Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: How Many Loyalty Cards do you Carry? - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
How Many Loyalty Cards do you Carry?

How Many Loyalty Cards do you carry?

“Join our loyalty program and we will give you discounts” is the way most vendors convince you to give away your contact information. Now this grant of information is supposed to be in return for loyalty discounts. What most vendors seem to be doing (assumption here with no hard facts) is raising the base median price of high volume products and then in turn “discount” said item.

This topic, one of frustration, was brought about from a trip to my local supermarket for soap and paying through the self-checkout line. All four automated check out machines were echoing over and over “Have you scanned your club card yet?”

According to my vendor’s loyalty card agreement “<vendor xyz> does not sell, lease or provide personal information (i.e., your name, address, telephone number, and bank and credit card account numbers) to non-related companies or entities.”

Non-Related companies or entities, what does that mean? Depends on your local country law regarding privacy but….

http://www.privacyrights.org/online-information-brokers-list

Looking at that list of Information Brokers leads me to think that non-related could mean? “We don’t partner with them.” Or could mean they don’t share.

In this Facebook world we live in data protection and leakage becomes far more relevant to the individual along with corporate entities. 

PCI Compliance places a standard around protecting credit card data and most countries have relevant privacy laws regarding health care data but what about personal data that is given or granted freely?

https://www.pcisecuritystandards.org/security_standards/documents.php

With regards to personal data, it can no longer be said “It’s not that important” or “there is nothing critical on my computer.” Profile data on you is important. 
 

 

Richard Porter

--- ISC Handler on Duty

Richard

164 Posts
ISC Handler
I carry zero loyalty cards! I have refused from the beginning to participate. You can read more on the topic at http://www.nocards.org/
Anonymous
I dont carry any. I shop at places where you dont need them to get 'discounts'.
One place used to have to shop at, I gave fake info and i could give my phone number to get sale items. my name was nick dibbler...

"Thank You Mr Dibbler"

seriously, they are a hassle to carry but some places accept a pic of the barcode on your smartphone so ill probably start doing that while giving fake data while applying for the card. I ALWAYS give fake data.
TuggDougins

37 Posts
Paying with anything but cash allows the merchant to create pretty much the same profile. If you're routinely using your CC or DC to pay for groceries, you might just as well use the member card, and at least rake in the discounts as a small financial compensation for them knowing how many beers you drink per week.
Daniel

367 Posts
ISC Handler
I had one, and always used my debit card for purchase. So they know I drink too much Red Bull, that's the only things I ever bought there. Since then they gave up on the idea and the cards are no longer needed.
Greg

25 Posts
Unfortunately, I used to use quite a few loyalty cards until I had a chance to get some of the marketing data that is derived from that source (together with a few others). While the data was purely aggregate, it contained income, race, buying habits, location, personality type, future trend analysis. It was frightingly detailed. Not onlly do I know how much people buy of what, but whether you would be moving up in the world, when you might buy your next car, what sort of living conditions you preferred, etc, etc. I pay cash for most stuff now and refuse to provide any more data TO ANYONE than I absolutely have to. Any aggregatiion of personal data is big brother as far as I'm concerned. Oh yeah, I had access to NexusLexus for a time and that's enough to make anyone want to go offgrid.
Greg
1 Posts
I have a couple, but I usually register for the things with a false name and address.

There was a supermarket card that I signed up for once - they had some flunky behind the desk and all I needed to do was give a false name with no address, no phone, and no email.
Eric

43 Posts
I chose a phone number to register with the local supermarket chains. It turned out that someone had already signed up using that number, which is perfect.

These stores don't need your name or phone number; they merely want a unique ID with which to track your purchases. The only way to "beat" that is for enough different people to share the same ID so that it confounds their data mining.

What phone number did I decide to memorize for this purpose? Why, the non-emergency number for the local police.
Eric
2 Posts
I don't really have any loyalty cards, not since the "swap keyring tags" group I used to hang out with moved on. Giving fake information is nice and I hope it stays possible for at least the near future.

I still wonder why people even get them, because if you look at your receipts you generally don't save a whole lot of money. At most, two or three dollars.
No Love.

37 Posts
Loyalty Cards are a privacy tax. You want to retain your privacy, you pay more.
No Love.
3 Posts
Why do people hate loyalty cards so much?

They're a great way for businesses to figure out what their customers really want and help make it easier for you to get what you want.

Even better is that the savings really add up. My grocery store has this deal called "FuelPerks" and not only do I save on groceries, but I end up with a free tank of gas once a month.

A lot of the privacy concerns are overrated. They only ask for info that is available in the phonebook. Your buying data is only given to people who are interested in making your life better by giving you what you want (and you're always free not to buy their products). If you embarrassed by the fact that you go through 20 cases of beer a week, then for that purchase just pay cash and don't use the card.

You have complete control when it comes to these loyalty cards since you're the one not only with the money but also the one who decides when to use (or not use) the card.
No Love.
1 Posts
I've been to at least one grocery store where the cashier would just swipe his or her card if you didn't have one. You still get the discount but the purchase metrics go on the employee's card instead.
Jasey

93 Posts

Sign Up for Free or Log In to start participating in the conversation!