Why Consumers Will Shrug Off the Marriott Breach |
In 1954 mathematician LJ Savage published research about how consumers process information when making decisions Dubbed the sure-thing principle Savages work showed that consumers consider a variety of inputs when making decisions They also mentally bucket and then disregard inputs that may be important but not important enough to change their minds about something they really want to do To make his point Savage used the example of someone contemplating the purchase of real estate For that person the outcome of an upcoming election was regarded as relevant After weighing the pros and cons of each election outcome that person decided to buy the property anyway The election outcome while a relevant input was not the relevant decision driver for someone who had already decided they wanted to own that piece of property If the sure-thing principle can be believed then last weeks Marriott breach of 500 million customer records wont have much of an impact on the consumers decision to book a hotel room at a Marriott property for their next trip Whats Real and Whats Relevant Researchers say that consumers make 35 000 decisions a day Thats about 2 000 decisions every hour or one every two seconds Those decisions vary greatly in importance significance and context Many are rote routine low-risk and made based on past experience whether its cold enough outside to wear a hat or whether theres enough time to stop by Starbucks to pick up a coffee on the way to the office Others are made on the basis of the desired outcome the odds of personal downside risk and the friction associated with an alternative course of action For example the fact that 90 people die every day in the US in an auto accident doesnt stop 138 million people from getting into their cars every day and driving to and from work Driving is better than walking or for many even better than an alternative mode of transportation The same holds true each time a person steps on an airplane Planes do crash and when they do it is horrific and many people usually die But most people who fly dont die in crashes and more than 100 000 flights jam-packed with people take off and land safely every day globally In fact researchers say that a person would have to fly once a day for 55 000 years before encountering a fatal act Flying is safer than driving or even probably walking in Manhattan So people continue to drive and step on an airplane since the odds of being personally impacted by an adverse event are quite slim And the benefits of driving and flying far outweigh the alternatives People also keep shopping at merchants that were once hacked Whats Relevant in Retail In December of 2013 Target was breached Hackers got off with some 41 million customer accounts including payment card details That breach cost then- CEO Gregg Steinhafel his job and became the poster child for EMV and the need to lock down payment card security to protect against counterfeit fraud at the physical point of sale Consumers were furious and many vowed never to shop the store again they said Until they did Foot traffic dropped in the months immediately following the breach but analysts couldnt discern how much of that was related to post-holiday shopping fatigue and how much was the result of breach backlash It was reported that some consumers whose cards were compromised said they stopped using them at Target while still shopping there and reverted to cash instead Until that friction got in the way of consumers doing what they really wanted to do shop at Target and check out using their credit and debit cards Which is exactly what they did Consumers who liked shopping at Target and found the experience easy and convenient continued to shop there just like always Just as millions of consumers have kept shopping the many more merchants that have been breached since Consumers analysts say are numb to the breach news brushing it off as yeah whatever and continuing on with their lives So despite the headlines for most consumers its business as usual no big deal and no big change Thats because although merchant breaches may make the news the reality of those breaches doesnt touch the vast majority of consumers Theres no change in behavior is because most consumers havent and wont be impacted and when they are they wont incur enough of a loss to force a change in their shopping behaviors For that merchants can thank the banks and the payment networks Banks have invested billions in systems to detect and prevent fraud using stolen credentials and to secure their networks from the hacks that could expose them They continue to invest further in true AI tech and biometrics to further strengthen digital identity verification and authentication Consumers know that the banks have their backs even in the face of breaches at the places where they routinely shop For proof one need look no further than the Equifax hack when the credentials of most every adult in the US were laid bare and are now available for sale on the Dark Web On the one-year anniversary of that breach it was reported that only 8 percent of consumers took Equifax up on their offer to freeze their credit reports Fewer still cancelled their credit and debit cards Yet 90 percent of consumers have since taken proactive steps to monitor use of their payment credentials by either checking their accounts more regularly setting up usage alerts or changing their PIN numbers in an abundance of precaution More than half of consumers surveyed by Nerd Wallet believe that banks are doing enough to protect their information and keep it out of the reach of hackers It should then come as no surprise that it is the banks and the payments networks including PayPal that consumers trust to deliver innovative and secure payments and commerce experiences according to the latest How We Will Pay study done in collaboration with Visa Merchants with the exception of Amazon whom they also trust fall way down on that list Even more interesting is that in that same study more than three quarters of consumers report that data security and privacy concerns could keep them from taking full advantage of the payments and commerce innovations made possible by the myriad of connected devices that now enable them Yet consumer adoption and use of those innovations continues to grow Just like consumers would probably say they would be less likely to fly following a horrific plane crash yet still do Consumers trust their decisions to use those devices to shop and pay at merchants because banks payment networks and payments services providers continue to invest in the integrity of the payments ecosystem and often insure consumers against loss That keeps the consumers confidence high in using payments products at the physical and now many virtual points of sale now available to them Thats why the compromise of 500 million Marriott customer records second only to the Yahoo breach in terms of size and scale probably wont change the behavior of the vast majority of their customers much as we all might want a just desserts for a system failure that is said to have continued for four years before it was detected It will be the banks and the networks investments and diligence that will keep maintain consumers confidence in using their credentials to book rooms at Marriott properties and everywhere else they want to use them Its their sure thing And therein lies the dilemma facing the payments ecosystem today Absent the Target breach and the decision by payment networks to shift liability to merchants that didnt step up it is unlikely that merchants would have proactively and aggressively made an investment in upgrading their point-of-sale systems to protect their customers from counterfeit card compromise Yet they did and fraud at the point of sale has dropped dramatically some 75 percent over the course of the last three years Now fraudsters undaunted have moved online which is where payments volume is moving too The tactics these cybercrooks use to outsmart merchants and the consumers who shop them have become increasingly sophisticated And unfortunately as the ongoing string of breaches shows us most recently the Marriott breach merchant efforts to shut down fraud continue to lag behind the advances in technology capable of detecting and stopping it For consumers when it comes to shopping and buying online their sure thing is knowing that theyre more than likely to escape harm even if their credentials have been sold to the highest bidder on the Dark Web in an attempt to commit fraud at their expense For merchants thats great news since consumers keep spending even if merchant systems keep getting compromised If past is prologue then perhaps the only other sure thing is the need for the entire payments ecosystem the payments networks payments services providers and banks to keep the pressure on merchants to increase the safeguards on their systems and keep consumer data out of the hands of the bad guys LATEST INSIGHTS Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation thats reshaping the payments and commerce ecosystem Check out the latest PYMNTS report on Mobile Order-Ahead