What Companies Do With Your Credit Card Information
October 25, 2007
Last March, TJX, which operates more than 2,400 stores under names including TJ Maxx, Marshalls and A.J. Wright, acknowledged that account data for nearly 46 million consumers was stolen.
My wife shopped there once in 2005. Our bank notified me quickly after the story broke and issued us new cards. I was annoyed because that was the third time in roughly as many years that we had to get issued new cards.
The saga of bad data practices, assigning blame and denial just gets worse and worse. For example:
“Despite TJX having reported some 46 million consumers impacted by the massive data breach into its computer systems, new documents indicate that as many as 96 million consumers may have been affected, including about 29 million MasterCard victims and 65 million Visa victims, according to documents filed with the federal court in Boston Oct. 23.”
But the testimony of Visa’s Joseph Majka describes some 96 million impacted account numbers, with fraud occurring in 13 different countries.
Visa alone had calculated fraud losses at between $68 million and $83 million.
I love the convenience of carrying plastic. I use it for virtually every transaction over $10.
Reality is, every time you and I swipe a credit card at the checkout or at the pump, we have no idea where our data is being stored.
The card issuer (i.e. American Express, Visa, MasterCard) is likely to have massive data protection schemes in place. But what about the small retailer? Who has access to that data? What are they doing to protect your information?
Conversely, if you are a business owner/manager, what are you doing to protect your customer’s data? Are you collecting more than you should? How long are you keeping it? Is the data vulnerable to theft?
Take it from my experience. I’ve worked with data collection for major brands and routinely see sloppy behavior that puts personally identifiable information at risk. That behavior comes in all forms from the very top down to the bottom rung of the ladder, mainly due to ignorance. It can be as careless as emailing a spreadsheet with consumer contact info to putting files on a public file transfer Web server that many parties have unrestricted access to. So I tend to be conscientious about the overall issue of data security.
So what can you do about it?
Well, convenience comes with risk and trade offs. Simple decisions might keep you secure a bit longer.
- If the gas station seems seedy, pay with cash.
- Find out if your card company lets you create one-time use virtual card numbers for online purchases. You can limit the maximum amount that can be charged to the virtual number and set an expiration date.
- Teach your spouse, parents and children to use caution as well.
Be smart and stay safe.
-BD
Related Links:
TJX Breach More Than Twice As Bad As Reported
Data breach at TJX affected 94 mln accounts-suit
Who should store data, stores or credit card co’s?
This is pretty scary stuff, Bad Dad! I have some serious thinking to do about how I use the Card. We keep our limit low, despite repeated attempts by the bank to raise it, and one of the reasons is so that some thief can’t put too much on it. (Hey, that’s another good reason for having it maxed out!!)
And I use direct deposit, check or paypal for my clients so I don’t have to store anyone’s credit card details. As you say, it’s just too risky.
Thanks for the heads up!!
Thanks for the great tips, Pete. One more tip about protecting your cards… try to never let it out of your sight. Credit card scammers sometimes enlist gas station attendants and restaurant workers to get your card data. They’ll carry a hand held “skimmer” and swipe your card on this mobile recording device. After they’ve done this scores of times, they give the skimmer back to the scam artist in exchange for a few bucks. In turn, that scammer sells that data online for more money. It’s maddening.