When COVID began and businesses with retail locations were shutting down, more and more Canadians headed online to do their shopping. Now stores are beginning to open back up, and that is good news! But some consumers are sticking to online shopping to minimize their exposure or have decided the conveniences make sense.
But online shopping can have it’s risks …
Every online retailer has varying degrees of security, and with the growth of credit fraud and identity theft, it’s becoming more important than ever to understand how your data is stored and used by these retailers and the risks associated with mismanagement.
In 2019, 19,285 Canadians were victims of fraud and $98 million was lost. While fraud can take place on and offline, following some simple rules can help minimize the chances of it happening online.
Before we dive into the personal information being stored by retailers, it’s important to note that there is another place that many online shoppers store their information, aside from with the actual retailer, and this is in your web browser.
You may have noticed, when filling out forms across different sites, a drop down appears with auto-fill options, including name, addresses, contact info and payment info. This information is not necessarily being stored by the retailer themselves.
Instead, this information is stored on your computer using cookies and accessed by the website when you visit it, or the information is stored within the web browsers files.
To protect data stored in this way, consider the following:
- review and delete cookies regularly, especially if you are on a shared computer
- use the “check out as guest” option whenever possible to minimize the number of cookies created, and in turn the personal data being is stored
- if you do store your data for convenience purposes, opt for the autofill function as it is more secure than cookies
For retailers to store your data, you must sign up for an account. Your information, including account info, payment info, buying patterns and other details, are then maintained in customer files.
In Canada, the storing and usage of personal data with regards to payment information is regulated by the Payment Card Industry Data Security Standard (PCI DSS), which are standards developed by major credit card companies to ensure compliance by retailers accepting card payments. Any failures to comply with these regulations come with heavy fines.
Similar to brick and mortar stores, online retailers are only required to keep customer data until the customer has been authenticated. The problem is, to add convenience to your shopping experience, online retailers often give you the option to store payment information for future purchases. In these situations, the PCI DSS requires retailers to ensure the data is effectively encrypted and guarded. Due to the complexity of this process, it often requires the help of third parties who protect your account information using tokenization – encryption using random characters which is worthless if intercepted.
The information that will be stored includes the customers name, account details, credit card number (properly concealed), and the card’s expiration date. Access to this data is to be restricted and, when no longer required, policies must be in place to properly destroy the data. Online retailers are not allowed to store your CVV or your PIN number.
To better secure your personal information when using online retailers, you will want to consider the following:
- keep track of the data you have shared
- read the retailer’s security policy to find out about data retention and whether they use a third party to protect your information
- think about whether you really need to create an account
- manage the data yourself whenever possible
By taking the time to better understand what data is being stored, how it is managed and how it can be best protected, you decrease the chances of becoming subject to credit card fraud and identity theft.
We hope you have found this information helpful. Data security is crucial as more businesses and consumers purchase online. If you would like to speak with a business advisor about risk management and financial matters please contact us today.
