Why consumers are not afraid of identity theft
In 1954, mathematician Leonard Savage published a paper on how people process information during decision-making. The main axiom, which Savidge operated on, is the sure thing principle, the “principle of inevitability”. According to her, in the decision-making process, consumers consider many different inputs. They mentally evaluate and discard those data that are important, but not enough to change the already made decision.
As an example, Savage cited the desire to buy real estate. The potential buyer believes that prior deliberation will significantly affect the final result. However, after weighing all the pros and cons for each item, the consumer is still going to buy a house. That is, if he has already decided to become the owner of this or that property, arguments about the relevant factors, although they have some value, do not play a decisive role.
According to the principle of inevitability, the recent leak of personal data of 500 million guests of Marriott hotels will not greatly affect the consumer’s desire to book a room at one of the company's hotels next time.
Reality and significance
According to studies , people make 35 thousand different decisions a day. This is almost two thousand solutions per hour or one solution every two seconds.
The significance and context of these decisions vary widely. Many of them are routine, not associated with losses and are taken on the basis of past experience. For example, is it worth it to wear a hat or is there enough time to go to Starbucks on the way to work? Other decisions are made based on the assessment of personal risks, the desire to get results and the complexity of alternatives.
For example, knowing that 90 people die in car accidents every day in the USA, 138 million Americans still don’t give up their daily car trips. For many, this is the best way to get from point A to point B.
The same applies to air travel. Planes really fall, plane crashes are terrible, a lot of people die. Nonetheless, most of the 100,000 chock-full passenger planes around the world land safely every time. According to the researchers , a person who intentionally wants to get into a plane crash should fly daily for 55 thousand years. Modern flights are safer than road trips, and maybe city walks.
People continue to travel and fly, because the probability of getting into an accident is quite small, and the advantages of these types of transport outweigh any counter-arguments. Also, people continue to make purchases from merchants who had once been hacked.
What matters in retail
In December 2013, the Target supermarket chain information system was hacked.
Hackers obtained personal data of 41 million retailer customers, including payment card data. To the then CEO, the incident was worth the effort. The event was actively cited as an argument in favor of introducing EMV-cards and enhancing protection against counterfeiting in payment terminals. Consumers were furious, and many swore never to cross the thresholds of the company's stores.
But they soon returned.
Attendance at Target stores in the next few months has really significantly decreased. But analysts could not figure out whether this was the result of a hack, or simply consumers were tired of Christmas sales. Some visitors, whose data were compromised, stopped using the cards, but continued to buy for cash in the stores of the network. Exactly until the inconvenience associated with this method of payment, they did not begin to interfere. And they went back to credit and debit cards.
As a result, people who liked shopping experience at Target continued, as before the incident, to shop on this network in the same way as the millions of other consumers who returned to the stores, whose systems also hacked.
According to analysts, consumers are indifferent to news about leaks. They continue to shop as usual, despite the loud news headlines.
This results from the fact that similar leaks do not concern the vast majority of clients. People do not change habits, because they believe that such news will not affect them personally. And if they do, it is unlikely that the losses will be so serious as to provoke a change in consumer behavior.
For this, merchants can thank banks and payment networks. Banks are investing billions in fraud detection and prevention systems using stolen personal data, as well as to protect their networks from hacking. They invest in AI and biometric technologies to improve the mechanisms for identifying individuals in the online space. And consumers know that banks are always ready to “cover up” in case of another leak in places where people often make purchases.
An example of such protection is the case of burglary of the Equifax credit bureau, as a result of which the personal data of almost all American adults turned out to be on darknet.
A year after the incident, it became known that only 8% of consumers accepted Equifax's offer to freeze credit files, and an even smaller percentage of customers refused the company's services. As for the rest of the consumers, 90% of them actively monitored the cases of using their billing data, checked their accounts more often or set up special notifications about logging in, or regularly changed their PIN codes. More than half of the respondents to the Nerd Wallet survey found that banks are doing enough to protect customer data and make it unattainable for hackers.
Therefore a recent study of PYMTNSIt has naturally shown that banks and payment networks, including PayPal, enjoy the most consumer confidence in providing innovative and secure payment experience. As for the merchants, only Amazon can boast of a high degree of trust.
As part of this study, more than 75% of consumers reported that if they are concerned about the security of personal data, they are more likely to refuse to use innovative payment and commercial experience, which is spread due to the emergence of a huge number of new Internet devices. But the popularity and performance indicators of such innovations continue to grow. This situation is somewhat similar to air travel.
Consumers use devices to make purchases from merchants, because banks, payment networks and payment solution providers continue to invest in building a complete payment ecosystem. They often offer consumers insurance options in case of problems. As a result, people trust new payment products and use them in physical and virtual payment terminals.
That is why data leakage of 500 million accounts, the scale of which is second only to a similar incident in Yahoo , probably will not affect the behavior of the lion’s share of the company's customers. Although, of course, many now wish that the system, the hacking of which went unnoticed for 4 years, received what they deserved.
However, banks and payment networks, with their investments and audit procedures, will support consumer confidence that they can just as easily enter their credentials for reservations at Marriott hotels around the world. This duality is characteristic of modern payment ecosystems.
If it were not for the leak in Target and the decision of the payment networks to shift the responsibility towards the merchants, the latter would not actively improve their payment terminals and protect consumers from attempts to steal their data. Merchants have coped with the task: rates of fraud using terminals have dropped significantly - by 75% over the past three years.
However, following the main volumes of payments, the rogues moved online. The tactics they use to outwit merchants and consumers are becoming more sophisticated. Alas, a series of leaks and data hijackings, the latest of which was the hacking of the Marriott system, shows that so far the efforts of the merchants to combat online fraud lag far behind modern technologies that can detect and stop threats.
As for consumers, they want to be sure that they are protected during online shopping and shopping, even if their credentials were sold to scammers on the darknet. This is good news for merchants, as people will continue to buy from them even if their systems are compromised.
And if past experience is only a prologue, then representatives of the payment ecosystem, such as payment networks, payment service providers and banks, should continue to put pressure on merchants to increase the protection of their systems and consumer data from falling into bad hands.