I got an interesting email from Aer Lingus yesterday saying that it was deleting the credit card details that I had stored in my Aer Club account profile.
“We are making changes to how we store account holder’s payment card details across AerLingus.com and the Aer Lingus app.
As of 7th April, you will no longer be able to use saved payment card details to make purchases with us or save new payment card details to your account in the future.
These changes are being made to meet the highest industry standards in payment card fraud prevention and to meet our commitment to PCI (Payment Card Industry Data Security Standard) compliance.“
I’m not entirely clear if Aer Lingus is actually saying: “our IT is rubbish and doesn’t meet modern security standards, so we can’t look after your credit card details any longer” or if it is genuinely taking a pragmatic stance that the risk vs reward trade-off is no longer worth it.
The large fines dished out to British Airways and Marriott over data breaches may be a factor here. I would imagine that a company is less likely to face major punishment if a breach only revealed frequent flyer and email details as opposed to payment card numbers.