Reprint: R0709A
Flayton Electronics is showing up as a common point of purchase for a large number of fraudulent credit card transactions. It’s not clear how responsible the company and its less than airtight systems are for the apparent data breach. Law enforcement wants Flayton’s to stay mute for now, but customers have come to respect this firm for its straight talk and square deals. A hard-earned reputation is at stake, and the path to preserving it is difficult to see. Four experts comment on this fictional case study.
James E. Lee, of ChoicePoint, offers lessons from his firm’s experience with a large-scale fraud scheme. He advises early and frank external and internal communications, elimination of security weaknesses, and development of a brand-restoration strategy.
Bill Boni, of Motorola, stresses prevention: comprehensive risk management for data, full compliance with payment card industry standards, and putting digital experts on staff. For the inadequately prepared Flayton’s, he suggests consulting an established model response plan and making preservation of the firm’s reputation its top priority.
John Philip Coghlan, formerly of Visa USA, discusses the often-divergent positions of data-breach stakeholders and puts customers’ interests first. Swift disclosure by Flayton’s, he argues, would empower consumers to protect themselves against further fraud and might even enhance the company’s reputation for honesty.
Jay Foley, of the Identity Theft Resource Center, recommends that Flayton’s emphasize quality of communication over speed of delivery. More broadly, he advocates cautious management to prevent data thefts, which are proliferating and could have long-term consequences.
Brett Flayton, CEO of Flayton Electronics, stared intently at a troubling memo on his desk from the firm’s head of security. Running his hands through his full head of barely graying hair, he looked not unlike his father did when he established the first Flayton Cameras and Stereos 25 years ago.
HBR Learning
