Sometimes, information security is not about the latest technology in disk encryption software like AlertBoot or antivirus software. It’s about being aware:
So I’m seeing a number of sites covering a story about how a Domino’s Pizza delivery guy asked a customer for his SSN or driver’s license number before handing him over the pie (delivery guy had to write it on the copy of the receipt). The customer declined.
The original story is found at consumerist.com, where it elicited quite a reaction.
Domino’s Has Card Fraud Issues
The customer called up the store to make sure this wasn’t some kind of scam on the delivery guy’s part. It wasn’t. Store management told him that asking for such information was now “company policy” because there was an increase in fraudulent pizza charges.
A Domino’s rep by the name of Phil dropped by the consumerist site to declare that this deviates from company policy, and that they’re looking into the matter. Perhaps what the manager meant was that it was “store policy,” which decidedly sounds less authoritative than “company policy.”
As many point out in the comment section, most private enterprise have no legal reason to be collecting such information, not unless they are extending credit to you. And, when you consider that a pizza place doesn’t extend credit in any way or form (ever try setting up a running tab at Domino’s? No such thing), it’s obvious why Domino’s the corporation wouldn’t have such a policy.
But, corporate has a legal team, whereas franchises and regional managers might not be inclined to consult with lawyers. If they had, the lawyers may have directed them to sites such as this one where it’s quite clear that asking for identification (asking; not even jotting down the information, but asking for it) violates the merchant/retailer terms with the credit card company.
There are caveats, of course, such as those instances where the card is not signed. But generally, asking for identification is a no-no. Whether anything is done of such instances, I don’t know. I have heard of people who’ve filed complaints and nothing has happened. I don’t think I’ve heard of instances where something did happen.
Domino’s is not the only company that’s been involved in such problems. Same thing happened at a Pizza Hut and countless other places.
Why Do Merchants Collect Information?
This anecdote does a great job of highlighting the reasons:
My friend used to own a franchise of a national chain and a few people would repeatedly come in and buy a sandwich using their own credit card. These people would spend around $500 over the course of two to three months and then later call their credit card company and claim that they didn’t make any purchases, the credit card was stolen, and it was fraud. One guy even had the nerve to walk back into the store to get more food AFTER he reported this. [commenter cheapist @ consumerist.com]
And while in theory the credit card company “eats it” if it turns out to be fraud, that’s not the practice, as I’ve heard it. If a dispute comes in and the merchant can’t prove that services were rendered to the actual cardholder, the merchant rarely gets paid. That’s why so many will make a copy of some kind of identifier.
Practicing Data Security
Whether the original person who had a less than stellar experience at Domino’s is better off is hard to say. On the one hand, he did eliminate what could eventually turn out to be a data breach. Not that I’m accusing anyone of anything, but it wouldn’t be the first time that paper records get dumped in the street, a renegade employee steals files, or a burglar breaks in and steals paperwork.
On the other hand, the guy is out a pizza and twenty minutes of his life. And for what? The miniscule potential of ID theft.
Your mileage may vary, but it is my opinion that the guy is better off. A pizza is gone in ten minutes; the effects of identity theft last much longer, if not a lifetime. Which is why solutions like laptop encryption have been developed to protect client information (and potentially save companies from some serious fines).
Related Articles and Sites: