If you decide to establish a relationship with an e-commerce Web site, they learn a lot about you. Do you wonder what information they collect, what they do with it and how safe it is? If so, read on for the answers.
e-Commerce Information and its Uses
In order to properly handle the processing, payment and shipment of your orders, e-commerce Web sites collect information such as your address, phone numbers, email and payment accounts. This you certainly know already, since you give them this information when you decide to order from them.
In addition, however, there is a lot of other information that you probably do not realize is being collected. Fortunately, this information is not something that most of us would consider a violation of our privacy. Nor does it represent a risk to our identities. For example, Web sites retain information about your preferences to make your shopping experience more personal. They remember merchandise you buy or even consider in order to create recommendations and deliver promotions to your desktop that are likely to interest you. They also allow you to create wish lists and save them.
Other information e-commerce sites collect is used to help improve the technical performance of the Web site and also to help detect or prevent fraudulent use of the site. A good example is the chain of links that you followed to get to their site, as well as all of the pages you visited and even where you went next when you left the site. Online merchants use this information to improve their performance with search engines or evaluate their advertising campaigns. Examining the pages you are visiting and the paths you take as you shop can help them improve the design of their site. And knowing what Web site you go to next can be of particular interest if you don't buy anything and go straight to a competitor.
Another commonly used piece of information is the Internet protocol (IP) address of the computer you are using. This is useful to help protect your identity and also prevent fraud. For example, if you are using your home computer and they know that, it gives them a high degree of confidence that it is really you. They can also check the geographic location of visitors to their site. If you have never logged in from the Ukraine for example, but someone there is trying to use your password and username, this is a very high probability indication of an attempt to fraud the site.
Where the Data Goes: Cookies and Servers
It will probably surprise you to learn that much of the information e-commerce sites collect and use is actually stored right on your own computer in something called a cookie. A cookie is a text file that can help to remember information about you and your preferences. When you visit a Web site, it looks for its own cookies on your computer and reads them.
Of course, much of the information the site gathers is stored remotely. Industry best practices require online merchants to store payment accounts and other important identity information on a different computer than the Web site server, so it can be more secure.
In the e-commerce site's information systems, two categories of people can access your personal information-those who manage the servers and systems, and those involved with customer service and payment processing for the merchant.
How Safe is my Personal Data?
The evidence shows, however, that despite the good intentions of most e-commerce online merchants, there are many cases where personal information is compromised.
Reassuringly, online merchants and e-commerce providers go to extreme lengths to protect your personal information.
Firstly, online merchants worldwide that accept credit card payment are required to comply with the Payment Card Industry Data Security Standards (PCI DSS). PCI is an organization formed by the major payment card brands-American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa Inc. The DSS standards define requirements and best practices for securing the processing and storage of payment account data, as well as other personal information. Compliance with these standards remains the responsibility of the merchant, and each payment brand manages their PCI DSS compliance and enforcement programs independently of the PCI Security Standards Council.
Most e-commerce sites provide a link at the bottom of every page to a privacy statement with useful information about what data they gather, how it is used and secured. Amazon's UK site provides an excellent example of a very thorough and clear privacy statement.