Nordstrom Halts Mobile Customer-Tracking Trial

Written by Evan Schuman
May 21st, 2013

Eight months into a controversial customer-tracking mobile trial, Nordstrom (NYSE:JWN) has halted the effort. Although Nordstrom took a lot of criticism for the mostly misunderstood program from consumer media, it’s not clear whether the project ended as a result of the criticism or the trial had simply run its course.

The trial’s purpose was straightforward: to use routine signals coming from shopper’s mobile devices to count how many people showed at Nordstrom and, critically, which were repeat visitors (and, if so, how many times they had previously visited, dates they visited and where in the store they went). Nordstrom had maintained that it was only seeing anonymous data, meaning that it didn’t know the names of the shoppers being tracked.

The trial was controversial for a reason other than consumers’ fears that their privacy was somehow being invaded. (By the way, the invasion of privacy claim was rather silly. Is it any different from an associate recognizing a customer from a week ago and saying, “Mrs. Smith. How nice to see you again. Did that turquoise sundress work out for that function you told me about in New Orleans?” Sure, it is. The associate’s recollection is name-specific, making it far more intrusive.) The problem was that the vendor involved, a company called Euclid, said that it was also working for 35 other of the nation’s top 100 retailers.

And Euclid was able to see cross-retail activity. That means that it saw when, for example, a Nordstrom shopper left Nordstrom without visiting POS and then her mobile signal appeared 20 minutes later inside Macy’s, where she ended her visit with that always-desired visit to POS. (Note: That was just an example. Other than Nordstrom, we’re not identifying which retailers are using Euclid.) The fact that Nordstrom is only receiving anonymous data (or so it says) doesn’t mean that its rivals all are similarly limited.

This is a key industry problem with many forms of mobile information gathering. At an MCX panel at the NRF show, retail execs spoke quite a bit about their fears surrendering their most sensitive customer data to third-parties. Jay Culotta, the treasurer at regional convenience chain Wawa, said many of the mobile vendors say they are not—today—planning on sharing data, but they refuse to say what will happen down the road. “It’s not a forever situation,” Culotta said, adding that the temptations for leveraging such data will likely be overwhelming. “It’s unclear what their business case would be without monetizing that data.”

A Lowe’s executive on the panel—VP, Operational Controller John Manna—agreed and painted a scenario where a mobile vendor knew that a Lowe’s customer made regular purchases at Lowe’s and then walked right by an Ace Hardware store. And if an Ace Hardware corporate manager is then talking with that vendor, will the very substantial dollars that Ace would likely pay for that list of customers be set aside? Manna indicated that he would rather not find out.

Getting back to the Nordstrom trial, eight months is indeed quite a sufficient trial to determine if this data is useful and accurate and, to be candid, if it was has a practical ROI. This kind of effort likely does have a practical ROI, if you limit the equation to looking at the raw costs of the setup against increased sales potential (and reality). But there’s the amorphous other element that is more difficult to calculate. How much are you potentially helping your rivals by dumping all of your data with a third-party that is also taking their money?

The better question: Can such a program be done internally, solely with a retailer’s own resources? It would be more costly initially, but you would have complete control of the data, with almost no chance of it seeping into the knowledge base of rivals. That can indeed be a forever situation.

Nordstrom spokesperson Tara Darrow, in an e-mail sent to CBSNews, confirmed that the chain had halted the mobile trial. “We’d been testing Euclid since September and have said all along this was a test for us. We had been discussing what made sense in terms of concluding the test; after 8 months we’d felt like we had learned a lot and determined that it was the right time to end it,” Darrow said.

From the shopper reaction perspective, a big problem for Nordstrom had been signs announcing the program and giving people an option to opt-out. The signs were phrased vaguely enough that, to many shoppers, the program sounded a lot more intrusive than it really was.

This trial shutdown perhaps offers the best example why normal IT processes for dealing with third-party vendors may need to be re-evaluated when it comes to mobile.

The problem is data ownership. When a retailer invites a third-party in to track (or otherwise interact with) its customers, who owns that data? Does the vendor have the right to retain a copy? When that vendor works for competing retailers, can it use that information to help them? Does it need to only be in aggregated form? And who is going to police that? Is that low-cost third-party deal as good a deal as it sounds if your customer data ultimately helps a direct rival?

As the Lowe’s (NYSE:LOW) and Wawa execs point out, this is not a privacy issue nearly as much a business model issue. Shopper fears of having their privacy violated are misplaced, as this won’t violate their privacy any more than it’s been violated for decades.

Sidenote: Retail privacy has never really existed. Go back as far as you want. Those convenient corner grocers that your grandparents used? Those owners knew everything they bought and they remembered. It was sort of cerebral CRM. Technology today replaces the shopkeep’s memory. It may be much more efficient, but it’s hardly more intrusive.

But to the business model. The idea of retailers entrusting tons of ultra-sensitive data to third-parties is nothing new. Think about your payment processor, your QSA or even Visa directly. (Please, not before dinner.) What’s the difference? After all, those folk had access to every one of your transactions and they also take money from your direct rivals. Was it a matter of trust? (A retailer blindly trusting Visa? Please.) The difference is that those payment players made their money other ways.

The problem in mobile is that these third-party vendors are still trying to figure out how they’ll make money from all of this. The only answer we keep coming back to is data. Repurposing it, reselling it and packaging it. The third-party becomes the data broker and sells the interactions and movements of your customers to the highest bidder.

There is an alternative, of course: Do it yourself. Track your customers on your apps and keep all data internal. The third parties may make life a lot easier and cheaper—in the short term—but until this space solidifies and there’s a way to make money without repurposing your data, be warned. This data is also something you can never get back.

Think back to Papa John’s legal nightmare last year (it’s still going on) when a third-party company that was helping the pizza chain by texting its customers to come back for various promotions started going rogue. It eventually asked for that third-party to destroy all of the names. The allegations involve the third-party grabbing mobile numbers from customers when they asked for pizzas to be delivered. Did the third-party wipe all of that data when asked? What about backup systems? Employees of that vendor who had copies on laptops and thumb drives? Saying “yes, we destroyed it” is a lot easier than proving it.


One Comment | Read Nordstrom Halts Mobile Customer-Tracking Trial

  1. RK Says:

    Have followed this story for last 3 months. The question I have is – What should Euclid do to avoid these cases in future ?


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.