Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

8/14/2013
01:28 PM
Kevin Casey
Kevin Casey
Commentary
50%
50%

How One SMB Manages Customer Identity Data

Armed Forces Eyewear sells discounted gear to military personnel and their families. Here's why you won't hear customers grumble about their personal data and online privacy.

Some customers don't mind if you run a behind-the-scenes check on their personal information. It helps if you're giving them a nice price break as a result.

In a sense, Armed Forces Eyewear has it easy when it comes to handling customer data. The online retailer's customers, primarily military personnel and their families, rarely grumble about verifying their identities -- especially if their military status earns them a discount or other benefits.

AF Eyewear, a division of Frames Direct, sells eyewear at up to 30% off retail price -- but only to active-duty military personnel, reservists, and their family members. The site recently expanded its eligible customer base to include veterans and first responders such as police and firefighters. Transactions are completed only after a back-end database check -- and in some cases an extra paperwork request -- verifies that the customer is who they say they are. In an age when a Facebook privacy tweak causes minor mayhem online, AF Eyewear's shoppers don't seem to mind the process.

"We haven't gotten a lot of negative [privacy-related] feedback," said marketing manager Lauren Purcell in an interview. Purcell, whose spouse serves in the military, noted that it's long been common for military families to show extra identification when shopping offline if it gets them special pricing and other perks. That habit has translated for online shopping and other Internet use. "It's kind of an accepted practice in the military world: If you're going to get a discount, you've got to step up to the plate and prove it. Most people don't have a problem with that."

[ New technology can thrive even in old-fashioned businesses. Read How To Innovate In A Low-Tech Industry. ]

It's a sunnier side of the often stormy environment of online privacy, consumer data breaches, social media scams and other information security matters.

Military culture and a good deal on a pair of Ray-Bans or Oakleys aren't the only factors that keep customer privacy concerns to a minimum at AF Eyewear. The company doesn't use more than the customer's name and date of birth to verify current and former military status. According to Purcell, this is a welcome change from the not-so-distant days when military ID cards included social security numbers in plain view.

Most shoppers probably don't even notice the verification process, which checks customer information against government databases, as it happens. AF Eyewear once partnered with the online arm of the Army & Air Force Exchange Service to authenticate military status. It recently began using the SheerID verification service, in part so it could broaden its audience to include veterans and first responders. The latter group, which includes law enforcement and other emergency personnel, must complete additional paperwork at the time of purchase. That can take as long as 30 minutes, a lifetime relative to the one-click shopping expectations fostered by Amazon Prime and similar online services. Even then, though, Purcell said AF Eyewear customers don't seem to mind.

AF Eyewear doesn't store any sensitive customer data, another asset in managing privacy concerns. The company's decision to expand its customer eligibility rules and corresponding verification process was a major requirement in its build-versus-buy decision. "That was our biggest issue if we were going to develop something in-house," Purcell said. "We didn't want to [store] that information."

As with most e-commerce sites, fraud and other security matters are top of mind. Purcell credits FramesDirect, AF Eyewear's 60-person parent company, for strong fraud prevention protocols. But the military ID check itself keeps scammers at bay.

"With AF Eyewear, we don't experience much fraud because we are going through that validation process," Purcell said. "We've had a few cases here and there, but it's not as prevalent as it is in our FramesDirect.com site [which sells to the general public]."

It also helps that AF Eyewear doesn't ship internationally; that alone slashes fraud dramatically. When its customers are deployed overseas, they typically use an APO address via the military mail system.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
OtherJimDonahue
50%
50%
OtherJimDonahue,
User Rank: Apprentice
8/15/2013 | 11:11:09 PM
re: How One SMB Manages Customer Identity Data
How do you think this translates to more-general audience? As you note, military families may be more open to showing ID.
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...