When you trade-in your device for Argos vouchers, will you also be handing over your personal & corporate data?
‘Out with the old, in with the new’ – the tagline Argos is employing in the hopes of enticing customers to trade in their mobile devices for store vouchers.
Argos is now offering a trade-in service, offering instant in-store quotes on devices and payment in vouchers. The recycling initiative is a first for a big UK retailer, who worked with ‘circular economy’ company Wrap to bring the initiative to market.
The trade-in move by Argos could see the UK retailer benefiting from the booming second-hand mobile market – a market which Gartner predicts is set to grow to 120 million units by 2017. However, while some are heralding the service as a departure from time-consuming postal service schemes, questions have surfaced regarding data risk.
Pat Clawson, CEO of the Blancco Technology Group, expressed concern over the ease at which criminals could recover personal information from refurbished devices.
"Unfortunately, many users — as well as enterprise businesses — mistakenly assume that manually deleting data or performing a factory reset will wipe a mobile device clean and eliminate any potential security threats.
"But that’s just not true. A factory reset only removes pointers to the data, but it doesn’t actually erase the data forever. Without a USB connection to a computer, which can detect all areas of the memory and initiate a full overwriting of the data, there will always be a possibility of recovery.
"So both individuals and businesses need to be careful about what they are handing over. And most importantly, Argos needs to provide some form of certification – that can’t be falsified after the fact – to verify that all data was erased permanently. Otherwise, consumers will be leaving their security to blind faith that’s just not good enough. Not by a mile."
Clawson highlights how devices used for work could include credentials to access the corporate network, alongside personal data such as contacts, bank details, photos, passwords and videos. If a permanent delete is not executed on the device, all data, as Clawson puts it, is ‘there to be found.’
Speaking exclusively to CBR, Argos assured that all necessary steps would be taken to protect customer data.
"Customer security is our priority and Argos has worked closely with our partner, West One Technology, to guarantee strict data cleansing processes are in place to protect customers and ensure all personal information on traded-in devices is responsibly erased. This includes physically destroying all relevant data storage components to protect customer privacy in some cases."
Questions remain as to what these processes are, or why physical destruction of data storage components will only happen in ‘some cases’, but it has never been more important for a company like Argos to get an initiative like this right.
Data breaches are at the forefront of consumer’s minds, with a public data breach impacting brand reputation and ultimately revenues. One only has to look at US retailer Target to see the fall-out from a public data breach – a fallout which UK retailers such as Argos must be careful to avoid, especially as online marketplaces are becoming ever-more competitive.
Will customer data be at risk with this new service? It would be unfair to speculate seeing as the service is so new – but here’s hoping that we don’t see a Target-like breach in the near future.