When you're stacking up grocery items at the checkout line, you're probably not worried about whether your supermarket chain is compiling a profile of you based on what you buy, and storing that information for its own use. After all, who cares if you buy one brand of tissues over another, or favor name-brand microwave pizzas over store brands?

Supermarket chains care. So does CVS. So much so that they use discount cards (referred to as "membership" or "loyalty" cards) to offer you what seem like great bargains. They use the cards to keep tabs on what you purchase, how often you shop, and what your buying preferences are.

And, just as data brokers like ChoicePoint collect personal data and use it to build an aggregate "profile" of individual consumers, supermarket chains use their stored data to target buyers with "special" offers and "preferred" advertisements from their marketing partners.

This is not a uniquely American phenomenon. Everywhere a supermarket, pharmacy, or department store can be found, anywhere in the world, you can assume there's a "discount rewards" program in place to provide customers with benefits that go "beyond mere shopping," as one writer put it in the May 29th edition of the Hindu Business Journal.

"You need to be a compulsive shopper to make the best of the loyalty cards. If you visit the store just once a year or like to comparison shop, these cards may not have much to offer," the article noted.

The recent news that CVS ExtraCare card users' information was exposed on the company's Web site illustrates the risks that loyalty card programs entail. The question then becomes, what is more important -- saving money or protecting your privacy?

What's The Big Deal?

According to a 2004 poll conducted by Boston University's College of Communication, 86 percent of American shoppers use some form of store card or discount card, "and the majority of them say the benefits of the card are worth giving up some privacy." A Canadian Broadcasting Corporation (CBC) article in 2004 stated that 76 percent of Canadian consumers belong to at least one loyalty program. A British advertising column boasted that loyalty card programs had achieved "85% consumer penetration" in the U.K. circa March 2005.

Loyalty card users enjoy discounted prices, special coupon offers, and rebates or "points" towards airline tickets or shopping sprees, much like credit cards. In addition, many loyalty card programs offer tangible benefits such as CVS's plan to designate pharmaceuticals purchased with their card as qualifying for medical Flexible Spending Accounts (FSA's), or the Upromise plan, which allocates portions of money spent using participating stores' loyalty cards to your children's 529 college savings account.

Many users consider the idea of targeted marketing a boon -- if they like one kind of product, why wouldn't they want to get offers for similar products?

Most shoppers approach loyalty cards with a mixture of weariness, indifference, and amusement. Technology writer Declan McCullagh succinctly stated that "nobody's forcing shoppers to sign up for such cards. If you don't like stores that offer them, take your business elsewhere." Or as blogger Jane Hauntanen put it, "Now people will know [I] bought a roll of dental floss at 7:49 PM at CVS and paid two dollars for it. That is an invasion of my privacy. Of course if it bothered me that much, I could just pay cash and forget about the savings."

However, many shoppers are increasingly aware that loyalty cards are being used to compile profiles of their shopping habits for later use, and that this data can be farmed out to business partners, telemarketers, and direct-mail solicitors. What isn't public knowledge, however, is how often discount card programs themselves are outsourced to other companies.

Outsourcing for Discounts

Running a loyalty card program is big business, and often incurs heavy administrative costs. CVS' ExtraCare program netted it an extra 30 million shoppers and $12 billion a year in revenue across its 4,000 stores, but the extensive hardware and software implementation necessary to run such a program has kept other major drug store chains from introducing similar programs.

Many retailers turn to third-party merchants and marketers like Arthur Blank and Alpha Cards to design and develop their discount card programs. Alpha Cards' customer loyalty program boasts of using magnetic strip and "smart card" technology to "[o]ffer your customers product discounts and points toward merchandise, and record valuable data about their buying preferences at the same time." The CardWerk company advocates using smart card technology at point-of-sale transactions to reduce fraud, improve usability, and "maintain customer loyalty."

Details of loyalty points and the point-gaining transactions are being captured by a stand-alone card terminal and transferred to a PC or a back-end server for further analysis. The loyalty software maintains a complete database of all customer rewards and reward suppliers.

It's not an unreasonable concern that customers' buying profiles will be as vulnerable to fraud and misuse as their credit card numbers, particularly if the third-party companies practice lax security measures. Technology newspaper Information Week reported in May of 2004 that "Unisys chief security adviser Sunil Misra [discussed a] case where a member of the senior IT staff at a large supermarket chain created a secret back door so he could access and sell protected information."

Valuetec, a leading provider of gift and loyalty cards to businesses and retail store chains, recently partnered with credit card payment processor CardSystems to provide "comprehensive gift card and loyalty card products", as well as implementing "stored value systems", where a customer gets a set point balance on their card, which replenishes when they make purchases at the sponsoring store. CardSystems was the vendor responsible for 40 million Visa and MasterCard users' data being exposed to potential theft in June 2005.

So what kind of things can happen if stores know your buying habits? What are the ultimate goals of all this data collecting?

Inside the Shopping Cart

Supermarkets and retailers who have profiles on their customers via loyalty cards often outright admit to trading or sharing data with "preferred partners." Safeway's privacy policy, for instance, states the following:

We may share information with affiliated companies or third parties as necessary to fulfill your on-line grocery order or other requests for service, and as necessary to obtain payment for products and services we may offer. (Third parties with whom we share information to assist in completing orders do not have the right to use personal information provided to them beyond what is necessary to complete the order.) We also use this information to contact you if you have won a contest or sweepstakes. Safeway may use this information to give you personally-tailored coupons, offers or other information which may be provided to Safeway by other companies.

Safeway's policy also states that an incredible amount of information is collected when you apply for a card and use it regularly, such as the following:

Safeway only collects personally-identifying information from customers when customers apply for a Safeway Club Card; enter sweepstakes or other contests when using your Club Card or other means of entry; visit our web site -- www.safeway.com; and purchase groceries or other items with a method of payment that contains personally-identifying information. "Personally-identifying information" means your name, address, bank account, credit card number, telephone number or other information by which you can be personally identifiedSafeway does collect additional information from Safeway Club Card members. The information we receive depends on what you do when you visit our stores and use your card. We collect and store your name, address, home telephone number, and birth date if provided by you. If you are in an area where we offer electronic checking and apply for this service, we also ask for information such as your driver's license number and bank and credit card account numbers. When you make purchases, we record data about the transaction, including the amount and content of your purchases and the time and place these purchases are made.

All of that just for buying some Hot Pockets and Mountain Dew. The amount of data collected via loyalty card programs would be the envy of any information broker, and supermarket chains do not hesitate to share it when they wish.

In a headline-making case from August of 2004, Philip Scott Lyons, a firefighter from Everett, Washington, was arrested and accused of arson after a police canine unit sniffed out a fire starter unit hidden in his home with a Safeway label attached. Safeway provided the Lyons' purchasing history to the police, revealing that they did buy the fire starter a month earlier.

The charges were later dropped when another person came forward and confessed to the crime. The fact remains, however, that Safeway provided a customer's personal information to law enforcement, thus skirting the Constitutional and Federal laws that prohibit government and police agencies from collecting personal information and creating databases.

Prior to CVS' Extra Care debacle, General Nutrition Centers' Gold Card users had their personal information posted on a Web site by one of the company executives in 2003. The executive was selling the information to a partner company via a "loophole" in its privacy policy.

On a more basic level, the data collected about your buying habits can be used for everything from custody hearings to psychological profiles to decisions regarding employment. Buying condoms? Must mean you're sexually active, and possibly an unfit parent or health risk. Buying weight-loss diet pills? You might end up with a higher health insurance premium or unexpected physical evaluation at your job.

Moreover, studies have found that loyalty cards' primary purpose -- to offer savings to members -- do no such thing. In fact, stores that use loyalty card programs actually increase the regular prices of items for non-club members, making purchases more expensive for all buyers and reducing the margin of card members' saving to almost nothing. "Everyday" items can be marked up from 28-71% after card programs are introduced.

The most subtle and insidious side effect of loyalty programs appears to be a growing "class" strategy of marketing, focusing on the richest and most frequent shoppers and excluding "negative return" or "undesirable" customers.

Dr. Martha Rogers, a "customer loyalty consultant," performed studies that identified several classes of customer from "Most Valuable Customer" to "Below Zero," those that provided little or no profit in terms of shopping. In the words of a Customer Retention Association article discussing the study:

For every household spending additional money with a retailer as the result of a loyalty promotion or program, there are several times more for whom the same retailer invests marketing and/or communication funds with non-commensurate, even negative, return. Companies involved in loyalty and continuity programs seem much more concerned, and impressed, with top tier results than in looking at the overall picture.

Companies really interested in making frequency schemes part of the overall customer relationship management, or strategic loyalty, program should first look at their customer base with fresh eyes. These fickle and bottom tiers of customers should receive less, or no, investment. Some might even have to be discarded if the company is to concentrate its resources on retaining profitable customers.

Later, the author states that "What works is the company-wide commitment to customers, the ongoing creation of customer-perceived value and 'barriers to exit' which leads to loyalty and advocacy." So it doesn't matter if these programs actually work or not, just if the customer believes they do.

What You Can Do

If the concept of loyalty cards being used as tools to gather personal information troubles you, there are many options to take, including the following:

Get access to your info. Find out how your store controls your information, how it's maintained, and how you can get access to it. Contact their press office and customer service representatives and demand to have your personal profile provided to you. If you want it removed, find out what it will take, if they charge fees, if employees get bonuses for recruiting for loyalty programs, etc.

Opt out. You can always refuse to sign up for a card, and as with any direct-mail service, you can choose to opt out of their "partnership services" or "special offers."

Shop elsewhere. The best way to ensure businesses don't abuse loyalty programs is to vote with your wallet. Support stores that don't use loyalty cards or ask for extensive personal information. Who knows? You might even find more bargains.

For More Information

CASPIAN (Consumers Against Supermarket Privacy Invasion And Numbering) Founded by Harvard doctoral student and consumer privacy advocate Katherine Albrecht, this site is the leading resource for the privacy concerns surrounding loyalty cards.

Food Marketing Institute A business-centered organization that provides services to supermarket and food store chains. A good resource for understanding the industry's perspective on loyalty and discount cards.