Thanksgiving bargains are over. Now we have new deals for the eager Christmas and New Year shoppers. I wanted to buy a laptop but gave Black Friday a miss (no way was I going to line up for over a day). I turned up at the Fry’s store on Saturday morning about 90 minutes before store opening hours. I really should have known better. There was already a long queue. I returned home and bought it online.
And then an interesting article popped up on my screen: tips to avoid ruining your Thanksgiving and Holiday season through identity theft. The mantra: don’t fall prey to shoulder-surfing or to phishing. Just adopt best security practices when shopping.
Actually, it’s no longer petty thefts. Over the years it has become an organized crime, so much so that “according to prosecutors, tens of millions of credit and debit card numbers were stolen by the ring, at a combined cost to (retail) companies, banks and insurers of almost US$200m”.
Best security practices also need to be adopted by the corporate sector where the problem of data theft has been going on for years. Earlier this month in a court ruling, TD Ameritrade was asked to make a settlement to its customers who lost their PII data in a data theft case three years ago.
I have written in these columns and elsewhere about this. Data theft is big business. The irony is that data security technologies are fairly well proven. It’s not because the hackers are outsmarting technology; it’s because most companies in industries like retail and personal banking, which are vulnerable to attacks for PII data, have not instituted sufficient measures in place to prevent such attacks. Proof of that: an auto-generated acknowledgement email confirming the purchase once came with the full 16-digit credit card number (and the CVV) intact in their raw form!
Of course, we as a retail customer – whether on-line or from a brick-and-mortar shop – need to adopt standard operating shopping procedures when using the credit card or supplying PII data. Equally, all retail and financial companies also need to implement a comprehensive data security policy. Some have; it’s the “rest of world” business outfits that scare me. Here’s a simple suggestion: start with Data Masking and protect your customers’ PII data. Test environments are a big source of data thefts.