Third Party Login Access

Retailers may sometimes have requests from their development partners or other third party companies for a various types of access. While you may trust this party, there are still a few things you should consider.

This page is not legal advice, and comments given may be completely wrong for your environment.

Full Login Access

If someone is granted full login access, then they can login and see all data in your system as if they were staff. The main implications are

• They can see all your products and suppliers
• They can see turnover, sales and profits
• They can see fine level sale transaction data, such as detailed receipts
• They can see all you customer and account holder personal details.

While much of the information visible above affects you and your business, customer personal data is covered by Privacy Laws in many countries. While these laws vary, the main upshots are

1. Only collect what you need
2. Only use it for that purpose
3. Do not disclose to third parties unless directly relates to what they are doing.
4. You are responsible even if they disclose it

Links:
NZ Privacy Commissioner
Consumer NZ Privacy Law Summary of obligations.
EU GDPR Regulations For retailer in the EU, or dealing with EU residents

API Access

API access is where a third party is granted access to an "API", which is a fancy computer term meaning they can read/write subsets of your data, but only in authorised areas. When you grant API access:

• They generally have access to specific items - eg list of products that list on a website
• You can control which APIs they call, although most retailers work on a trust/check occasionally model

What Happens elsewhere?

It varies, but here are some real world examples that are in place in various organisations

1. Internal development staff cannot see live data, especially customer details, and work on obfusticated data
2. A trusted 3rd party has a login and can act as if they are an employee
3. A retailer has enabled full auditing of customer searching and lookups. Lookups not matched to sales (ie random searching) are investigated depending on who is searching.
4. The majority of Fieldpine retailers do not grant full login access (that we know of!), but specific API access is common
5. (Large retailer) Fieldpine (and all vendors) are required to sign access agreements in order to access production systems. These also restrict which countries we can store data in

What are the horror stories?

As you can see, many of the following are human related. For "staff", read "someone who had been granted access"

1. Staff in store gave out a persons details to their partner, who had no right to that data
2. Staff in store gave out personal information to the Police without legal reason or head office approval
3. Staff used the customer database to find details of celebrities/people in the media
4. Staff leaked to the media a customer sales history
5. A retail database had been given to an IT company several years ago for dev/test purposes, but this leaked to the internet several years later; long after the relationship ended
6. An eCommerce web site was hacked and all eCommerce sales data was leaked
7. Printed confidential reports were placed in the rubbish bin without shredding

External Web Sites

External web sites are the most common requstors for access.

Hacking. Assume that any internet facing property can be hacked. If the vendor says they are unhackable, they are wrong. All major vendors (household names) have suffered various levels of data loss. The vendor may not have been hacked (to their knowledge), but this could be more they aren't a specific target yet.

Our advice for retailers is

1. Assume the website will eventually be hacked. If it isn't, thats great.
2. Of course expend resource to ensure #1 does not happen
3. Limit the amount of data that can be lost:
   1. Do not ship your whole "customer database" to you website.
   2. Make sure data is deleted from the website after a short period of time. Does the website really need sale details more than 90 days old? What about a customer that hasn't been back for 2 years?