Will Uber Change Course & Properly ‘Steer’ Customer Data?


PCI

As fans a of Uber, I applaud the company’s effort to disrupt and improve the domain of taxi and limousine services. However, what has been painful to observe is Uber’s efforts to also play the role of a “Big Data” enterprise.  When done correctly “Big Data” is an effective leveraging tool that improves customer service. But when done poorly (in the case of a data breach) exposed data of driver information, customer ratings, etc, can have a severe impact to a company’s public image and customer trust.

Just when I had hoped that Uber learned from its media dust up with a
Buzzfeed reporter over the threat of exposing critics’ private data comes word that
approximately 50,000 driver names and license numbers may have been
subject to a third party data breach in 2014.  A presumed class action
suit filed in San Francisco on behalf of a Portland Uber driver also
claims that Uber failed to make a disclosure for approximately five
months after the breach came to light.  As Uber is defending the suit,
time will tell as to what precisely occurred.

The critical concern that Uber needs to recognize is that customer
trust is not to be taken for granted.  One of the great features of
Uber is that no customer credit card information is ever shared
directly with the Uber driver. Instead, all charges are handled inside
the Uber app. The customer never has to take the credit card out of
their pocket. For this considerable benefit to continue to work
effectively, Uber must maintain the sacred trust of the public that
credit card information stored by Uber will be properly safeguarded
and not be subject to the type of wide spread breach which is reported
to have occurred to Uber’s drivers.  The obvious concern is that if
Uber cannot protect its own drivers’ records, can customer card and
data breaches be next?

Hopefully, Uber will take some of its venture capital to invest in
proper security technology such as encryption and tokenization as well
as train its personnel on the finer points of Payment Card Industry
Data Security Standards (PCI DSS).  We certainly hope that Uber will
learn from its missteps.  It will mean the regaining of what any
business can lose when suffering a data breach, customer loyalty.