The tricky mix of payment, identity and trust

Online payment requires confirmed identity, but who sees what is an open question.

A new O’Reilly/PayPal report on web-native payment platforms, “ePayments: Emerging Platforms, Embracing Mobile and Confronting Identity,” is now available for download. Among the topics covered in the report are the rise of payment platforms, the mobilization of money, and the significance of online identity in mobile commerce.

The following excerpt considers some of the dimensions of online identity in mobile payment applications and what it means to users and payment providers. Additional excerpts from the report were featured here on Radar last week.

To process a payment, the payment service needs to determine who someone is, not only to make sure they get paid, but also to understand their broader interests and preferences so they can deliver an online experience that suggests content, merchandise, and other opportunities.

But the significance of online identity obviously goes far beyond this. A platform that holds someone’s identity is the easiest place for that person to do business. Consider the rise of Google’s Android platform: Many people who were comfortable on iPhones are now shifting to Androids, in some cases because they work better with Gmail and Google calendar where they have been doing business for years. With an Android phone in their pocket, it’s also likely that those users may choose mobile commerce solutions from Google rather than from a third party like Apple or Amazon — presuming that it meets their needs.

Payment platforms today confirm identity primarily through credit card or banking information. Privacy concerns dictate that sites generally get this information from you before your first transaction and — barring any security breaches — they keep it to themselves. For example, because you’ve already given Amazon your billing information at some point in the past, you can buy a Kindle edition of a new bestseller today with one click. But wander off Amazon to a site that specializes in, for example, ironic T-shirts, and you’ll find yourself having to re-enter all of your shipping and billing information — unless that site offers Amazon Payments.

Compare this to the way ad networks track your identity as you move from one site to another. Search DIY sites for information on fixing a printer problem and as you later browse unrelated sites you’ll see ads for ink cartridges. How is it that ad networks have grown so sophisticated they can make offers across various sites — indeed, they can even predict future romantic interests based on historical browsing patterns — but we still have to re-enter our financial and identity information at every e-commerce site we buy from?

Perhaps the main reason is that users are less chary about sharing their browsing history than they are about sharing their credit card numbers. But they do appear to be increasingly comfortable giving billing, shipping, and identity information to one or two trusted sources and then referring purchases to them.

Something like this has already begun to happen with PayPal and Google Checkout. Users place their financial information with these trusted sources and then reference other sites to that account when they make a purchase. Merchants who use platforms like PayPal or Amazon Payments can identify you without asking the same series of questions. This secure, centralized financial identity is the current realization of the long-sought-after digital wallet. Like a physical wallet, your identity with a payment platform carries data that fulfills at least three functions: your identity, your ability to pay (debit and credit cards, cash), and the history of your payments (the receipts you’ve stuffed in after purchases or ATM withdrawals).

Currently, each payment platform (indeed, most e-commerce sites you do business with) maintains a separate version of your identity data. While this constrains their ability to simplify payment by collaborating across sites, it does achieve an important goal of many users, which is segmenting identity. A person may be comfortable with Facebook knowing who her friends are, Foursquare knowing her favorite coffee spot, iTunes knowing her favorite performers, and Amazon knowing her credit card number. But she may be less comfortable with each of those sites knowing all those things about her.

Thus, one of the goals of emerging online identity standards should be to ensure that users have control over which aspects of their identity get shared with whom. Facebook’s recent embarrassments around third-party apps (such as Zynga’s Farmville) leaking personal, identifiable information about users highlights the risks that platforms face. Users who were comfortable sharing that information with Facebook balked at Zynga redistributing it.

Efforts to standardize the rules of online identity — based on levels of assurance that range from low to high confidence — seek to clarify the ways that individuals manage elements of their identity online. While the rules of identity will likely be defined and enforced by private organizations with dominant platforms, those rules will also draw on developing industry identity standards.

Additional excerpts from “ePayments: Emerging Platforms, Embracing Mobile and Confronting Identity” are posted here. The full report is also available as a free download.


tags: , ,