‘E’ Stands for Exposure

Undaunted by consistent reports of hackers, consumer data being compromised online, and technological loopholes, my credit-card numbers are all over the Internet.

I shop regularly at the Web sites of a number of small merchants, as well as those of mega-stores. Clothes, books, luxury gifts — I’ve bought them all, and with various credit cards.

I even bought a new car on the Internet.

But the more I shop on the Internet, the greater my chances are of having my consumer data exposed. Exposure is the word e-tailers and online shoppers fear the most.

This week, it was revealed that dozens of small e-merchants who use a shopping cart program called DCShop inadvertently revealed private individual consumer data, including names, credit card numbers, e-mail addresses and home addresses.

It happened simply because the shopping cart software was improperly installed.And then, of course, it made headlines.

Open Season

In our culture, we still hold what little privacy we have left in high regard. Privacy has value to us. So when our privacy is compromised, it should make headlines.

Unfortunately, stories like the DCShop scenario feed into our collective paranoia about the still-new medium that promises to electronically transform the consumer experience.

If such consumer data exposure happened once, twice, even three times during the development of electronic commerce, we might chalk it up to growing pains. But this year, “E” has stood for exposure way too often.

For an industry that begs us to trust it, use it and freely share our most personal data, electronic commerce has distance to travel.

Nowhere To Hide

Is it just me or does anyone else remember when “accidentally” turned off its security software one night and left consumer data ripe for the hacking?

What about the time a security glitch enabled AT&T small-business customers to readily view other customers’ personal data? Columbia House, the well-known music company, had similar problems on its own Web site this year.

And then, of course, there was the Travelocity debacle, when names and e-mail addresses of more than 40,000 people who had entered a contest were somehow posted on the site.

I equate these experiences with being in a big department store as my name and credit card number are announced over a loudspeaker throughout the store.

Say Whoa

Each time one of these travesties of compromised privacy occurs, the offending company goes instantly into its damage control mode. First comes a less-than-heartfelt version of an apology prominently displayed on the Web site. Consider DCShops’ techno-version of an apology:

“On properly configured servers, one can only execute scripts within cgi-bin directory thereby not allowing viewing of text files. However, on some servers, viewing of text files is allowed.”

I don’t know about you, but I’m all choked up.

E-tailers’ sites usually couch their apology in more touchy-feely language, assuring us that all necessary precautions are being taken to ensure our security and that shopping on is safe and wonderful. It’s time for e-tailers to put their efforts where their rhetoric is.

Turning the Tables

I believe it’s time for retailers who expose customer data to take the necessary steps to truly protect their customers.

I propose that if an e-tailer exposes individual credit-card numbers, that e-tailer should be required to contact every single credit card company of each customer and take responsibility for any charges made to the customer’s card that are not authorized by its owner. I do not believe consumers should be required to use their own valuable time to correct a blunder made by an online merchant.

Further, it does not seem reasonable that the credit-card companies should have to absorb charges that were made illegally by hackers or anyone who gained access to credit card numbers due to a Web site’s inefficiency.

It’s a Lock

If online merchants want consumers to trust the workings of e-commerce, that’s the way to make it happen. Something tells me if e-tailers know they will be held accountable for erroneous charges due to their own foul-ups, suddenly there will be a new sense of urgency about ensuring Web site security.

Offending merchants who believe these suggestions are too extreme should simply ask former customers whose data was exposed whether they will continue to do business at the site.

My guess is most of them are long gone, many of them back to the perceived sweet security of brick-and-mortar.

What do you think? Let’s talk about it.

Note: The opinions expressed by our columnists are their own and do not necessarily reflect the views of the E-Commerce Times or its management.


  • Is it not true that Visa now has a “no-fault” clause to the consumer who is inadvertently or accidentally charged something to their credit card, especially if the credit card holder didn’t actually make that online purchase their card was charged for??

  • Absolutely, I agree. Of special note would be the last sentence “perceived security of Brick and Mortar.” That’s all there is to it, a perception.

    When you charge something at a mall the transaction is stored on a computer somewhere or, better yet, uploaded to the main server for the company. Computers are used every day in Brick-and-Mortar companies. These have connections to the Internet, and hackers use these to get access. It is not exclusive to E-business.

    There’s also the debacle of throwing away hard copies of slips into dumpsters. Every employee has access to your personal information. There is no encryption; the information sits right in front of them.

    The Internet is receiving more than its fair share of exposure, but criminals are criminals. We have to work diligently to stop ALL criminals from stealing our personal information. The process should start with simple common sense; let’s make sure our security protocols, software, and hardware all stack up to the worst, most common of threats. This should also apply to Brick-and-Mortar establishments. Then we can “cry havoc” if our defenses don’t work.

    If we can eliminate the simple mistakes, we will be making huge inroads towards TRUE secure electronic transactions.


  • Amen! As a Credit Card Fraud Professional, i.e. I work for a large issuing bank, I agree 100%!

    The first comment out of the customers’ mouth when we contact them is: “You, BANK XYZ must have compromised our data……”

    So, we direct them to the news story!

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

E-Commerce Times Channels