Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

March 14 2013

Commerce Weekly: Intuit Pay heats up U.K. mobile payments market

Intuit Pay enters U.K., PayPal Here takes on Square Register

On the heels of PayPal announcing it would bring PayPal Here to the U.K. later this year, Intuit launched its Intuit Pay mobile payments solution in the U.K. market. The platform includes a mobile app and a card reader, much like its competitors iZettle’s, Payleven’s and (soon) PayPal Here’s platforms.

Ingrid Lunden reported at TechCrunch that like its competitors, Intuit Pay will charge a per-transaction fee — in its case, a 2.75% flat rate — but unlike its competition, Intuit will offer its mobile payment card readers for free for a limited time. Lunden noted that Intuit Pay will be able to integrate with Intuit’s QuickBooks accounting software and its other business products, so offering the card reader for free doubles as an incentive for merchants to join Intuit’s business ecosystem.

The card reader at launch is available only for iOS devices, but Lunden reported that “other platforms like Android are on their way soon.”

In related news, PayPal launched PayPal Here for the iPad to compete with Square Register as a small business point-of-sale solution. Leena Rao reported at TechCrunch that the app — PayPal’s first native tablet app — features multiple log-in capability to accommodate multiple employees and multiple “cash registers,” and allows for a variety of payment methods, including swiping a credit card with PayPal Here, manual card number entry, and scanning a card using Rao also noted that the app integrates with eBay’s RedLaser technology so merchants can scan barcodes to make a sale or even to add to their inventories, something Square Register isn’t yet capable of doing.

PayPal’s new iPad app only works in the U.S. using the PayPal Here dongle, but Rao reported that PayPal intends to integrate the technology with its international offerings in the future.

Insights into the future of retail from SXSW panels

Retail and the future of commerce has been a topic of sessions and discussions this week at the South by Southwest (SXSW) conference. In a post at Publishers Weekly, Rachel Deahl reported on the “Retail is Going Mobile” panel, which covered the ways in which mobile has already changed the retail experience and how it might influence it going forward.

Deahl highlighted comments from panel member Christopher Mason, CEO and co-founder of Branding Brand, who noted many retailers are falling behind in their mobile strategies, if they even have one. Deahl reported:

“Mason said that, of the top 500 retailers, 60% have a mobile consumer interface. This means, he noted, that for the first time, the relationship between the customer and the retailer is being shaped in a world where ‘the customer is ahead of the retailer.’”

Looking at where mobile is headed, Deahl noted that Mason pointed to Sephora’s new “skin scanner” technology that personalizes and IDs a customer’s unique skin tone and integrates with Sephora’s mobile app to send customers alerts when new products for their coloring arrive. “This kind of user experience, Mason feels, is where mobile retailing is headed,” Deahl wrote. “He sees mobile retailing apps focusing on using our personal information to improve and personalize the in-store experience, such as, say, alerting a customer how many pairs of shoes are in stock in their size when they enter the shoe store.”

In a post at, Andrew Leonard covered an SXSW panel that featured Mondelēz International’s VP of global media and consumer engagement B. Bonin Bough. Bough related an in-store experiment that points to the future of retail. Leonard wrote:

“Bonin described an experiment with shoppers at Stop & Shop who used their mobile phones to scan the bar codes of the items they wanted to buy, and then paid with their phones at checkout. He said that by seeing what shoppers were scanning, in real time, Mondelēz could zap them coupons for different items physically located on that aisle and were able to significantly boost sales of those items. ‘Targeting people in aisle, in the moment, at the moment of truth, is the holy grail of retail marketing,’ said Bonin. This is how the millennial shoppers of the future, who are ‘more mobile, more connected, and more into sharing,’ will do their business.”

Time editor at large Harry McCracken also served as a moderator on an SXSW panel called “Mobile Disruption & the Rise of the Local Web” that addressed the rise of services involving commerce between local individuals, which are designed more for phones and mobile devices than for PCs. In a post at Time Tech, McCracken noted that the panel discussion kept circling back around to person-to-person lodging rental service Airbnb — one attendee in the session tweeted: “Wow… About a quarter of the room here at #SXSW2013 is staying at @airbnb place. Hotel chains – prepare for major disruption. #localweb.” McCracken aggregated tweets sent during the session using Storify to highlight the session’s key points — you can read his post at Time Tech.

FTC report tackles mobile payments concerns

The rapid growth in the mobile payments arena — one recent study estimated global mobile payments transactions could reach $1 trillion by 2015 — has caught the attention of the U.S. Federal Trade Commission (FTC). The government agency released a report this week, “Paper, Plastic… or Mobile? An FTC Workshop on Mobile Payments.” According to the press release, the report offers guidelines for developing dispute resolution policies, encourages industry-wide adoption of strong security measures, and “highlights the need for companies in the mobile payment sphere to practice ‘privacy by design,’ incorporating strong privacy practices, consumer choice, and transparency into their products from the outset.”

Diane Bartz reported at Reuters that the FTC’s report “also urged all companies in the mobile data chain — from app sellers to telecommunications companies — to encrypt the entire payment chain and take other steps to ensure that consumers’ data cannot be hacked and used to steal from them.” She noted the FTC also is encouraging mobile payments companies to be more transparent with consumers about how their data is collected and used, and quoted from the report: “‘Companies should provide reasonable security for consumer data and should limit data collection to that which is consistent with the context of a consumer’s interaction with that company,” the report said.’”

Tip us off

News tips and suggestions are always welcome, so please send them along.


March 27 2012

FTC calls on Congress to enact baseline privacy legislation and more transparency of data brokers

Over a century ago, Supreme Court Justice Lewis Brandeis "could not have imagined phones that keep track of where we are going, search engines that predict what we're thinking, advertisers that monitor what we're reading, and data brokers who maintain dossiers of every who, what, where, when and how of our lives," said Federal Trade Commission Chairman Jon Leibowitz yesterday morning in Washington, announcing the release of the final version of its framework on consumer privacy.,

"But he knew that, when technology changes dramatically, consumers need privacy protections that update just as quickly. So we issue our report today to ensure that, online and off, the right to privacy, that 'right most valued by civilized men,' remains relevant and robust to Americans in the 21st century as it was nearly 100 years ago."

What, exactly, privacy means in this digital age is still being defined all around us, reflected in the increasing number of small screens, cameras and explosion of data. The FTC's final report, "Protecting Consumer Privacy in an Era of Rapid Change: Recommendations For Businesses and Policymakers," makes a strong recommendation to Congress to draft and pass a strong consumer privacy law that provides rules of the road for the various entities that have the responsibility for protecting sensitive data.

The final report clearly enumerates the same three basic principles that the draft of the FTC's privacy framework outlined for companies :

  1. Privacy by design, where privacy is "built in" at every stage that an application, service or product is developed
  2. Simplified choice, wherein consumers are empowered to make informed decisions by clear information about how their data will be used at a relevant "time and context," including a "Do Not Track" mechanism, and businesses are freed of the burden of providing unnecessary choices
  3. Greater transparency, where the collection and use of consumer data is made more clear to those who own it.

"We are demanding more and better protections for consumer privacy not because industry is ignoring the issue," said Leibowitz today. "In fact, the best companies already follow the privacy principles we lay out in the report. In the last year, online advertisers, major browser companies, and the W3C -- an Internet standard setting group -- have all made strides towards putting into place the foundation of a Do Not Track system, and we commit to continue working with them until all consumers can easily and effectively choose not to be tracked. I'm optimistic that we'll get the job done by the end of the year."

According to the FTC, the nation's top consumer watchdog received over 450 comments on the draft online privacy report that it released in December 2010. In response to "technological advances" and comments, the FTC revised the privacy framework in several areas. (For a broad overview of the final FTC privacy framework, read Dan Rowinski's overview at ReadWriteWeb and the Information Law Group's summary of the commission report on consumer privacy).

First, it will not apply to "companies that collect and do not transfer only non-sensitive data from fewer than 5,000 consumers a year," which would have been a burden on small businesses. Second, the FTC has brought action against Google and Facebook since the draft report was issued. Those actions -- and the agreements reached -- provide a model and guidance for other companies.

Third, the FTC made specific recommendations to companies that offer mobile services that include improved privacy protections and disclosures that are short, clear and effective on small screens. Fourth, the report also outlined "heightened privacy concerns" about large platform providers, such as ISPs, "operating systems, browsers and social media companies," seeking to "comprehensively track consumers' online activities." When asked about "social plug-ins" from such a platform, chairman Leibowitz provided Facebook's "Like" button as an example. (Google's +1 button is presumably another such mechanism.)

Finally, the final report also included a specific recommendation with respect to "data brokers," which chairman Leibowitz described as "cyberazzi" on Monday, echoing remarks at the National Press Club in November 2011. Over at Forbes, Kashmir Hill reports that the FTC officially defined a data broker as those who “collect and traffic in the data we leave behind when we travel through virtual and brick-and-mortar spaces."

During the press conference, chairman Leibowitz said that American citizens should be able to learn see what information is held by them and "have the right to correct inaccurate data," much as they do with credit reports. Specifically, the FTC has called on data brokers to "make their operations more transparent by creating a centralized website to identify themselves, and to disclose how they collect and use consumer data. In addition, the website should detail the choices that data brokers provide consumers about their own information."

While the majority of the tech media's stories about the FTC today focused on "Do Not Track" prospects and mechanisms, or the privacy framework's impact on mobile, apps and social media, the reality of this historic moment is it's world's world's data brokers that currently hold immense amounts of information regarding just about everyone "on the grid," even if they never "Like" something on Facebook, turn on a smartphone or buy and use an app.

In other words, even though the FTC's recommendations for privacy by design led TechMeme yesterday, that's wasn't new news. CNET's Declan McCullagh, one of the closest observers of Washington tech policy in the media, picked up on the focus, writing that FTC stops short of calling for a new DNT law but "asks Congress to enact a new law that "would provide consumers with access to information about them held by a data broker" such as Lexis Nexis, US Search, or Reed Elsevier subsidiary Choicepoint -- many of which have been the subject of FTC enforcement actions in the last few years." As McCullagh reported, the American Civil Liberties Union "applauded" the FTC's focus on data brokers.

They should. As Ryan Singel pointed out at Wired, the FTC's report does "call for federal legislation that would force transparency on giant data collection companies like Choicepoint and Lexis Nexis. Few Americans know about those companies’ databases but they are used by law enforcement, employers and landlords."

Would we, as Hill wondered, be less freaked out if we could see what data brokers have on us? A good question, and one that, should the industry coalesce around providing consumers access to their personal data in that context, just as utilities are beginning to do with energy data.

Another year without privacy legislation?

Whether it's "baseline privacy protections" or more transparency for data brokers, the FTC is looking to Congress to act. Whether it will or not is another matter. While the Online privacy debate was just about as hot in Washington nearly two years ago as it is today, no significant laws were passed.The probability of significant consumer privacy legislation advancing in this session of Congress, however, currently appears quite low. While at least four major privacy bills have been introduced in the U.S. House and Senate, "none of that legislation is likely to make it into law in this Congressional session, however, given the heavy schedule of pending matters and re-election campaigns," wrote Tanzina Vegas and Edward Wyatt in the New York Times.

The push the FTC gave yesterday was welcomed in some quarters. "We look forward to working with the FTC toward legislation and further developing the issues presented in the report," said Leslie Harris, president of the Center for Democracy and Technology (CDT), in a prepared release. CDT also endorsed the FTC's guidance on "Do Not Track" and focus on large platform providers. Earlier this winter, a coalition of Internet giants, including Google, Yahoo, Microsoft, and AOL, have committed to adopt “Do Not Track technology” in most Web browsers by the end of 2012. These companies, which deliver almost 90 percent of online behavioral advertisements, have agreed not to track consumers if they choose to opt out of online tracking using the Do Not Track mechanism, which will likely manifest as a button or browser plug-in. All companies that have made this commitment will be subject to FTC enforcement.

By way of contrast, Jim Harper, the Cato Institute's director of information policy studies, called the framework a "groundhog report on privacy," describing it as "regulatory cheerleading of the same kind our government’s all-purpose trade regulator put out a dozen years ago." In May of 2000, wrote Harper, "the FTC issued a report finding “that legislation is necessary to ensure further implementation of fair information practices online” and recommending a framework for such legislation. Congress did not act on that, and things are humming along today without top-down regulation of information practices on the Internet."

Overall, the "industry here has a self-interest beyond avoiding legislation," said Leibowitz during today's press conference. Consumers have very serious concerns about privacy, he went on, alluding to polling data, surveys and conversations, and "better, clearer privacy policies" will lead to people having "more trust in doing business online."

This FTC privacy framework and the White House's consumer privacy bill of rights will, at minimum, inform the debates going forward. What happens next will depend upon Congress finding a way to protect privacy and industry innovation. It will be a difficult balance to strike, particularly given concerns about protecting children online and the continued march of data breaches around the country.

Making technology more accessible

I interviewed Princeton professor Ed Felten, the FTC's chief technologist and co-author of "Government Data and the Invisible Hand" (2009) after yesterday's FTC press conference at FTC headquarters in D.C. In December 2010, we spoke about the FTC's 'Do Not Track' proposal, after the release of the draft report.

Felten launched "Tech at the FTC" last Friday morning, a new blog that he hopes will play a number of different roles in the discussion of technology, government and society.

"It will combine Freedom to Tinker posts," he said, "some of which were op-ed, some more like teaching. The latter is what I'm looking for: explanations of sophisticated technical information that cross over to a non-technical audience."

Felten wants to start a conversation that's "interesting to general public" and "draws them into the discussion" about the intersection of regulation and technology. One aspect of that will be a connected Twitter account, @TechFTC, along with his established social identity, @EdFelten.

Possible future topics will include security issues around passwords and authentication of people in digital environments, both of which Felten finds interesting as they relate to policy. He said that he expects to write about technology stories that are in the news, with the intent of helping citizens to understand at an accessible level what the take away is for them.

Social media and the Internet are "useful to give people a window into the way people in government are thinking about these issues," said Felten. "They let people see that people in government are thinking about technology in a sophisticated way. It's easy to fall into the trap where people in government don't know about technology. That's part of the goal: speak to the technical community in their language.

"Part of my job is to be an ambassador to the technology community, through speaking to and with the public," said Felten. "The blog will help people know how to talk to the FTC and who to talk to, if they want to. People think that we don't want to talk to them. Just emailing us, just calling us, is usually the best way to get a conversation started. You usually don't need a formal process to do this -- and those conversations are really valuable."

In that context, he plans to write more posts like the one that went live Monday morning, on tech highlights of the FTC privacy report, in which he highlighted four sections of the framework that the computer science professor thought would be of interest to techies:

  1. De-identified data (pp. 18-22):   Data that is truly de-identified (or anonymous) can’t be used to infer anything about an individual person or device, so it doesn’t raise privacy concerns.  Of course, it’s not enough just to say that data is anonymous, or that it falls outside some narrow notion of PII.   But beyond that, figuring out whether your dataset is really de-identified can be challenging. If you’re going to claim that data is de-identified, you need to have a good reason-the report calls it a “reasonable level of justified confidence”-for claiming that the data does not allow inferences about individuals.  What “reasonable” means-how confident you have to be-depends on how much data there is, and what the consequences of a breach would be.  But here’s a good rule of thumb: if you plan to use a dataset to personalize or target content to individual consumers, it’s probably not de-identified.
  2. Sensitive data (pp. 47-48):  Certain types of information, such as health and financial information, information about children, and individual geolocation, are sensitive and ought to be treated with special care, for example by getting explicit consent from users before collecting it.   If your service is targeted toward sensitive data, perhaps because of its subject matter or target audience, then you should take extra care to provide transparency and choice and to limit collection and use of information.  If you run a general-purpose site that incidentally collects a little bit of sensitive information, your responsibilities will be more limited.

  • Mobile disclosures (pp. 33-34): The FTC is concerned that too few mobile apps disclose their privacy practices.  Companies often say that users accept their data practices in exchange for getting a service.  But how can users accept your practices if you don’t say what they are?  A better disclosure would tell users not only what data you’re collecting, but also how you are going to use it and with whom you’ll share it.   The challenging part is how to make all of this clear to users without subjecting them to a long privacy policy that they probably won’t have time to read.   FTC staff will be holding a workshop to discuss these issues.

  • Do Not Track (pp. 52-55): DNT gives users a choice about whether to be tracked by third parties as they move across the web.  In this section of the report, the FTC reiterates its five criteria for a successful DNT system, reviews the status of major efforts including the ad industry’s self-regulatory program and the W3C’s work toward a standard for DNT, and talks about what steps remain to get to a system that is practical for consumers and companies alike.

  • When asked about what the developers and founders of startups should be thinking about with respect to the FTC's privacy framework, Felten emphasized those three basic principles -- privacy by design, simplified choice, greater transparency -- and then offered some common sense:

    "Start with the basic question of 'what Section 5 means for you,' he suggested. "If you make a promise to consumers in your privacy policy, consumers are entitled to rely on that. The FTC has brought cases against companies that made them and didn't hold up their responsibility around privacy. You have a responsibility to protect consumer data. If not, you may find yourself on the wrong side of the FTC act if there's a breach and it harms consumers."

    December 02 2010

    A deeper dive into Do-Not-Track

    The FTC has released a new online privacy report that could reshape advertising, media and business on the Internet. A key element of the report is the FTC endorsement of a "Do-Not-Track" mechanism for web browsers.

    Yesterday, the Federal Trade Commission's new technologist, Princeton University computer scientist Ed Felten, talked about the basic idea for Do-Not-Track in a call with the media. Unedited audio of that call is embedded above, featuring extensive remarks from chairman Jon Leibowitz, Jessica Rich, deputy director of the Bureau of Consumer Protection, and Felten.

    When reached for further comment after the call, Felten elaborated on what Do-Not-Track might look like:

    The basic idea of Do Not Track, as discussed in the report, is to have an opt-out mechanism for tracking.  The consumer would express their desire to opt out, and this choice would be recorded in the browser or on the device.  When the browser or device connected to a site (assuming the user had opted out of tracking), the site would be notified that the user had opted out. The site would see the notification and refrain from tracking. The report does not advocate a centralized Do Not Track list or registry. That is a different approach that raises concerns that are discussed in the report.

    The idea of Do-Not-Track has been explored in several places online, including at Today, online privacy hearings on "Do-Not-Track" legislation in the United States House of Representatives are exploring the feasibility of a technical mechanism for opting out of Internet tracking. As open government technologist Harlan Yu explained in August, however, Do-Not-Track is not as easy as it sounds:

    The underlying difficulty in designing a simple Do Not Track mechanism is the subjective nature of privacy. What one user considers harmful tracking might be completely reasonable to another. Privacy isn't a single binary choice but rather a series of individually-considered decisions that each depend on who the tracking party is, how much information can be combined and what the user gets in return for being tracked. This makes the general concept of online Do Not Track -- or any blanket opt-out regime -- a fairly awkward fit. Users need simplicity, but whether simple controls can adequately capture the nuances of individual privacy preferences is an open question. Another open question is whether browser vendors can eventually "win" the technical arms race against tracking technologies. If so, regulations might not be necessary, as innovative browsers could fully insulate users from unwanted tracking. While tracking technologies are currently winning this race, I wouldn't call it a foregone conclusion.

    The FTC's online privacy plan will continue to receive attention over the next two months. As Erica Newland wrote at the Center for Democracy and Technology, "Do-Not-Track solves only part of the problem." For more views on the issue, consult the debate on a Do Not Call registry at the New York Times.

    The FTC is actively seeking comments on the report, so if Radar readers have wish to comment on the online privacy report, do so.

    Beyond the Do-Not-Track issue, I posed three questions to the FTC on the call yesterday. The FTC's answers follow below.

    What guidance do you offer with regards to a standard for "baking privacy in" for startups?

    Chairman Leibowitz acknowledged that new startups "are innovators in our economy" and said that the FTC spends a "fair bit of time talking to them" and that they participated in the online privacy workshops. He pointed out that one of the FTC privacy workshops out in Berkeley, which he said was in part because the FTC wanted to make it easier to reach out to the startup community in the Valley. How should they be thinking about online privacy?

    It's really in our report. Bake privacy protections into operations, make sure choices can be presented to consumers in a simple, more streamlined way, and try to improve transparency. And companies have been working on this. Some companies are doing pretty good jobs on some of this, and some are doing good jobs on all of this, and I like to think that the innovator community in Silicon Valley, they're the ones that should be the leaders here.

    Rich asserted that baking privacy in is "particularly good for small businesses."

    When you're designed systems, and put it in right at the outset, you're in much better shape than adding it later. Behavioral advertising, when we came in and started calling on companies to add privacy to their business models, they were saying "privacy is very costly, and privacy is not in our business models, and you're changing our business models." The idea of baking it in from the start is actually very good for small businesses.

    The online privacy report calls for comment on how to bake in privacy, especially with respect to how this issue affects small businesses and startups, said Felten. When reached for further comment, Felten elaborated: 

    This is a topic on which the report calls from comments. Some things are unchanged: companies that handle large amounts of sensitive consumer data, whether or not they are startups, have basic responsibilities to protect that data and to handle it responsibly.  Startups are in a good position to "bake in" privacy, compared to bigger, more established companies, because they are not constrained as much by past design decisions.  As with security, it is easier to design-in privacy in advance than to retrofit it later.

    What problem needs to be solved with Adobe and Flash?


    With respect to Flash, the issues have to do with the uses for tracking, so-called Flash cookies for example, and the fact that today, when you use the cookie controls in your browser, they don't directly affect the treatment of Flash local storage objects or cookies.There's some other issues with Flash that I could suppose we could address at another time.

    That statement was limited, although the chairman observed that "we could tweet on it" later in the first FTC Twitter chat.

    When reached for further comment, Felten simply observed that "at present, browser privacy controls do not offer the level of control over Flash cookies that they offer for ordinary HTTP cookies."   

    Does Google Chrome's "Incognito mode" satisfy what Do-Not-Track is meant to achieve?

    "I guess I would say this about Incognito," said the chairman. "We think that's a good innovation. What we're looking for is a bit more ubiquity."

    "Incognito mode allows the user to create a temporary period that is not linkable at all, ideally, to what they do otherwise," said Felten on the call. "Although that is useful for consumers in some settings, in a lot of other settings what consumers are going to want is to be able to establish a session say, with a website that they use over time while also having some control over things like tracking. Incognito mode is useful but doesn't provide exactly that."

    Reached for further comment, Felten elaborated:

    Incognito mode in Chrome and similar modes in other browsers offer some useful protection, but they do not achieve the goals of a Do Not Track mechanism.  These modes try to give the user a way to disconnect their browsing temporarily from everything they have done before or will do after they are in the private mode. This is often helpful, but users also want a way to prevent unwanted tracking by third parties, while retaining some state in the browser, such as login cookies obtained in a first-party setting.


    Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
    Could not load more posts
    Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
    Just a second, loading more posts...
    You've reached the end.
    No Soup for you

    Don't be the product, buy the product!

    YES, I want to SOUP ●UP for ...