While doing some recent spring cleaning, I found a pile of loyalty cards (mine as well as those belonging to my wife).
I found cards from Staples, Office Depot, Best Buy, Ralphs, Albertson’s, Von’s, CVS Pharmacy, Rite-Aid, Cost Plus World Market, Hallmark, Van Heusen, Naturalizer, DSW, Borders, and Panera Bakery.
I had to ask myself, how often have these allegedly “free” cards provided discounted merchandise or free stuff?
Since I have yet to receive a free big-screen TV from Best Buy or a free e-reader from Borders, I wonder, as an infosec pro, why do I continue to accept the idea that I’m getting something for nothing?
When stores or restaurants offer a loyalty card, in exchange, the customer is asked to provide name, telephone number, email address, snail mail address, and possibly other defining characteristics or shopping preferences.
Back in 2004, an online survey conducted by Boston University’s College of Communication found that adult supermarket shoppers believed that the benefits of using a loyalty card outweighed any infringement on personal privacy.
However, there is no doubt that the online privacy issue has evolved tremendously in the last 7 years.
Once a customer accepts the loyalty card and starts swiping it whenever he or she shops, purchases are matched with the individual’s confidential information.
Under the guise of providing a “customized shopping experience,” stores can provide coupons at check-out for items I previously purchased and/or send me coupons for recommended products.
These actions indicate that my purchases are analyzed, my name is accessed, and my email or snail mail address is accessed.
But what happens to my confidential information?
As we saw with the recent Epsilon email security breach, companies may not always safeguard their data – and in addition, they may not have data security protocols in place.
Here are some recommendations if you have your own pile of loyalty cards:
- Review the cards and see how many stores/restaurants/etc. you visit regularly – there may be cards for places that have gone out of business, and these can be tossed (translation, shredded/destroyed).
- Ask yourself what type of discount or promotion you would consider to be a fair trade for access to your confidential information.
- Ask yourself, if a company that provided you with a loyalty card experienced a security breach, would you need to review your credit reports, change email addresses or phone numbers, etc.? And, are you willing to take all these actions?
- Research if your favorite companies offer other incentives, such as, frequent flyer mile programs with airlines or car rental agencies – cards may not be necessary.
- See if your paper/plastic loyalty card has gone mobile – there may be more secure ways to be rewarded for your loyalty via your smartphone’s mobile apps.