Apple Arrest Puts Heat On Mobile Checkout Policies
Written by Evan SchumanDo the very nature of mobile checkout apps mean that retailers must radically rethink shoplifting policies? (Hint: The answer is “yes.”) After Apple literally sent an 18-year-old Apple Store customer to jail in New York City last month—after the customer apparently failed to click the final complete transaction button—the broader implications for retailers are significant.
Shoplifting policies are based on a simply binary: Is the customer leaving the store with an unpaid-for product? But there needs to be proof of intent. And for the next year or two—while consumer-controlled mobile in-store purchases are very new—there had better be overwhelming proof of that intent.
What should be the policy if the customer absentmindedly—or sloppily or in haste—forgets to click an icon? Even more frightening, what if the shopper does properly process the transaction on his/her mobile phone but the application or the transmission glitches, for whatever reason?
One of the decisions Apple made with its in-store mobile purchase program (EasyPay) complicates establishing proof of intent. For example, EasyPay uses a payment card already on file (not dissimilar to how iTunes uses whatever card is already on file and solely asks for an iTunes password). If it required a card to be typed in—or swiped—each time, that could be a wonderful display of intent.
EasyPay also can only process the purchase of one product at a time. That’s a hassle if the shopper wants to buy nine items. In the intent category, though, that restriction sidesteps the issue of someone taking nine items and only paying for five of them, which is a popular self-checkout theft tactic.
In the Apple case, a customer named Eric Shine went into a Fifth Avenue Apple store on August 20. He had a scheduled meeting with Apple tech support and, while waiting, bought some Bose headphones for $129.95, according to a New York City Police Department criminal complaint. He used EasyPay, and thought he had completed the transaction and had, therefore, paid. Shine then had his meeting with tech support.
After that, he asked a store associate for a bag for his purchase, which is what customers are supposed to do. The associate is then supposed to ask to see the digital receipt. In this case, however, the associate didn’t ask and instead simply gave Shine the bag. That bag is supposed to signal to Loss Prevention that the product has been verified as purchased. (Oops!)
Shine then placed the bag into his backpack and tried to continue with his day.
The LP employee, John Conenna, asked to see Shine’s receipt. Shine pulled out his iPhone, and it was only then that he realized the app had gone through every step except the last one. Instead of asking the Apple fan to please complete the transaction, the associate called the police and had Shine arrested on petit larceny (shoplifting) and criminal possession of stolen property. The New Jersey resident spent the night in a NYC jail and is awaiting a court date for next month.
Let’s do a quick list of the ways this situation was handled in the worst possible way.
-Marc
September 7th, 2012 at 10:05 am
Mobile check-out has the same challenges as self-checkout stations by putting trust on the customer to pick from inventory,conduct the transaction and walk out the store without interaction.
Most shoplifters believe they are smarter than the retail security system and the shoplifter game goal is to outsmart the retailer with the prize of the shoplifted item. It wouldn’t surprise me if this was the case, which was a very expensive pair of headphones.
September 7th, 2012 at 10:56 am
Good point, Ed, but as the story points out, the security issues involving mobile go beyond self-checkout security. ‘Tis not the same issues in the sense that self-checkout transactions are observed in one place, by the associate managing those SCO lanes. In the Walmart story this week, the associate merely sees the shopper scan the single barcode from her phone. This robs her of the ability to notice if she deliberately does NOT scan several items. (Granted, that can be detected with in-aisle cameras, but it’s much more complicated. The system–or associates–needs to notice that a specific customer is using mobile and then notice she doesn’t scan certain items in certain aisles.) In the Apple Store example, a scan can happen but the process may not be properly completed–deliberately or inadvertently.
None of these issues are unsolvable, but the belief that mobile self-checkout presents no security issues beyond traditional POS self-checkout is a very dangerous thought.