Sears Credit Card Problem Shines Light On Marketing Data Madness
Written by Evan SchumanMay 27th, 2009
Thousands of Sears consumers this month started receiving letters inviting them to join in a class-action lawsuit against the retailer, all because of a charge that Sears shared consumer payment card data (name, address, telephone number and scrambled or unscrambled credit card number) with a marketing partner without authorization.
To be clear, the credit- and debit-card data sharing that Sears is accused of sharing happened between Sept. 9, 1995, and June 22, 2001, long before PCI even existed. But such a thing could never happen today, in our PCI-compliant environment, right? Think again, Breach Boy.
This Story Is Only Available For Premium Subscribers. Click Or Login In Below To Read The Rest Of This Story.
Already a Subscriber? Login Here
6 Comments | Read Sears Credit Card Problem Shines Light On Marketing Data Madness
Leave a Reply
Readers, specifically those who want to comment on a story:
Our Comment SPAM system is getting very aggressive these days and has been blocking legitimate comments. If you post a comment and don't see it appear within 2 hours or so, can you please send a heads-up to customer-service@storefrontbacktalk.com? Ideally, please include the time you posted the comment. That will allow us to try and hunt for it. Thanks! P.S. We're working on fixing the system, but we don't want to lose any valuable comments in the meantime.
Our Comment SPAM system is getting very aggressive these days and has been blocking legitimate comments. If you post a comment and don't see it appear within 2 hours or so, can you please send a heads-up to customer-service@storefrontbacktalk.com? Ideally, please include the time you posted the comment. That will allow us to try and hunt for it. Thanks! P.S. We're working on fixing the system, but we don't want to lose any valuable comments in the meantime.
-Christine
May 28th, 2009 at 1:22 pm
Sears was caught doing this type of thing in the 90s, so why is this news? They had shared information with an insurance partner who, when we were out of town, charged us for an insurance policy we never talked to them about.
This is a corporate culture problem where at the core of the company there needs to be integrity. Sears has been without that for a long time.
This is more of an information security role that should be internal to the IT department. Many companies don’t see the value in that either.
May 28th, 2009 at 3:26 pm
Sears was operating under the guidelines that were in place in the 90s. As a service provider to Sears I know first hand that Sears errors on the side of safety when it comes to privacy and PCI compliance.
Is it a question of integrity? I don’t think so. At its core Sears is not malicious.
Do people make mistakes? Absolutely. As the article states, how often is marketing involved in PCI discussions and visa versa?
This is just another frivolous lawsuit. The holes have already been closed. There is nothing to be gained from this lawsuit.
May 29th, 2009 at 12:43 pm
Sears right hand continues to do what its left hand doesn’t know about. We had a problem just last week. Sears marketing sent us numerous e-mail sale notices. When we tried to make a purchase, we found credit department had canceled our card because we don’t use it “often enough.” Guess what? The sale e-mails keep coming. With this lack of coordination and self-created barriers to customer service does Sears management truly expect to stay in business?
September 15th, 2009 at 4:24 am
So if this kind of problem happened before then why nobody did anything to prevent it from happening again? those credit card data that Sear got and shared without permission could be stolen by anyone and would make an abundant source of information for identity thieves.
As a credit card holder, I never felt so vulnerable until now.
November 6th, 2009 at 4:13 am
Thousands of Sears consumers this month started receiving letters inviting them to join in a class-action lawsuit against the retailer, all because of a charge that Sears shared consumer payment card data (name, address, telephone number and scrambled or unscrambled credit card number) with a marketing partner without authorization.
To be clear, the credit- and debit-card data sharing that Sears is accused of sharing happened between Sept. 9, 1995, and June 22, 2001, long before PCI even existed. But such a thing could never happen today, in our PCI-compliant environment, right? Think again, Breach Boy.
April 1st, 2010 at 12:53 pm
Sears just sent me a $32.00 membership fee ON A CARD I CANCELLED 6-YEARS AGO!
They had also checked my credit score every month over the past year before doing so.
After many calls to them, they first cancelled the card and then issued me a new one (with a new number and same membership fee), claiming that because I said “it was a FRAUD”, that it was automatic. I again had to cancel the new card.
They calaim they had no idea “who” issued/opened my old-cancelled card.
I SMELL A RAT AT SEARS.