18 May 2007

Paper or Plastic?

On Wednesday I received a letter from my bank telling me that VISA had informed them that my debit card had been "compromised," and that I should call to have it canceled and replaced. Since the card was still in my wallet, I wondered how that might have occurred.

Then I remembered the TJX data breach that was reported in January. While I'm not a particularly frequent shopper at TJ Maxx, Marshalls, or any of the company's other chains, I have bought things from them here and there, and odds are I've used my debit card in one of their stores at least once in the past several years. Since the data thefts supposedly went back as far as 2003, that would increase the likelihood that my card data was among the millions that were stolen.

This is actually the third time my personal information has been stolen or otherwise compromised, and considering that, I'm very fortunate that the outcome has not been worse. A bit over a year ago, the Boston Globe's delivery company wrapped some bundles of newspapers in printouts with customer information on them, mine included. Two years ago, I got a phone call from my credit card company because someone was attempting to make a purchase using my credit card in Japan.

Neither the card company nor I ever figured out how the crook had gotten hold of the card number, but it hardly seems to matter. It's probably going to become more prevalent, as thieves continue to try new techniques that are easier and less risky than armed robbery.

My mother refuses to shop online because she's afraid of data theft, but I bet she's used a credit or debit card at Marshalls at least once, so her personal info is therefore just as vulnerable as if she did use her card online, and in the wake of the TJX and Stop & Shop incidents, it's beginning to seem like online stores' data security may be better than that of brick-and-mortar stores.

So what's the answer? Do we return to a cash-only economy? Is that even possible? These days it's kind of difficult to live without a some sort of credit or debit card, but these episodes showed that the infrastructure--banks, credit card companies, and especially retailers--are not doing their part to make our transactions as secure as they can possibly be. To me, this is basic customer service, and should be spelled out right along with a store's return policies. The Web has entities such as VeriSign that assess and certify the security of online stores; perhaps we need something similar for their counterparts in the physical world.

No comments: