By Brian Kilcourse, Managing Partner
February 2, 2010
For the last 60 years, retail has been driven by product-oriented strategies; the idea was to push as much product through the selling channel as possible, “rationalizing” slow movers out of the assortment, and stimulating demand with attractive prices and promotions. As long as the consumer was a passive participant, that model worked, and companies that executed this product oriented strategy (particularly for low differentiation/high consumption “mass” products) were able to scale to hitherto unimaginable levels. But with the introduction of technologies that could capture and analyze information about customer purchases – POS scanning, electronic payment options, loyalty programs, electronic order management, data warehouses and business analytics, retailers could and did begin to adjust their strategies around the notion of identifying “best” customers and offering a more differentiated value to them as a way to build loyalty.
With the mass adoption of the internet, consumers now investigate and select products and services before entering a store, often with the intention of completing the transaction in the store. With this attractive and inherently personal way of communicating, consumers – not retailers – initiate the dialogue. And that dynamic is only increasing with rapid consumer adoption of smart phone technologies. According the results of a recent global study of over 30,000 consumers conducted by IBM, 41% of “Generation X” and 48% of “Generation Y” consumers are “instrumented”, i.e. they use new technologies as an aid in their shopping. But in doing so, these consumers are identifying themselves and what they are interested in – and retailers are capturing that data, using it to be more responsive to those consumers.
Not only are many retailers capturing data generated by technologically empowered consumers, they are also empowering their own employees to better service those customers by making detailed customer information available to them.
It is the two way nature of the dialogue that creates the risk to retailers and consumers. Not only can customer-specific data be used to enhance the shopping experience, it can also be misused. Recent well publicized breaches, not only of credit and debit card data, but also of prescription information, social security numbers, and personal financial information, have put consumers on edge. In our soon-to-be released annual report on privacy and security, Building Trust and Growing the Brand: The Role of Privacy and Security in Retail 2010, almost three-quarters of all retailers who responded tell us that their ability to ensure customer privacy with an appropriate data security positioning is important to their brand promise (Figure 1). But differences between Retail Winners and laggards emerge; one-half of laggards indicate that they have too many other business priorities to address the issue (compared to 36% of Winners), and fewer laggards are feeling pressure from consumers to address the issue. More likely, they aren’t paying attention to the signals that consumers are sending in their weak revenue results.
 Source: RSR Research, February 2010
Survey responses to the question, “What is your company’s view of risks associated with data security and consumer privacy?”, further illuminate how retailers now link data security/customer privacy to their brand positioning. Only 26% of retailers feel that it’s a technical – not a brand, challenge and only 4% said that they believed that a breach “would not result in a significant loss in sales.”
The Payment Card Industry (PCI) Data Security Standards (“PCI”) only deal with reducing the risks associated with electronic card payment handling (debit and credit), but because of the costs involved for non-compliance, they have been the focus of retailers’ (especially large retailers who generate millions of such transactions) concerted attention since 2005. As noted in Figure 1, more Retail Winners than laggards are confident that they have addressed the Payment Card Industry (PCI) Data Security Standards as they now stand. When we asked further about the status of PCI compliance, responses are guarded. Forty percent of all respondents indicated that they are “verified complaint”, having passed both internal and external audit, and another 20% have satisfactorily completed a self-assessment. Twenty eight percent are in the process of becoming compliant and 9% still have not completed an assessment.
Comparing these results to those of our 2007 study gives some insight into how retailers’ understanding of compliance has changed. In that survey, 40% were confident that they were “fully compliant”, while another 40% were “working on it”. Four percent admitted that they were “non compliant”, and a startling 16% said that they “didn’t know”. The 2007 survey was taken the same year as the TJX and Wellpoint data breaches, and before the Hannaford Bros. (2008) or Heartland (2009), just to name two. Retailers have overcome their naiveté about the difficulties in securing sensitive data.
While payment data has been the focus of the industry, the world continues to change. For example, warnings about the risk of “too much information” on popular social media sites such as Facebook (which only opened its digital “doors” to the general public in 2006) have only heightened consumer concerns. Highly publicized and politically charged hacks (December, 2009) into Google’s site to disrupt Chinese dissidents gained the attention of the U.S. Department of State. As end-users find new ways to share personal information, “bad guys” find new ways to steal it.
Building Trust and Growing the Brand: The Role of Privacy and Security in Retail 2010 will publish later this month on February 25, we’ll be sure to send out a reminder letting you know when it is available in full.
|
