World View
World View | The Frying Dutchman
Wherein our intrepid CISO columnist wonders about the security mechanisms for self-service checkout at a Dutch grocery store. Warning: not for the faint of heart.
By Paul Raines
February 27, 2008
—
CSO
—
As European stereotypes go, it is supposed to be the Hungarians who are mad. But I actually came across a mad Dutchman last weekend at the supermarket. Well, he wasn’t just any Dutchman--he was my next-door neighbour. He wasn’t exactly mad, either, but rather in a state of delirious exaltation. OK, enough of the disclaimers. We met in the local Albert Heijn, which is a national grocery chain in the Netherlands.
“Have you used one of these?” he asked, holding up a device which looked vaguely like a sex toy. It did to me anyway--maybe that was just my Freudian association with him being Dutch and their reputation and all that.
“Can’t say as I’ve had the pleasure,” I replied, closely eyeing the device, which he now held just inches beneath my nose.
“It’s a hand-held scanner,” he said, beaming. “You can now check out your groceries at the same time you shop. It really saves you time from not having to queue.”
Having spent a good deal of my ex-pat career standing in bureaucratic queues, I could now understand his state of nirvana-like ecstasy. Couldn’t hurt to give it a try, I thought. What came next was another of those quirky Dutchisms in their society that causes my security sense to tingle.
It seems you first obtain one of the scanners by scanning your own Albert Heijn card. It’s not quite the same as a grocery card loyalty card in the States, the main difference being that it actually gives you discounts and that, because of data privacy laws, your contacts details are never linked with the card. That means you don’t get bombarded with junk mail the day after you first use the card. The stores mostly use them to monitor inventory and spot purchasing trends.
With the scanner in hand, you are now free to roam the store happily placing groceries in your trolley and scanning them as you go. When you get to the self-service check out, the scanner gives you the bad news of your total. You pay with your bank debit card, and voila, you’re out the store and headed home on your bicycle.
It was then that it hit me. What was to prevent you from filching the groceries and making off with your own little Dutch treat? I thought about it for a moment. Unlike American self-service checkouts, there was no weighing of articles to ensure that the packages
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
Maximizing Site Visitor Trust Using Extended Validation SSL
Now with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.
- Guide: 5 Steps to Secure Outsourced Application Development
- The Latest Advancements in SSL Technology
- Maximizing Site Visitor Trust Using Extended Validation SSL
- How to Offer the Strongest SSL Encryption
- Solving Online Credit Fraud Using Device Reputation
- Forrester Reports 321% ROI Through Device-Based Fraud Management
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
7th Annual Digital ID World
-
September 8 - 10, 2008Hilton AnaheimRegister now »
Anaheim, California
(ISC)2 members can earn up to 20 CPE Credits
Reference priority code ONLINE and save $800 off the full registration price — attend the program for $995
