Schneier on Security
A blog covering security and security technology.
« Notary Fraud |
| Separating Data Ownership and Device Ownership »
November 29, 2006
Photo ID Required for Pancakes
Posted on November 29, 2006 at 12:47 PM
• 48 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
That would actually make it easier to "dine and dash"! Just produce a fake id giving them a false sense of security.
@Tim - Sounds fair - I think they already serve fake pancakes.
Don't forget, sausages require a notary public.
It wouldn't be easier to just set it up like a tab? You either deposit cash or they swipe your CC >first
If you dash, you've already paid.
If you're worried about dine and dash the better solution would be to handcuff the customers to the booth.
Uhm... just, wow. I've heard of strange requests for ID before, but this takes the... pancake?
They could make it like a roller coaster-- once you're seated, an overhead bar comes down and keeps you in your seat until the POS verifies that you've paid.
I gotta better idea - simply put RFID chips in the food, and a reader at the door! Pay the bill, the chips get burned.
Next is Digital Pancake Management. (You can't eat your pancakes with someone else's digits.)
Just another excuse for Control-Freak Behaviour.
* how about a thumb print to confirm their order?
* how about taking a timestamped picture of the diners after you've served them their food?
* how about a 10% discount given randomly each hour, based on license number?
40 people were ready to give away their identity cards to an unauthorized person in a restaurant for a considerable amount of time. Go figure.
If you don't like, leave!
"If you're worried about dine and dash the better solution would be to handcuff the customers to the booth."
Is there and ankle shackle option? I use both hands when I eat.
Why is it that we have to pay for movies in advance but we get to eat our non-returnable food before we pay? IHOP could just make customers pay their bill before they deliver the food.
It would be far better to have a nice high-res gallery at the entrance of the IHOP of those that dine and dash locally. Most of the IHOPs I’ve been in have what appears to be a security camera at the entrance so extrapolating that information wouldn’t be too difficult.
Who would want to be posted on the IHOP Wall of Dashers? Imagine if they posted them online, along with a video of them dashing out without paying – priceless.
They could even offer picture keychains with Dasher of the Month/Year to help recover the costs.
Certainly you may have my drivers' license. Do you have the $10,000 bond *I* require before turning it over to you?
If he does, take it and "dash without dining." :)
Why don't they just arm the guards with shotguns and tell them to shoot anyone who dashes out without paying? No need to worry about identity theft using this procedure. ;-)
A friend of mine years back worked at a restaurant that offered a bounty on caught dashers. The staff behavior profiled the diners, and learned to pick out the nervous ones. They would then write the down the plater numbers of all cars parked out front. When the dashers dashed, the staff would just note which car they left in, and report the corresponding plate to the police. I asked about stolen cars, but he said the catch rate was 100%
I've been in only one American restaurant that required that you pay when placed your order, because of the "dine and dash" problem. It was an all-night diner in a tourist town, which was (judging by who else was eating there) also pretty popular with the teenage crowd. They had big signs apologizing for the inconvenience, and reassuring us that it was only because of other people. Anyway, when we all sat down to eat, our waiter didn't ask us to pay in advance. I surmise that it was because he had the option of asking us to or not, and he figured an adult group of 4 wasn't going to dash.
Of course I've been in hundreds of sit-down fast food restaurants were I also paid before I ate.
An excellent and practical suggestion. It covers everyone's interests, and is not intrusive to honest customers.
You should forward this to IHOP. Seriously.
"An excellent and practical suggestion. It covers everyone's interests, and is not intrusive to honest customers."
Yes, giving the staff an incentive to catch cheaters has some merit. I see a potential problem here however; it will only be a matter of time before a company beancounter decides that it is more efficient to use CCTV to record the cheaters licence plates. Once that happens, you have the beginning of an intrusive system.
@Rich and Anonymous
Somehow I can't imagine this covering a busy restaurants interests, especially when staffed by mostly minimum wage (or less) workers who are probably busy. Keep in mind Dine-and-Dash is usually a crime of opportunity and guts...it's easier to commit when the restaurant is crowded and the staff is overworked/harried/distracted. In these settings, do you *really* think someone will walk outside to write down all license plates in the lot that may or may not belong to actual customers? What about restaurants inside a mall? Or that share a parking lot with other businesses?
It's a good idea and can certainly work in specific, limited circumstances, but I don't think this has "corporate procedure and best practice" anywhere in it's future.
"Dine and dash" is also known is some circles as "lick and leave", depending of course on your preference.
Dine and Dash can be countered very simply. Sit the perceived higher-risk customers further from the entrance. Really. Then pay attention to them, which the last time I looked was a good way to keep customers whether they pay or not.
I'd love to see the numbers here, how many people gave up their ID and how many decided to eat elsewhere.
When I read the title I thought that you meant that pancakes had to have their photos taken. The wondeful ambiguities of the English language ;-)
Two connections that struck me. (1) Massachusetts is still using the social security number for the driver license ID #, just as they were back when I had one 20 years ago. The ID theft aspect would be much lower if the SS # wasn't used on the license.
(2) It seems like the management was asking for DLs from all diners. Similar restaurants (like Denny's and Cracker Barrel) have historically taken a different tactic - ask for IDs, require prepayment, or simply deny service to folks who are profiled as high-risk - typically, darker-skinned people, as lawsuits against both of these restaurants have shown. By doing the same thing for everyone, this IHOP probably hoped to avoid the accusation of racial profiling and/or discrimination (or, more optimistically, to avoid racial profiling and discrimination). There's a balance of competing interests going on here - probably the wrong conclusion on their from both a PR and a security perspective, but I understand where they were coming from.
Sit everybody in a circle and nobody can leave until their two neighbours have seen them pay, and can quote their receipt number via a coin-toss protocol.
I may not be on the right track here, but does IHOP require you to pay (after you've eaten, of course) at a counter by the exit or do you pay at your table? If you pay at a counter by the exit and people are dining and dashing, wouldn't the solution be as simple as telling the person working the counter not to let anyone leave without paying? Wouldn't a security guard stationed at the door simply be able to ask to see a receipt before people leave?
This seems like some dense, enterprising IHOP-CEO-in-the-making manager's weird solution to a simple and (I would imagine) ubiquitous problem.
I saw that too. This guy is an idiot for having his SSN on his license and thinking he is protecting himself.
MA started giving people the option to NOT use SSN on their drivers license OVER A DECADE AGO! Yes, when I FIRST got my license... it was then an OPTION to have it not be your SSN.
Now I don't even think you have the option unless you already have a license, then I THINK you can still choose to keep it if you want.
Stupid stupid stupid.
I will note, the article does not say whether he has an out of state license. Maybe he is one of those tax dodgers who establishes a fake residence in NH for registering his car?
It would make some business sense to have diners pay while waiting for their meal to be cooked.
(for the honest customers) When the meal is finished, there is no need to delay parking lot departure with a stop at the cash register. Just leave. It decreases conjestion near the entrance, where most restaurants place their registers.
Of course, prepayments pose a problem for the wait staff, whose income is supplemented by gratuities/tips. How does a customer calculate the tip if they haven't received their service?
A local cafeteria addresses this problem by adding group counts to their tickets, limiting exit line widths to a single person, posting signs that state an expectation that the entire party will leave at the same time ("Stay With Your Party"), and challenging anyone who attempts to leave without paying ("Where's your group?")
@Rich: Plus after a couple of years training at IHOP, they could work at TSA as airport security "behavior analysts" (at least they could if Bruce ran TSA).
@Ed T:Ohio requires a photo ID to vote. (and also has optionally allowed SSAN removal from driver's licenses for ~10 years, I believe now it is no longer an option to INCLUDE the SSAN)
Yes, you pay at the counter/front desk at an IHOP (and at the other restaurants that have their racial profiling against dine & dashers). The root of the problem is that in many older models of these restaurants (unsure about the IHOP in Quincy (local.live.com: http://tinyurl.com/y236cg - click on birds-eye view & you can see it pretty well) the restrooms are on the other side of the front desk, so there's a pretext to leave without paying, so to speak. With 2 kids, I often get the entire family out out the door of many restaurants without paying. (I go back and pay!) Newer IHOPs (and others) that I've been to typically put the restroom entrance on the far _inside_ of the dining room. Retrofitting would be prohibitively expensive, one imagines.
The photo ID is mainly just for the Original Buttermilk Pancakes. They put a block on a credit card if you intend to order the Stuffed French Toast Combo.
We need a national database of dine and dashers. Or maybe the security guards should receive profile training so they can spot the dashers as they walk in the door.
The food isn't strictly non-returnable. I've only once had food so bad I sent it back. (I've also a few times mentioned something that wasn't right, and just been given a complete replacement of the meal, without asking for one).
Whether you think it's a good idea to prevent that or not, I don't know. But, by making the payment up front, you're moving to a presumption that the meal will be of a sufficiently generic / bland quality that there would be no notion of sending it back. Which at IHOP probably makes sense.
>That would actually make it easier to "dine and dash"! Just produce a fake id giving them a false sense of security.
Surely fake IDs cost more than pancakes?
I hate to say it but IHOP does not seem far removed from the concept of vending machine food so perhaps they could just reverse their model to pay-first-then-eat. Would the IHOP customer really suffer any more than if they paid at the end of the meal? This would serve the need for pancake eater anonymity, while removing the risk of dashers...
Many of the ideas are good but they assume a person is actually going to dash. Most Dine and Dash folk simple stand up to go to the bathroom and then walk nicely out the door a bit later. I have also seen people take that little black check book and put a few dollars in, when the staff goes by they think they paid but alas they did not. I think pre-pay works the best. So many places do it and no one seems to care or argue, fast food, truck stops, and some fine dining places I have been to. By the way, no one here seems to care that you hand over your CC when you are at the table, many minutes later it returns. Where was it? Maybe people were writing down all the info on it in back, or maybe it went for a joy ride around town in Dads car. Pre-pay you can at least keep an eye on your card at all times, thus helping stop CC fraud.
We have a saying in Holland:
Only in America.
"Compare a stored-value card with a debit card. In the former case, the card owner can create money by changing the value on the card. For this system to be secure, the card needs to be protected by a variety of security countermeasures. In the latter case, there aren't any secrets on the card. Your bank doesn't care that you can read the account number off the front of the card, or the data off the magnetic stripe off the back -- the real data, and the security, are in the bank's databases."
Here you ignore the fact that this makes the bank an intravenous attacker providing backdors to any transaction and data security an illusion.
Arent you forgetting the secure solution of Digital Cash? Sure Digital Cash should be combined with a number of protections of loss etc. ,but it is inherently much more secure than any credit card model will ever be.
UPS - somehow got in the wrong thread, sorry.
What, no pancakes in Holland? Shame. Once you get past all the security, they're actually quite tasty.
Americans obviously need a national "no eat" list to prevent this. If your name is on the list, you can't buy food.
This is really irritating, because it was not a company policy, it was devised on the spot to deal with a real problem, and it's only an issue because allegedly seeing someone's ID can enable or simplify identity theft.
There are some policies and facts of reality (payment policy, physical layout of the store) that an individual store simply cannot up and change, so some manager improvised. Woopee.
I'm trying to derive a point from all this. We aren't supposed to use photo identification for identification purposes? State-issued photo ID is inherently flawed somehow? Some underpaid IHOP supervisor made an easily criticisable decision in haste? OK, I can buy that last one.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.