Here’s a scenario you may be familiar with:
I’m in a hurry and I just entered a retail store I’ve never been in before. Instead of taking my usual approach of observing the environment, hoping to save time, I rush to find an employee who can help me find a specific item. I find a woman nearby who directs me to the item; I say thank you and head to the register.
A gentleman is standing at the register, but the woman who helped me waves him off and continues our conversation. She tries to upsell me a couple items and I politely decline.
She tries one more item and I finally say, “No, thank you. Just this,” while handing her my credit card.
“Have you shopped here before?” she asks. I say, “No.”
She then quickly follows up with, “What’s your phone number?”
That’s an odd question. Is this a pick-up line? I pause and say, “If I said I had shopped here before, what would your next question have been?”
She looks at me kindly, naively and says, “What’s your phone number?”
Regardless of your shopping history or interest in other products, retail stores want your personal information so they can offer promotions, rewards, and coupons.
The risk of voluntarily giving your PII at checkout, adds your PII to one more database, which can potentially be breached. Think carefully about what stores are offering and consider only joining loyalty programs that provide a clearly stated benefit that YOU desire. If you’re caught off guard by a request for your personally identifiable information (PII), don’t hesitate to decline.
I’ve heard some people reply, “I’m sure the hackers already have my information anyway,” or “I don’t have anything a hacker wants, so what does it matter?” It matters because part of practicing good security habits is making yourself as small a target as possible. The “why does it matter” approach to security is like unhinging the front door to your house–the behavior creates risk.
Are you willing to give away your credit card information, phone number and address for 5% off purchases? What about for 20% or 50%?
Which consumer reward program or coupon is worth your PII? Are retailers asking for too much information? What is the most ridiculous request you’ve experienced?
Learn more about what companies are required to do to protect your information under PCI DSS regulations.