to find the best deals available.  Leverage the platforms that these customers are usings – social media, blogs, review sites, etc.

3) Gift Idea Lists - According to the NRF’s Holiday Spending Research, the largest proportion of spend will be on family.  That is probably not a surprise to most businesses.  However, retailers and online merchants might consider capitalizing on that by helping shoppers find gifts for family. Organizing items by “Gifts for Dad,” or “Gifts for Girls,” or similar categories, can help shoppers locate what they’re looking for faster.

4) Online Shopping Experience – Consumer Reports tells us that online shopping increased significantly last year, with almost 34% of respondents purchasing gifts online.  To leverage this trend, online merchants may want to “user test” their websites.  Ensuring that the site is easy to use and appealing can help increase conversion.

Certainly, this is not a comprehensive list of the trends that are facing merchants this holiday season, but it does give a sense of the constraints facing shoppers, and therefore the merchant as well.  Understanding and responding to consumer needs is an excellent way to build trust and loyalty any time of year.

Dr. Heather Mark, PhD; SVP Market Strategy

It’s that time of year again.  International Fraud Awareness Week, sponsored by the Association of Certified Fraud Examiners (ACFE).  The intent is to raise awareness of fraud in general, as well as trends and emerging schemes.  Payment card fraud alone is estimated to cost the United States $8.6 billion per year.  And that is a 2010 number.  Estimates for 2011 are likely to grow.  Fraud is an interesting animal.  It’s said that the only crime that costs the US economy more money is tax evasion.  While that’s probably open for debate, what is still surprising is the low level of awareness that many small business owners have regarding fraud and fraudulent schemes.  The objective of International Fraud Awareness Week is to educate all organziations, whether small entrepreneurial endeavors to large enterprises, about fraud and how it can be prevented.

Some fraud prevention resources can be found here, including somethings that many organizations may not have considered, such as a fraud policy.  The ACFE publishes an annual Report to the Nations on fraud.  In 2010, some of the highlights (or lowlights depending on your perspective) included the following:

• “Survey participants estimated that the typical organization loses 5% of its annual revenue to fraud.”  To put that into a global perspective, the ACFE estimates that to cost the world economy almost $2.9 trillion annually.

Building a brand takes time, money, and talent. Consumers generally do not recognize a brand image over-night. In fact, studies suggest that consumers require at least three impressions of a print advertisement before they even remember the company name.  A major concern is building a brand that is recognizable, but does not become annoying. When it comes to building your brand online, in the social media platform, what are consumers saying? What is the reach?

An article entitled “How Younger Adults React to Brands on Social Networks” stated that the millennial generation enjoys viewing brands through social media such as Facebook and Twitter and the “older adult generation” is not far behind. These millennial consumers are more likely to “Like” a brand through social media and interact with the content created from that brand; although, they [millennials] do not want to be annoyed with too many posts or tweets. So how often should a brand post relevant material?

The frequency at which brands should post depends on the medium through which they want to send it their consumers. This can be one post a day to multiple postings through a variety of social channels in a single day. Consumers want to know what is going on in their community. For example, if a brand is sponsoring an event, they should tweet or post about the event.  Same thing if there are promotions, coupons, contests, etc. As long as the content is relevant to that industry, posting multiple times daily will help increase brand equity.

The trend of social media and the payment space has rapidly become a hot topic. Such technologies as NFC (Near Field Communication) and Geo-location have been integrated into several apps in the marketplace waiting to for consumers to make use of the technology. Consumers being able to tag a storefront, “Like” it, write a review, and make payment at the store all from the same device is powerful for brand equity.  

ProPay offers a new mobile payment technology that allows Smartphones to be used, not only as a payment device, but also as a social technology allowing merchants and consumers to create dialogue with each other in real time. ProPay Link allows merchants to set up and push to consumer’s events and promotions to their device. ProPay offers several types of mobile solutions, please read about each through this post.

Travis Allen | Marketing Manager