(Reuters) - Among the millions of consumers who received recent emails from Target Corp apologizing that their personal data might have been accessed by cyber thieves are those who wonder exactly how they got on the list in the first place.
If you didn’t give Target your email address, how did they know it?
Target is renowned in the retail world for its data collection and analysis, grabbing bits and pieces wherever it can - from your store purchases to visits to its website to surveys you’ve taken to things you’ve posted on Facebook. It all goes into Target’s customer relationship management database for analysis.
“A lot of consumers are just not aware to the extent to which they are collecting data,” says Paul Stephens, director of policy and advocacy for Privacy Rights Clearinghouse.
Other retailers mine customer data by getting them to opt into loyalty or reward programs. Some retailers with established loyalty programs include CVS Caremark Corp, Sears Holdings Corp, Gap Inc, and Starbucks Corp.
What sets Target apart from the crowd is an aggressive datamining of customer interactions. That includes customers’ cell phones, web cookies, purchase histories, prescription and other health information.
Andew Pole, who heads a 60-person team at Target that studies customer behavior, boasted at a conference in 2010 about a proprietary program that could identify women - based on their purchases and demographic profile - who were pregnant.
That’s because women often control the purchasing power of baby furniture, equipment, clothes and diapers. “This is a very profitable acquisition,” Pole told those gathered to discuss “predictive analytics”.
Target goes further than that. The company can identify by name more than half the customers who walk into their stores and browse their website, according to Pole’s presentation.
Each consumer’s spending and demographic information - such as age, marital status and address - is the foundation for a “guest profile” which enables the store to identify brands you are loyal to, what offers tempted you and whether you can be persuaded to shift spending from other stores to Target.
“There’s a lot of Big Brother,” Pole said. Target follows the law and uses datamining to better connect with its customers, he added.
For users of a Target debit card or credit card, information collected includes income and credit history.
Target is doing nothing nefarious by collecting and analyzing all that data, says Gerald Storch, president of the New Jersey-based management consultancy Storch Advisors.
“You’re trying to market to the segment of one,” says Storch, who stepped down last year as CEO of Toys R Us and prior to that was vice chairman of Target. “This is the holy grail of consumer marketing.”
Mass marketing through newspaper and TV ads used to be the standard for reaching consumers, Storch says, but most “forward thinking” companies - retailers or otherwise - use purchasing patterns and other data to predict what a consumer is likely to buy and give them offers as an incentive.
“If you bought a lot of carpet shampoo, they deduced you’re likely to have had a pet,” Storch says.
So far, in addition to credit card and debit card information, Target has acknowledged that names, addresses and emails were compromised.
Target has disclosed what it has learned to date about the data breach, Snyder notes. Details about opting out of the data collection process and the sharing of that information is included in the policy, which is posted on Target.com. (here)
The key to identity theft - the most worrisome of crimes for those whose data has been exposed - is the thieves obtaining Social Security numbers. Applicants for Target’s REDcard would have provided that information, but the company has said it is not aware that specific information was among the data stolen.
Being able to scam victims out of their Social Security numbers - an easier task when the criminals know so much about you - is where consumers need to be on guard.
Target can’t stop you from giving out even part of your Social Security number to a con artist. Given that it’s tax season, when dispensing that number is part of the process, the potential for victimization is even higher.
“The burden has now shifted from them to you,” says Adam Levin, chairman of IDentity Theft 911 LLc, an identity theft protection and remediation firm.
(Follow us @ReutersMoney or here;
Editing by Lauren Young and Stephen Powell)