The small- to medium-sized business owners I talk with are often surprised to learn that ControlScan hears from everyday consumers on a regular basis. The questions we are asked share a common theme: I’m worried that this business is not properly securing my personal information.
Here is just a small sample of the consumer-generated questions we’ve recently received by email:
- When making a reservation at a hotel—for whom I have purchased an Amazon voucher for the room—I was asked to provide by email in a Word document full details of my credit card including the security number. I am happy to provide these details, however I consider email to be unsecure…
- I order food from a Chinese restaurant and they are also storing personal credit card info on all the receipts (numbers, cvv code, area code, expiration date and address). I have many receipts and I have asked them to stop storing this info on their computers and they always just ask for the last four digits of my CC# because they already have it stored on their computers. Aren’t there fines and requirements against this? How do I report this?
- I recently used my mom's credit card to pay for a car repair (she gave me permission). I told the car repair shop that I was using my mom's credit card (completely different last name, etc.) and they took the card info easy breezy for a $2400 purchase without asking to speak with her at all. Is that PCI compliant? Because I thought it was very odd they were able to accept the card without talking with her.
- Do I have to supply copies of my credit card front and back and a copy of my driver’s license to a hotel on a credit card authorization form if I am paying for a room?
Research studies conducted over the past year show that both consumer sentiment and behavior are being shaped by the ongoing deluge of well-publicized breaches. In January 2014, when Americans were recovering from the holidays and the Target and Neiman Marcus breaches, 60% of respondents to a Harris Poll survey said they felt the businesses themselves were to blame for what happened. In addition, 28% had stopped shopping at the breached retailers and “up to 40%” had increased their overall usage of cash in making purchases.
A few months (and more publicized breaches) later, TSYS conducted its 2014 Consumer Awareness Data Security Study. Of that study’s respondents, 83% were aware of recent breach incidents and 64% held the breached businesses responsible. In addition, 52% of respondents said they’re concerned about their data being stolen in the future and 37% said the breaches have caused them to change the way they shop.
The bottom line is that security is good for business and it is achievable! For some inspiration, read my previous post, “Data Security: Should we all just throw in the towel?” (I’ll tell you before you click over that the answer to that question is an emphatic “no.”)
Interested in learning more about unified security + compliance? Click here to request information or give us a call at 800-825-3301, ext. 2. We are happy to help.