Paid Advertising
web application security lab

ID Loss, No Prob, Dog Fur, Boycott

The other day, I wrote up a pretty thorough writeup on Darkreading, about the consequences for TJX after their huge privacy breech. As many of you know, having this blog long enough, I’m a huge consumer advocate, and I spend a lot of time talking with “normal” people (people who know little to nothing about technology), as it helps me gain perspective on what their lives are like. Say what you will about consumers, not understanding them is not understanding how to build secure interfaces. Anyway, the important part of that article was this quote:

Interestingly, we collected anecdotal evidence from some users who said that they won’t stop shopping at TJX stores, but they will stop using their credit cards there. That’s a double win for TJX. Not only are they retaining their customers, but they are cutting their credit card chargebacks and processing fees for a percentage of their clients.

So it’s a win for TJX to lose nearly 100MM credit card numbers. But then I started talking to people about the recent news about Burlington Coat Factory, JCPenney, and Macy’s selling raccoon dog fur (a type of dog). Now _that_ got a different reaction. Sure, ID theft is bad, but not bad enough to stop getting great deals. But if you kill a dog, every person I asked about it (most of whom had never heard this by the way) said they either had serious reservations about ever shopping there again, or flat out decided to boycott them entirely. I doubt that makes enough of a difference to make them opt for different types of fur or against fur entirely, but it’s at least something to make you stop and think about where the social values of the American public lies.

7 Responses to “ID Loss, No Prob, Dog Fur, Boycott”

  1. Awesome AnDrEw Says:

    Never really liked TJX or stores of that nature to begin with, and any time there is ever a large issue with credit card numbers and other pieces of identification being disclosed I either stop frequenting the store, or pay with cash. I can’t say I would stop shopping at a store because a product may contain the remains of any type of animal though. Some people like those products, and others don’t, but that’s life.
    While not entirely related I believe someone on the boards had once mentioned that it is illegal for a company to store your credit card information without your knowledge or permission. I’m not sure if it’s only locally, or if it’s indeed done by a certain food franchise, but the other night I ordered a delivery with my credit card, but did not give them my expiration date or security code (they didn’t ask so I figured either they’d call back or there was a slight possibility I might get some type of free food). When I received my food however I noticed that my expiration date was in fact listed on the receipt, which was funny to me.

  2. Ix Says:

    It is kind of sad that people say they’ll keep shopping at TJX but not use their cards there anymore, since it really does just reward them for having bad security. If everybody decided to stop using cards there then they could discontinue their accounts with the credit agencies and save a lot of money every month (not sure how much since I haven’t personally had to deal with them yet, I just know that there’s generally a monthly fee for the right to process one of their credit cards).

    For the fur stuff, how many of these people who would boycott a store that sells fur products still eat meat often? Would they feel differently about the fur product if it were deer that had been hunted for food but had the skins preserved for clothing? There is too often a disconnect between what a company does and how people interpret it, such as viewing the sale of fur as worse than losing information on a ton of their customers leaving these customers open to identity theft and credit problems. One of the above involves quickly and mostly painlessly ending the life of a dog, the other involves wrecking an entire families life and causing a lot of pain and suffering for them, that will last years, and then leave them with broken pieces of their world to pick up. Seriously, if one of the fur boycotters had experienced ID theft they’d probably be envious of the dog.

    Really though, anyone who uses bad tactics (either selling fur products people don’t agree with, or losing customers credit card info that should have A, not been stored or B, been properly secured) should have penalties imposed based on the level of infraction. Not saying the government should step in to execute those penalties, I think it should be up to informed consumers, for example we could use something like an organized movement to boycott TJX for a while. Unfortunately as someone who spends far too much time in front of a monitor this kind of organization is far beyond my level of interpersonal skills.

  3. hyperfukbot Says:


  4. umbr Says:

    This is a ludicrous expectation. A majority of the population owns a pet and a significant portion are or have been dog owners. I think it’s safe to assume these people feel a close bond with their companions, as such there is no comparing the emotional attachment these creatures imbue with that of a 16 digit number stamped on a piece of plastic. Are you really that out of touch with the “normal” “social values” that you don’t understand why higher value might be attached to the life of another creature than that of credit information? Consumers should demand greater levels of diligence, but until such transgressions affect the bottom line there will be little progress towards that end.

  5. RSnake Says:

    @umbr - I was in no way making a judgment call about what is better or worse, just that it was interesting to see which got a bigger reaction and why. Yes, I could have probably guessed the outcome, but that would have made for a less interesting post, now wouldn’t it? And no, I wouldn’t consider myself even vaguely out of touch, hence why I posted this. :)

  6. Drazen Drazic Says:

    Not sure if I am tracking this right so apologies if this post is not totally there on the subject.

    1. Recently breached companies here in OZ- stats show that very few people give a rats and will continue to buy from them anyway. eg; Rosesonly.
    2. While liability sits with anyone bar the consumer, it does not affect their purchasing decisions - ie; using the net, store etc.. ie; you report the fraudulent transaction….only pain is getting the new card.

    So, no surprises that TJX business itself will have little to no effect on the bottom line.

    RS, social values? I reckon it’s a selective thing…whatever suits at the time. There’s plenty of hypocrites out there. “Super Models”??

  7. RSnake Says:

    @Drazen Drazic - You’re right, I am always amazed by the power of hypocrisy. But this wasn’t as much about that as just the fact that companies aren’t being punished for being negligent with people’s identity, but they are for supplying fur. It just makes information security a tough sell in light of people’s actual purchasing habits.