This copy is for your personal, non-commercial use only.
If you go shopping this Christmas season, you really need to watch out because you will likely be tracked, profiled and, if you’re really not careful, digitally ripped off.
In most stores, nearly all products, whether a toy or a piece of jewelry, comes with a hidden radio-frequency identification (RFID) microchip. These chips are used to track both the product’s movement and the person moving it; its what trips an alarm as a customer exits the store with a non-de-activated chip. Retailers claim that tracking improves inventory monitoring and reduces employee theft and shoplifting.
In a handful of upscale shops across the country, retailers are introducing the latest in customer tracking, “mannequin cameras.” They have been installed in display windows to capture the passing customers key demographic information like gender, race and age. Some camera systems even use face-recognition software to profile customers.
And while your shopping, watch your wallet. A new generation of digital scams is targeting unsuspecting shoppers. One involves what are known as “smart” or “contactless” credit and debit cards that use RFID chips with a tiny radio antenna to transmit card activity to the issuing bank. Another takes place at retail outlets and involves “data skimmers” that capture account numbers from the magnetic strip on a card. There have been an increasing number of reports of consumers having not only money skimmed from their “smart” cards but other valuable information swiped as well.
So, shoppers, beware … and have a merry Christmas shopping!
* * *
Retails stores are notorious for collecting information on their customers. Stores as different as Target and Domino’s Pizza work closely with product suppliers, especially major brands, to track what customers buy. Many of these companies build extensive database profiles of each purchaser. When someone buys a product, the customer is assigned an ID number that becomes part of the store’s tracking system. Detailed records are kept of all subsequent purchases. Additional information, acquired from “data aggregators,” is often added to fill-out the customer profile.
Data is gathered from credit card transactions, store discount cards and coupons, and even product returns. In addition, a product’s barcode information is captured during the purchase and integrated into a consumer’s profile. This tracking is ostensibly intended to better target coupons and other incentives to the appropriate customers like, for examples, a pregnant woman receiving coupons for diapers and baby food.
Retailers are employing increasingly more sophisticated techniques, including closed-circuit video (CCTV) systems, to track customers in a store. Tracking helps map customer flow patterns, assess point-of-sale displays and purchasing habits. One company, Vizualize, sells “end-to-end solutions [that] track customer interaction times with products, store windows and point-of-purchase displays to measure their effectiveness in enticing shoppers to the store and conversion.”
Even product returns are fodder for personal information tracking. National chains like the Children’s Place and Victoria’s Secret require a shopper to present a personal ID (e.g., driver’s license) when returning a product – and the ID is scanned, the data entered into a company’s tracking database. The purpose of such tracking is to ostensibly prevent what is known as “renting,” a fraud of buying an item to wear and return. According to the National Retail Federation, 62 percent of retailers, including major vendors like Home Depot and Target, now require IDs with returns.
Over the years there have been repeated reports of “video voyeurism” in store dressing rooms and bathrooms. In these cases, small digi-cams are secretly mounted either behind a wall or hidden amidst a sink pedestal. Reports of such incidents, and they’ve happened at local Target and Starbuck stores in Florida and Washington, DC, get a lot of media attention but are only isolated examples of male employees taking advantage of rare opportunities. The real snooping is the every-day tracking that is an integral feature of consumer marketing and sales.
The latest twist in retail tracking involves the use of spy cameras in store window mannequins. A recent exposé in BusinessWeek has drawn attention to “EyeSee,” sold by Italian mannequin maker Almax. It reports that individual mannequins cost $5,130 and five upscale retailers have deployed “a few dozen” of them; Almax would not divulge the companies using the devices. The magazine noted, “bionic mannequins are spying on shoppers to boost luxury sales.”
The magazine also points out that the “device has spurred shops to adjust window displays, store layouts and promotions to keep consumers walking in the door and spending.” The camera system comes with sophisticated facial-recognition software that identifies key demographic elements like gender, race and age. In addition, the mannequin camera track how long a person lingers before a window display. Going further, Almax is now developing voice-recognition technology “to allow retailers to eavesdrop on what shoppers say about the mannequin’s attire.”
As Tana Ganeva recently noted, “Really, wouldn’t the ideal marketing scenario be if human customers were replaced by mannequins programmed to buy everything the other mannequins were selling?”
While you are out-and-about town shopping this season, watch your wallet. New forms of digital robbery are taking place as people pay in stores, sit at their favorite coffee-bar or even walk down the street. The new generation of “smart” or “contactless” credit and debit cards is now being introduced and they pose a serious problem for shoppers. These cards use RFID chips with a tiny radio antenna to transmit card activity to the issuing bank. In the U.S., some 35 million cards are in use, including MasterCard’s “PayPass” and Chase bank’s “Blink.”
Not surprising, there has been an increasing number of reports of unsuspecting consumers having not only money skimmed from their “smart” cards but other valuable information swiped as well. Smart-card rip-offs are pretty easy to execute. All it takes is a low-cost, $100 electronic card reader to capture personal data.
The credit card industry pooh-poohs the problem of theft, insisting such cards only account for about 3.5 percent of cards in use. Nevertheless, one should be careful.
“If I put a reader next to a turnstile at Grand Central Terminal at rush hour,” chuckles Mark Rasch, a former Justice Department computer-crime prosecutor and security consultant, “I could probably capture data from 5,000 cards in an evening.
While the banks are not taking action, a new generation of protective wallets, backpacks, passport holders and brief cases are being introduced to block such rip-offs. However, the various shields or wallets being sold under the rubric of RFID-blocking devices do not offer full-proof security. A leading security firm, Recursion, tested about a dozen blockers and found that, while each provided some degree of transmission protection, none offered complete signal security.
A second retail rip-off involves what is known as “data skimming.” It involves the use of bogus card reader affixed to payment terminals in stores, at gas-station pumps and ATM devices to capture account numbers from the magnetic strip on a card as well as the customer’s personal identification number (PIN) number. The U.S. Secret Service estimated that, in 2008, skimming due to ATM fraud totaled about $1 billion.
* * *
The great 21st century digital communications web is ever expanding while continually shrinking. The tracking and profiling taking place in retail outlets is just one aspect of a widening digi-com web that is increasingly ensnaring ordinary Americans. This “web” consists of both government entities (federal and local) and private corporations (retail, online and telecom) that track, monitor and surveil everyone using inter-connecting digital media. Most troubling, they are sharing the information, “data,” they collect.
If you pay with a credit card at your local grocery store, you are being tracked. You go to the doctor and your medical and insurance records can be accessed. Your car mechanic can monitor your engine remotely and alert you if there are signs of a problem. Your car insurance company can track the speeds your drive, linking your fees to a good driving record. Your address, Social Security number, employment history, crime record and even your online bank records can be easily accessed.
Private sector tracking that takes place in retail outlets, even the apparently innocuous mannequin cameras, is part of a much, much larger monitoring, information gathering and commodification effort now underway. In addition to retailers, the great digital data sucking now underway also includes companies that enable digital communications, like AT&T and Verizon; that facilitate commercial transactions, like Visa and PayPal; and that collect or aggregate personal data, repackage it and offer it for sale, like Acxiom and LexisNexis. Together, these types of companies turn a person’s private digital life – as well as the person — into a commodity.
Capitalism is a game of cat and mouse, in which the bigger the cat the better its chance to devour the mouse. Under capitalism, the line between legal and illegal is arbitrary, the result less of market forces than political influence. One time, alcohol and pornography were illegal, today they are multi-billion dollar businesses; marijuana is in the legality flux-phase, working its way from the dead zone of an illegal substance to an accepted medicinal herb and a recreational indulgence.
As these incidents suggest, the line between legal and illegal, the entrepreneur and the criminal, changes over time. Nevertheless, both the giant corporation and the marginal hustler are effectively using the latest digital technologies to maximize their “return.”
A criminal rip-off of a credit card involves real money and much inconvenience, especially at Christmas time. However, the ever-greater aggregation of personal information by private corporates (and the U.S. government) poses a far graver, long-term challenge. The endless accreation of personal data by corporations and government agencies shrink the person, narrowing the scope of individual privacy. Be careful this C’mas season.