World View | The Frying Dutchman

Wherein our intrepid CISO columnist wonders about the security mechanisms for self-service checkout at a Dutch grocery store. Warning: not for the faint of heart.

February 27, 2008 — CSO — As European stereotypes go, it is supposed to be the Hungarians who are mad. But I actually came across a mad Dutchman last weekend at the supermarket. Well, he wasn’t just any Dutchman--he was my next-door neighbour. He wasn’t exactly mad, either, but rather in a state of delirious exaltation. OK, enough of the disclaimers. We met in the local Albert Heijn, which is a national grocery chain in the Netherlands.

“Have you used one of these?” he asked, holding up a device which looked vaguely like a sex toy. It did to me anyway--maybe that was just my Freudian association with him being Dutch and their reputation and all that.

“Can’t say as I’ve had the pleasure,” I replied, closely eyeing the device, which he now held just inches beneath my nose.

“It’s a hand-held scanner,” he said, beaming. “You can now check out your groceries at the same time you shop. It really saves you time from not having to queue.”

Having spent a good deal of my ex-pat career standing in bureaucratic queues, I could now understand his state of nirvana-like ecstasy. Couldn’t hurt to give it a try, I thought. What came next was another of those quirky Dutchisms in their society that causes my security sense to tingle.

It seems you first obtain one of the scanners by scanning your own Albert Heijn card. It’s not quite the same as a grocery card loyalty card in the States, the main difference being that it actually gives you discounts and that, because of data privacy laws, your contacts details are never linked with the card. That means you don’t get bombarded with junk mail the day after you first use the card. The stores mostly use them to monitor inventory and spot purchasing trends.

With the scanner in hand, you are now free to roam the store happily placing groceries in your trolley and scanning them as you go. When you get to the self-service check out, the scanner gives you the bad news of your total. You pay with your bank debit card, and voila, you’re out the store and headed home on your bicycle.

It was then that it hit me. What was to prevent you from filching the groceries and making off with your own little Dutch treat? I thought about it for a moment. Unlike American self-service checkouts, there was no weighing of articles to ensure that the packages