June 05, 2019

Protect Customer's Data during GSS

The annual Great Singapore Sale (GSS) is around the corner. During this period, prices fall to an all-time low and bargain hunters are often enticed by attractive discounts to spend more. With a greater incentive to spend, lots of sales transactions are made with plenty of retail membership signups completed leading to a lot of paper being processed carrying personal information.
While bearing in mind that this is a good opportunity to drive sales, retailers need to be mindful that this increases the volume of personal data collected from shoppers. which can come in the form of physical credit card details or membership forms filled up at brick and mortar stores, or even online registration and credit card transactions on e-commerce platforms.
Whether its brick and mortar stores or e-commerce platforms, various retailers collect and process data for business purposes, such as for membership details and to gather shopper insights. During the GSS period where sales transactions are at an all-time high, it is especially important for retailers to be more stringent in what personal data they require from shoppers, be it sensitive data or non-confidential information. Planning and implementing a comprehensive security protocol is the most important measure to prevent a potential data breach of customers’ personal data from happening. This is to protect the retailer against receiving a hefty fine from the Personal Data Protection Commission (PDPC).

How can e-commerce platforms protect customer data?

  1. Don’t store customer credit card information. If possible, they may also consider payment facilitators like Paypal, Authorize.net etc to handle credit card transactions in whole.
  2. Always stay up to date with security patches as software which is not updated are prone to hackers.
  3. Demand strong passwords from customers so that their accounts cannot be hacked or broken into.

How can brick and mortar stores protect customer data?

  1. Adopting a Clean Desk policy at brick and mortar stores ensures that no personal data is left out in the open and tempts any data thieves who may patronize the store as a customer.
  2. Train staff at the store to practice good data security habits, such as collecting only personal data that is absolutely required for the purposes of verification and destroying the data when it is no longer needed.
  3. Ensuring that all documents, be they sensitive or non-confidential, are securely disposed and not thrown into the recycling bin is important. This is especially applicable to staff within the store who handle postage as invoices given may contain customer’s sensitive information.

Tips for customers to protect themselves while shopping

  1. When purchasing items in-store, customers have the right to refuse a merchant’s request to provide unnecessary personal details via a physical form such as their NRIC numbers. Mismanagement of such confidential data can lead to potential identity theft or even fraud. 
  2. Enable two-factor authentication for online transactions and account logins as an added layer of protection. Having this in place will alert customers’ to fraudulent transactions.
  3. Avoid having your credit card stored on your browser by disabling the autocomplete feature.

Start Protecting Your Business
An organisation that integrates data protection into its business processes can help reduce the risk of a data breach and non-compliance to the PDPA. Learn more about how Shred-it can protect your documents and hard-drives by contacting us.