Privacy-preserving Loyalty Programs

TL;DR

This paper introduces a privacy-preserving protocol for loyalty programs that balances vendor benefits with consumer privacy, enabling anonymous participation and controlled profile disclosure.

Contribution

It presents a novel protocol using partially blind signatures and generalization techniques to protect consumer privacy while allowing profile customization.

Findings

Consumers remain anonymous during transactions

Vendors can request additional profile details for extra rewards

The protocol balances privacy with profiling capabilities

Abstract

Loyalty programs are promoted by vendors to incentivize loyalty in buyers. Although such programs have become widespread, they have been criticized by business experts and consumer associations: loyalty results in profiling and hence in loss of privacy of consumers. We propose a protocol for privacy-preserving loyalty programs that allows vendors and consumers to enjoy the benefits of loyalty (returning customers and discounts, respectively), while allowing consumers to stay anonymous and empowering them to decide how much of their profile they reveal to the vendor. The vendor must offer additional reward if he wants to learn more details on the consumer's profile. Our protocol is based on partially blind signatures and generalization techniques, and provides anonymity to consumers and their purchases, while still allowing negotiated consumer profiling.