Recently, I found a pile of loyalty cards from Staples, Office Depot, Best Buy, Ralphs, Albertson's, Von's, CVS Pharmacy, Rite-Aid, Cost Plus World Market, Van Heusen, and Panera Bakery. I had to ask myself, how often have these allegedly “free” cards provided discounted merchandise or free stuff? Since I have yet to receive a free big-screen TV from BestBuy, I wonder, as an information security professional, why do I continue to accept the idea that I'm getting something for nothing?
When stores or restaurants offer a loyalty card, in exchange, the customer is asked to provide name, telephone number, email address and/or snail mail address, and possibly other defining characteristics or shopping preferences.
Back in 2004, an online survey conducted by Boston University's College of Communications found that adult supermarket shoppers believed that the benefits of using a loyalty card outweighed any infringement on personal privacy. However, there is no doubt that the online privacy issue has evolved tremendously in the last 7 years.
Once a customer accepts the loyalty card and starts swiping it whenever he or she shops, purchases are matched with the individual's confidential information. Under the guise of providing a “customized shopping experience,” stores can provide coupons at check-out for items I previously purchased and/or send me coupons for recommended products. These actions indicate that my purchases are analyzed, my name is accessed, and my email or snail mail address is accessed.
But what happens to my confidential information? As we saw with the Epsilon email security breach earlier this year followed by the countless other breaches, companies don't always safeguard their data – and too often, they don't have security procedures in place.
So here are some recommendations if you have your own pile of loyalty cards:
- Review the cards and see how many stores/restaurants/etc. you visit regularly, there may be cards for places that have gone out of business, and these can be tossed (translation, shredded or destroyed).
- Ask yourself what type of discount or promotion you would consider to be a fair trade for access to your confidential information.
- Ask yourself, if a company that provided you with a loyalty card experienced a security breach, would you need to review your credit reports, change email addresses or phone numbers, etc.? And are you willing to take all these actions?
- Research if your favorite companies offer other incentives, such as, frequent flyer mile programs with airlines or car rental agencies – physical cards may not be necessary.
- See if your paper/plastic loyalty card has gone mobile – there may be more secure ways to be rewarded for your loyalty via your smartphone's mobile apps.
Of course, there is another option. You could always shred the loyalty cards and shop with the anonymous, old-fashioned, green credit card: cash!