The unfortunate hack against Arby’s demonstrates a challenge many major retailers choose to face: the stubborn centralization of sensitive customer data that hackers view as a wholesale reward.

Hackers’ business model is wholesale acquisition of data and selling it on the market. Why then do retailers — with the same experience — display such an anemic cyber posture?

We should return the power assert one’s identity and to pay to the hands of the people, as was the case with physical wallets and cash.

Retail leaders should implement biometric authentication as an alternative to the EMV and other bankcards. Identity should be tied to a person — not a card. This is especially true in today’s omnichannel world where an EMV chip won’t protect fraud that occurs outside of a brick-and-mortar establishment.

Image: Bloomberg News
Image: Bloomberg News

Innovations like biometric tokenization deliver military-grade security and a pristine user experience. The rise of mobile commerce and presence of today’s 2 billion biometrically-enabled devices means virtually every Arby’s customer is carrying around a biometric authenticator. Why not have the customer pay for their curly fries using a secure digital wallet?

Before more data breaches occur, household names like Arby’s should follow the lead of their large-enterprise peers in financial services, where leveraging mobile devices has given rise to secure options like “selfie pay” on company apps that consumers love. The experience gets more enjoyable — and more secure — with fingerprint, voice, eye, palm and behavioral biometrics rounding out the options.

A sensible framework retailers like Arby’s and their counterparts could adopt is one that marries biometric verification of one’s identity, say for payment authorization at the point of sale, with a proprietary mobile app that enables a biometric payments experience. The right solution, available now, will ensure that a user’s biometric won’t leave his or her device, safeguarding consumer privacy.

The hard lessons learned at the time of a data breach often are learned only then. If retailers handle less information of the kind hackers want, and keep step with a trend where everything consumers want — wallet, identity, rewards — transitioning to the phone, we’ll see less instances of our retail friends being victimized along with their customers.