This week, industry executives and thought leaders from all across the retail ecosystem gathered in Chicago for Retail Reinvention to discuss the strategic future of retail and payments. R2, powered by PYMNTS.com, brought the best and brightest together to discuss how emerging payments and technologies from industry heavyweights like Walmart, McDonald's, American Express, Amazon and Target.
In 2014, many dubbed the year to be “the year of the data breach” after what seemed like a non-stop barrage of data breaches that severely impacted merchants and their customers. This year, we’ve seen an increase in the costs associated with a data breach, prompting experts from retailers, solution providers and financial institutions to share insights into how enable the next generation of retail commerce. These experts are trying to find a common ground where the interests of consumer privacy are still protected, while ensuring that sensitive data stays secure and mitigate fraud while increasing growth.
Who Took A Seat At The Table?
Tuesday afternoon, a panel led by eight retail and payments thought leaders, including Rippleshot CEO Canh Tran, discussed the relationship between security, data access and privacy. The panel was compromised of industry experts from ACI Worldwide, CardinalCommerce, Forter, InAuth, Nordstrom, Rippleshot, Riskified and Walgreen Co. To start the conversation, the panelists discussed whether or not there was truly a new fraud problem that has been occurring over the last few years or if we are just more sensitive to these security incidents.
The panelists concluded that there is a real fraud problem and the sensitive payment information is highly valuable to fraudsters. As an industry, security incidents like the data breaches that targeted Target, Home Depot and many more is a real threat for retailers of all sizes. Jim Weaast, Divisional Vice President of Store Delivery Technology at Walgreen Co. echoed these sentiments, stressing the importance behind both the payment and protected health information (PHI) that his company holds.
When asked if preventing data breaches is still top of mind for retailers, Lisa Stanton CEO of InAuth, responded that retailers are focused on protecting their brand and do that by protecting their customers. According to Stanton, preventing and mitigating the effects of a data breach are still a top three priority for most businesses, regardless of size. Canh Tran, CEO of Rippleshot, echoed the same statement that brand protection is as important to retailers as much as reducing fraud is when looking at a retailer’s goals. Retailers feel more confident achieving these goals thanks to a change in the willingness to collaborate and share relevant data.
There Is No "I" In Team
The panel concluded that this willingness to collaborate is being driven by the October 1 deadline for EMV adoption. After the deadline, merchants must be equipped to process EMV-enabled cards or take the financial responsibility for counterfeit and lost-and-stolen card fraud. When data sharing becomes a more frequent process between retailers and financial institutions to help combat fraud, each side will see how valuable the other’s data truly is. Braatz made it clear that despite currently possessing the technology to make data sharing possible, the hard part will be to get retailers to buy into the concept of collaboration.
Mike Braatz, SVP of Payments Risk Management for ACI Worldwide, shared with R2 attendees that fraud at its core is a data problem. Organizations are trying to solve this problem through data sharing, retailers in particular. However, Braatz believes that this change will require the help of retail heavyweights to usher in change. From the perspective of a retailer, merchants are looking to new ways to protect themselves and their customers. But how are retailers working to protect from the data breaches and security threats that exist today?
Tokenization And Its Role In The Retail Industry
Tokenization was a key area of discussion during the fraud management panel with each of the panelists giving their take on the more secure method of payment. Michael Reitblat, CEO & Co-Founder of Forter, believes that tokenization should protect everyone involved and help foster better data security practices. Steve Mattics, President of Credit and Payments for Nordstrom, made clear that mass –adoption for tokenization is coming and while it will be harder for fraudsters to target payment cards that use tokenization, there are downsides that go with it.
Mattics noted that be this new technology makes it more difficult for retailers keep track of their customer’s transaction history due to how tokenization works for payment platforms. For example, if a consumer were to shop at their favorite big box retailer to make a purchase on their phone throughApple Pay, and then make another purchase on a EMV-enabled card at a later time, said retailer would be unable to determine if these two transactions are related to the same customer. Retailers will now be tasked with working around this inconvenience as their customers begin to adopt new methods of payment.
What Can We Take Away From This Panel?
In just over an hour, eight payments experts discussed the future of payments, fraud, data breaches and much more. R2 attendees left Chicago knowing that nearly every aspect of the retail industry is rapidly changing, whether or not retailers are ready. The financial cost and impact of a data breach is at a point where 60 percent of all small businesses fold within six months of being hit by a breach. The last two years of security incidents have painted a clear picture that it is no longer safe, nor wise to think an organization is safe from data breaches. Retailers need to start thinking WHEN, not IF they will breached.
While tokenization is yet another tool for retailers, innovators and consumers to even the playing field against fraudsters, we are still in a never-ending game of Cat and Mouse. No matter how secure an organization may appear, fraudsters will always look to break the weakest link in the chain. And for many organizations, that link is located outside of one’s infrastructure. For retailers, understanding that protecting oneself from future fraud is different than protecting oneself from breaches. Despite the gloomy horizon surrounding data security and fraud prevention that some in the retail industry see, there is a silver lining regarding consumers.
In a survey, Mike Braatz shared with the audience that 82 percent of consumers surveyed said they would like to be a part of the fraud prevention efforts retailers and financial institutions currently implement, prompting them to be notified of potential fraudulent transactions. Six months ago, there was much uncertainty surrounding how the retail and payments industries would react to the sheer amount of breaches. After leaving R2, this attendee felt more confident knowing that retailers, solution providers, research analysts and even consumers are willing to jump in on the fight against fraud.
Curious to see how EMV and it's adoption in the U.S. will play out once we reach the October 1 deadline? Download our white paper today to learn about the benefits and the downsides to EMV.