Convenience Versus Security (or Maybe I Should Ask My Information Security Team First)

As a result of the theft of credit card, debit card and personal information from Target, my credit card company decided to replace my credit card. I don’t know for sure if they saw fraudulent activity, but I do shop at Target, so I’m glad they went ahead and did this. However, I am not so sure they helped all that much.

I received the new card Thursday, activated it and went online to start updating recurring transactions (magazine subscriptions, online services, etc.). It came as quite a shock to go out to the Netflix site and see that they already had my new credit card number in their system. I wonder how that happened? To find out, I called the credit card company. Here’s where the fun starts…
The credit card company rep checked the account and told me that they had gone ahead and provided the new account number for some of my recurring transactions. What?!! I expressed my concern about the security of this to which the rep responded, “Well, these are your recurring transactions.” I asked how they could be sure even if I did business with the merchant previously. Since credit card data and personal information were stolen, who’s to say an unauthorized person didn’t set up a service with my information but with delivery / access of their own? The credit card company just extended their illegal subscription! The rep clearly didn’t know what to say other than it was “for my convenience.” Wow. Potentially set me up to have my account fraudulently used again. Very convenient. Thanks.
Maybe the scenario I mentioned isn’t that likely. Still, why would a credit card company ever give my account information directly to a merchant. Oh, did I mention that they never told me they were doing this? I only found out when I saw the change at Netflix.
This is a good lesson to individuals and companies about how to deal with data. Never, ever make assumptions about convenience without considering security. A major cause of errors, defects, security issues, quality problems, etc. are done in the name of convenience – for the customer, for the manager, for the developer, for the shareholder – you name it.
There’s a reason why you have an information security team and it’s not just to clean up after the fact. They help you plan, too!
Now, I think I’ll take a break and watch something on Netflix, assuming I still have access…

Leave a Reply

Your email address will not be published.

Post comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.