The fight back: loyalty card subversion

J Sainsbury, Colliers Wood. This photo's been used before on the blog

It’s inevitable that for every attempt to cajole or impose control on users, there will be some people who seek to avoid or circumvent it. As Crosbie Fitch put it in a recent comment, “humans are designed to explore the parameters of their environment and to adapt to them”.

Supermarket loyalty cards are an interesting example of this. Whilst not a rigid method of control – more a method of persuasion – their ubiquity and fairly clear agenda make them common target for intentional avoidance, or subversion. For every person who hasn’t signed up out of just-not-being-bothered, there is probably at least one who doesn’t trust what will happen to his or her data, even if it’s only a vague feeling of unease. And there is a small segment of customers who will (admirably) attempt to manipulate the system, either for their own gain, or simply out of an inquisitive or rebellious spirit.

Image from Cockeyed.comImage from

Rob Cockerham’s ‘Ultimate Shopper’ is one of the most famous (and apparently successful) ‘white hat’ attempts to subvert a loyalty card system: Rob replicated the barcode (scanned by the cashier) from his Safeway Club card, and sent out dozens of copies of it to friends and readers of his website, with the aim of creating an ‘interesting’ customer profile on Safeway’s system: one who bought vast quantities of products each month, right across the country:

I want to take the credit for all of my shopping, and for your shopping too!

Anyone who does this will be lumping their shopping data together with mine. Together we might amass a profile of the single greatest shopper in the history of mankind.

You will still get club card savings, but you will miss out on the odd promotions they have from time to time. Actually, some promotions are awarded at the register, so you may continue to benefit from those, although the rewards will be utterly unpredictable.

Actually cloning the data on the magnetic strip, to create a more foolproof (and less detectable) set of cloned cards, would be another step. Depending on the structure of the supermarket’s loyalty scheme, there may well be thresholds above which the ‘rewards’ for customers increase substantially, and assuming the participants in the cloning scheme can work out a fair or acceptable way to share their rewards, this could mean greater benefits for all of them than actually using their cards individually.

An alternative scheme is Rob Carlson’s ‘Giant BonusCard Swap Meet‘ where card-holders from Giant (“a large supermarket chain in the Baltimore/DC area”) swap details with other card-holders in order to give themselves more privacy – from a 2003 article:

Carlson’s site works like this: You enter your Giant card number on a form. It puts this number into a pool of numbers gathered from participants. Drawing from this pool, it displays for each visitor a bar-code replica of someone else’s number, allowing the visitor to print it out and tape onto his or her own card. Should you actually take the time to do this and then visit the local Giant to use this card, you are, to Giant, someone else. If enough people do this, the argument goes, Giant’s shopper profiles are rendered muddied and ultimately useless.

A Wired article from 2003 on Rob Cockerham and Rob Carlson’s projects.

Are there other similar examples?

[An additional aspect of supermarket ‘fight back’ borders on actual theft but is surely extremely common: when supermarkets’ self-service systems (e.g. for weighing loose fruit and vegetables) allow customers to print out an appropriate barcode label, there’s also (inevitably) the possibility of the customer, er, adjusting the process in his or her favour. If I buy an organic apple that costs more per pound than a non-organic apple, and ostensibly looks the same, what’s to stop me entering the details for the non-organic apple and thus paying just for that? There may be CCTV watching the self-weigh units, but is the resolution good enough to tell the difference between different types of apple? Will the checkout assistant be able to tell the difference?

Of course, where these self-print systems are used in conjunction with self-scan systems (where the customer uses the scanner), there’s even more potential to ‘get away’ with things, whether that’s just under-weighing your goods or just pressing the button for the cheapest item each time – often, in the UK, onions – no matter what you’re weighing. There’s also significant potential for legitimate mistakes here. Since the CCTV can’t read at that resolution, and you have a barcode for each item, you’d probably get away with it. Please note, I’m not advocating this, just pointing out a particular weakness of this aspect of retailing technology.

Getting back to the point, if the above onion trick is combined with a loyalty card which tries to build a customer profile, we’d end up with a customer who buys an enormous amount of onions and no other loose fruit or vegetables. That might be suspicious in itself; if the customer has a loyalty card, he or she could be identified and investigated; otherwise there would be no way of tracing the mystery onion-buyer. Thanks to a friend for this observation]


  1. Josh D.

    Using the wrong bar codes or cheating the self checkout is shoplifting; no different from switching the tags from a cheap item to an expensive item.

    However, the loyalty cards have become almost a necessity at the chain supermarkets I shop at. The discount prices are often what the normal prices should be.

  2. There’s one small flaw in his “Greatest Shopper Ever” plan though.

    Unless everyone pays cash, they can easily separate out the different clones based on Checking/Credit Cards.

    Great idea though, especially if he gets points 🙂

    Happy to order a supplemental Air Miles card on my account for anyone who wants one. 😉

  3. I did a project similar to the swapfest but taking place only online. It’s pretty simple and easy to use and quite a few people have used it to swap their loyalty cards with others. You can check it out at:

  4. Guy Hermann

    I found that CVS, the local drugstore chain, will give out loyalty cards without any ID. I get the discounts without giving up any information. I get a new one on a regular basis.

    I wonder if I can do this at other stores?

  5. Another idea I had that I have been on the verge of adopting, but consider may be too onerous for the marginal satisfaction it could give me is this:

    Cashier: “Oh, do you have a Tescafewaytrose Loyalty card sir?”

    Me: “Why certainly, but as part of my current promotion, if you present your Crosbie Fitch card I can give you a 5% surcharge on all my purchases today – as reward for meeting my highest expectations.”

    Cashier: “…”

    Me: “You do have a ‘Crosbie Fitch’ card, don’t you?”

    Cashier: “Er… no.”

    Me: “Application forms are available by application to my home address. Membership is free too!”

    Cashier: “I’ll take that as a ‘No’ then.”

    Me: “Au contraire. I have my loyalty card right here.”

    Ad nauseum… 😉

  6. Pingback: BambisMusings - Musings from a little deer? » The fight back: loyalty card subversion

  7. Back in ~2000, I forged my application for the omniscient Nectar card, as a single mum with four kids[1]. I also gave them a completely bogus address. Did I subvert the system? Well not really. Since I’m paying with my regular debit card much of the time, any half-decent DBA should be able to associate my Nectar card with the real me. Still, they obviously don’t pay very close attention to the details you give because they didn’t disable my card. I’m still racking up points and redeeming them on the increasingly rare occasions that I go to supermarkets.


    [1] For the benefit of readers of this comment, “single mum with four kids” is wrong about me in at least three major characteristics.

  8. Pingback: After Issue Crawler

  9. liz

    college students can also (unintentionally) cause muddled profiles, because of the way safeway tracks your information. your club card is linked primarily to your phone number, and phone numbers are handed down with dorm rooms.

    i still use the club card that’s linked to my old dorm room, but it’s certainly not in my name. and i know i’m not the only one using it, because someone else is buying an awful lot of deli sandwiches.

  10. Devin

    I’m not sure how subversive those swap meets are. Sure, they prevent grocery stores from marketing specifically to you, but while, say, Amazon might love to do that, I don’t think Giant or Safeway is really trying to. They seem to be trying to get an aggregate more than your details, and swapping your bits with another customer’s doesn’t prevent that.

  11. Pingback: Has the internet made us less - or more - isolated?

Comments are closed.