November 14, 2011

∴ How Apple Might Avoid Letting EasyPay Become EasySteal

Apple unveiled EasyPay, an app-driven process for letting customers self-checkout at their stores last week. Using the Apple Store app the customer takes an image of a product barcode, authorizes the purchase with their Apple ID password and walks out the door. No human interface required.

So how isn’t this a license to steal? Couldn’t a customer simply pantomime using the app for effect, then walk out with a product without paying?

I heard John Gruber and Dan Benjamin musing about the possibility during last week’s The Talk Show and got to wondering how Apple could be so trusting of potential customers without losing their assets.

I think they’re doing it with the technology in their customer’s pocket, using location services. What follows is speculation. I have no inside information.

In order to prevent theft at any store, a shopkeeper needs a way to verify two things. First, that the customer has been authorized to walk out the door with a product, and second, that a product is leaving with (and only with) an authorized customer.

The first part is easy. At any retail store an employee runs a financial transaction through a point-of-sale system and hands the customer a receipt. The receipt is the customer’s authorization to leave with products.

Apple’s new way of handling transactions is through the Apple Store app, using the EasyPay process. The app retains an electronic receipt and emails a copy to the customer’s address.

It’s critical to the checkout process that an entry is added to a store database associating the customer’s iPhone ID with the one or more skus (stock-keeping units) from the products purchased. It’s also critical that those skus are embedded in an RFID tag inside the product enclosure.

The second part is novel. Blanket WiFi coverage makes possible location services without reference to GPS satellites. It’s not as accurate as GPS, but accurate and fast enough to locate a WiFi device within a local area. Apple’s stores are bathed in WiFi coverage. That's how the app knows to display an EasyPay button only when you're in an Apple store.

When a customer installs and runs the Apple Store app for the first time, the first thing he or she sees is a request to use location services. By authorizing location services for the Apple Store app, the customer allows the app to determine their location within an Apple store (and everywhere else).

Combine the authorized-by-EasyPay transaction record, the customer’s location within the store as reported by the app, and an RFID tag inside the product box. An automated system can determine which products may pass through the security portal without sounding an alarm and which cannot. The key is the customer’s phone.

Hand the paid-for product to your buddy and hear the alarm sound as he walks out the door without your iPhone in hand.

I haven’t been to an Apple store in quite a while, and so haven’t verified that the products available for EasyPay purchase carry an RFID tag to complete the security picture. I also don’t know what would happen if a customer declined letting the Apple Store app use location services. My theory crumbles without either of those pieces.

The pieces are all available to make this work, though. No trust required.