Shopping Cart for speedy check-out and advertisement
SummaryIn the future, a shopping cart may no longer be just an ordinary shopping cart. It can also be an outlet for advertisement, check-out, and many more. Using the shopping cart, customer can view today’s deal, products’ advertisements, on-sale items, and pay items at the same time without waiting at the check-out line. The newly designed shopping cart is a product of MediaCart, Microsoft, and Wakefern. Microsoft is in charge with providing targeted ads using its Microsoft Atlas technology and the sophisticated shopping cart is created by MediaCart. The current system will be put to test in ShopRite supermarket managed by Wakefern on the East Coast. The shopping carts will be equipped RFID tags to sense where the carts’ location in the supermarket. When a customer walks in a specific aisle, he or she can receive specific advertisement based on the RFID that the console received.An interesting feature that customer might enjoy is the online shopping list. You can list all your shopping item on the website and it will save it for you. Once you are at the supermarket, you will simply swipe in your member’s card and the list will appear. It’s a nice way to save a piece of paper or a post-it-note. At the end, all the data mines from customer will be useful for better advertisement and the supermarket’s improvement.Assets
- Customer information. Every customer who wishes to use this new service has to become a member of the card loyalty program. Thus, their personal information is recorded and should be safeguarded against unnecessary use. In addition, their personal information will also include shopping pattern or other related information for better targeted advertisement.
- Supermarket’s good will and reputation. Since the technology is fairly new, ShopRite will become the first supermarket to pioneer the application of this concept. It can become a major player of the future that gives a new shopping reputation with reliable system and good reputation.
Security Goal
- Customer retention. The system intended for all customer to have a good experience while visiting the supermarket. Therefore, the advertisement or promotion/sale should be related to customer’s need. The customer will build up preference to the store because of the level of convenience and satisfaction. In the end, regular flow customer to the supermarket will ensure the regular flow of capital and open other venue for future investment.
- Faster purchasing process. The new shopping cart system allows customers to bypass the checkout counter. Thus, they do not need to wait in line and waste their precious time. This convenience will give an added value to the supermarket and ensure availability of check out process anywhere and anytime.
Potential Adversaries
- Rivals or competitors. The new system is giving a path for new way of shopping. If the technology attracts people’s attention, then many supermarkets might need to follow the step to stay in-trend. However, some supermarkets might not agree with this method and devise a plan to foil it.
- Disgruntled worker. The new change in the supermarket might spark disapprovals within the company. Since the check-out counter is no longer necessary, then some employee can be let go. This fact can give a reason for desperate employees to get even.
Threats
- RFID transmission. RFID chips will be used all across the supermarket area. A malicious user can view the RFID and perhaps devise a way to change the configuration the RFID or disable it. Then, customer might receive unrelated advertisement, which will reduce customer experience. In addition, malicious might even want to tamper or disable the RFID to make the system useless.
- Database security. All of the advertisements should be stored in some kind of database that relates them to RFID tags. In the case of database tampering, the advertisement might not correlate with the correct advertisement. In worst case, customer will be bombarded with all type of advertisements (ex: adult advertisement).
Potential Weakness
- Database tampering. The database for advertisement will need to be constantly updated for new advertisement. If the data is outdated, then the customer might get confuse. The problem can come for internal where the database could contain customer information. A lack of security can give a malicious user a chance to ruin the database and render the supermarket useless.
- Wireless communication. The system in place relies heavily in wireless communication, starting from the RFID to the method of payment. Customers who need to pay the items can simply swipe their card on the shopping cart. It will then try to complete the transaction. The communication between the shopping carts with the payment server can be interrupted or even intercepted. Not to mention, the shopping cart might also store user information like their card member or recently used credit card.
Potential Defenses
- Firewall and redundancy. All servers that host the supermarkets’ shopping cart should have a robust firewall and redundancy system to serve all customers. The firewall can be used to protect overall system against attacker. Redundancy to accommodate the users with advertisement even some of the servers went down either for maintenance or repair.
- Encryption. In order to protect all wireless communication, encryption is really essential especially when concerning personal information. This means, all communication between the shopping cart and the servers must be encrypted.
RiskInterruption in the RFID transmission is a risk that the supermarket must bear. The RFID has been around for a long and people know the technology quite well. Thus, the possibility for tampering the RFID or change its configuration could be reasonable. Additional protection in the form of shielding of transmission leakage outside the supermarket and the transmission encryption might be needed.Database tampering might be an issue, especially the one that has the content of customer information, advertisements, process payment; and it can talk directly to the shopping cart. A complete and adequate protecting to secure customer data and daily transaction is necessary.ConclusionThe new shopping cart can give better customer satisfaction and better experience if the security permits it. Customers are exposed to risk where their personal information can be breached and exposed to others. Furthermore, they will be bombarded by many advertisements that are targeted to their preferences and habits. In short, the shopping cart will become more interactive to customer preferences in the expense of their information being mined and analyzed. It is a trade off that every customer might need to bear in mind when doing their shopping chore.If this method becomes popular, then we can expect all supermarkets to use this ‘smart’ shopping cart. Thus, the importance of maintaining privacy will invade our daily live when buying grocery.
Comment by Max Aller
January 20, 2008 @ 1:45 pm
Overall, I think this would be a cool idea — especially if it can direct me to the aisle with item X. Though, it doesn’t sound like the MediaCart has much in interactivity (maybe they could add a touchscreen?), so perhaps not. I can think of a few things to add to this…
Assets: The shopping cart! Within 2 miles of every Safeway and QFC here you can usually find a stray shopping cart either on the side of the road or on someone’s lawn. Not that the cart would be particularly useful outside of the store, the store would still have to enforce some sort of countermeasures so people couldn’t steal it. (Actually, I’ve heard that in some places the cart wheels have locks that engage if you take the cart off the premises).
As far as the mentioned security goals go, one has to take into account that no checkout counter means no bags. This could be a pain for people going from the store to their car to home to their house, but for people walking home (i.e. students) this could be a deal-breaker. On the other hand, you could buy reusable cloth grocery bags, and if you’re walking you probably won’t have bought (presumably) more than you can carry, which might render the previous point moot.
Potential adversaries: customer. See below.
Potential weaknesses: purchase evasion. I haven’t really done too much research here so there might be a counterpoint, but for this and RFID products in general you could use a Faraday cage to block the RFID and make it seem as if you don’t have the product in your cart at all and just stroll out of the store.
Defenses I think is pretty sound there.
I don’t know if I really agree with the privacy issues here, though. If you use a Safeway card or a QFC card (or any other grocery card, probably), the company already has your name/address/phone/email and your entire history of purchases. In fact, you can create an account on the Safeway website and browse previous items you’ve purchased yourself! (I think it’s so you can check boxes next to previously purchased items and order it from Safeway.com or something)
Comment by robertm2
January 20, 2008 @ 2:45 pm
It seems that the following could also be listed as assets in addition to the ones that were listed: the products that the stores shelve, and also the shopping cart itself. Although the allowing of the manual checkout offers a great time-saving convenience, it also seems to introduce new problems. I don’t think it’s mentioned in this post but I’m guessing the cart will be equipped with barcode sensors so that the shopping carts will be updated to the moment and so customers can checkout as necessary whenever they want. How would the stores ensure that the customers pay for all of the items in their cart, or that they don’t add additional items after paying for their initial items? One possible method to try to deter this is by having an employee by the door that will briefly check your receipt against what’s in the shopping cart. But the effectiveness of this seems very limited, especially since there is a trade-off between the time it will take and how perfectly they could check the items, and if it take’s too long, then is no point in having the manual checkout process in the first place. Also, I’d imagine the shopping carts themselves could be valuable and thus something that thieves would want to target. It could be sold for parts or to other grocery stores. Since customers are allowed to take carts outside to their cars, it seems that they’d have to set up a perimeter outlining the parking lot of the store with an anti-theft mechanism installed.
Also, I think Fabian brings up a great point about the customer information that’s stored. I think that it needs to be protected very carefully, especially confidential products like medical products (say, if a Fred Meyer or any other stores with a pharmacy) decides to adopt this. Perhaps the companies can adopt policies to not store customer data that involves products that might be sensitive.
Comment by robertm2
January 20, 2008 @ 2:52 pm
Oops. Max, it looks like we both mention some of the main things but your comment was not posted as I was writing mine :p. I’m a little confused about the use of the RFID’s though. My understanding was that they’re equipped only on the shopping carts so that the specific advertisements/products that you wanted to buy within your list can be beamed down to the cart’s screen depending on where you are in the store. Or are they additionally put on every single product within the store, making this the method for shopping carts to determine what’s in it?
Comment by Alexa
October 12, 2008 @ 10:14 pm
wow what a nice post about coupons and retail information.
Its a very needed information because i need some coupons to buy somethings.
Comment by Eric Webel
January 20, 2009 @ 6:42 pm
Here’s a completely open source shopping cart specifically designed to deal with digital merchandise.
http://www.phocart.com