[Reading time - 2 minutes 28 seconds]
QUESTION: "Last night I went to a restaurant that I'd never been to before. I used a credit card to pay for my order. When I asked the person at the counter about a receipt, she said that it was automatically emailed to me. And I then received a message on my cell phone that I had just received that receipt. It was like magic. But how did they know my email address? I didn't give it to them. Does the restaurant have something that is reading my email address off my cell phone? Or is my cell phone sending out some type of wireless signal that they can pick up?"
ANSWER: No, it's not magic; rather, it's history.
Smartphones do have the ability to send out wireless signals through near field communication (NFC) which is a set of standards used to establish communication between devices in very close proximity. Once the devices are brought within 4 centimeters of each other or tapped together, two-way communication is established. Devices using NFC can be active or passive. A passive NFC device, such as an NFC tag, contains information that other devices can read but the tag does not read or receive any information. Active NFC devices can read information as well as transmit data. NFC devices are most often associated with contactless payment systems. Users store payment card numbers in a “virtual wallet” on a smartphone to pay for purchases at an NFC-enabled point of sale (PoS) checkout device.
But what happened to you last night had nothing to do with NFC since you used a credit card.
At some point in time in your history you used the same card processor that is used by your restaurant last night. And at that time, you were asked to enter your email address in order to receive a receipt. That email address was saved by that card processor system so that from now on whenever you go somewhere that likewise uses that same card processor it brings up your stored email address and sends the receipt to you via email.
These electronic receipts are rapidly replacing paper receipts. Just last week (May 23 2019) the California state Assembly approved a bill that starting in 2022 it would prohibit businesses from handing customers paper receipts unless customers ask for them; rather, businesses would provide electronic receipts. There are a few exceptions (cash-only businesses, health care providers, and retailers doing less than $2 million in business each year are exempt). If a merchant is caught printing up receipts in violation of the law, they will receive two warnings, after which they could be fined up to $300 a year.
But how can you opt out of receiving your email receipts if you don't know who the card processor is, or if you do not even have an account with them?
Most card processors have a link at the bottom of your email receipt that provides your options. Square, one of the most popular card processors, has a link in their email that says "Manage Preferences." By clicking on it you can then opt out of receiving the email receipts.
However, your email address was also captured and stored by the "original merchant" with whom you first gave your email address (in your case it would not be the restaurant you visited last night). The original merchant can then send to you promotional and advertising emails for up to one year. However, other merchants (like your restaurant last night) cannot send you emails because they do not have your email address: only the card processor and the original merchant have it.
So, no magic going on here. Just some history.
Professor Ciampa is the author of several texts on Security Awareness and Network Security. Mark discusses Near Field Communication - its Risks and Defenses - in his text. These texts are available within MindTap as well. Login into MindTap here. MindTap is available to your students as part of Cengage Unlimited.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.