Barnes & Noble Will Have Only One Day To Let Borders’ Loyalty Customers Opt Out

Written by Frank Hayes
September 28th, 2011

Here’s a quick little IT project during the run-up to Black Friday: After spending $13.9 million for Borders’ CRM data, Barnes & Noble will have a single business day to send E-mails to 43 million Borders loyalty customers offering them the chance to opt-out of joining B&N’s own customer list—and only 20 days to purge the data of any customer who wants out.

That’s the upshot of the deal cut in bankruptcy court after the Federal Trade Commission and a special court-appointed Consumer Privacy Ombudsman pushed for an opt-in requirement for Borders loyalty customers, while B&N wanted to offer them nothing more than its own privacy policy. Ironically, either of those two choices would have made life relatively easy for B&N’s IT shop. Instead, the privacy compromise could require furious IT activity in the weeks after the sale closes on Friday (Sept. 30).

B&N won the auction for Borders’ CRM data, Web site and brand (but not its IP addresses) in an auction this month. But bankruptcy court Judge Martin Glenn blocked the deal when the privacy ombudsman recommended requiring “affirmative consent” from each former Borders customer before adding the name to B&N’s loyalty program. B&N called that requirement “completely unrealistic” and said it put the whole deal at risk.

The ombudsman’s recommendation echoed a letter the FTC wrote to the court last month. “In light of the promises Borders made to its customers, we believe it would be appropriate for Borders to obtain express consent from its customers, specifying the potential purchaser, before it transfers the data. The consent process would allow customers to make their own determination as to whether a transfer of their information would be acceptable to them. For consumers who did not consent, their data would be purged,” the FTC wrote.

In the end, the FTC and B&N split the difference: B&N won’t use the Borders CRM data except to immediately notify Borders loyalty customers that they can opt out, and data for any customer who opts out will be purged. But that opt-out period is on a very aggressive schedule—customers must be notified “on or within one business day after the closing date” of the sale, according to the court order, and data on customers who opt out must be purged no later than 20 days after that.

B&N wouldn’t comment on exactly what hoops customers will have to jump through to opt out. But let’s assume it’s simple: Customer gets an E-mail with a “click if you want to opt out” link that includes a customer number; a customer who clicks sees his name and Borders number, and can click again to opt out; after that second click, the customer’s data is marked for deletion. (B&N will probably add some sales pitches and maybe an “are you sure you want to lose the benefits of being a special Barnes & Noble customer?” plea. The court says they can do that.)

That’s a relatively simple site to set up if you’re dealing with a small number of customers—but for dealing with millions, it’s a nightmare.


Comments are closed.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.