‘E’ Stands for Exposure

Undaunted by consistent reports of hackers, consumer data being compromised online, and technological loopholes, my credit-card numbers are all over the Internet.

I shop regularly at the Web sites of a number of small merchants, as well as those of mega-stores. Clothes, books, luxury gifts — I’ve bought them all, and with various credit cards.

I even bought a new car on the Internet.

But the more I shop on the Internet, the greater my chances are of having my consumer data exposed. Exposure is the word e-tailers and online shoppers fear the most.

This week, it was revealed that dozens of small e-merchants who use a shopping cart program called DCShop inadvertently revealed private individual consumer data, including names, credit card numbers, e-mail addresses and home addresses.

It happened simply because the shopping cart software was improperly installed.And then, of course, it made headlines.

Open Season

In our culture, we still hold what little privacy we have left in high regard. Privacy has value to us. So when our privacy is compromised, it should make headlines.

Unfortunately, stories like the DCShop scenario feed into our collective paranoia about the still-new medium that promises to electronically transform the consumer experience.

If such consumer data exposure happened once, twice, even three times during the development of electronic commerce, we might chalk it up to growing pains. But this year, “E” has stood for exposure way too often.

For an industry that begs us to trust it, use it and freely share our most personal data, electronic commerce has distance to travel.

Nowhere To Hide

Is it just me or does anyone else remember when e1040.com “accidentally” turned off its security software one night and left consumer data ripe for the hacking?

What about the time a security glitch enabled AT&T small-business customers to readily view other customers’ personal data? Columbia House, the well-known music company, had similar problems on its own Web site this year.

And then, of course, there was the Travelocity debacle, when names and e-mail addresses of more than 40,000 people who had entered a contest were somehow posted on the site.

I equate these experiences with being in a big department store as my name and credit card number are announced over a loudspeaker throughout the store.

Say Whoa

Each time one of these travesties of compromised privacy occurs, the offending company goes instantly into its damage control mode. First comes a less-than-heartfelt version of an apology prominently displayed on the Web site. Consider DCShops’ techno-version of an apology:

“On properly configured servers, one can only execute scripts within cgi-bin directory thereby not allowing viewing of text files. However, on some servers, viewing of text files is allowed.”

I don’t know about you, but I’m all choked up.

E-tailers’ sites usually couch their apology in more touchy-feely language, assuring us that all necessary precautions are being taken to ensure our security and that shopping on WhateverStore.com is safe and wonderful. It’s time for e-tailers to put their efforts where their rhetoric is.

Turning the Tables

I believe it’s time for retailers who expose customer data to take the necessary steps to truly protect their customers.

I propose that if an e-tailer exposes individual credit-card numbers, that e-tailer should be required to contact every single credit card company of each customer and take responsibility for any charges made to the customer’s card that are not authorized by its owner. I do not believe consumers should be required to use their own valuable time to correct a blunder made by an online merchant.

Further, it does not seem reasonable that the credit-card companies should have to absorb charges that were made illegally by hackers or anyone who gained access to credit card numbers due to a Web site’s inefficiency.

It’s a Lock

If online merchants want consumers to trust the workings of e-commerce, that’s the way to make it happen. Something tells me if e-tailers know they will be held accountable for erroneous charges due to their own foul-ups, suddenly there will be a new sense of urgency about ensuring Web site security.

Offending merchants who believe these suggestions are too extreme should simply ask former customers whose data was exposed whether they will continue to do business at the site.

My guess is most of them are long gone, many of them back to the perceived sweet security of brick-and-mortar.

What do you think? Let’s talk about it.