Target. Home Depot. TJ Maxx. Marshalls. What do these businesses all have in common? They were all breached. Like really, really badly breached. Millions upon millions of credit card numbers stolen, countless headlines and bad press. These stores have been put through the ringer, and rightly so. Customer personal information is a treasured commodity nowadays, both for the stores that process the data and the hackers trying to get their hands on it.
What happens when we hear about one of these breaches in the press? A natural reaction, and one that I have personally shared, is to place the store on your “bad” list. You vow never to shop there again, close your rewards account and tell all of your friends. They simply cannot be trusted with your credit card number or personal information.
While this is certainly a valid reaction, consider responding a bit differently the next time a breach occurs. Wait a couple of months for them to get their act together, and then shop. Shop a lot. Swipe your card with gusto and confidence.
Why? Because there has never been a time that they have been more focused on protecting your information. They have likely just spent millions on securing their network. They have added staff and security consultants to review and respond to network security events. Their reaction time for potential breaches has never been better, and I would stand to guess that they are close to attaining a security-ninja-like status now that they are losing money by the bucket-load. Target’s profits dropped 46% after their breach and they spent upwards of $100 million on upgrading their security.
All of these changes occur the moment a breach is made public. Bad press has a magical way of freeing up the much-needed cash to invest in data security and the staff to manage it. This immediately becomes the top priority in the organization.
Now don’t get me wrong, bad press and lots of money will not fix stupid. Careless security policies don’t fix themselves automatically either. Did the store screw up? Yes. Absolutely. Did they take the necessary steps needed to protect your personal information in the first place? No, they did not. Share your disappointment with them and ask what they are doing to fix the problem. They need to hear from you.
After you are done venting and they have fixed things, consider swiping that card again. In addition – if you’re like me – you’ll find yourself wondering more about the stores that have never been breached than the ones that have. Do they really have good security, or is it just a matter of time before they make headlines as well?
There are only two types of companies: those that have been hacked, and those that will be – Robert Mueller, FBI Director
5 practical ways to keep your information safe
- Insist on paying with an EMV chip. EMV chip-enabled cards are changing the landscape of point-of-sale attacks at stores. If your retailer doesn’t accept EMV yet, ask them why. If they don’t seem to have interest in EMV, consider shopping someplace that does.
- Use Apple Pay, Google Wallet or Samsung Pay. These services hide your credit card number from the merchant, adding an additional layer of security for your personal information.
- Use virtual credit cards for online purchases. A number of credit unions and banks are starting to offer virtual credit cards that can be activated and used for online purchases. These card numbers are temporary and can be deleted immediately after use.
- Use prepaid cards. Prepaid cards generally have fees associated with them, but if you are serious about security they are hard to beat.
- Use cash. As convenient as credit and debit cards have become nowadays, nothing beats the security of using cold hard cash.