The last decade has been marked by a major push toward all things digital. For most businesses and consumers convenience reigns supreme, which means added emphasis on direct-to-consumer sales for businesses and apps that consumers can use to streamline their shopping or browsing experience with businesses.
According to Statistic Brain, a data aggregator, U.S. online sales totaled a whopping $304 billion in 2014, nearly double what they were in 2009. Furthermore, sales made via a mobile device totaled close to $58 billion. By 2017 this figure is projected to double as well to $114.5 billion.
But, this rapid growth also exposes one gigantic flaw of the digitization of data -- it's far too easy to access.
How safe is your personal information?
Understandably, there are those we do want to have access to our personal data. Your primary physician, your bank, your lenders, and your employer are good examples of entities that should have records of your personal information. But, many of us also want our personal information trail to end with these entities and not extend to third parties which are eager to gain a direct marketing advantage by purchasing this data. Even worse, we certainly don't want our personal information falling into the wrong hands.
Over the past year there has been a considerable rise in the number of high-profile credit card and debit card compromises. Beginning with Target during the 2013 holiday season and its some 40 million compromised cards, we've also observed breaches from Staples, Sears Holdings' K-Mart, and Home Depot whose potential 56 million card breach was even larger than Target's.
These breaches are terrifying because they're happening right under the supposedly watchful eye of these companies as well as the credit card industry juggernauts Visa (NYSE:V) and MasterCard (NYSE:MA).
But, truth be told, deciphering someone's identity from supposedly anonymized personal information may be a lot easier than you'd think.
Anonymity doesn't mean anonymous
According to a study published last week in Science, researchers were able to correctly identity people based on their supposedly anonymized personal information 90% of the time based solely on four purchases, or three if the price was included.
For the study, researchers looked at the credit card records of approximately 1.1 million people covering a three-month period in an unnamed developed country within the 34-nation OECD. The idea was to use purchase history data from roughly 10,000 shops in this developed country to determine how many steps it would take to correctly match up the purchase with the user. In total, researchers concluded that with 90% accuracy it took just four steps to identify purchasers, with a 22% higher "risk" of reidentification if the price of a transaction was listed.
How are researchers getting this information? It's simple: In our digitized world they're able to pull info from our credit and debit cards, our cell phones, Facebook and Twitter accounts, or even the browsers we use while online. Just as your computer or smartphone can remember "cookies" for specific websites, these same websites are collecting data on you that third-party providers (or criminals) could use to their advantage.
What's just as worrisome as our personal data apparently not being well protected is the fact that most Americans believe that their data is secure. Researchers note that 87% of Americans believe their credit card data is moderately or extremely private. Additionally, 68% think their health and genetic info is private, and 62% believe their location data is private.
New ways your personal data is being protected
This study makes two things abundantly clear. We need more efficient technologies capable of protecting our personal data, especially our financial data, and we also have to be more proactive about who we give our personal information to.
While the second action is totally up to you, the consumer, I can say with confidence that new alternatives are emerging that should reduce the possibility of personal identity compromises in the future.
One such upgrade comes in the form of EMV chip card technology. Named after its developers Europay, MasterCard, and Visa, EMV chips store and protect consumers' personal data. Previously criminals could, with relative ease, skim or copy a consumers' credit card based on a swipe from their magnetic stripe on their credit or debit card. EMV chips, on the other hand, would be extremely difficult to duplicate since they're verified by point-of-sale technology in retailers. Keep in mind that this technology isn't brand-spanking new; it's been used in Europe for roughly two decades. However, with uniform acceptance of EMV technology for credit cards growing in the United States, it's a nice step forward in personal data protection.
A considerably bolder move being made to protect users' financial data is the push toward near-field communications chips, or NFC technology. NXP Semiconductors (NASDAQ:NXPI) is the dominant player in this space. NXP's NFC chips are found in smartphones and other mobile devices, such as the Apple (NASDAQ:AAPL) iPhone 6, and can communicate personal data, including financial transactions, with a point-of-sale device over short distances.
Apple Pay, for instance, could have an opportunity to revolutionize mobile payments -- and by more ways than just boosting mobile sales. In the iPhone 6, it utilizes an NFC chip together with the consumer's digital fingerprint to complete a transaction using personal financial data that the user has entered in the smartphone. All the user has to do is merely place their phone within a few centimeters of a point-of-sale device and confirm the transaction.
Also, a user could use the "Find My iPhone" function if their phone were lost or misplaced to disable Apple Pay or even wipe the data clean. Between the security of the NFC chip and the uniqueness of your fingerprint, the idea of heightened financial and personal data safety is readily apparent with Apple Pay. About the only constraint for Apple Pay at the moment is that not all retailers are willing or able to accept the new form of payment.
Obviously, new ways to protect our personal data are still being developed. But, it's important that consumers recognize now the need to take proactive steps to protect their information so it doesn't wind up in the hands of undesirable third-parties and criminals.