Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

8/14/2013
01:28 PM
Kevin Casey
Kevin Casey
Commentary
50%
50%

How One SMB Manages Customer Identity Data

Armed Forces Eyewear sells discounted gear to military personnel and their families. Here's why you won't hear customers grumble about their personal data and online privacy.

Some customers don't mind if you run a behind-the-scenes check on their personal information. It helps if you're giving them a nice price break as a result.

In a sense, Armed Forces Eyewear has it easy when it comes to handling customer data. The online retailer's customers, primarily military personnel and their families, rarely grumble about verifying their identities -- especially if their military status earns them a discount or other benefits.

AF Eyewear, a division of Frames Direct, sells eyewear at up to 30% off retail price -- but only to active-duty military personnel, reservists, and their family members. The site recently expanded its eligible customer base to include veterans and first responders such as police and firefighters. Transactions are completed only after a back-end database check -- and in some cases an extra paperwork request -- verifies that the customer is who they say they are. In an age when a Facebook privacy tweak causes minor mayhem online, AF Eyewear's shoppers don't seem to mind the process.

"We haven't gotten a lot of negative [privacy-related] feedback," said marketing manager Lauren Purcell in an interview. Purcell, whose spouse serves in the military, noted that it's long been common for military families to show extra identification when shopping offline if it gets them special pricing and other perks. That habit has translated for online shopping and other Internet use. "It's kind of an accepted practice in the military world: If you're going to get a discount, you've got to step up to the plate and prove it. Most people don't have a problem with that."

[ New technology can thrive even in old-fashioned businesses. Read How To Innovate In A Low-Tech Industry. ]

It's a sunnier side of the often stormy environment of online privacy, consumer data breaches, social media scams and other information security matters.

Military culture and a good deal on a pair of Ray-Bans or Oakleys aren't the only factors that keep customer privacy concerns to a minimum at AF Eyewear. The company doesn't use more than the customer's name and date of birth to verify current and former military status. According to Purcell, this is a welcome change from the not-so-distant days when military ID cards included social security numbers in plain view.

Most shoppers probably don't even notice the verification process, which checks customer information against government databases, as it happens. AF Eyewear once partnered with the online arm of the Army & Air Force Exchange Service to authenticate military status. It recently began using the SheerID verification service, in part so it could broaden its audience to include veterans and first responders. The latter group, which includes law enforcement and other emergency personnel, must complete additional paperwork at the time of purchase. That can take as long as 30 minutes, a lifetime relative to the one-click shopping expectations fostered by Amazon Prime and similar online services. Even then, though, Purcell said AF Eyewear customers don't seem to mind.

AF Eyewear doesn't store any sensitive customer data, another asset in managing privacy concerns. The company's decision to expand its customer eligibility rules and corresponding verification process was a major requirement in its build-versus-buy decision. "That was our biggest issue if we were going to develop something in-house," Purcell said. "We didn't want to [store] that information."

As with most e-commerce sites, fraud and other security matters are top of mind. Purcell credits FramesDirect, AF Eyewear's 60-person parent company, for strong fraud prevention protocols. But the military ID check itself keeps scammers at bay.

"With AF Eyewear, we don't experience much fraud because we are going through that validation process," Purcell said. "We've had a few cases here and there, but it's not as prevalent as it is in our FramesDirect.com site [which sells to the general public]."

It also helps that AF Eyewear doesn't ship internationally; that alone slashes fraud dramatically. When its customers are deployed overseas, they typically use an APO address via the military mail system.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
OtherJimDonahue
50%
50%
OtherJimDonahue,
User Rank: Apprentice
8/15/2013 | 11:11:09 PM
re: How One SMB Manages Customer Identity Data
How do you think this translates to more-general audience? As you note, military families may be more open to showing ID.
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-25655
PUBLISHED: 2021-06-24
A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).
CVE-2021-25656
PUBLISHED: 2021-06-24
Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).
CVE-2021-25649
PUBLISHED: 2021-06-24
** UNSUPPORTED WHEN ASSIGNED ** An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be availab...
CVE-2021-25650
PUBLISHED: 2021-06-24
** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services.
CVE-2021-25651
PUBLISHED: 2021-06-24
** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services.