Tag Archives: merchants

Retail Tracking- “Who Knows Everything?” Book Excerpt

“Who Knows Everything?” is the title of my upcoming book about consumer privacy and the corporate spying. This book details the technology, strategies and depth of corporate spying. The objective of the book is to expose the incredible amount of information collected by corporations and the detail and intrusiveness of this relentless spying. In this chapter you get an idea of what is happening to you as you simply walk through a store. And there is no law against it.

Retail Tracking

You are being followed…everywhere!

If you think you can only be tracked online I have some bad news for you. Merchants have begun tracking customers while they’re in the store, walking near the store and or driving to the store. One method used to track customers is to track their cell phones. Stores use the Wi-Fi signals coming from the customer’s cellphone to track where they go in the store and what they look at. Major retailers such as Nordstrom, Family Dollar and Cabela’s are testing these technologies and using the information to make decisions like changing store layouts and to tailor coupon offerings. Apps such as Apple’s iBeacon are also used to track customers in stores.

But you need to understand how far this tracking goes. You don’t even have to be in the store to be followed.

A recent case settled by the Federal Trade Commission revealed really creepy technology being used by retailers.  According to the FTC sensor technology built by Nomi Technologies tracked the physical movement of more than nine million customers via their smartphones.

The tracking worked like this. Nomi’s technology tracked the smartphones of customers as the device searched for Wi-Fi signals inside stores or almost anywhere the owner went. Nomi stored this information making their equipment capable of tracking the movement of people throughout its clients’ retail outlets. This tracking information could also be used to track people’s shopping habits between stores.  The same MAC address appearing in several different stores reveals valuable information about the person whose smartphone possesses that address. Basically, you are being watched even if you are not in the store!

The FTC is not however accusing Nomi of providing anybody your individual information. But the agency did accuse Nomi of tracking consumers both inside and outside of its clients’ stores. According to the FTC Nomi allegedly,

  • Used the tracking information to inform its clients how many consumers passed by store entrances without entering.
  • How long people remained in stores.
  • How many people who entered a store had been in that store or other stores of the same chain within a certain period of time.
  • And various other forms of tracking data.

Is this illegal? No, retail tracking is not illegal. There is almost nothing in this book that’s illegal!

Many retailers use advanced methods and technologies to track customers including bionic mannequins. But the FTC took action because Nomi may not have informed, or even mislead consumers of the tracking. According to Nomi’s privacy policy consumers were supposed to be able to opt out of being tracked.  The consumer could use Nomi’s website or “at any retailer using Nomi’s technology” opt out. Nomi did provide an opt-out option on its website. But the FTC claims that at various stores using Nomi’s technology there were no disclosure notices that the technology was in use and no way for consumers to opt out.

Nomi’s settlement with the FTC was not exactly lenient. Nomi is prohibited from future misrepresentations and subject to twenty years of privacy audits and compliance oversight. In other words, they have to do a better job of informing the consumer they can opt out of this tracking. This means that much better notices must be posted at stores, and easier onsite opt-out options will be made available. Umm, have you see them?

How to hide from retail tracking

Consumers who do not wish to be tracked can change their phone setting to airplane mode or turn off the Wi-Fi. Politicians are becoming more aware of the tracking and have begun to take action. Although not a law, Sen. Charles Schumer of New York brokered a code of conduct aimed at companies that provide tracking technology and analytical services. The agreement allows consumers to opt out of tracking at SmartStorePrivacy.org.

Some stores use video to watch where consumers go inside the store and how long they stay there. Stores can also recognize returning shoppers because their mobile devices have unique identification codes recorded in their networks. Merchants can now study how repeat customers behave and measure how often the consumer visits the store.

Retail spying technology

But the spying technology does not stop with Wi-Fi signals, cell phones and cameras. Now stores are using the lighting to track shoppers. Philips Electronics has developed connected lighting to track you. Yeah, lights! The company unveiled a pilot of a connected in-store LED lighting system that communicates with a smartphone app using the store lights.

How does it work? The lights placed in the store are used as a data channel. Placed in a grid pattern the lights become a positioning system. The grid then locates the smartphone by determining which lights on the grid are closest.

Customers using an accompanying app can then receive alerts based on whatever the shopper is looking for. Let’s say the shopper has a shopping list for a particular recipe. The app, using the store lighting grid, can direct the shopper to the ingredients and offer relevant coupons for those ingredients. So even the lights in the store are watching you.

Just so you know this is an emerging technology. Philips is not alone in producing spy lighting. ByteLight of Boston is also selling light-based proximity beacons that link to a phone’s camera. ByteLight’s goal is to turn a room’s lighting fixtures into a data casting system.

You’re probably thinking; how far can this tracking technology go? How about heat tracking?

New camera-based technology helps retailers track what the customer touches, what they ignore, and where they walk. This helps merchants optimize the layout of the store. They use real-time imaging to track how shoppers move around the store. The information is converted into heat maps. It’s a high-tech way to determine what consumer’s buy and how.

Prism Skylabs is one of the companies offering this technology. The company also provides analytical data to retailers. The company uses real-time video recordings from in store cameras and analyzes shopper’s movements. They are looking for two things, where shoppers go in the store, and what they stop to touch or pick up.

But let’s get really creepy. Did you know stores use high tech cameras to watch you? Known as gaze trackers, these tiny cameras are hidden in tiny holes in the shelving and they detect which brands you’re looking at and how long you look at it. Remember those bionic mannequins I told you about? Well they have cameras mounted in their eyes that detect a customer’s age, sex, ethnicity, and facial expressions as they pass by. And there is no law that requires a store to tell you the cameras are there.

What does the merchant do with this information?  It is extremely important to know how to layout the store and place products based on popular vs. unpopular and expensive vs. less expensive merchandise. Merchants want to know where to put these products to make them more likely to be purchased. Placing a product in the right place in the store can make a big difference. Why do you think all those mints, gums, candy and magazines are waiting for you at the checkout? These items are classified as impulse buys. It’s the same reason all the children’s cereals are located below your eye level but right online with the kid’s eyes. Merchants can also charge for premium placement of retail products adding additional revenue streams.

Meanwhile, out in the parking lot.

 While you’re in the store, being spied on and followed around, other companies are cruising the parking lot collecting data.  An investigation into license plate scanning describes how companies are sending people out to drive around shopping center parking lots with cameras strapped to their car. They are supposedly looking for cars to repossess. However, these camera-equipped cars are photographing every license plate they see along with time and location data. The data is then sent off to brokers like Digital Recognition Network of Texas. This company claims to collect plate scans of 40 percent of all U.S. vehicles annually. I am pretty sure there are other companies that collect the other 60 percent of the plates. What do you think they are doing with that information?

These car-mounted cameras can snap more than 100 pictures of license plates every minute and sort them against a database of cars slated for repossession. Needless to say, the repo man’s job has become a lot easier.

These license plate pictures go into that commercial database. The image is accompanied by location data revealing where the picture was taken. That data is then sold to global information brokering companies. These companies, the same ones that provide credit checks and identity protection, are also selling license plate data revealing where you’ve been, accompanied by records about what you own, where you live and who you associate with.

That data’s life becomes endless in the systems of big data companies. Your license plate records are bundled with your other personal information and sold, over and over again.

The practical uses of all this combined information are endless and terrifying. What if your auto insurance company decided to track where you drive and decided they don’t like the neighborhoods you visit? They may see you as a risk. Jennifer Lynch of the Electronic Freedom Foundation said, “I would definitely be concerned with insurance companies getting access to this.”

Background checks performed by potential or current employers could reveal what businesses or establishments you frequent based on where your car is parked. A life insurance company could see for certain if you go to the gym on a regular basis as you claim by looking at data that shows if your car is in the gym lot regularly or not. What else could be learned just by tracking your car?

Digital Recognition Network, owner of the largest private database of license plate records, also collects data that’s used by law enforcement. Vigilant Solutions, an affiliate company, also provides license plate technology and data to law enforcement.

To ensure a steady stream of data DRN has contracts with 550 companies that hunt the streets across the nation with car-mounted, fast-action cameras.

What you have to understand is that the data that DRN and Vigilant Solutions collects is not connected to you right away. Refer back to the list of data points we talked about earlier in this book. Its after DRN sells the information that it becomes directly connected to you. Here’s another interesting fact, most people rarely travel more than twenty-five miles from home. Most of the businesses you frequent and places you go are fairly close to your residence. So, it’s pretty certain wherever your car is seen you live close by.

Your license plate data is combined with DMV information that finally identifies who owns the car. According to state contracts New York State DMV took in more than $4.3 million selling citizens personal DMV data in 2014 alone.

TransUnion, yeah the credit reporting people, is one of the companies that combines DMV records with license plate data and other records.

TransUnion demonstrated its top-of-the-line search that revealed how quickly a stranger can learn almost anything about you. Just entering your name in the search engine can reveal three months of location data on your car. The database will reveal what is at each location and plenty of personal information like your phone number, email addresses, social media accounts and home address. If that’s not enough the search engine will also expose your social network map, showing you, your family members, spouses, friends, acquaintances, etc. Are you sick yet?

License reader technology has become a favorite of law enforcement. But some police agencies, though required to delete this information, don’t. The Fairfax County, VA. police department was sued for violating a citizen’s privacy by retaining license plate data and even sharing it with other nearby police departments. According to Virginia law if the license plate data is not part of an ongoing investigation it must be destroyed within 24 hours.

A California man discovered that the local police department had collected images of his two cars 112 times in a database. He was shock to discover one image taken in 2009 that showed him and his two daughters getting out of one of his cars while it was parked in their driveway.

License plate data collection has become a concern not only for privacy advocates but the FBI as well. Internal documents obtained by the American Civil Liberties Union reveal that the FBI was instructed by its own lawyers to stop buying the devices for a time in 2012.

The FBI’s Office of General Counsel (OGC) was concerned about the agency’s use of the technology. The General Counsel focused on the lack of a clear government policy protecting the privacy of citizens whose vehicles are photographed by the readers. That concern prompted an order from the OGC to temporarily halt buying additional readers.

Is there any way you can avoid this level of spying? Probably not because someone already has your license plate in their database and it is probably connected to one or more of the profiles with your name on it.

However, you can eliminate the continued tracking of your vehicle by using devices that hide your license plates from cameras but not the naked eye. The filter fits over your license plate and clouds the image of your license plates from cameras. But to the human eye the filter is invisible. You can buy these devices online and at auto parts stores. Other devices use powerful flashes of light to blind traffic cameras. Some people have altered the license plate with tape or other items. This is almost always illegal.

Predicting Your Next Move

 Can marketers predict what you will do? Yes they can! Marketers can figure out, based on statistics and super sophisticated algorithms what you want to buy. Go back and read about Applied Predictive Technologies again. It’s called predictive technology and it’s catching on big time in the marketing industry. Why? Because marketers that use predictive technology have outperformed those who don’t. The bottom line is, competition.

But how does predictive technology work? Companies use super computers with highly sophisticated algorithms to calculate statistics and hundreds of variables. They use all the data they collect and create a pretty accurate model of what the consumer will do or how they will react to marketing efforts. It’s called data mining. Its information converted to numbers so computers can see into the future. But regardless of how advanced the technology is you’re still dealing with people. There are plenty of examples of people defying even the most precise computers and algorithms.

The government can’t but corporations can.

 The most troubling fact about the information you have already read is that the government is absolutely forbidden from investigating your life in the manner corporations do. Law enforcement needs to convince a judge that they need the information for a criminal investigation. They need a search warrant.

 The Fourth Amendment of the United States Constitution, The Bill of Rights, guarantees protection against unreasonable searches and seizures. The Bill requires a judge to authorize any search and that there be a reasonable belief that a crime has been committed and there is evidence of that crime.

No such law applies to corporations. They are free to investigate everything about you they wish. And they don’t have to tell you they are doing it nor do they have to reveal what they found. And, as we have said before, it really does not have to be correct.

And do I need to tell you that the government is buying this data? According to the World Privacy Forum the U.S. government began using a database called “The Work Number” in 2013. The database is owned by Equifax and contains 225 million active salary and employment records and 175 million historical records. Over 50,000 organizations use the database to verify employment and salary history. The company collects payroll data from thousands of U.S. employers and sells it to companies like credit card issuers, property managers, auto lenders, universities and governments at all levels. So, as you can see, the IRS is not the only agency that knows how much money you make.



EMV is Coming! EMV is Coming!

chipcardOctober is EMV card month. And what is EMV? Currently there are 1.96 billion credit cards in circulation and they are about to change. Black people all over America are walking around with a credit or debit card in their purse or wallet. So we need to know and understand what EMV is and how it will change the landscape of credit card use starting in October. So lets get started.

First of all next month the way you use your credit or debit card will change. The first thing that will change is the card itself. America is the last major market on earth to switch to the chip embedded card. Why? The short answer is laziness, stupidity or ignorance by all involved. If you have not already received your chip embedded card now is the time to call your bank or card provider and ask when you should expect it.

The new card is called the EMV which stands for  Europay MasterCard VISA after the people who invented it. The first noticeable difference in the new card will be the chip, which is the small silver or gold chip embedded in the front of the card. Because of this chip the card should be more secure than the current magnetic stripe card you may still be carrying. Magnetic stripe cards save static payment data that can be copied, stolen or skimmed from one card and put onto another. This duplicate card data is then used to make all kinds of fraudulent purchases. Magnetic strip cards are simply outdated and notoriously insecure. The EMV technology adds a layer of security to the payment process.

EMV card readerf

EMV Card Reader

The EMV card works a little differently. The chip you see on your card has encrypted data. EMV card readers can read that data. Each purchase made with an EMV card creates a individual code unique to that particular purchase. If a hacker got a hold of that code he would not able to use it. You should be seeing the card readers in stores already. Once you slide your card into the reader, no more swiping, powerful cryptographic functions validate the authenticity of the card and cardholder. Bottom line is the encryption makes it extremely difficult to create a duplicate or fake card. But keep in mind that the magnetic strip is not likely to disappear from cards. Many small merchants will continue to use the old style card reader.

When you pay using the EMV card reader your card is instantly identified as being authentic by a process called dynamic authentication. When used with a PIN, the chip proves that the customer is paying with his or her own card.

Another change coming in October is the liability shift. A liability shift means that the responsibility for credit card fraud shifts slightly from just the card issuer to a shared liability of both the issuer or merchant that doesn’t use EMV technology. This change provides both parties with an incentive to adopt the technology. However it is not required that either party switch to the new technology. Why? Lets keep this as simple as possible; some issuers and merchants may still feel it is cheaper to take a loss on card fraud than to invest in the new technology. Is that simple enough for you?

NerdWallet’s Sean McQuay, a credit card expert and former VISA strategy analyst says, “EMV is a powerful tool, but it’s only effective if both consumers and merchants are ready to use it for transactions. Consumers need chip cards and merchants need chip readers. If only one side has upgraded to EMV for a specific transaction, then the upgrade was a waste.”

But will EMV solve all of our card security concerns? Probably not. This new technology is great but not perfect.

For example; in person transactions would definitely be more secure. Not so with thecard not presenttype of transaction such as purchases by phone or online. Using your card at the gas pump will continue to be dangerous since gas pumps aren’t required to implement the new technology until 2017. So this type of fraud is expected to increase.

So learn to protect yourself. Hackers are going to be going after those store that don’t use the new EMV card and card readers. That’s the first place you are vulnerable. Avoid those stores whenever possible by keeping a little extra cash in your pocket. And demand the new card from your bank or issuer. If they have decided not to go with the new technology then you may want to got with an institution that does.When shopping online avoid unfamiliar or unsecure websites. When you see “https” at the beginning of the payment page’s URL that means it is a secure payment site. Avoid it if you only see “http.” Change your user name and password regularly if you store your card information with any online retailers. Avoid sending credit card information via email or social media. 

Finally, criminals work hard too steal your money. The technology arms war n isever ending and hackers have already developed methods for hacking the EMV cards. Read on!

Here is more of what you need to know about the new EMV card technology.

Federal Reserve say Chip and Signature Not Enough.

Bad Guys Already Compromising Chip and PIN Cards

Now you know.