Fool Me Once… American Consumers Are Slow to Trust but Quicker to Forgive Security Breaches Than Their British Counterparts, Research from PCI Pal Finds

  • 44% of Americans are reportedly victims of security breaches compared to 38% of Brits
  • 26% of Brits won’t spend with brands they don’t trust to handle data compared to just 18% of Americans
  • Retail and travel industries top the least trusted list on both sides of the Atlantic

CHARLOTTE, N.C.--()--Transatlantic businesses face greater short-term pain in the US but less long term retribution in the UK following a security breach, according to new data from payment security business, PCI Pal. The research into consumer trust and spending habits was conducted during the last quarter of 2018 and pointed to some very clear cultural differences between the two countries.

62% of Americans report that they will stop spending with a brand for several months following a hack or breach, versus 44% of Brits. While less prone to react, Brits that do so are likely to hold onto negative perceptions for much longer than American consumers. 41% of British consumers and 21% of Americans reportedly never return to a brand after a hack. A clear warning for any brands that process payments, the research suggested that perception alone is enough to impact revenue and reputation - almost a third (31%) of UK consumers stated that they spend less with brands they perceive to have insecure data practices, compared to just 18% of US survey respondents.

The findings suggest that the cost implication of a security breach remains high in both the US and UK, but brands will have to work longer and harder to mitigate negative perceptions in the UK to recover from the reputational costs of an incident.

“While security breaches are not new, consumers’ attitudes towards them appear to be changing significantly. This seems particularly prominent in the UK which suggests that the focus on GDPR has had a tangible impact on how British consumers view the value of their data, and business’ role in protecting it,” explained James Barham, CEO at PCI Pal.

Furthermore, more than half (56%) of all UK respondents reportedly dislike sharing credit card details verbally over the phone - in contrast just one in four Americans share this concern. Despite the wealth of online security threats, around a third of consumers on both sides of The Atlantic prefer online payment methods - 38% of Americans and 32% of Brits would look for an online alternative rather than share payment details verbally.

With a long history of pride in the vitality of their local economies, it should come as little surprise that more than half (55%) of Brits have more trust in local stores and businesses to handle their data responsibly - 30% rationalize that local businesses care more about their reputation while a quarter (25%) see them as less of a target for would-be hackers. Conversely, American respondents suggested that national businesses would be more committed to security protocols (28%) while a quarter (25%) found comfort in the belief that bigger budgets mean more investment in security practices.

Some similarities transcended cultural differences - the retail and travel industries are seen as potentially insecure on both sides of the pond. 19% of Americans and 40% of Brits see retail as a risky business when it comes to their personal data; 16% of Americans and 35% of Brits see the travel sector as the most insecure. Generally speaking, the UK is leading a growing trend in all-around awareness and concern in the matter of data security - a trend to which Americans are now gradually catching on.

“Awareness of data security is something that is on everyone’s radar, yet our UK and US surveys have highlighted some real differences of opinions and traits, when comparing attitudes on data and payment security between the two countries,” explains James Barham, CEO at PCI Pal.

“UK consumers certainly seem more guarded with providing personal information, such as payment card details, over the phone. Similarly, if a security breach has occurred at an organisation, Brits appear more likely to avoid that organisation in the future, and instead go elsewhere. In my opinion, 2019 is the year that organisations need to take steps to provide far clearer assurances to consumers as to just how their data is being captured, processed and stored.”

A Psychotherapist’s View

With a clinical and consulting practice in New York City, PCI Pal invited psychotherapist Dr. Ellyn Gamberg to review the findings of the survey to compare the behaviors of UK and US consumers and their attitudes to data and payment security.

In summary, Dr. Gamberg identified the following:

  • Both UK and US findings confer that after a security breach consumer spending behaviors are negatively affected (how much they spend, where they spend, and how they spend)
  • Online, phone, and in-store security is of equal concern to all consumers
  • Both UK and US consumers are concerned with how their security is stored in record
  • US consumers are more regretful than those in the UK that they did not do better at vetting companies regarding their security measures
  • UK consumers suppress their negative feelings regarding a breach longer, and take longer (or never return) to brands, compared to US consumers.

Dr. Gamberg: “The research indicates differences in measurable responses between consumers in the UK versus America, such as spending habits, customer and brand loyalty; and concern over providing personal data. However, all these behaviors are results of unconscious and conscious thoughts and feelings and cannot be accurately measured by self-report. The expression and internalization of these responses is highly personal and cultural. As a result, it is critical that this be considered in order to effectively mitigate past damage, and future efforts, to create trust.

“In addition to addressing the technical aspects of security, organizations must address what needs to be done to increase the emotional security of their customers. Ultimately, becoming proactive in setting the stage for more favorable, short-term, and long-term behavioral change will result in more loyal customers, and increased spending.”

For more information regarding PCI Pal, visit www.pcipal.com or call +44 (0) 207 030 3770.

Notes to Editors:

Methodology & Market Research

In the United States, PCI Pal conducted market research through AYTM, surveying 2000 U.S. consumers aged between 18 and 65 years with annual incomes between $25-$500K to uncover customer service preferences and security concerns when sharing personal information online and over the telephone. The survey findings highlighted changing behaviors and considerations for consumers in 2018 around data privacy, brand trust and impact on spending resulting from security breaches.

In the United Kingdom, PCI Pal conducted market research through Atomik Research, surveying 2,002 U.K consumers aged between 18 and 65 years with annual incomes in excess of £20,000 per annum to uncover customer service preferences and security concerns when sharing personal information online and over the telephone. The survey findings highlighted changing behaviours and considerations for consumers in 2018 and into 2019 around data privacy, brand trust and impact on spending resulting from security breaches. Atomik Research is an independent creative market research agency that employs MRS-certified researchers and abides to MRS code.

  • A copy of PCI Pal’s “This is America” ebook, which provides a more detailed review of the findings is available to download here.
  • A copy of PCI Pal’s “This is the UK” ebook, which provides a more detailed review of the findings is available to download here.

About PCI Pal

PCI Pal is a specialist provider of secure payment solutions for contact centres and businesses taking Cardholder Not Present (CNP) payments. PCI Pal’s globally accessible cloud platform empowers organisations to take payments securely without bringing their environments into scope of PCI DSS and other card payment data security rules and regulations.

With the entire product portfolio served from PCI Pal’s cloud environment, integrations with existing telephony, payment, and desktop environments are simple and light-touch, ensuring no degradation of service while achieving security and compliance.

PCI Pal has offices in London, Ipswich (UK) and Charlotte NC (USA). For more information visit www.pcipal.com or follow the team on Twitter: https://twitter.com/PCIPAL

Contacts

Editor’s Contact:
James Kim
SourceCode Communications for PCI Pal
pcipal@sourcecodecomms.com

Release Summary

US/UK consumer comparison release

Contacts

Editor’s Contact:
James Kim
SourceCode Communications for PCI Pal
pcipal@sourcecodecomms.com