Consumers in Australia are being warned about the risks of signing up to multiple loyalty programs with retailers in the lead up to the busy Christmas shopping period.
Data expert Emy Car, who runs data management company EC Integrators, says millions of Australians sign themselves up to loyalty and rewards programs, without realising the huge risk that is involved.
“There’s an old saying, there is no reward without risk, and in terms of consumer rewards programs, that is right on the money,” said Mrs Carr.
“Consumers should think twice before they join a rewards program because they are giving away vital personal information which places their personal security and identity at risk.”
Millions are expected to join customer loyalty programs in the lead up to Christmas as retailers make the most of the busy shopping period to access customer information.
“Customers will be asked to provide personally identifiable data that can be easily hacked,” Mrs Carr said.
“By handing over such personal information, you’re basically trusting that they’ll have the right security on your data.
“But many aren’t masking it properly, so your information is very easily compromised.”
Research shows four out of five shoppers tend to buy more from businesses where they hold a loyalty card while 55% of shoppers will choose the business with a loyalty card, when deciding between two retailers.
“When you sign up to a loyalty program it records your age, gender, address and household size,” Ms Carr explained.
“The business is then able to track your buying habits, look at what you buy, when you buy it, how much you spend each shop and how you pay.”
Ms Carr said the risks associated with giving your personal data to loyalty programs include:
- If there’s a security breach you’ll never know about it: There is currently no requirement for businesses to inform their customers of personal information security breaches.
- You don’t need to give consent for your personal information to be shared. Businesses are allowed to give sensitive customer information to third parties without consent under the Privacy Act 1988 – providing the reasons they are disclosing it is “directly related” to how they collected the information in the first place.
- Your identity is more easily stolen: Online scams abuse well-known companies offering prizes for people who complete a survey and provide their personal information. They are made to look legitimate, however are well disguised phishing programs, aiding identity theft. Identity theft costs Australia $1.6 billion annually and is growing.
- Your data is always available. If you leave a reward program, organisations must remove your name and address from your profile, but they can keep non-identifying features, like your age, gender, postcode and information collected on your shopping habits.
Grocery giant Woolworths was at the centre of a rewards program hacking crisis when numerous customer accounts were accessed and reward points stolen in 2015. The retailer also had to cancel over $1 million in gift vouchers after thousands of customers had their personal information exposed following another data leak.
“You hope retailers have the appropriate systems in place to ensure it is not hacked and that the information is not provided to other organisations or on-sold somewhere else – but it happens,” Mrs Carr said.
“A lot of the times this data is kept offshore as well, so you don’t know what is happening to that data when it is sent out offshore.”
“A rogue employee can take it and sell it, which has happened already in some instances.
“I mean if you look at the governance on the data at the moment, organisations in Australia haven’t really done enough focus on that at all.
“It is the customer that will suffer.”
EC Integrators is a leading information management consultancy with specialised expertise in Data Governance, Enterprise Data Management, Data Virtualisation and Business Intelligence. For more information relating to managing data in business visit www.ecintegrators.com.au