BankThink

Retailers’ breach response isn’t ready for the holiday rush

The holiday season and shopping sprees that come with it don’t always bring tidings of comfort and joy to the payments industry. In this digital era, data breaches and crises can emerge quickly, are often driven or escalated by social media, and develop at a frighteningly fast pace.

This year, the National Retail Federation predicts holiday spending will reach between $727.9 billion and $730.7 billion. With data breaches on the rise the challenges are clear, whether consumers are using credit & debit cards for their in-store purchases or using digital payment methods and mobile wallets like Apple Pay.

Since January 2017, at least 16 retailers were hacked and likely had information stolen from them with many breaches caused by flaws in payment systems. Cybersecurity firm Shape Security reveals further sobering news - that almost 90% of the login attempts made on online retailers' websites were hackers using stolen data.

PSO11217breach

When a crisis does strike, all too often organizations struggle to coordinate ongoing, speedy and effective responses – even when they have valid and compelling things to say. A McKinsey survey shows that 66% of corporations say their communications crisis plan is likely out-of-date and inaccessible to those who need it.

Here’s what to keep in mind for your crisis management program:

Start with the question, “Are we actually in crisis?” Know the difference between an issue and a crisis and make sure your plan differentiates the two. Treating every issue like a crisis leads to an over-reaction that may draw more attention and adversity to your organization.

Ensure you’ve got an easy-to-implement escalation protocol. No matter how well you handle an issue, a threat can grow in visibility and risk. Establish a clear process to quickly evaluate the situation and alert more senior resources in your organization when needed. How to make that evaluation and who to contact (and with what information) is the cornerstone of a crisis communications plan.

Plan for how a crisis plays out in digital and social media. Organizations often don’t react quickly enough, letting news coverage and commentary on social media set their narrative. Have a team in place with the expertise and tools to track and analyze what is being reported and instantly correct misinformation.

Prepare your team. Designate a clear role for team members and identify alternates for the most crucial roles. Pinpoint how the team will gather to plan a response and include checklists and decision-making guidelines. In the global age, a conference call will likely kick-off virtual war room activities instigated by the crisis leader. Be sure to tackle a simulated crisis annually and keep a list of crisis team members updated quarterly.

Plan for the most damaging scenarios. In that moment when the worst has happened and you search in the plan for how to respond in those first few crucial hours, you want the information to be as specific as possible. What you need in those first intense moments are details, prompts, information and resources for the scenario you are facing. Scenario planning offers a higher level of preparedness.

Invest in a mobile app-based technology to support your crisis preparedness and response efforts. This allows you to align your planning, training and protocols with your distributed mobile workforce so you can quickly activate, collaborate and respond to an emerging threat.

You may not know when the next cyber-attack will occur but having a well thought out program will improve your chances to respond effectively and recover quickly.

For reprint and licensing requests for this article, click here.
Data breaches Payment fraud Retailers Risk ISO and agent
MORE FROM AMERICAN BANKER