{"id":64,"date":"2008-01-20T08:47:36","date_gmt":"2008-01-20T16:47:36","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/2008\/01\/20\/shopping-cart-for-speedy-check-out-and-advertisement\/"},"modified":"2008-01-20T08:47:36","modified_gmt":"2008-01-20T16:47:36","slug":"shopping-cart-for-speedy-check-out-and-advertisement","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2008\/01\/20\/shopping-cart-for-speedy-check-out-and-advertisement\/","title":{"rendered":"Shopping Cart for speedy check-out and advertisement"},"content":{"rendered":"<p><font face=\"Times New Roman\"><strong>Summary<\/strong><\/font><font face=\"Times New Roman\">In the future, a shopping cart may no longer be just an ordinary shopping cart. It can also be an outlet for advertisement, check-out, and many more. Using the shopping cart, customer can view today\u2019s deal, products\u2019 advertisements, on-sale items, and pay items at the same time without waiting at the check-out line. The newly designed shopping cart is a product of MediaCart, Microsoft, and Wakefern. Microsoft is in charge with providing targeted ads using its Microsoft Atlas technology and the sophisticated shopping cart is created by MediaCart. <\/font><font face=\"Times New Roman\">The current system will be put to test in ShopRite supermarket managed by Wakefern on the East Coast. The shopping carts will be equipped RFID tags to sense where the carts&#8217; location in the supermarket. When a customer walks in a specific aisle, he or she can receive specific advertisement based on the RFID that the console received.<\/font><font face=\"Times New Roman\">An interesting feature that customer might enjoy is the online shopping list. You can list all your shopping item on the website and it will save it for you. Once you are at the supermarket, you will simply swipe in your member\u2019s card and the list will appear. It\u2019s a nice way to save a piece of paper or a post-it-note. At the end, all the data mines from customer will be useful for better advertisement and the supermarket\u2019s improvement.<\/font><font face=\"Times New Roman\"><strong>Assets<\/strong><\/font><\/p>\n<ul>\n<li><font face=\"Times New Roman\">Customer information. Every customer who wishes to use this new service has to become a member of the card loyalty program. Thus, their personal information is recorded and should be safeguarded against unnecessary use. In addition, their personal information will also include shopping pattern or other related information for better targeted advertisement.<\/font><\/li>\n<li><font face=\"Times New Roman\">Supermarket\u2019s good will and reputation. Since the technology is fairly new, ShopRite will become the first supermarket to pioneer the application of this concept. It can become a major player of the future that gives a new shopping reputation with reliable system and good reputation. <\/font><\/li>\n<\/ul>\n<p><font face=\"Times New Roman\"><strong>Security Goal<\/strong><\/font><\/p>\n<ul>\n<li><font face=\"Times New Roman\">Customer retention. The system intended for all customer to have a good experience while visiting the supermarket. Therefore, the advertisement or promotion\/sale should be related to customer\u2019s need. The customer will build up preference to the store because of the level of convenience and satisfaction. In the end, regular flow customer to the supermarket will ensure the regular flow of capital and open other venue for future investment.<\/font><\/li>\n<li><font face=\"Times New Roman\">Faster purchasing process. The new shopping cart system allows customers to bypass the checkout counter. Thus, they do not need to wait in line and waste their precious time. This convenience will give an added value to the supermarket and ensure availability of check out process anywhere and anytime.<\/font><\/li>\n<\/ul>\n<p><font face=\"Times New Roman\"><strong>Potential Adversaries<\/strong><\/font><\/p>\n<ul>\n<li><font face=\"Times New Roman\">Rivals or competitors. The new system is giving a path for new way of shopping. If the technology attracts people\u2019s attention, then many supermarkets might need to follow the step to stay in-trend. However, some supermarkets might not agree with this method and devise a plan to foil it.<\/font><\/li>\n<li><font face=\"Times New Roman\">Disgruntled worker. The new change in the supermarket might spark disapprovals within the company. Since the check-out counter is no longer necessary, then some employee can be let go. This fact can give a reason for desperate employees to get even.<\/font><\/li>\n<\/ul>\n<p><font face=\"Times New Roman\"><strong>Threats<\/strong><\/font><\/p>\n<ul>\n<li><font face=\"Times New Roman\">RFID transmission. RFID chips will be used all across the supermarket area. A malicious user can view the RFID and perhaps devise a way to change the configuration the RFID or disable it. Then, customer might receive unrelated advertisement, which will reduce customer experience. In addition, malicious might even want to tamper or disable the RFID to make the system useless.<\/font><\/li>\n<li><font face=\"Times New Roman\">Database security. All of the advertisements should be stored in some kind of database that relates them to RFID tags. In the case of database tampering, the advertisement might not correlate with the correct advertisement. In worst case, customer will be bombarded with all type of advertisements (ex: adult advertisement).<\/font><\/li>\n<\/ul>\n<p><font face=\"Times New Roman\"><strong>Potential Weakness<\/strong><\/font><\/p>\n<ul>\n<li><font face=\"Times New Roman\">Database tampering. The database for advertisement will need to be constantly updated for new advertisement. If the data is outdated, then the customer might get confuse. The problem can come for internal where the database could contain customer information. A lack of security can give a malicious user a chance to ruin the database and render the supermarket useless.<\/font><\/li>\n<li><font face=\"Times New Roman\">Wireless communication. The system in place relies heavily in wireless communication, starting from the RFID to the method of payment. Customers who need to pay the items can simply swipe their card on the shopping cart. It will then try to complete the transaction. The communication between the shopping carts with the payment server can be interrupted or even intercepted. Not to mention, the shopping cart might also store user information like their card member or recently used credit card.<\/font><\/li>\n<\/ul>\n<p><font face=\"Times New Roman\"><strong>Potential Defenses<\/strong><\/font><\/p>\n<ul>\n<li><font face=\"Times New Roman\">Firewall and redundancy. All servers that host the supermarkets\u2019 shopping cart should have a robust firewall and redundancy system to serve all customers. The firewall can be used to protect overall system against attacker. Redundancy to accommodate the users with advertisement even some of the servers went down either for maintenance or repair.<\/font><\/li>\n<li><font face=\"Times New Roman\">Encryption. In order to protect all wireless communication, encryption is really essential especially when concerning personal information. This means, all communication between the shopping cart and the servers must be encrypted.<\/font><\/li>\n<\/ul>\n<p><font face=\"Times New Roman\"><strong>Risk<\/strong><\/font><font face=\"Times New Roman\">Interruption in the RFID transmission is a risk that the supermarket must bear. The RFID has been around for a long and people know the technology quite well. Thus, the possibility for tampering the RFID or change its configuration could be reasonable. Additional protection in the form of shielding of transmission leakage outside the supermarket and the transmission encryption might be needed.<\/font><font face=\"Times New Roman\">Database tampering might be an issue, especially the one that has the content of customer information, advertisements, process payment; and it can talk directly to the shopping cart. A complete and adequate protecting to secure customer data and daily transaction is necessary<\/font><font face=\"Times New Roman\">.<\/font><font face=\"Times New Roman\"><strong>Conclusion<\/strong><\/font><font face=\"Times New Roman\">The new shopping cart can give better customer satisfaction and better experience if the security permits it. Customers are exposed to risk where their personal information can be breached and exposed to others. Furthermore, they will be bombarded by many advertisements that are targeted to their preferences and habits. In short, the shopping cart will become more interactive to customer preferences in the expense of their information being mined and analyzed. It is a trade off that every customer might need to bear in mind when doing their shopping chore.<\/font><font face=\"Times New Roman\">If this method becomes popular, then we can expect all supermarkets to use this \u2018smart\u2019 shopping cart. Thus, the importance of maintaining privacy will invade our daily live when buying grocery.<\/font><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Video Ads Are Planned for Grocery Carts, Mintz, Jessica. http:\/\/apnews.myway.com\/article\/20080114\/D8U5LR780.html. Retrieved on: 01\/14\/2008<br \/>\nMediaCart, Microsoft and Wakefern Team Up to Deliver Next-Generation Digital Grocery Shopping and Ad Experience. http:\/\/www.foxbusiness.com\/markets\/industries\/technology\/article\/mediacart-microsoft-wakefern-team-deliver-nextgeneration-digital-grocery_434708_12.html. Retrieved on: 01\/18\/2008 <a href=\"https:\/\/secblog.cs.washington.edu\/Security\/2008\/01\/20\/shopping-cart-for-speedy-check-out-and-advertisement\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":14,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[53,49,51,48,50,52],"class_list":["post-64","post","type-post","status-publish","format-standard","hentry","category-security-reviews","tag-media-cart","tag-microsoft","tag-rfid","tag-shopping-cart","tag-shoprite","tag-wakefern"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/64","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=64"}],"version-history":[{"count":0,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/64\/revisions"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=64"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=64"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=64"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}