In light of Apple’s new iBeacon™ specification and MFi certification program, both implemented early last week, we thought we’d take the opportunity to highlight Footmarks’ patent-pending security features. The Footmarks secure solution remains compatible with the iBeacon and SIG standards, but provide retailers with complete control over their customers’ in store experiences.
Following massive data breaches at Target, Neiman Marcus Group and a handful of other retailers at the end of last year, security has fast become the industry buzzword for 2014. Just this past weekend, Sears Holdings Corp., the multinational department store chain, announced an investigation into its own possible security breach, and the company is now one of many trying to build back consumer trust and goodwill.
While credit card-related breaches have plagued retailers for years, the issue of beacon security is much newer, and comes with its own set of concerns. Beacons present much less of a threat to consumer data privacy (phew), but do introduce — as currently configured by Apple and other beacon manufacturers — vulnerabilities to the customer experience and the company brand. Hacking events on beacons running the iBeacon standard can also threaten the integrity of the beacon infrastructure in which the retailer has invested.
Although retailers account for less than a quarter of payment data breach incidents per year, data thefts committed against retailers command the biggest headlines. Retail stores are names consumers know and places where they shop every day. Consumer loyalty and trust are incumbent upon a retailer’s prioritization and investment in customer security.
Footmarks has worked hard to bring both the retailer and the customer valuable peace of mind. We developed a custom, patent-pending, secure iBeacon protocol to wrap Apple’s iBeacon standard. We did this while remaining compliant with the iBeacon and SIG standard — which ensures users can leverage the functionality and reach of Apple’s iBeacon SDK (software development kit).
Apple’s iBeacon protocol — the standard underlying most beacons in the wild today — was developed as an open information-sharing standard, designed for easy discoverability and content distribution. For beacon-sensitive apps destined for use in public places (such as entertainment venues and tourist attractions), open broadcasts like those delivered by iBeacon are perfect vehicles to deliver digital content. For retail applications, however, Apple’s open information-sharing standard is a liability, leaving brands and their customers vulnerable to damaging breaches in privacy.
Without the security provisions ensured by Footmarks, the implications of an insecure beacon network are substantial.
iBeacon’s fundamentally open design means any mobile app can be designed to detect a retailer’s location broadcast, and such vulnerabilities have been already exposed in competitors’ models. By using passive devices to collect the network of IDs assigned to BLE devices in a store, competitors or third party developers have the same ability as the retailer to broadcast information to locate and track users (possibly without their permission). These third parties are then able to send shoppers offers for cheaper product alternatives or other perks at a competitor’s store or website (for example), thereby driving shoppers from the retailer’s own store. In addition, once certain characteristics of a beacon are changed by outside parties, any consumer application configured to use that particular beacon could potentially be disabled, negating the retailer’s investment. Third parties can also configure impostor beacons within a store’s own system, thereby gaining access potentially to gift cards, promotions and other location-dependent experiences tied to the beacons being impersonated. This particular vulnerability was showcased (unintentionally) at last year’s Consumer Electronics Show (CES), which featured a promotional scavenger hunt based around Apple’s iBeacon technology. According to Makerzine, someone won the hunt without ever attending the show!
We applaud Apple for creating an open-source beacon platform, which has validated Footmarks’ vision for the future of retail, and sped creativity and innovation around micro-location solutions worldwide. We engineered Footmarks’ secure beacon protocol to complement Apple’s technology, and interpret its use for the retail environment. With Footmarks’ platform it is easy for retailers to prevent unauthorized third party use of their beacon network, to protect their infrastructure investment and their customers’ in store experience, and to use beacon-facilitated experience crafting to build brand loyalty and trust.
Curious how we did it? Look forward to a future post in which we break down the technological innovations (and long nights at the office) required of Footmarks’ secure protocol.