09:06 AM
Doug Henschen
Doug Henschen
Connect Directly

Mining WiFi Data: Retail Privacy Pitfalls

WiFi data mining starts with anonymous tracking, but it can lead to personal details in social profiles. Interop New York session explores opportunities and limits for retailers.

Retailers are changing their tune when it comes to installing and exploiting WiFi infrastructure for customer insight. But are some retailers going too far?

This is the question Ryan Adzima, senior wireless engineer at systems reseller General Datatech, will pose at Interop New York next month in an October 2nd presentation entitled, "The Social Wi-Fi Goldmine: Should You Be Digging?" Not so long ago, retailers were reticent to invest in WiFi infrastructure, but Adzima says they now see the advantages of promoting online access and making shopping apps available to customers.

"Two years ago, nobody wanted to put Wi-Fi in their stores to give consumers a way to window shop," Adzima says. "Now they have a massive incentive because they'll see you going to Amazon or other competitors, they'll see your buying history, and they can target you more specifically and draw you away from competitors."

[Are there any standards in this domain? Read NIST Drafts Mobile App Security Guidelines.]

The baseline opportunity in exploiting WiFi is anonymous information gathering. With presence-analytics applications, for example, retailers have no idea who you are, but they can track the unique mobile access control (MAC) addresses of smartphones as they pass through a store. From this they can gather statistics on footpaths and dwell times at various locations throughout the store and gain insight into which departments, displays and specific products are drawing traffic.

Purple WiFi touts heat mapping, geofencing, and automated promotions among the capabilities of its Wi-Fi analytics suite.
Purple WiFi touts heat mapping, geofencing, and automated promotions among the capabilities of its Wi-Fi analytics suite.

This intelligence, provided by vendors like Euclid Analytics and Purple WiFi, helps you understand the traits of customers coming directly into your store from parking-lot entrances versus mall entrances, which might hint at primary versus secondary stops. It also help with department and product evaluation and planning, so you can come up with strategies to place traffic-driving products near profit-driving products or departments that aren't getting enough attention.

Privacy hawks would point out that these surveillance systems can track smartphones whether users log onto the store's public WiFi service or not (so long as the phones have WiFi on). What's more, MAC addresses are unique to each device and therefore are traceable to unique owners.

But tracking to individuals just doesn't happen, according to Adzima, and even if retailers practice this kind of surveillance without logins, "There's nothing wrong with this approach," he says. "It has nothing to do with individuals; it's about understanding shoppers as a group."

The next step up in mobile-data mining is welcoming customers to login into your WiFi network and, simultaneously, your customer loyalty account. That could happen using Facebook or another network account ID and password, but we'll get to this social-profile angle in a moment. For now, let's just assume

the retailer wants to know these customers and is prepared to deliver value in return, such as price and inventory checks.

Another popular value-add shopping app feature is a way-finder utility that lets customers search for departments or specific items with their smartphones. These features display store maps and directions and can point out promotional items along the way. With loyalty-program integration, shopping apps can offer deals on frequently purchased items, recommended accessories for items in the shopping cart, or cross-sell items based on past purchases.

[Are there any standards in this domain? Read NIST Drafts Mobile App Security Guidelines.]

Exploiting location intelligence, retailers can detect whether customers leave the store without making a purchase, and they can geo-fence nearby competitors to see if shoppers are defecting to particular stores. These analyses aren't limited to WiFi range. With terms-of-service permissions granted through WiFi logins, loyalty program agreements, or social network logins, some retailers are tapping into GPS-based location information. The insight derived can help answer the question, "What can I do differently that will get customers to purchase in my store versus going to them?" says Adzima.

Of course, using location data crosses into what many would consider to be the creepy, invasive realm. But there are far worse examples of (mostly obscure) apps that can exploit almost anything in a social profile, says Adzima.

"Some of these apps can build complete profiles of who you are and what you like to the point that it becomes scary," he says. "I don't think retailers need all that information, and there's also the question of how they are securing that information if they're storing it?"

PCI standards and requirements to secure credit card data, but there are no requirements, standards bodies, or regulatory guidelines demanding encrypted storage or preventing sharing of social-profile data, Adzima points out.

"I would rather give out my credit card number than my social profile, because at least I can change a credit card number," he says.

In his presentation in New York, Adzima will get into the vendors that are supplying these systems, and he'll also examine "where the technology is getting ahead of the ethical discussion." For example, terms-of-service agreements for apps that track location information tend to be pages long, but Adzima is an advocate for leading with plain-English statements about data uses and benefits that are clearly displayed on login pages. He also advocates consumer education, but who is going to take responsibility for that?

"I don't have all the answers," Adzima admits. "We need to advance the discussion, get the vendors and retailers involved, and make sure that people are able to safely shop without worrying about their information being stolen or sold."

In fact, that discussion should be taken out of the context of just retailers and shopping and applied to big data analysis, where mobile, social, and online behavior data is often seen as fair game and there's too little thought given to data-ownership, ethical, and security questions that are too seldom raised. Let's not wait for scandals or, worse, tragedies, to spark the discussion. 

In its ninth year, Interop New York (Sept. 29 to Oct. 3) is the premier event for the Northeast IT market. Strongly represented vertical industries include financial services, government, and education. Join more than 5,000 attendees to learn about IT leadership, cloud, collaboration, infrastructure, mobility, risk management and security, and SDN, as well as explore 125 exhibitors' offerings. Register with Discount Code MPIWK to save $200 off Total Access & Conference Passes.

Doug Henschen is Executive Editor of InformationWeek, where he covers the intersection of enterprise applications with information management, business intelligence, big data and analytics. He previously served as editor in chief of Intelligent Enterprise, editor in chief of ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Email This  | 
Print  | 
More Insights
Copyright © 2020 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service