Wednesday, May 26, 2004

Wal-Mart and RFID – A Follow-Up

On May 7, 2004 we ran a story titled “RFID & Privacy? Fugedaboudit!” In it, I speculated that it would be a couple of years before it became a real problem. While that may still be true, the shopping public needs to know that “the future is now” at Wal-Mart.

Last week, Wal-Mart started receiving RFID marked containers from eight manufacturers at its Dallas Fort Worth shipping center. These first shipments are a test of Wal-Mart’s new supply chain technology. Provided that the test goes well, the company plans a wider roll out in 2005 that will initially include its top 100 suppliers as well as a variety of smaller suppliers that have voluntarily agreed to implement the RFID protocol.

Initially, Wal-Mart will be using RFID solely for purposes of inventory management. RFID has the potential to significantly reduce supply chain costs by letting retailers know exactly what they have on hand at the push of a button. This means that they don’t have to carry additional inventory of items. It also means that they should never run out of items that are not in short supply from manufacturers.

With a little networking, retailers furnish this information in real time to manufacturers, having a similar impact on their supply chain costs.

Needless to say, both manufacturers and retailers are extremely excited about RFID.

But, as with any tool, RFID can be used for good or bad purposes. On the good side, cutting costs, always having the right merchandise on hand, reducing theft. On the bad side, merchants and manufacturers will eventually be able to setup RFID tracking that that will allow them to build highly personalized profiles on every consumer. If you think that this sounds somewhat Orwellian, it does. There is however, no reason to think that it will not happen.

In Wal-Mart’s case, the company has publicly stated that in its initial introduction, items will only be marked with RFID at the shipping case level. This means that you don’t have to worry about purchasing a shirt that has an RFID tag sewn into it, that allows Wal-Mart to track your every movement.

Unfortunately, shipping cases for bigger ticket items, such as home electronics, are the same packages that customers take home when they make a purchase such as a TV. The box it comes in is the shipping container and it will have a RFID chip on it. Can it be too long before Wal-Mart starts matching the credit card you used to purchase the television with every other purchase you have ever made in one of their stores?

More unfortunate still, is the long term privacy stance that Wal-Mart has apparently taken. They really want you to give up your right to privacy whenever you shop with them.

In an article published in NACS Online, Linda Dillman, Wal-Mart’s Chief Information Officer tried to reassure consumers that at the introduction of RFID, there would be no consumer tracking. She then went on to say:

"However, down the road, there are so many possibilities to improve the shopping experience that we hope customers will actually share our enthusiasm about EPCs.” (Note: EPCs is Wal-Marts RFID system)

The bottom line here is that if you want to protect your privacy, you may want to consider using cash when shopping at Wal-Mart.




E-mail Scammers: They’re Phishing For You. Don’t Bite!

E-mail scams are a dime a dozen. For the past several years, a number of individuals have been running a scam out of Nigeria in which consumers are told that their help is required to have money transferred to the US. In return, people are promised that a huge amount of money will be given to them. There is only one catch. You need to furnish your Social Security Number, bank account number, and bank transfer information.

Many people have fallen for this scam, only to find that their bank accounts have been cleaned out. The poor employment picture over the past three years has made many people desperate and significantly more suseptable to this type of fraud.

These Nigerian e-mail scams are fairly easy to identify. The e-mail messages that are sent clearly state that the message originated in Nigeria. The body of the message is generally littered with bad grammer and misspellings.

Phishing scams however are a lot more sophisticated and have been know to fool even the most experienced Internet users.

Simply put, phishing is the use of spoofed e-mail addresses and internet addresses. For instance, you could receive an e-mail message that looks like it comes from info@eBay.com, even though eBay didn’t send the message. There may be links within the message that look like they belong to eBay, even though they don’t.

The fact that phishing e-mail messages look so real poses a considerable danger to consumers.

Typically the way a phishing message works is that consumers are told that their account information is out of date, or that their credit card has expired, and they need to make an update to their account. When the consumer clicks on the link contained in the message, they are taken to a page that looks like a known web site such as eBay, PayPal, America Online, etc… The site is actually a fake.

The consumer is then asked to make updates which may include furnishing credit card numbers or even Social Security Numbers. By the time consumers finish updating their information, they have no clue that they have just become victims of fraud.

In one such case in Texas, the suspect was found guilty and sentenced to four years in federal prison. The reality of this type of crime however is that it is very difficult to catch those committing the crime. It can also ruin your credit record.

There are a few things that you can do to protect yourself from phishing.

First, if you receive a message that requests you to update personal information for any account you have with a web site, look at the salutation of the message. If it reads something like “Dear Customer”, it is probably a scam. eBay, AOL, and Yahoo! all know your real name, if you have registered with them, and they will use it in their letter to you.

Secondly, even if your name is used in the letter, you should never click on a link within a letter that requests you to update information. Type the primary address into your browser address bar. For example, if the link in the letter takes you to the address http://www.fakesite.com/update.htm, you would only type in http://www.fakesite.com. Once at the site, use your regular sign in procedure and then check your account information from there. This will insure that the site you are on is actually the site you want to be on.

Third, send copies of suspicious e-mail messages to the customer service address of the company supposedly issuing the message. They will be happy to tell you if the message is really from them. If it isn’t, then file a report with the Federal Trade Commission.

And finally, use common sense. If an offer looks to good to be true, it probably is. If your account on eBay worked this morning, it probably still does this afternoon. Never automatically assume that just because an e-mail message looks legitimate at first glance, that it really is. Take the time to look closely at any requests for highly personal information.

Is Your Car Spying On You? If You Have An Airbag, It Is!

Everyone knows that all commercial airliners, as well as many private aircraft, carry what is commonly referred to as a “black box”. These devices record virtually everything there is to know about a flight. They have proven to be quite valuable, on numerous occasions, when investigating airline accidents. It may however surprise you to learn that the same technology has been deployed in your car, if you drive an automobile with an airbag.

The automakers started to introduce this technology to assist them in designing better passenger restraint systems. They just didn’t inform consumers that they were doing this.

The data that is recorded by these devices includes your speed, braking, skid distance, etc…. If you are involved in an accident, you can almost be assured that the black box in your car has recorded it.

While automobile manufacturers may have introduced this technology for a good purpose, unfortunately it is now being used for a multitude of other things. Insurance carriers know about these devices too. They are now using them to determine fault in accidents, and for assigning the rate you pay for insurance accordingly. The police have also begun using these devices in their investigations. This means that you shouldn’t even think about lying about your speed, or if you were driving eratically prior to an accident, even if the only thing you hit is a tree.

You may or may not think that a device recording your driving habits is an invasion of your privacy. The State of California has determined that installing such a device, and not telling consumers about it, is definitely a privacy violation. Therefore, a landmark law is set to go into effect in California next year requiring automobile dealers to inform consumers about black boxes contained in the cars that they sell. Consumers can then decide if they want to leave the devices installed, or disable them.

There is one very real upside to being aware of this technology. If you are involved in an accident that is not your fault, but the other driver is trying to blame you, tell your insurance company to check out the black boxes in both cars. The chances are that the accident was recorded in detail.