Although the merchant behind the program—Chockstone—stresses a variety of security mechanisms, the nature of the program itself seems to fly in the face of PCI guidelines that discourage using credit card numbers for anything other than payment transactions, similar to the unsuccessful attempts to get American businesses to stop using Social Security numbers as defacto employee and customer identification numbers.
The program, which Chockstone calls SingleSwipe, is supposed to replace the loyalty card and make the tracking capabilities more complete, as customers are much more likely to forget a loyalty card than their payment method.
All of the loyalty information is processed and stored at Chockstone facilities, meaning that the retailer doesn't need to store it in their systems. Even Chockstone doesn't know the original credit card number as it's using a one-way hash. "We don't actually store the credit card number," said Chockstone CEO Jeff Lipp.
Like any traditional CRM/loyalty program, this allows for employees to be given chain-wide information about that customer. With Brinker, for example, Chockstone's system prints out a special receipt for the greeter and it reveals the customer's buying history and whether they are a first-time visitor and if they'd ever visited other stores in the chain.
On a receipt for a consumer who had just used a Visa card was a note: "Use a MasterCard on your next purchase and receive 50 cents off."