Mobile Tracking At The Mall: The CRM Potential Is Stunning

Written by Evan Schuman
October 19th, 2011

When a major Australian shopping mall next month starts tracking consumers by their mobile phones, they will try and pacify privacy advocates by stressing that no customer names nor phone numbers will be given to retailers. Truth be told, the tracking information that they will collect will be far more valuable.

The vendor behind the trial, a U.K. firm called Path Intelligence, pledged that “no mobile phone usernames or numbers could be accessed” and that “all we do is log the movement of a phone around an area and aggregate this to provide trend data for businesses.” But what if that phone-tracking data is linked with security cameras and/or POS systems? What if a mall representative called one of its retail residents and said, “We’re now tracking a woman who has spent $980 in the last hour and she has just walked into your store. For a $300 fee, I’ll tell you exactly where she’s standing right now. Deal?”

The mall’s trial will identify a person’s “location within two meters,” according to a report in Australia’s Courier-Mail newspaper. The idea of tracking consumers via phones is not new, but this is the largest scale trial we have seen.

Mobile, in one form or another, is at the heart of—depending on your perspective—huge data-collection advances or huge privacy disasters. Typically, it’s nice on its own. But when mobile data is layered on top of other real-time data sources, the new information potential grows exponentially. Consider the Carnegie-Mellon University study about mobile interacting with facial recognition or the plan to use mobile, security cameras, POS and license plates to create the perfect retail CRM system.

At its most innocuous, the systems could theoretically do little more than count shoppers and track their movement from store to store. But that’s hardly going to motivate chains to pay a lot for such data. If, however, the system collected data about what these customers did in those stores and tracked each customer over time, this effort gets much more compelling.

There’s not that much reason to know the customer’s name, beyond “big spender 479” or “suspected shoplifter 1348.” But if there’s a POS tie-in, that customer will be identified the first time she buys anything with a payment card. And as CMU proved, a camera flashing a consumer’s picture could also easily link everything to a name. The mall’s mobile system, though, already has the activity history.

Speaking of shoplifting suspects, one of the less-credible threats that a retailer has historically had is banning a customer for life from the chain (typically after a shoplifting incident or allegation). It lacks credibility, however, because there’s little practical way to enforce it—unless the shoplifter happens to be recognized. But the type of mobile tracking that the Australian mall is using could be a practical way to enforce such bans.

Professional shoplifters could always obtain a bunch of disposable phones and leave their real one at home, but mobile-phone tracking could still be much more effective than what exists today.

On the downside, the ease of this approach could fuel overzealous Loss Prevention agents. What if the LP agent gets nervous when watching a large group of teenage boys (say 12)? A surreptitious sweep could mark every mobile signal coming from that group as “potential shoplifter.” An alert could go off every time any of those signals reappears in any cooperating mall or retailer. Imagine a No-Fly List for retailers, potentially triggered by one employee.

The privacy issue here is that most laws are focused on personally identifiable information, but PII should not be merely names, numbers and addresses. CRM files care about the actions and inclinations of a consumer. As long as a retailer knows that this consumer appears to be a 25-year-old who has purchased an awful lot of formal shoes and pants today—at top prices—and who is walking over to one of its store, where it sells formal shirts, that retailer happy. If the CRM system also says that this person has never been seen making a return and typically shops between 7 and 9 PM on Wednesdays and Fridays, the retailer is thrilled and really couldn’t care less if her name is Sarah Smith, Helen Jones or Mata Hari.


Comments are closed.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.