Sunday, August 06, 2006

Are Retail Refunds Violating Customer Privacy?

There is no doubt that fraudulent refunds from shoplifting cost billions. It's a way for criminals who target the retail industry to get cash.

To protect themselves from refund fraud, many retailers maintain the personal information of refunders in databases. With the identity theft crisis in "full bloom," many customers aren't very happy at having to provide personal information when they return a defective product.

Chelsea Emery of Reuters recently wrote:

Receipt in hand, Peter Soltesz expected his trip to Home Depot Inc. to return a $25 faucet part would be quick and uneventful.

But the Rockville, Maryland, consultant went home with the part -- and without his cash -- when the clerk insisted on recording his driver's license data.

"A driver's license is one of those pieces of key, secure information that identifies me," said Soltesz, a computer and telecommunications specialist.

"I'm more than happy to give it to a bank, but a Home Depot, for goodness sake? They can't clean a store, much less protect my information."


Please note that information is compromised at banks, quite frequently, also.

Of course, within the retail industry -- it's known that shoplifters aren't the only culprits in the refund fraud world -- dishonest employees (also) use refunds as way to steal cash. When an employee does a fraudulent refund and takes the cash - the loss transfers to the physical inventory (goods on hand) - and their till will balance. By the time an inventory occurs (once or twice a year), the loss will reflect as missing product, and it's impossible to determine whether it was due to internal, or external theft.

Since the employees have access to these (refund) data bases, my guess is that they use existing customer information, or make it up. Previous surveys within the retail industry have cited employee theft as the number one cause of losses.

The 16 billion dollar loss figure was put together by Dr. Richard Hollinger of the University of Florida and the most recent study reflected an increase in "organized retail crime." With the "identity theft crisis" in full bloom, it's probable that many of the "more organized criminals," have access to multiple identities.

Bad check writers frequent retailers all the time and are known to refund merchandise to get cash. There are databases to prevent check fraud and the way criminals often defeat them is to assume a "good identity." Again, due to the identity theft problem, identities have become cheap and are being marketed in chat rooms and rogue websites on the Internet.

If many of the criminals committing the $16 billion in fraud are circumventing the system - a lot of this data currently maintained probably is flawed.

Sadly enough, consumers like Peter are probably reacting to recent news events.

Recently - although never admitted to - it was alleged that "Office Max" was the point of compromise in a debit-card breach. In the past week, it has also "come to light" that "Dollar Tree" (another retailer) was the point of compromise in another breach.

If financial systems can be "hacked" at retailers, it's conceivable that this data base could be compromised, also.

According to the Privacy Rights Clearinghouse - which has been following this - 91 million people have had their data exposed in the past couple of years. And the list keeps growing.

For their chronology, link here.

Technology makes crime become more sophisticated on a daily basis and the "bad guys" are constantly looking to defeat "security measures." Unless these measures evolve, they can become "not very effective" in a short amount of time.

I'm not sure what the answer is. Retailers have the right to protect their assets, but at what cost and how effective is the process? Another issue is with all the "identities" floating around and "employee abuse," is there a potential for honest people to be tagged as shoplifters?

Sadly enough - as evidenced in the Reuters story - I doubt Peter will be giving Home Depot any business soon. This is going to hurt retailers, also.

1 comment:

Anonymous said...

I tried to refund something at Home Depot. Their employee gave me the wrong thing.

When I tried to refund it, I was told they were refusing the refund because I had written bad checks.

This was from a check system called Scan. It turned out someone had used my name in another city and written bad checks.

The entire episode was embarrassing and the manager was very rude.

If this is true, Home Depot is sharing this information with others.