This is page 3 of:

Check-In Cheating: Shopkick Retail Mobile System Easily Faked

February 24th, 2011

It’s important, though, to put this hack into context. Any application is going to have some level of fraudulent activity. In this instance, what is Shopkick doing to deal with this fraud, to minimize it?

Most of the defenses appear to involve applying rules about legitimate behavior. For example, someone attempting to “enter a store” when that store is closed would activate a fraud alert. Such an alert would also be triggered if someone “walked into” a store in Boston and then, one minute later, did the same for a store in Los Angeles.

Other defense techniques involve pattern recognition analysis, where Shopkick software analyzes its six months or so of usage data and then looks for anything that appears to break the typical pattern, said Shopkick Chief Technology Officer Aaron Emigh. That could include how many different stores a typical consumer visits in a day and in a week, along with how many different products are typically scanned. (Some sites have also posted the barcodes associated with specific stores, to allow a consumer to get points for those, too, without being in the store.)

What about regularly changing the sounds for each store, so fraudulent recorded sounds would quickly become outdated and easy to spot? That could be done by rotating frequencies used or by adding a timestamp or other changing identifier to the signal. Emigh said: “We do have some capabilities that we haven’t rolled out yet.” Asked if rotating sounds was one of those capabilities, Emigh said he’d rather not say.

Like all of security, these defenses are mostly aimed at reducing the fraud to a small enough level where it’s not disruptive to retailers and doesn’t dilute the marketing value. Shopkick doesn’t know how much fraud it’s currently experiencing, which is logical enough, given that a successful fraud will look to the company like a legitimate store visit.

“If you attempt to engage in fraud at a level that is economically worthwhile at all, you will run afoul of the many mechanisms that are in place to detect anomalous activity, and you will be banned,” Emigh said.

That’s a fair point, in that this type of fraud is not going to make any meaningful money for the fraudsters. That’s partially because of the low levels of incentives offered by the retailers. But some consumers will do it, simply because they can. Will it be huge numbers? Probably not.

But—and this is critical–will it impact enough check-in users to make the numbers unreliable? This is primarily a marketing program. If GPS customer numbers are unreliable and audio issues raise questions about Shopkick, what does that mean for mobile and retail check-in efforts?

Shopkick’s focus on its prevention techniques is legitimate. But those defenses will not flag someone who visits—or who appears to visit—local stores perhaps a few times a week. Therefore, retailers can’t tell whether the Shopkick system’s user activity is real or if it’s the exact kind of fraud the system can’t detect. Just because users don’t have a financial reason to game a system, that doesn’t mean that they won’t.

Editor’s Note:

  • Page 1 of this Special Report covers The Fake And How It Works.
  • Page 2 covers GPS Problems
  • Page 3 covers Putting It Into Fraud Context
  • Page 4 covers Shopkick Defenses

    When a customer is found to have tried to make a false entry—at least one that the system figures out is false—that user is given a warning, Emigh said. If further bad activity is detected, that user is banned. Some users are banned the first time, he said, if the offense is significant enough.

    The only figure Shopkick would release is that “the total number of people who have been banned for fraudulent activity amounts to a small fraction of one percent of the Shopkick user population.” That’s two steps removed from actual fraudulent activity. First, there’s the universe of all Shopkick’s interactions. Then we have an unknown number of frauds perpetrated. Some percentage of that population gets warnings. And then some percentage of those people get banned.

    And without knowing what that “small fraction” is, it’s hard to even evaluate that. One cynical interpretation of that small percentage is that Shopkick isn’t catching many people. But without knowing how many of the contacts are fraudulent, few conclusions can be reached.

    Part of the strategy behind Shopkick’s defenses is simple minimization.

  • advertisement

    10 Comments | Read Check-In Cheating: Shopkick Retail Mobile System Easily Faked

    1. Aaron Emigh Says:

      I’m the CTO of shopkick and am quoted in this article. We were happy to provide our support and input to the editor while the story was prepared, but there seems to be a disconnect about what the key points are for retailers. From our point of view, the key question is: does it work?

      The shopkick Signal technology was created for retailers because if you’re a retailer, you want to know that your promotions are really driving foot traffic. Traditional marketing can’t tell you that, because it is not measurable. Simple check-ins can’t do that either because, as stated in the article, 95 of incented check-ins are fake and GPS isn’t accurate enough to detect it. The shopkick Signal, on the other hand, demonstrably drives foot traffic and actual transactions. In short, it works.

      While had a very small number of fraudsters try to exploit us early on, as any platform does, the good news is that shopkick’s fraud levels are exceedingly low – much lower than other models. This is due to a sophisticated multilayer detection system that automatically give users one warning, then permanently ban the user and their smartphone from shopkick. Simply put, nobody can engage in systematic fraud of a known type in our system today.

      The “barrier to entry” for fraud, referred to in the article, is actually quite high. It’s one thing to be able to play a single recording and get a few points (not nearly enough to cash out with). The key point is that if you attempt to engage in fraud at a level that is economically worthwhile at all, you will run afoul of the many mechanisms that are in place to detect anomalous activity, and you will be banned. It’s highly misleading to emphasize the ability to play a single recording. Such activity poses no threat to the economic integrity of the shopkick ecosystem for anyone involved. (And as mentioned in the article, very few users even do that.)

      The amount of fraud we experience is not absolutely zero – any model that claims that is not credible – but it is very close to that. In successful models, fraud is kept to a negligible level that does not interfere with the economic utility being provided. We have achieved that with shopkick, just as banks have achieved it with credit cards, as the best ad networks have achieved it online, as retailers have achieved it with coupons, and as governments have achieved it with currency. All of these systems have some fraud, and they all provide enormous value.

      We can be sure that shopkick has achieved this level of fraud resistance not only because of our monitoring and anti-fraud technologies, but especially because we observe that our partners’ promotions on shopkick result in measurable increases in actual purchases. Our retail partners have tested shopkick intensively over the past 6 months, in dozens of experiments. A direct and measurable correlation of rewards for walking in, actual walk-ins, and real, dollar-based shopping transactions has been proven. Shopkick is a marketing vehicle that is more cost efficient than other current models by an order of magnitude.

      This is the key: shopkick does something that has never been possible before, and it works. It is a whole new way to incent foot traffic, much more measurable and more resistant to fraud than anything that has come before. We believe that it is an important innovation for the retail industry as a whole, and we are gratified that our partners have welcomed it as such.

    2. Richard Nedwich Says:

      One other security measure could be “2 factor location” rather than 2 factor authentication. What this means is, could there be more than 1 way to verify location?

      Using inaudible frequencies is 1 method. What about device connectivity to store WLAN? If the Shopkick app could use the platform/OS API to network resources, to read the local networks in range (ESS_ID in techspeak), then this is another indicator that the device and user are in range of the physical store. This, too, could be faked, but raises the bar for the ‘casual cheater.’

    3. Dave Vockell Says:

      This feels like an article written by a technologist more focused on “perfect” tech than “great” marketing programs that create value for consumers and brands.

      I suspect that if the inflammatory “95 of check-ins are by consumers not actually there” were to be adjusted to “validate” check-ins that were within 50 feet (any heavy user has done some ‘near’ check-ins) then the new number would be low single digits. If I’m a retailer, I think I don’t mind a ‘near’ check-in. If someone likes my brand enough to make that quick brand-connection-through-check-in, then I believe that experience increases brand engagement and I don’t consider it “fraud”, I consider it a great marketing moment.

      The Shopkicks and foursquares of the world are still in v1.0 of the value they deliver to consumers at point-of-sale. If the level of “bad fraud” suggested by this article were actually grounds for discontinuing testing, I imagine that the author would probably shut down almost all retail stores, since “shrinkage” and credit card fraud DWARF check-in fraud (of course, in absolute dollars, but also in of activity). There are always bored and bad people, and whether they are pointing that mal-intent at getting free KickBucks, or stuffing sweaters in their backpacks and returning them later, they are not grounds for stopping commerce.

      I have to imagine v2.0 of Shopkick and foursquare will manage gaming/cheating better (just like paid search did as you moved from 1.0 to 2.0) and also turn so-called “fraudulent” check-ins into valuable marketing moments.

      The title of the article should have been “Check-In Cheating: Shopkick Retail Mobile System Easily Faked – Here are Five Reasons You Shouldn’t Care.”

    4. Evan Schuman Says:

      Dave, appreciate the very valid comments. But I think you misinterpreted the point of the piece. Nowhere did it suggest or imply that retailers should back off the testing of efforts such as Foursquare and Shopkick. Quite the contrary: we wouldn’t have devoted so much space to a topic that we think people should abandon. The intent was to put these (as you correctly said, version 1.0) mobile efforts into the proper context.
      Retailers need to be reminded of the lack of certainty that these numbers reflect reality. That certainly doesn’t you mean you stop testing. A similar statement could have been made about Version 1.0 of any major effort, including early Web analytics (and, much worse, the early CONCLUSIONS taken from those early analytics), RFID (remember the initial accuracy of read-rates?) and just about every other key retail technology effort. We had simply seen many vendors tout accuracy and informational claims that needed some additional context and reality. That’s all that the piece was trying to do.
      I personally am quite confident that Version 3 or 4 of these mobile check-in programs will address these accuracy issues and it will be a critical piece of retail technology. (OK, maybe some applications leveraging Wi-Fi may trump check-ins by then, but we’ll be watching all of that space and reporting on it as it happens.)
      P.S. As for your nearby check-in thought, that’s fine UNLESS you’re in the middle of a city or a shopping mall or anywhere else where that “nearby checkin” is actually for a competitor.

    5. Evan Schuman Says:

      Or–and I hate to suggest an icky inter-personal effort–but how about a store associate interact with the unit in some manner to verify existence. That could also be faked, but it gets far more difficult, theoretically driving the fraud down much further. But yes, a 2-factor effort would be a really nice touch.

    6. Pat Burns Says:

      The Shopkick app is very cool – I have been testing it out at Best Buy and Macy’s and the team has done a terrific job. However, the long term viability of ultrasound as a micro-location/background check-in technology is quite limited.

    7. Chris P Says:

      I LOVE Shopkick. Especially because 5 minutes down the road I have an Old Navy, Target, and Best Buy. I frequent these stores, so I’ve had a ball collecting kicks and even know some of the guys at BB who help me find the scans. It’s a total hoot. It has driven my foot traffic to these stores and as much as I swear I’m going in for the kicks and to poke around, I inevitably end up buying SOMETHING. This is the earliest I’ve ever gotten xmas shopping done because I was so excited to go out on Black Friday. That said, I was at a Simon Mall on Friday and I got a warning that I was cheating the system. It really kind of startled me. It said I had one warning and if I cheat again I’ll be kicked off the system. I didn’t know what I’d done wrong since I was IN the MALL…can anyone tell me if the warning can be in error? The servers did seem to be going a little haywire that day. I am just worried I’ll be booted for life for doing nothing wrong….and I LOVE it! I visit SK more than Facebook now! Any thoughts on an error warning sign?

    8. Dan C Says:

      What Chris P experienced was that the anti-fraud system/algorithm DOES NOT believe any devoted Shopkicker could frequent nearby stores that frequently, let along anyone willing to spend time to visit multiple malls in a short period of time. Probably need to limit daily kick collection to be below 1 or 2K.

      After the orange warning, what any Shopkicker can do is to (1) dial down your Shopkick devotion at once, (2) redeem your kick collection as soon as possible — before it’s too late. Once banned, there is no route of discussion/petition. Looks like only physical phone swap could restart the Shopkick habit — the ban at least backlisted your phone ID. It may not worth the trouble though.

      Set your kick appetite low. Forget about those impossible kick reward levels, for the reason they can arbitrarily terminate any user “immediately” and forfeit all kick collection. (read TERMS OF SERVICE) You will only realize how much time has been wasted by paying too much attention to what store merchants want to brainwash us, after you got banned. Time is money too.

    9. Scott Says:

      Why don’t you create an app that actually works and is beneficial. All yours does is lock up the phones and create a crowd of people standing by doors and products (that we don’t necessarily need) waiting for the app to connect to the server. In today’s economy, you have to know that people will do whatever they can to earn the most amount of points/money. If you really want to get this going, make it worth our while. Better walk-ins and better products (why would I want to buy printer ink from 3 different places?? I am going to purchase it from the cheapest location !)

      just my thoughts.

    10. Peter Says:

      just tested the app, quite amazing with the rewards/gift cards.

      the only downsides are…

      this app is a battery killer, with mobile network and GPS enabled, half of the juice was kick off your phone for staying in the mall for an hour or two when you are trying to scan and walk in.

      this app is time waster… for 1250 kicks / $5 gift card, you wasted 1-2 hours

      app ban issue: if it allow multiple user to login the same device for cheating and ban, why would you had a sign out button then?

      app ban issue: if it allow you to scan without physically onsite and ban you afterward, why would you allow that function?

      finally: app lover becomes app hater


    StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

    Most Recent Comments

    Why Did Gonzales Hackers Like European Cards So Much Better?

    I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
    Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
    A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
    The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
    @David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

    Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.