Protecting Your Privacy While Holiday Shopping

With the holiday shopping season upon us, stores and malls will probably be busier. Shoppers may need to deal with frantic conditions and are more likely to let their guard down than during other times of the year.  Scam artists and fraudsters know this, so they will be out waiting for you to be forgetful or make a mistake.  Privacy Rights Clearinghouse wants you to know how you can help protect your privacy while shopping.

The way you use your credit card in retail stores may be changing this holiday season.  Many stores are rolling out new chip-enabled point-of-sale terminals.  If your credit card has a chip (a small, metallic square you'll see on the front of the card), you may not be able to “swipe” your card as you normally do. You may need to insert or "dip" the card into a slot in a store’s payment terminal. The chip card must remain in the terminal while the transaction is processed.  Approval of the transaction will take a bit longer than with older cards.  It’s very important to remember to remove your card from the slot when the transaction is completed.  Otherwise, the next person to checkout could use your card.

You generally don’t have to show an I.D. with your credit card purchase.  You’ve likely encountered this situation many times.  You are in a store paying for your purchase with your credit card.  The cashier asks to see your driver’s license.  Do you have to show it?  Probably not, if it’s a Visa or MasterCard.   While merchants may ask a customer for identification, in most situations, they may not require you to present an I.D.   Merchants often ignore this rule.  Many consumers want to protect their privacy and personal security by not revealing their address, birth date, and other information to a stranger.  Of course, identification may be required in certain circumstances, for example, when purchasing alcohol, tobacco products, or certain drugs.  Identification may also be required for unusual transactions flagged during the credit card authorization process. 

Understand the risks of mobile payments made with your smartphone.  Make sure that your phone is password protected to help avoid fraudulent use of your payment app if your phone is lost or stolen.  Mobile payments that use tokenization are generally more secure than those that don’t.  Tokenization uses a unique code or token to identify your payment information.  Currently, both Apple Pay and Android Pay use tokenization.  Remember that your “rights” as a consumer depend upon the underlying payment mechanism (credit card, debit card, prepaid card, or mobile wallet).  Be sure to read the app’s Privacy Policy to understand how your purchase data is used and shared.  Understand that the company behind that app will have access to the what, where, and when of all your purchases.

Be aware that stores can track your movement through your smartphone.  Most mobile devices (including smartphones and many wearable devices) emit a Wi-Fi MAC Address and a Bluetooth address.  Your MAC address is a unique 12-digit string of letters and numbers assigned to your device. Retailers can use either their existing Wi-Fi or sensors placed throughout the store to detect your device's MAC address.  This practice is known as mobile location analytics technology.   These retail analytics are rapidly changing traditional shops into "smart stores" that can digitally observe your shopping habits.  To stop your MAC addresses from transmitting, you must either turn your device off or turn off both Wi-Fi and Bluetooth. Be sure to do so before you get close to the store, because the range of the retailer's sensors may extend beyond the store’s physical boundaries.

Don’t use a debit or check card to pay for your purchases.   Debit cards typically put consumers at much greater risk than credit cards because they offer fewer consumer protections in the event of a loss. Because these cards access funds directly from your bank account, your money may remain missing while you and your bank sort out any theft, which could mean bounced checks, late fees, and numerous other problems. Your checking account (and related savings accounts) could be wiped out in minutes.  Some crooks use “skimming” devices to steal your card information from stores.  Others may hack into a retailer’s card processing system. 

Learn about each store’s return policy.  Some retailers require a state-issued ID or license when you return or exchange merchandise.  Typically, stores swipe the shopper's driver's license when a return is being made, and if the store's return limit is exceeded, the return is denied. Retailers do this to keep better track of possible return fraud.  Some retailers maintain their own database while others use a third-party service.  A number of national merchants outsource the collection of return and exchange data to a company called The Retail Equation. If you make repeated returns or exchanges to a participating merchant, subsequent returns to that merchant’s stores may be refused. 

Understand how retailers’ loyalty programs work.  Many stores use customer loyalty cards, which may also be called rewards cards, discount cards, or membership cards. Typically, shoppers fill out an application to get the card, giving their name, address, e-mail address and sometimes other demographic information such as gender, phone number, or birthday.  When customers show their card at checkout, they may be given a discount or accrue points that can be redeemed for rewards. These programs allow the store to keep tabs on what customers buy and how often they shop.  A new loyalty program called Plenti isn't tied to a single retailer.  It's being billed as the first multi-industry reward program. Initial participating retailers include Macys, RiteAid, Exxon-Mobil, AT&T and other retailers.  As the number of retailers and other businesses participating in the Plenti program grows, the potential privacy issues are likely to increase.

Shopping Online?  When shopping online, make sure that the website uses encryption technology before you provide your personal information.  If you look at the top of your screen in the address bar, you should see https://. The "s" that is displayed after "http" indicates that website is secure.  You may not see the "s" until you are actually on the order page on the website.  The safest way to shop on the Internet is with a credit card. Be sure to check out a website’s privacy policy before providing any personal information online.  You can also learn what type of information is gathered by the website, and how it is-- or is not--shared with others by reading its privacy policy. A link to the privacy policy should be found at the bottom of the site’s home page.

Want to learn more?  We have much more information available.  Read our extensive guides to Privacy When Shopping and Best Ways to Pay.