Back to Top

Lack of Data Quality for Point-of-Sale Can Lead to Unintended Privacy Breach

Post Image: 
Blog Title

 

We all shop for goods and professional services at local supermarkets, restaurants, doctor's offices, etc. Recently, new Point-of-Sale vendors (companies that provide hardware and services for retailers to process credit/debit card purchases), allow customers the option to provide their email address in order to have the retail purchase receipt sent to them digitally rather than (or in addition to) a paper copy. If you've ever eaten out for instance at a restaurant that uses Square, a point of sale service (Squareup.com) you'll be offered this feature. Recently, I noticed that after purchasing something with my credit card and then requesting a digital copy via email (I provided my email address willingly), I not only received the receipt from that visit, but additionally I received a receipt automatically from Square after purchasing items with the same credit card (no email address provided this time) purchased at other retailers.

Now, most people likely consider this incredibly helpful, or annoying, but let's look at it from a different perspective, using the data quality lens. This business process can lead to an inadvertent disclosure of one or more of my purchases to an unintended party. How might this happen? How does data quality play a role in this?

Scenario 1: Tommy & Person A

Well let's say that Tommy's information originally (as of July 1st) is as shown below, and Tommy purchases a pizza at a restaurant and provides his email address as tom@gmail.com in order to receive the digital receipt. Using the Conformed Dimensions of Data Quality, we could say that Square has Tommy's correct information. Then as of August 1st, Tommy decided to change his email address to tom@yahoo.com (and forgot to notify Square.com that he no longer uses tom@gmail.com. Then shortly afterwards, someone else, named person A, has signed up for that email address (given it's generic nature as simply "tom" @gmail.com it isn't impossible). Yes, you guessed it, now every time Tom purchases something at a vendor that uses Square, that new person A gets Tom's receipts without his permission, or has access control (for this transaction at least) to Tom's private data. Maybe Tom doesn't care about a pizza shop, but how about a visit to a fertility clinic, bail bondsman, porn website...etc.

Tommy's Information as of July 1st, 2017

  • Credit Card Information: 4444-4444-4444-4444
  • Email Address: tom@gmail.com

Tommy's Information as of August 1st, 2017

  • Credit Card Information: 5555-5555-5555-5555
  • Email Address: tom@yahoo.com
Receipt Example

Scenario 1: Person A's Information as of August 2nd, 2017

  • Credit Card Information: 9999-9999-9999-9999
  • Email Address: dan@gmail.com

Scenario 2: Jane's Information as of August 2nd, 2017

  • Credit Card Information: 4444-4444-4444-4444
  • Email Address: jane@gmail.com
  URL for the hyperlink on "Learn more" of the receipt is: https://squareup.com/help/us/en/article/5212

Scenario 2: Tommy & Person B

Now, let's assume another scenario where Tommy's credit card has been replaced by the credit card carrier and reassigned to another person (somewhat unlikely but possible). Squareup.com doesn't know about this change, and according to their records Tommy's credit card number is 4444-4444-4444-4444 so when  the new owner of this credit card, Jane, purchases some items at Victoria's Secret, and Tom receives her receipt at tom@gmail.com (which his wife also reads periodically), there is an explanation required about why Tom apparently is purchasing women's undergarments (which his wife hasn't received).

Data quality can be important in many relationships, not just customer relationships as we've seen in the last scenario. Here's a word of advice, be careful when you provide your information and ask questions about how it will be used. When you receive information you didn't expect, ask how it was obtained, and whether the convenience is worth it.

I hope that this example of Currency and Accessibility (Underlying Concept of "Access Control") has been helpful. One recommendation is to use completely unique customer identifiers when communicating with your customers, not keys reused from other forms of identification, such as email address or credit card as seen in this example. Often we discuss unwanted duplication, which comes from the lack of using truly unique identifiers for customers. We'll discuss this next time when we discuss, Integrity.

Post Script: If you have additional information (e.g. the criteria Credit Card issuers use when reusing credit card numbers) that would enable me to clarify how likely these scenarios are I'd appreciate your input. Email me directly at dan[at]DQMatters.com.