- Filed Under
A retired Army lieutenant colonel recently wrote in to say he has “significant security concerns” about two programs that have been developed to give companies ways to verify that people are veterans before giving them special deals and discounts.
The retiree is concerned that he has to provide too much information, which could lead to fraud, violence or identity theft.
I gave the verification companies, Troop ID and SheerID, a chance to address his concerns.
Troop ID is an online ID card for troops, veterans and spouses that allows members to get discounts online. Those eligible can tie their email to their military credentials by visiting TroopID.com. Once they are verified, customers can use the Troop ID widget on retailers’ websites to get discount vouchers for a variety of national brands.
Currently, serving troops can enter their .mil email address for verification. Retirees have several options to verify their status.
The retired lieutenant colonel chose his USAA membership. But he was asked for his full date of birth, the last four digits of his Social Security number, and a date during which he was on active duty.
“If I am using USAA to verify my status, then why do I need to [provide] so much personal information?” he asks.
Blake Hall, chief executive officer of Troop ID, said the company requires the minimum amount of information necessary to ensure that a person did, in fact, serve in the military. Once a service member or veteran is verified, “we only release the fields of information that are directly relevant to a particular business transaction.”
For retail discounts, he said, that information is just a name and a “yes or no” response as to military status.
In addition, the customer reviews the information requested by the retailer and must explicitly approve each request, Hall said, adding that a “bank-grade” infrastructure protects the information at all times.
USAA chief information security and privacy officer Jack Key said TroopID has met USAA’s security requirements for the protection of information “and we continue to monitor their compliance.”
“We are currently evaluating options to allow USAA members to use their member numbers for TroopID verification and/or access TroopID directly from usaa.com,” he said.
The company SheerID works differently, providing a “point-of-sale” verification that any retailer can use at the cash register or online checkout, verifying through secure databases such as the Defense Enrollment Eligibility Reporting System. But the retiree said it makes him uneasy to provide his date of birth at the cash register. He contends that, along with information on a personal check or credit card, too much information is going to the sales clerk.
Technically, it’s two separate processes, a spokesman for SheerID said.
“To the consumer, it appears as one seamless process with just two steps,” he said, but really, customers enter their birth dates and/or military verification information with SheerID on the keypad much like they would enter the information required for a debit card transaction, then handle the payment process with the retailer. Customers can tell the cashier their information, but if they don’t feel comfortable providing that, they can enter it on the keypad. The cashier doesn’t see the SheerID information.
“Ultimately, the retailer cannot see the personal verification details, and SheerID cannot see the payment information, so it’s all separate,” he said.
If you are concerned about the security of any process, ask why you have to provide a specific piece of information and whether there is a way to avoid it.
If you’re still concerned, you don’t have to continue with the transaction. Ultimately, getting a discount is voluntary.