Dispelling Privacy and Security Myths
Radio frequency identification, or RFID, is transforming global commerce and has become a critical technology across the retail value chain. Driven largely by pressures to meet changing customer expectations with the rise of omnichannel retailing, businesses are increasingly turning to RFID technologies to ensure that they are able to deliver the right products at the right time, regardless of where that purchase is made. Apart from enhancing inventory accuracy to deliver seamless buying processes, RFID can also help retailers gain a deeper understanding of consumer preferences and routines, as well as achieve backroom operational efficiencies, to provide real-time automated visibility across its entire value chain of operations, from suppliers to customers.
However, with its ability to deliver greater visibility over shoppers’ purchase and buying habits, consumer advocacy groups have raised concerns over RFID invading the public’s right to privacy. In theory, any technology that relies on radio frequency (RF) is inherently insecure. Improper usage of RFID technologies can also expose both the business and its customers to security and safety risks, much like any other technology. It is crucial therefore, for retailers to understand what are the myths and realities in this discussion around RFID security and privacy.
Myth #1: Information available on RFID tags is permanently accessible by RFID readers, event after they leave the store.
Basic RFID technology contains measures for protecting privacy. The EPCglobal standard supports “kill” codes for RFID tags. These password-protected commands force the RFID tag to permanently disable the integrated circuit IC logic, making them unreadable. Retailers can use “kill software” to disable an RFID tag before it leaves the store. Once a consumer purchases the item, the checkout clerk disables the RFID so the item does not alert the security sensors at the store entryway. As a result, the readers cannot track the tag post purchase.
Myth #2: RFID-tagged merchandise contains detailed consumer data that can be accessed without the buyer’s knowledge.
Information contained within RFID tags used in retail is simply an extension of the UPC barcode that is already on the item, which contains no personal information and thus presents no risk of abuse. With that information, someone could only identify details about the item, such as its manufacturer and product type. Moreover, all deployments of RFID in retail today rely on easily identifiable tags that can be easily removed if desired.
Myth #3: If not disabled when it leaves the store, information on RFID tags can be accessed remotely by anyone with a reader.
RFID readers must have the ability to associate the tag information to a database. Even with this capability, application software is needed to interpret the information before someone can access it. In other words, as much as we need two hands to clap, the reader of the RFID tag must also have access to both the tag and the database in order to gather information about which item the RFID was associated with.
The examples above are just a few of the more common concerns many have regarding the privacy of RFID. Like most emerging technologies, security implications cannot be readily seen, but the discussion around security and privacy has evoked action from some players in the industry to up the ante on security for RFID. For example, RFID manufacturers like Impinj Inc. and NXP N.V. have also introduced security fail-safes like the legacy “kill” feature, and an added function that allow retailers to replace the Electronic Product Code (EPC) with a random serial number, thus adding another layer of protection that renders the RFID useless after the point of sale.
In short, with proper implementation, RFID technology can deliver a significant return on investment for retailers by reducing the time and labor required to track assets and materials, decreasing losses and theft, improving maintenance operations, and streamlining efficiency through better asset availability and utilization.
For more information on the benefits of RFID and other RFID solutions available for enterprises, please visit us at www.zebra.com.
This article is written by Ryan Goh, Vice President of Sales at Zebra Technologies Asia Pacific.