To Be Cashierless or Not to Be Cashierless: That Is the Question

Last month I read a news story on the Internet about a new technology introduced in Italy: the cashierless store.

In that moment, my half nerd's heart said: "Incredible, the supermarket is becoming like Star Trek.  I must try it."  But two seconds ago, my half security's heart said: "Damn it, surely cybersecurity issues will come up."

Before I go into my concerns over security, I want to explain what a cashierless store is and what technology is used.

A cashierless store is a store which allows customers to shop for their products and leave without having to wait in queue and pay at a checkout.

The process of shopping in a cashierless store can be broken down into four phases:

  • Before-Purchase:  An app may need to be downloaded.

  • Check-In:  A barcode from the store's app may need to be scanned in order to enter the store.

  • Product Selection:  Products can usually be selected without taking any previous actions, but some stores require customers to scan a barcode on the product or tap a screen to select products.

  • Check-Out:  Stores utilize sensor fusion and deep learning for computer vision to allow customers to walk out with their products without waiting in line at a register.

To realize the four phases, there are two necessary and important bits of technology:

1.)  Sensor fusion marks each customer with defining features and uses cameras and pressure sensors together to keep track of where each customer goes and what they take from the shelves.  Sensor fusion has two "advantages:"

  • It gathers information from different sensors and compiles it to create an accurate representation of what is happening and the relative positions of objects in an area at a specific time.

  • It's often more accurate than single sensors since the separate measurements can be used to double-check and narrow the margin of error.

2.)  Deep learning for computer vision is used to track customers and products using:

  • Object Detection:  This is the process of identifying objects within an image.  Object detection is useful in identifying instances when a customer picks up and puts down an object, or for identifying the products on each of the shelves.

  • Multi-Target Tracking:  What this does is approximately locate a moving person within consecutive frames of images.  Multi-target tracking allows stores to keep track of each customer and their actions, like what products they picked up and put back and when they entered and exited the store.

    • Pose Estimation:  This is the process of using an image to track a person using the positions of their body parts, like their head, hands, and wrists.  Similar to multi-target tracking, pose estimation allows stores to keep track of customers, providing information for the computer to determine which customer interacted with the store, like when a product is grabbed.

With this detailed explanation of the technology, let's move on to the advantages and disadvantages in the "human" sphere that we surely know or that we have heard:

  • No queue at the checkout.
  • These stores are always open 365 days a year.
  • Because they are small stores, this is mainly suitable for buying very few things and not for weekly shopping.
  • Only cashless payments for the checkout are accepted, thus preventing the tills from always having the "correct change" and from possible robberies by thieves.
  • Building the structure of a cashierless store is very expensive.
  • For older people, it is not easy to approach this technology.
  • There is no cashier at the till, so the human touch is missed.

Let us now discuss the cybersecurity issues to consider:

  • Data profiling by stores towards users by making targeted advertisements, etc., based on purchases made.
  • Using cameras to frame customers' faces at the entrance to prevent identity theft and to avoid customers having to always scan its QR code ID (Example: Amazon Go).
  • The technologies used evolve often and the risk of cyberattacks by malicious people is very high because these systems are always on 365 days a year.

For these described points, there are some solutions:

1.)  The stores should explicitly ask if the customer wants targeted advertisements based on purchases made.

2.)  Honestly, I am not aware of any debates in the U.S. for Amazon Go, but in the European Union they are trying to ban facial framing for GDPR reasons and replace it with only QR code ID, but a question arises for me: If the store does not use facial recognition and someone steals my smartphone, will the thief do the shopping for free?

In my opinion, the best solution would be to adopt biometrics (e.g., fingerprint in Android systems or Face ID for Apple systems) to "unlock" the QR code because biometrics allows the customer to be uniquely identified.

Obviously, the biometric data should remain in the customer's smartphone and not shared with the store - otherwise privacy will go out the window!

3.)  A plan should be established to update the technologies used and monthly penetration testing plans should be implemented to avoid possible cyberattacks from malicious people.

Here we come to the conclusion: we have talked about the technologies used to make these cashierless systems, their advantages, disadvantages, and cybersecurity concerns.

I don't like to conclude with apocalyptic or negative phrases, but I would like to end the article with this question that should give us pause for thought:

Would you skip the checkout queue to gain time by giving up the privacy we all desire (but magically forget when convenience presents itself) or, if you are truly a "guardian" of privacy, would you wait patiently for your turn in the queue?

Hoping for an answer to this question, I would like to thank everyone who made it to the end of the reading and the editorial staff for publishing my article.

See you next time!
Return to $2600 Index