Do Cashierless Stores Present a Privacy Risk to Consumers?
This is the latest in Street Fight’s “Pursuing Privacy” series – our editorial focus in January, including topics like GDPR, CCPA, and location data collection. See the rest of the series here and our full slate of monthly themes here.
When Walmart opened a cashierless Neighborhood Market store in Florida earlier this month, it joined an elite group of retail giants. Following in the footsteps of Amazon, which has been a pioneer in the cashierless retail space with its Amazon Go convenience stores, Walmart is now using technology to reduce its dependence on human cashiers.
While consumers have said they prefer the convenience that comes with smart checkout offerings, new concerns are cropping up over the lack of privacy in cashierless retail environments.
Cashierless stores offer a way for consumers to download a mobile app, pick items off shelves, and leave without checking out. Charges are automatically deducted from connected credit or debit cards, creating a shopping experience that feels completely seamless. But Amazon’s convenience stores rely heavily on location technology to track consumers’ movements inside buildings. Cameras analyze shopping behaviors, strategically placed microphones listen to conversations, and information about consumers’ shopping habits is stored in a central database that Amazon can reference for future operational and strategic planning.
“As cashierless stores take off, more and more personal and payment data will be transmitted through phones and mobiles devices and stored in cloud-based software platforms,” says Ruston Miles, chief strategy officer at Bluefin. “This means that hackers will have more network access to this data through vulnerable providers and merchants.”
A niche market has developed around protecting this kind of data. Companies like Sensei, Standard Cognition, Grabango, Skip, and Trigo Vision have all stepped in with their own solutions for frictionless shopping. Some use ceiling-mounted cameras, while others lean on artificial intelligence in their customer interactions. But Miles says the responsibility to protect customer privacy should ultimately come down to retailers.
“In order to protect this ever-growing attack surface, merchants and providers should look to extend beyond transmission-level encryption to data-level encryption through technologies like certified P2PE,” Miles says. “And when providers find it necessary to store this data, tokenization should be used.”
Because cashierless stores are still on the horizon and have not hit the mainstream just yet, Miles says it’s hard to get a strong read on consumer perception. However, he believes there’s still some time before the average shopper feels confident paying for everyday goods through a mobile device. It may take years before consumers feel as comfortable paying with phones as they do interacting with kiosks today.
“I think consumers generally feel more secure having their payment data only available on a non-network-connected card that they can use whenever they choose,” he says. “I have heard many people complain they don’t feel secure storing their card data on their mobile device. This will definitely be a barrier to entry for those consumers who have experienced directly or indirectly the effects of data breaches and identity theft.”
As the industry embraces privacy security, Miles believes there will be fewer and fewer breaches. In an ideal scenario, that would mean future generations will not have the same concerns about hacking and payment data loss.
“For example, robbing stagecoaches and trains used to be a pretty common and scary occurrence in the 1800’s and put off many would-be passengers. These days, it’s pretty uncommon for folks to not want to take busses or trains for fear they will be robbed,” Miles says.
To reach the point where consumers feel confident in cashierless store environments, Miles believes standards need to be implemented and matured. That means secure underlying technologies like certified encryption and tokenization need to be implemented by hardware and software providers, and the process needs to be explained and marketed to consumers.
“In terms of in-app and other mobile-based payments, the underlying payment processing interchange fees need to be set in a manner so as not to cost retailers more than card-present transactions,” he says. “If there is a large difference here, retailers will not adopt the new technology, as it is not in their financial interest.”
Stephanie Miles is a senior editor at Street Fight.