Point-of-Sale Privacy, Solved by Blockchain

November 19, 2018 John Koon

Data privacy laws like the European Union (EU) General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) are complicating business for retailers. While these regulations improve consumer privacy, they also present significant risk for retailers who handle an increasing amount of personal data.

And the impact of these new rules goes beyond e-commerce. The legislation also has important implications for in-person transactions, requiring an effective data protection and management system integrated into all company point-of-sale (POS) systems.

To address these issues, retailers are turning to blockchain technology. Vendors of consumer goods and services are now installing it on physical and online POS systems to ensure proper data handling, from initial transaction throughout the information lifecycle.

Blockchain Rescues Retail Transaction Data

For retailers who want to retain valuable customer information while securing it from tampering or misuse, blockchain is enormously valuable. The technology is based on a distributed ledger, which provides a decentralized system for sharing and synchronizing data across multiple nodes within a network.

As its name suggests, a blockchain is a series of encrypted data elements (blocks) that contains information about a given interaction. Every block is “chained” to the previous entries by applying a cryptographic hash to the entire chain (Figure 1). As a result, modifying one block will trigger the same alteration in all preceding blocks.

Figure 1. Blockchain uses distributed ledger technology to approve transactions using multiple independent nodes. Once approved, transactions cannot be altered. (Source: G2 Crowd)

Any attempt to tamper with a given block would have to be conducted such that the manipulation could be reconciled by all ensuing blocks. A larger blockchain is therefore more difficult to change, as successfully altering more and more encrypted blocks without the other stakeholders noticing requires both luck and an increasing amount of computational power. Very quickly, the cost-benefit analysis becomes a losing proposition for would-be tamperers.

In this way, the distributed ledger provides an immutable transaction log. Furthermore, when an update occurs, all of the nodes in a specific ledger must collectively approve the transaction through a “voting” process that validates the interaction’s authenticity.

The voting approval process further minimizes the likelihood of data tampering, as well as mismanagement, because no single node has the authority to update the ledger on its own. Of course, having all of these nodes participate in transaction approval also comes at a cost to the blockchain owner(s), both in terms of latency and computational resources.

In a retail context, the blockchain can incorporate transactional data such as contract IDs, signatures, and costs. This enables two primary applications of the technology for retailers:

  • Tracking, which determines ownership across a supply chain. This could be used to verify the source and handling of food products as they transit from the farm to the store, for example.
  • Smart Contracts, which automate reordering or purchasing based on a contract already stored in a blockchain. Blockchain-based Smart Contracts make information such as ordering, costs, and shipping time indisputable.

Given blockchain’s robust security and data management features, it can competently withstand third-party scrutiny during litigation or compliance audits to regulations such as GDPR or CCPA.

Blockchain for Retail POS

Modern retail environments engage customers in multiple ways over the course of time. Common touchpoints include social media check-ins, online and in-person advertising, POS transactions, and loyalty payments.

To bring all of these interactions in compliance with regulations, IntraEdge offers a blockchain-based solution called GDPR Edge. Built in partnership with Intel®, GDPR Edge is designed to help retailers integrate data management, protection, and compliance into their business systems. It addresses POS, e-commerce platforms, call centers, mobile apps, kiosks, or any Internet-based interaction mechanism.

With the solution in place, retailers can map data use, track consent agreements, maintain version control, and view service orders down to the individual user. In addition, GDPR Edge stores opt-out lists and “forget me” requests to prevent retailers from sending marketing messages to the wrong person.

GDPR Edge technology components include a blockchain ledger, centralized data lake, API workflow engine, and custom user portal, each of which can be tailored to deployments of any size (Figure 2).

Figure 2. The GDPR Edge solution from IntraEdge includes a blockchain ledger, data lake, and API workflow engine that can be integrated into multi-system deployments for retailers of all sizes. (Source: IntraEdge)

The GDPR Edge solution can be hosted on-premises on a private server and is also compatible with Microsoft Azure or Amazon Web Services (AWS) cloud platforms. It also offers connectors through the API workflow engine for seamlessly integrating enterprise applications such as Salesforce, ServiceNow, and Dynamics into GDPR Edge.

Intel® Software Guard Extensions (Intel® SGX) for Secure Retail Data Retention

GDPR Edge is powered by the Intel® Software Guard Extensions (Intel® SGX) Sawtooth Lake Blockchain implementation, a modular, open-source distributed ledger technology that enables the following capabilities:

  • Different types of approval and voting within the same blockchain
  • Support for Proof of Elapsed Time (PoET) consensus
  • Parallel execution of transactions for higher performance
  • High scalability

Intel SGX protects code, data, and information like an endpoint’s IP address from disclosure or modification. As a result, POS systems that integrate Intel SGX technology eliminate the need for all nodes in a blockchain to validate updates through the voting process.

Because Intel SGX can be used to verify the transaction source node is trustworthy and secure, retailers can significantly reduce the computational resources and execution time associated with voting in blockchain-based data management and security solutions (Figure 3).

Figure 3. With Intel® Software Guard Extensions (Intel® SGX), implementations of Sawtooth Lake Blockchain such as GDPR Edge can reduce the time and compute requirements associated with node voting and approval. (Source: Medium)

Data Privacy Compliance for Retailers, Auditors, and Consumers

As data privacy becomes more and more of an issue in our digital age, multiple stakeholders may require visibility into how a system manages and protects data across the information lifecycle. These stakeholders include retailers, auditors, and users, and GDPR Edge gives each of these personas the ability to access and manage data through different portals.

For consumers, platforms like GDPR Edge provide peace of mind in knowing that their personal data is protected from loss, theft, or mismanagement. For auditors, access allows easy compliance monitoring and management. And, of course, retailers safeguard themselves from data tampering, allowing them to maintain good standing in the marketplace and protect their reputation from the fallout of data breaches.

About the Author

John Koon

John Koon’s current roles include embedded technology research and publication. He was the Editor-in-Chief of the RTC Magazine and COTS Journal. Additionally, he has published numerous technical articles, blogs, and ebooks. His areas of research include aviation, AI, autonomous driving, robotics, automation, medical innovations, wireless technology (including 5G and low-power WAN, fog computing (beyond cloud), IoT, NB-IoT, and LoRaWAN), cybersecurity, blockchain, M2M, software, aerospace, manufacturing, and COTS advancements. He holds a BS in engineering (California State Polytechnic University, Pomona) and an MBA (San Diego State University), and had 20 years of management experience.

More Content by John Koon
Previous Article
This Week in IoT: ELVIS Lives
This Week in IoT: ELVIS Lives

The world of IoT is moving fast. Here are five stories from the past week you may have missed.

Next Article
How to Integrate Machine Vision into Industrial Systems
How to Integrate Machine Vision into Industrial Systems