Best Buy’s Mobile Oath: Do No Privacy Harm

Written by Evan Schuman
August 5th, 2010

In a sign of the times, when Best Buy officially introduced its new mobile application on Tuesday (August 3), the key point being touted was not the app’s capabilities, convenience or free price. It was that the nature of the app is such that it doesn’t violate privacy.

The app itself—which is also due to be released shortly by Macy’s, among other chains—comes from a vendor called Shopkick. Its approach involves devices in the store broadcasting a constant audible signal announcing that store’s identification number, but nothing else. That sound—theoretically undetectable by humans—would be picked up by any mobile phones in the store, assuming those phones have the Best Buy mobile app launched.

Shopkick CEO Cyriac Roeding touts the fact that the app merely receives a signal from the store and doesn’t transmit anything as a privacy-protection feature many rival offerings lack. “That’s a significant difference from a privacy point of view. The user is in full control,” Roeding said, adding that if consumers want to remain anonymous, they would merely choose to not launch the app while in the store.

If the app is live, though, consumers get are shown various discount coupons applicable to that particular store. (The store’s identification number in that audio message is how the app knows which discounts to display.)

The plans for Best Buy and Macy’s to include these mobile apps this summer aren’t new, but the specific deployment details are.

A Best Buy statement, for example, says the chain “integrated Shopkick directly into its point of sale system in its San Francisco store to streamline the redemption of special offers.” That’s certainly true. But the POS integration is certainly not an example of mobile cutting edge.

The retailer could have allowed mobile phones to wirelessly communicate with POS at a checkout lane—or even to connect to POS from anywhere in the store—or, perhaps, to scan a barcode display on the phone. Instead, Best Buy is asking consumers to tell an associate cashier their mobile phone number, which will allow “any applicable personalized discounts [to] immediately appear on their receipt.”

Beyond privacy control, the nature of the app provides no incentive for thieves, which is arguably the best defense. (Best way to defend against muggers in New York City: Being broke and really looking like it.) The multi-frequency blast of sound carries nothing beyond a store’s unique code. Break that code and listen to the audio communications, and you’ll learn nothing beyond the location of the store, which you presumably already knew. “It’s technically extraordinarily difficult to recognize sound patterns,” Shopkick’s Roeding said, “but even assuming that someone did: What would they do with it?”

In the beginning phase of this mobile trial, Best Buy will keep its offers very broad—such as 10 percent off an entire product category, for everyone in that store. But the near-term plans are to use a customer’s volunteered demographic details to fine-tune recommendations. No efforts thus far have been made to integrate a customer’s purchase history with the mobile promotions at Best Buy, Roeding said.

Best Buy is paying Shopkick for every customer who uses the app in its stores.


Comments are closed.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.