The recent security breach at Zappos was yet another fairly loud wake up call. Personal information from millions of customers snatched from their electronic files. A lot of articles are being published with the steps a company should take to prevent this type of incident, the state of readiness they must be in to react if the unthinkable does occur, and advice on how it should be handled when the inevitable brown stuff hits the cooling device.
And the customers? They have been advised per the law that their information may have been compromised so they should take extra care, change their passwords and keep an eye out for phishing schemes in the coming months.Standard response 101.
None of us want to stop shopping on-line, nor do we want our personal data compromised. So what are we to do? Well, I have a couple off suggestions you might follow.
One approach is have a credit card which is dedicated for use in on-line purchases. Mine sits on a shelf near the computer and is probably stored in countless data bases maintained by all the many and varied on-line merchants we use. The credit cards in my wallet including the ones associated to my savings and investment account are never used anywhere but in person. The most important ones never leave my sight.
Having a few different credit cards for different situations is a strategy I call "compartmentalizing exposure," and it allows me to better manage my finances and to mitigate risk. Plenty of credit cards are available with rewards programs and no annual fees. Carry a few to keep your business expenses separate from personal spending. Use a separate one for shops and restaurants, places where the staff take your card and disappear with it to process your payment. Keep credit limits low on all except on you might have for major purchases.
If I am ever advised by Zappos or any other on-line service that my personal information has been compromised I can kill the appropriate credit card and quickly replace it with another. All of my other cards would continue to be safe.
Never click the links in the email but rather go to the site of the organization allegedly making the request. Write to them or phone them. Fake phone inquiries are usually stymied by my practice of never answering the home phone when the caller id shows blocked or unlisted. When it comes through, I prefer to call back to a publicly listed number for the organization so I am sure I know who is at the other end of the line.
Follow me on Twitter @JPuglisiLLC