Tuesday, August 5, 2008

Speedpass, a Loyalty Gadget

Exxon-Mobile’s Speedpass Card (See Speedpass.Com) is a high tech loyalty program that Hoffman (2005, pp 312-314) calls Loyalty Gadgets. These loyalty devices are similar to the loyalty cards of traditional rewards programs but customers can load initial cash balances and reload cash as needed onto the card, or they involve a more convenient high-tech gadget than the traditional credit card.

In the case of Exxon, the Speedpass Card is a convenience for their customers, extending interactive social media to the gas pump. As an incentive for joining customers usually get a rebate on gasoline for the first 90 days of use. For business users, it also provides handy accounting of fuel purchases. Hoffman also notes (p 312) that these loyalty gadget cards create “a sense of belonging” to compliment the convenience and rewards. There is also a novelty to the experience that is “cool” adding to a sense of modernity.

According to Hoffman (p 313), the benefits to Exxon are that customers appear to “spend more when they don’t see the money.” ExxonMobile reports that Speedpass customers spend 15% more than non-Speedpass customers. Exxon now has in excess of five million members according to Hoffman (p 313). Covvenience is reflected in the bottom line.

In addition to use at Exxon Mobile affiliated locations, Speedpass is expanding into the fast food retailers with McDonalds. The customer database can be used by McDonalds to offer the same convenience provided at the pump. In addition to key fobs, Timex is now partnering with Exxon Mobile to have Speedpass enabled watches.

The downside is cost. Hoffman notes the following costs: 1.) Advertising; 2.) Card reload costs; 3.) Synchronizing provider’s inventory management system; and 4.) Scanning technology.

Hoffman, K.D. (2005). Loyalty Gadgets: The Marriage Between Technology and Loyalty Marketing. Marketing Principles & Best Practices 3e. Thomson/Southwestern.


Heidi M said...

Hey George--have you actually tried this out? I haven't ...yet! I heard once that their was a high risk for identity theft and misuse with the loyalty gadgets that function like credit cards. Did you run across anything like this? Is it a myth? Is it true?


George said...

Hi Heidi,

I have read that Johns Hopkins grad students with their faculty advisor were able to hack into the Texas Instruments RFID Digital Signal Transponder (see http://www.jhu.edu/news_info/news/home05/jan05/rfid.html ) used in Speedpass and numerous other applications such as electronic access to automobiles.

The information they get for their troubles is the RFID user-code itself. For car access that may be a problem because it is the only barrier between someone and your car. With Speedpass, on the other hand, there are other security precautions taken including the normal fraud detection procedures used with credit cards. As Sherrie says (see http://www.aim.org/sherrie_blog_entry/P2787_0_18_60 )

“Thus an attacker that simulates a target DST cannot do so with complete impunity; suspicious usage patterns may result in flagging and disabling of a SpeedPass device in the network.”

The failing in the TI chip is that it uses a 40-bit encryption home grown scheme instead of the ISO Standard 14443 based approach. According to CIO Insight (see http://www.cioinsight.com/c/a/Supply-Chain-Management-and-Logistics/RSA-Finds-More-Security-Flaws-in-RFID/ ) “TI has no immediate plans to stop using the proprietary 40-bit cipher in its DST-40 tags. Customers that choose DST-40 tags from TI's lineup are generally seeking a combination of low pricing and quick processing speeds.”

TI is still selling transponders with the 40 bit encryption. (See http://www.ti.com/rfid/docs/manuals/pdfSpecs/RI-TRP-BRHP.pdf) but I do think they make a good point. Only highly sophisticated hackers could crack their code. The idea of someone that talented using it to steal your RFID user code so they can occasionally buy a tank of gas on you seems unlikely.

TI does sell transponders with the more sophistitcaed 128-bit encryption. I called ExxonMobile to find out if they had made the decision to upgrade. None of the Speedpass representatives had heard of the Hopkins study nor had any information about it or the inner details of the key fob. Here is their number.
1-87-SPEEDPASS (1-877-733-3727).

The only problem with PII theft for me was in 1996. Someone was using my credit card number and I was quickly notified by the bank issuing the card. They were able to detect the fraudulent usage pattern.