Nuggets: Companies are fooling consumers into giving up their data

By Alastair Johnson, CEO and Founder of Nuggets, a blockchain-based e-commerce payments and ID platform.


With the compliance deadline for the General Data Protection Regulation (GDPR) set to come into force across Europe in May 2018, the rights of consumers to dictate how companies store and utilise their data are set to be strengthened. Yet while the consumer rights ethos of GDPR should be commended, I believe it is out of date before it has even come into being.

Such storing of Personally Identifiable Information (PII), even if done to the letter of the new GDPR law, is totally unnecessary. Retailers and payment providers do not need that information to carry out ecommerce transactions, and I feel it’s time consumers were made aware. As blockchain and biometrics gain consumer support, it won’t be long until consumers can make payments without sharing their personal data.

More rules won’t solve the problem

E-commerce has become more accessible and convenient than ever before thanks to technological advances, but at the same time it has fueled a rise in fraudulent activity. One of the main problems is that there is simply too much valuable personal information out there.

The average consumer has around 100 online accounts, each storing sensitive data such as payment card details, email addresses, home addresses, phone numbers and passwords. This information is extremely valuable to criminals, and it is also extremely vulnerable. As we have seen with the news of big data breaches, thieves are highly motivated to constantly find new ways to access PII despite increasing security measures.

While stricter rules are an admirable effort, they don’t eliminate the fact that humans aren’t perfect and can get lazy, forgetful or don’t appreciate or understand cybersecurity risks. And unfortunately criminals are moving faster than than the regulators ever can.

In an effort to reassure consumers and partners, many companies tout the virtue of how many people they have involved in the security of personal information —100 or 500 people working on security — as if the more people involved, the better. To my mind, those are 500 weak links. I strongly believe as an industry we need to think beyond the current security cycle of build, breach and build again.

Eliminating access to data

Right now consumer confidence in the ability of firms to securely store their data is at an all time low thanks to a string of high profile data breaches. The most notable being global credit reporting agency Equifax admitting 145 million consumers were affected by a data breach — the final number affected in fact being even higher.

As a result consumers are trying to regain control over their data in questionable ways. According to security company RSA, half of all web users admit to falsifying data requested to access online services because of security fears. These smoke and mirrors aren’t necessary; consumers need to be able to make simple online transactions without sacrificing PII to anyone.

So whilst the efforts of the EU are a step in the right direction, I believe instead of trying to regulate the safety of the PII that companies are storing, we should be working on eliminating third-party access completely.

Let consumers take back control

The combination of blockchain and biometric technology promises a long-overdue revolution to digital payments. The truth is, many of the retailers I speak to don’t want to hold PII; the risks are too high and the security needed too costly. All they want to do is sell a product and get paid for it in the easiest, safest way possible.

Compare blockchain to most modern storage systems, where there is usually root-level admin access with a username and password which could be compromised. Blockchain gives consumers the ability to securely store their data in a personal cloud that no-one can access. By eliminating the need to share personal data, this means no more data breaches because companies don’t have to store consumers’ data.

Then to eliminate the weak link of passwords, biometrics is swiftly becoming the global standard. As consumers increasingly use their mobiles for transactions, confidence in biometrics increases. Visa found 86 percent of consumers would prefer to use the technology over passwords, and 65 percent say they are already familiar with using it.

By employing biometrics it removes the need for consumers to remember multiple passwords and PIN numbers, and simply use fingerprint, voice or facial recognition instead. At the same time as making transactions more secure, it has a knock-on benefit for ecommerce sites. The same Visa study found half of consumers have abandoned a purchase because they couldn’t remember their password. So by making the transaction process easier they are likely to increase their profits too.

It’s win win

So you have to ask why companies want to have access to consumer data that is so expensive to protect and which presents so many risks when it’s not necessary? I firmly believe consumer awareness of the alternatives will drive change within the payments industry over the next year. As GDPR raises awareness that people have more rights when it comes to their PII, they will demand more from both ecommerce sites and payment processors.

Related reading