Here’s what caught my attention in the payment space this week.
EBay buys a hyper-local friend for PayPal
EBay’s purchase of Where, a mobile app for finding local deals, gives the gift of context to PayPal. It’s the second deal in recent weeks that connects a payment provider with a check-in service or advertiser to make a complete loop from discovery to payment. FourSquare demoed a similar link-up at SXSW last month. EBay will bring the whole deal in house, integrating PayPal into the Where app so that users can discover deals in Where and then pay for them with a single click. Erick Schonfeld at TechCrunch offers a solid rationale for the purchase, and also notes the data play inherent in it. All that data that eBay has on its and PayPal’s users could help Where server up more relevant offers and advertising to PayPal’s users.
PayPal explained the deal in the context of other acquisitions it’s making. Amanda Pires, PayPal’s senior director of global communications, said in a blog post that “Local commerce companies like Where are blurring the lines between in-store and online shopping.” Last month, EBay made another purchase that similarly crossed lines when it said it would buy GSI Commerce, a provider of e-commerce services for retail brands. That deal could eventually put PayPal at the register of physical stores. With the Where acquisition, now they’ll have a way to get you to the store, too.
O’Reilly authors discuss iPhone’s built-in travel log
This week’s big news in geolocation came from Alasdair Allan and Pete Warden, who reported their discovery of an unencrypted file on iPhones (and their synced computers) tracking their movements since they upgraded to iOS4 sometime last summer.
Allan and Warden discussed their discovery at Where 2.0 on Wednesday. Although Apple had yet to offer an explanation of the file to them (or to media inquiries), Allan and Warden said they speculated that the data was from interactions between the phone and radio cell towers, whether that was a call, a text, a data packet, or simply a locating signal. For Allan, it added up to 29,000 points of data over 293 days.
As both hastened to point out, telecom carriers already have this kind of information on you, regardless of what kind of phone you carry. But that data is treated with a higher level of security, since it’s considered sensitive. “What’s interesting about this data is that it’s unencrypted and available,” said Allan. “It’s insecure.” (See Alasdair’s post for more details on the discovery and the open source app they created to manipulate and visualize the data.)
Responding to comments that this data had already been discovered and was well known, Allan said during a Where 2.0 session: “It’s not well known. We’re pretty geeky. If we didn’t know, then a lot of people didn’t know.”
White House calls for identity ecosystem
Just days before Barack Obama headed out to Palo Alto to host a virtual town hall meeting in the real-world space that houses Facebook’s headquarters, the White House backed a plan to spur private industry to create more secure forms of online identity. Noting that identity theft and online fraud are serious problems that cost the economy billions every year, the administration called on private industry to come up with a solution that might free the citizenry from the tyranny of dozens of username/password combinations.
Kashmir Hill on Forbes.com wrote that the government’s aim is to create an “identity ecosystem,” which sounds a lot like the plan that OpenID has been advocating for a while. Emily Badger on Miller-McCune.com looked closely at the line the administration is walking between showing leadership or looking like Big Brother. Badger talked with Amie Stepanovich, national security counsel for the Electronic Privacy Information Center in Washington. The interview gives the sense the White House tiptoed carefully around this point, making sure it wasn’t suggesting a government-issued national online identity number (something that’s been kicked around before but wouldn’t be received well by most citizens) and scrubbing any sign of the Department of Homeland Security’s involvement (even though, Badger notes, they’ve been involved in the formative thinking on this issue for years).
Any authentication system raises new risks. If a security key fob is necessary, like the ones provided by RSA, people will lose it. Mobile phones could be used, too, but they’re just as easy to lose. Biometrics tap a validation mechanism that’s harder to lose, but it’s not clear whether people are willing to put up with a retina scan just to access their Netflix queues.
News tips and suggestions are always welcome, so please send them along.
If you’re interested in learning more about the payment development space, check out PayPal X DevZone, a collaboration between O’Reilly and PayPal.