This Lunar New Year, “huat” personal data are you giving away?

It is the time of the year when people engage in the Lunar New Year festivities from shopping for new clothes and other goods, reserving tables at restaurants for reunion dinners to giving e-hongbaos. As we engage in the festivities, are you aware of some of the associated privacy risks?

Online shopping for Lunar New Year

Online shopping has become increasingly popular, across multiple e-commerce and social media platforms, both because of its convenience and cost savings. Moreover, due to the pandemic, many people are shopping online to avoid crowding at malls.

While shopping online is convenient, it is important to remember that consumers are often giving away personal information, such as their email addresses, contact information, home address and credit card information, in the process. These details can make them vulnerable to identity theft if the security of that personal data is compromised.

Hence, it is critical for consumers to be mindful of how much data is actually necessary for companies to process the transaction of their purchases. Retailers would encourage consumers to sign up for a membership and to be subscribed to their newsletter to receive discounts or information about new products or sales. Consumers should be aware of the consent that they are providing to these retailers.

Also, it is vital for consumers to ensure that the online retailer has a privacy policy and notice to inform them about the data that they are collecting and using. It is equally important that the organisations also provide clarity on how securely they store their customer data, how long they keep the data for, for what purposes and whether the data can be accessed by third-party platforms, e.g., payment gateway companies. This is necessary to be assured of a privacy-safe consumer experience.

Beware of fake QR codes

Other than shopping for clothes or new home decorations to prepare for the Lunar New Year, annual reunion dinners are not to be missed. Many families opt to have their reunion meals at restaurants and prefer to reserve tables to reduce the waiting time.

Starting from the reservation process, the restaurants may collect information such as phone numbers and names to process the reservation. They may also encourage you to sign up for a membership. Knowing how their data will be handled after the reunion meal at the restaurant would be useful to consumers for their privacy concerns.

Another common trend among restaurants these days is to provide QR codes to minimise interactions between staff and customers in light of the pandemic. QR codes can be manipulated and misused by malicious actors. It is possible, for instance, for malicious actors to embed alternative URLs in QR codes or to rewrite the legitimate QR codes of restaurants by pasting their own on pre-existing ones.

It is crucial for restaurant employees to receive training and be aware that people could cover the restaurant’s QR code with their own ones to trick customers to provide their information to their fake website.

It is a good idea for consumers to choose "guest" when submitting their food orders and to ensure that their credit card information is not saved by a third-party payment gateway platform, or even opt to have staff take their orders manually.

Similar to restaurants, some e-hongbao platforms require the sender or receiver to scan QR codes to process the gifting and receiving of money. It is important to be careful when receiving QR codes to scan for e-hongbaos, to check if there is a sticker placed over the original if you receive a physical red packet with a QR code for receiving the money in your bank account.

Also, if the QR code is sent digitally to you via text message or email without prior notification by family members or relatives, it could be helpful to verify with the sender before clicking on the QR code. Better safe than sorry!

Written by: Steffi Tay (GRCP)

The views and opinions expressed in this article are those of the author and do not necessarily reflect the official view or position of DPEX Network.