Target Stores – An Identity Thief’s Best Friend ?

Is Target Stores, Inc. targeting your sensitive personal data ?  (image from angrywhiteboy.com)

Is Target Corporation targeting your personal data ? Will a data breach make you a victim of identity theft ? (image linked from angrywhiteboy.org)

You might have found this article after asking…

Why did Target scan my drivers license, or

Why did Target swipe my drivers license, or

Is Target collecting personal information from my drivers license, or

What is the Target stores ID policy, and what if I refuse to give them my drivers license,  or

Did a jury award  South Carolina Target shopper Rita Cantrell $3.1 million in a libel case, after she was wrongly accused of trying to pass a counterfeit $100 bill at Target ?

Maybe Eric Arthur Blair was right (you’ll probably know who he was, even if you don’t recognize his name).

We very rarely shop at Target, but happened to find ourselves in a Target store recently.  While our order was being scanned at the register, even before we decided how we would pay, the cashier asked for our drivers license.  When asked why they needed to see our drivers license, they told us that it was because we were buying a package of over-the-counter cold medicine.  Since we are closer to retirement age than we are to the age of majority, we can’t remember the last time a clerk or cashier “proofed” us.  But since we want to do our part to make sure that no minors can get relief from their cold or flu symptoms, we graciously handed the cashier our license.  We quickly regretted complying with their request, when, to our horror, the cashier scanned the barcode on our license with their barcode reader, before we realized what they were doing, and before we had a chance to stop them.  It is worth noting that the last time I checked, this was still America, and there was absolutely no legal requirement for a retailer to scan or swipe your drivers license, or any other form of ID when purchasing medications, alcoholic beverages, etc.  Target appears to have adopted this misguided policy to protect themselves, and to possibly make their job easier (but at your expense).  What’s next ?  Scanning a barcode tattooed on your forehead by the State, or scanning you for the mandatory RFID chip implanted under your skin at birth ?

It seems to us that Target might be capturing at least some the information embedded in the barcode of your drivers license.  If not, then simply having the cashier confirm the date of birth printed on the license would suffice, and scanning the license would serve no purpose.   This makes us wonder what they might be doing with the data.  How long are they retaining the data ?  Do they sell the data, or use it for marketing purposes ?  Will they provide the data to the government, either voluntarily or in response to a subpoena or a National Security Letter ?

As (now very wealthy) South Carolina Target shopper Rita Cantrell can attest, Target can’t distinguish real currency from counterfeit.  Likewise,  we have little confidence that their employees, POS scanners or computer systems would be able to tell a fake drivers license barcode from the real thing.

Are you wondering what information Target (and other retailers) can capture from your drivers license barcode, in this post-9/11, “Homeland Security” driven world ?  The American Association of Motor Vehicle Administrators (aamva.org) publishes the standards that the individual states follow when designing their drivers licenses.  This AAMVA document (in .PDF format) lists 22 mandatory and 23 optional data elements that are encoded into the PDF417 barcode that is used on U.S. drivers licenses.  Did you know that items such as a driver’s race/ethnic group and social security number can be embedded in the barcode ?   The individual states are free to add additional data elements that are not included in the AAMVA standard.

Sample License

We suspect that Target would be happy to sell cold medicine to this fellow, as long as he allows them to scan his drivers license.

Even if Target Stores does not have any ulterior motives, the fact that they are able to capture any or all of the data embedded in your drivers license barcode exposes their customers to the threat of identity theft.  The fact that their name is Target doesn’t help the situation either, if you catch our drift.  I mean, just look at their stores… they put a big red bulls eye right on the front of every store !  If that isn’t taunting all the hackers out there, I don’t know what is.   Maybe we would be less concerned if their name was “Fortress” or something along those lines, and their logo was a bank vault, rather than a bulls eye.  Even their cute mascot, Bullseye, looks like he would rather lick you to death than defend the company’s customer data.  Retailers, credit card companies, banks and other businesses are constantly making headlines because their networks are hacked into, their data stolen, and their customers or employees personal and financial information  compromised.  Sometimes it’s a hacker breaking into a computer network.  Sometimes, it’s a rogue employee inside a company or at a vendor that has access to a company’s systems.  Sometimes, it’s a laptop computer containing sensitive information that is lost or stolen.  Sometimes, backup tapes are lost in transit to an off-site storage location.  There are many ways that customer data can be put at risk of theft.

Now we’re wondering if we will pick up the newspaper one day, and see the headline “Target Stores Targeted By Hackers,  Personal Info From 50 Million Customers Stolen”.  Think it can’t happen ?  Think Again.  It has happened to other large retailers, banks and credit card companies.

How can consumers protect themselves ?  Well, it’s nearly impossible in the age of  The Internet and when “plastic” has largely supplanted the use of cash.  But nothing says that you have to shop at a retailer that unnecessarily places your personal information at risk, even if its only a potential risk.   We doubt that we will be shopping at Target stores again, but if we do, and we are asked for our drivers license in the future, we will refuse and walk out.  If collecting our personal data is more important to Target than keeping us as a customer, we will gladly take our business elsewhere, and patronize a business that does not unnecessarily expose us to the threat of identity theft.  Speaking of Target, we think that letting retailers scan and capture the data stored in your drivers license barcode is a lot like placing a bullseye on your back.

We are normally happy to accomodate a  merchant’s request to provide suitable ID, especially when the transaction involves payment by check or credit card, or we are returning an item, but Target’s policy is unacceptable, and we believe, simply wrong.  And we’re not the only one who feels this way.  This article at informationweek.com echoes our concerns about Target’s policy.  From a purely practical standpoint, we suspect that draconian policies such as the one put in place by Target will backfire, with (even more) people simply deciding to steal the medication.  OTC pharmacy items are already the most frequently shoplifted items (see this list of the 50 most frequently shoplifted items).   And isn’t it just a bit ludicrous (not to mention, rude) to ask a senior citizen buying cold medicine to prove they’re 18 years old ?

As far as we know,  Target customers concerned about identity theft can still do their shopping at Walmart without having to show them your drivers license when buying cold medications.  If you are very obviously over the age of 18, and asked for your drivers license at a Target store, we suggest that you decline.   If they persist, simply tell them that under the circumstances, you have changed your mind and don’t wish to purchase anything.  It won’t take Target very long to realize that their policy is costing them business, and that they need to change it.  They might not enjoy having to put all your stuff back on the shelves after you walk out without buying it, but at least your personal data will be safe.

- Routing By Rumor

About these ads

5 Comments

Filed under 9/11, Business, Consumerism, Law Enforcement, Life, Money, Retail, Retailers, Routing by Rumor, Shopping, Technology, Terrorism, Walmart, Your Money

5 responses to “Target Stores – An Identity Thief’s Best Friend ?

  1. G. Howard

    I have just left a Target store in Hilliard, Ohio where I wrote a check for my purchases and the cashier (speaking in heavily accented tones) requested to see my driver’s license. I showed her my wallet with the driver’s license clearly displayed and she told me I had to take it out (of my wallet). I did, expecting her to copy the required info onto my check when she took my license and turned to her register and swiped it. I was so astounded! I asked why she had swiped my license and she replied (best as I could understand) that it was because I was writing a check. It was futile to try to talk with her about the incident, the store’s manager was not available at that moment and I had other deadlines so I left the store. I bought 2 doormats, a bathmat, a can of mixed nuts, 3 paper notebooks, and 2 potato chip bowls — NOTHING ANYONE OF ANY AGE WOULD BE PREVENTED (BY AGE) FROM BUYING! I am SO incensed and absolutely can not stand that my personal information was ripped off by Target. I am going to continue pursuing this and I hope if you have a similar experience that you will also. If we all roll over and have that “…whatever…” attitude then woe betide us!!!

    – Cleveland, Ohio

    Response from Routing By Rumor…

    Ah, so there you go… MIXED NUTS ! It must have been the can of mixed nuts. After all, one can never be too careful about who they sell a can of nuts to. Why, we’ve seen teenagers using fake driver’s licenses to buy cashews on numerous occasions. We can’t believe the clerks haven’t gotten wise to them yet.

  2. K. Gordon

    I was shopping at target a few days ago, and was carded for tylenol cold and sinus. I refused to give my license and walked out. Apparently the cashier doesn’t know the difference between pseudoephedrine and acetaminophen, or at least the difference between sudafed and tylenol. I was under the impression you only needed id to purchase pseudoephedrine products, not all cold medicines. Right after I left target, I went to CVS purchased the same tylenol and no one asked for any id. I’ve also bought tylenol cold at stop and shop and they have never carded me there either.

    I have been buying tylenol products for years and I have never been carded or denied purchase, not even when I was in middle school.

    I am appalled they are not only asking for id but then scanning it, without telling the customer. I will never shop there again.

    – Rockland, Massachusetts

  3. Dear Anonymous Mom:

    Very interesting and scary. I think Target is horrid. I returned an lcd monitor Target purchase with my receipt and all packaging material because it didn’t work. Target claimed my check hadn’t cleared. I went to my bank, obtained proof that it cleared several days earlier and returned to Target, requesting a refund. The store refused. I was told I could have a gift card. I do not use gift cards. I am retired on a very limited income (poverty level) and do not want a gift card. The store will not refund my money.
    There is more to the story but this is the essence. I am owed $206 and am unable to get it so I am forced to hire an attorney. Let’s see: $200 is 20% of my monthly income.Stay away from Target. They are probably the worst big box retailer in existance.

    Thanks,
    Sue

    – Mariposa, California

    • Fran Ferrari

      Thank you. I feel so disenfranchised when asked for my drivers license or other form of identification. Especially when I am spending my hard earned money to use my credit or debit cards.

      – Oklahoma City, Oklahoma

  4. Anonymous Mom / Target Victim In Ohio

    Same thing just happened to me – NOV 20 2009 – LANCASTER OHIO – TARGET STORE – While buying a video game for my early teenage son – I am 45+ years old and unfortunately look my age also – so when the cashier said she need to check my ID as the video game (call to duty modern warfare 2) said 17+ mature on it. I made a joke to my son that only I would be allowed to play the game when we got home.

    I rarely shop at target but my son had some Target gift cards given to him by friends for his birthday.

    With out thinking I handed the cashier my Drivers License – Thinking she was going to look at my birth date again I am obviously 45+ years old if you look at me and hand it back to me.

    BUT

    Just like all the other stories here and else where on the internet I have found about this issue – the cashier turned around and swiped my Drivers License through her “computerized card reading /register” before I knew what was happening. And I am now sure that some where up in Minneapolis in Targets corporate headquarters, in some server now all of my PERSONAL information is now stored.

    I am certain I will now start receiving Target “JUNK MAIL” which I have never received before.

    As well Target will most likely SELL my PERSONAL INFORMATION – to other marketing firms.

    I complained at length to the store manager and could not believe they had so “nilly willy” “STOLEN” MY PERSONAL INFORMATION with out even asking me my permission to swipe my DL first.

    I asked the store manager for her full name address and DOB – she was unwilling to supply it to me – I asked her then why she thought she had the right to have mine and much more like my height and weight eye color DL number and god only knows what else my state puts into that bar code about me, etc also!

    I told her that I could not believe that I could not go into their store buy a product pay with a gift card and cash and leave “anonymously”

    That I had to supply them with my full legal name, my address, my age & DOB, height, hair color, weight, and my DL number and until just this past April 09 when my DL had to be renewed here in OHIO – they would have gotten my SS# also – but that was again just recently removed – Finally – by the state when I renewed my DL.

    Basically Target corporation has just STOLEN MY IDENTITY! – THAT IS THE THANKS I GET FROM THEM FOR SHOPPING IN THEIR STORE!

    I was given a number to call by the manager when I called it – I got some guy in New Delhi India! As I asked him where he was – I Hung up!

    I AM NOT DONE AND PLAN ON CALLING UP TO MINNEAPOLIS AND NOT GIVING UP UNTIL I GET TO A HIGH LEVEL CORPORATE MANAGER THAT WILL SPEAK TO ME.

    I AM ALSO CONSIDERING HIRING AN ATTORNEY AND SUING TARGET FOR INVASION OF MY PRIVACY AND TAKING “STEALING” MY PERSONAL DATA / INFORMATION WITH OUT MY PERMISSION!

    I WILL CERTAINLY NEVER SHOP AT TARGET AGAIN!!!!!

    WE NEED TO SPREAD THE WORD ABOUT THIS PRACTICE – AS I AM SURE MORE & MORE RETAILERS ARE DOING THIS SAME THING ALSO – FROM NOW ON I WILL NEVER AGAIN HAND OVER MY ID TO ANYONE AGAIN – THEY CAN READ IT FROM THE CARD WHILE I HOLD IT & I WILL NOT HOLD IT UP UNTIL AFTER I TELL THEM / MAKE IT VERY CLEAR – THAT THEY ARE NOT REPEAT NOT TO TOUCH IT WHILE I AM HOLDING IT UP FOR THEM TO READ ONLY! AND THEN IF SOME TAKES IT OUT OF MY HAND I WILL CALL THE POLICE AND PRESS CHARGES ON THEM FOR ASSAULT & THEFT!

    SIGNED – “REALLY PISSED OFF” –

    P.S. THIS CRAP NEEDS TO BE STOPPED!

    – Columbus / Worthington Ohio Area

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s