Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

February 17 2011

The tricky mix of payment, identity and trust

A new O'Reilly/PayPal report on web-native payment platforms, "ePayments: Emerging Platforms, Embracing Mobile and Confronting Identity," is now available for download. Among the topics covered in the report are the rise of payment platforms, the mobilization of money, and the significance of online identity in mobile commerce.

The following excerpt considers some of the dimensions of online identity in mobile payment applications and what it means to users and payment providers. Additional excerpts from the report were featured here on Radar last week.

To process a payment, the payment service needs to determine who someone is, not only to make sure they get paid, but also to understand their broader interests and preferences so they can deliver an online experience that suggests content, merchandise, and other opportunities.

But the significance of online identity obviously goes far beyond this. A platform that holds someone's identity is the easiest place for that person to do business. Consider the rise of Google's Android platform: Many people who were comfortable on iPhones are now shifting to Androids, in some cases because they work better with Gmail and Google calendar where they have been doing business for years. With an Android phone in their pocket, it's also likely that those users may choose mobile commerce solutions from Google rather than from a third party like Apple or Amazon — presuming that it meets their needs.

Payment platforms today confirm identity primarily through credit card or banking information. Privacy concerns dictate that sites generally get this information from you before your first transaction and — barring any security breaches — they keep it to themselves. For example, because you've already given Amazon your billing information at some point in the past, you can buy a Kindle edition of a new bestseller today with one click. But wander off Amazon to a site that specializes in, for example, ironic T-shirts, and you'll find yourself having to re-enter all of your shipping and billing information — unless that site offers Amazon Payments.

Compare this to the way ad networks track your identity as you move from one site to another. Search DIY sites for information on fixing a printer problem and as you later browse unrelated sites you'll see ads for ink cartridges. How is it that ad networks have grown so sophisticated they can make offers across various sites — indeed, they can even predict future romantic interests based on historical browsing patterns — but we still have to re-enter our financial and identity information at every e-commerce site we buy from?

Perhaps the main reason is that users are less chary about sharing their browsing history than they are about sharing their credit card numbers. But they do appear to be increasingly comfortable giving billing, shipping, and identity information to one or two trusted sources and then referring purchases to them.

Something like this has already begun to happen with PayPal and Google Checkout. Users place their financial information with these trusted sources and then reference other sites to that account when they make a purchase. Merchants who use platforms like PayPal or Amazon Payments can identify you without asking the same series of questions. This secure, centralized financial identity is the current realization of the long-sought-after digital wallet. Like a physical wallet, your identity with a payment platform carries data that fulfills at least three functions: your identity, your ability to pay (debit and credit cards, cash), and the history of your payments (the receipts you've stuffed in after purchases or ATM withdrawals).

Currently, each payment platform (indeed, most e-commerce sites you do business with) maintains a separate version of your identity data. While this constrains their ability to simplify payment by collaborating across sites, it does achieve an important goal of many users, which is segmenting identity. A person may be comfortable with Facebook knowing who her friends are, Foursquare knowing her favorite coffee spot, iTunes knowing her favorite performers, and Amazon knowing her credit card number. But she may be less comfortable with each of those sites knowing all those things about her.

Thus, one of the goals of emerging online identity standards should be to ensure that users have control over which aspects of their identity get shared with whom. Facebook's recent embarrassments around third-party apps (such as Zynga's Farmville) leaking personal, identifiable information about users highlights the risks that platforms face. Users who were comfortable sharing that information with Facebook balked at Zynga redistributing it.

Efforts to standardize the rules of online identity — based on levels of assurance that range from low to high confidence — seek to clarify the ways that individuals manage elements of their identity online. While the rules of identity will likely be defined and enforced by private organizations with dominant platforms, those rules will also draw on developing industry identity standards.

Additional excerpts from "ePayments: Emerging Platforms, Embracing Mobile and Confronting Identity" are posted here. The full report is also available as a free download.


February 10 2011

3 mobile payment products hint at the future

A new O'Reilly/PayPal report on web-native payment platforms, "ePayments: Emerging Platforms, Embracing Mobile and Confronting Identity," is now available for download. Among the topics covered in the report are the rise of payment platforms, the mobilization of money, and the advent of contactless payment in mobile commerce.

The following excerpt looks at three early mobile payment applications and what they might mean for mobile payment's widespread adoption. Additional excerpts from the report will be featured here on Radar throughout the week.

Stop me if you've heard this before, but by this time next year you'll be buying stuff with your phone. Oh, you have heard that before? Like, every year since the '90s? Me, too. And like flying cars or 3D printers, they're always just a little further down the road. But at the risk of being embarrassed again, I think the day is finally upon us.

You can already buy things using your smart phone, of course. On an iPhone, for example, you can buy digital goods like music or movies at the iTunes store. You can add an Amazon app and buy just about any kind of real good they sell and it'll show up at your door. But it's still rare to use your phone like a credit card in the physical world, waving or tapping it at a register and having the payment processed through the cloud.

PayPal and Bling NationIn the past year or so, we've seen several experiments that signal the real deal is not far off. One involved PayPal and Bling Nation, a startup that offered RFID tags that mobile phone users could stick onto their phones for use at 150 or so merchants in the Silicon Valley area. Users could pay for services at the participating merchants by tapping the tag on a piece of hardware (called a Blinger) at the point of sale. Bling subtracted the purchase amount from a prepaid account or could bill it to the user's PayPal account. It then texted a receipt and any relevant balance information to the user's phone. A key feature of Bling's system was the follow-up with future offers (for example, coupons on subsequent purchases) and rewards.

To protect against fraud, Bling's technology used the equivalent of a one-time password, which was updated after each tap transaction to prevent replay attacks. The system had the potential to include real-time risk analysis that could trigger the request of a PIN for a transaction that falls outside of normal parameters. If the customer exceeds a predetermined rate of transactions, purchases an expensive item, or if Bling Nation notices a lot of geographic variability over a short period of time, when a consumer taps a BlingTag, she could be asked to supply a PIN. In this way, Bling Nation adapted from single-factor to multi-factor authentication based on a series of real-time risk analysis algorithms. (In the months since then, Bling Nation's business model appears to have shifted from the technology to the rewards platform. )

While Bling Nation's RFID and the upcoming near field communication, or NFC, technology we're likely to see from Apple and Android rely on a close-range wireless system, Bump Technologies' system works through the cloud, making the connection based on the proximity and similarity of "bump" of two devices. Bump's system allows two mobile phones (iPhone, Android, or Blackberry) to exchange data when tapped together. That data, which travels through the network rather than via radio waves between the two devices, could be photos, contact information, or payment. PayPal's mobile app relies on Bump technology to let two phone users tap payment from one phone to the other.

Starbucks mobile payment screenStarbucks' recently widened mobile payment platform uses yet another technology: a simple visual scan of a bar code. You can install the Starbucks mobile app on your phone and enter the number of a Starbucks card you buy at the register. (You can add more funds to the card online, too.) When you want to make a purchase at a Starbucks register, you simply launch the app and hit "Touch to Pay." The app displays a unique bar code that you scan at the register to debit the amount of the transaction (known by the register, which is attached to the scanner). Your card amount is debited and off you go with your coffee cake.

These three examples, and other experiments like them, are harbingers of the coming wave of mobile payments. As new versions of the iPhone, Android phones, and others from RIM, Nokia, and HP/Palm roll out with payment capabilities, subscribers may need some convincing to change their habits from the wallet-based credit card to the phone-based digital wallet. For merchants and payment providers, the math is easy: they welcome the opportunity to know more about where you shop, when you go there, who you're with and what you buy. The value proposition for consumers is a little less clear: What will they get in return for giving up that information? While we would like to think they will receive good information (reviews, directions, notifications) and maybe even a coupon or discount, we can't count on it. After all: think of how much information hundreds of millions of Facebook, Foursquare, Twitter, Yelp, and Gowalla users have been willing to give up, just to say "hi" or to get a 100-pixel badge.

Excerpts from "ePayments: Emerging Platforms, Embracing Mobile and Confronting Identity" will be published throughout the week. You can download the full report here.


February 08 2011

Big data thwarts fraud

A new O'Reilly/PayPal report on web-native payment platforms, "ePayments: Emerging Platforms, Embracing Mobile and Confronting Identity," is now available for download.

Among the topics covered in the report are the rise of payment platforms, the mobilization of money, and the advent of contactless payment in mobile commerce. This excerpt looks at the role big data is beginning to play in fraud detection for these services, and the new opportunities that development brings. Additional excerpts will be featured here on Radar throughout the week.

Web-native payment platforms have a tremendous challenge combating fraud — greater in complexity than that faced by traditional payment processors. But the solutions they have devised to deal with it have created some enormous new opportunities.

First, the problem: payment platforms have to process orders from many more sources than do credit card companies. "Traditional processors have to deal with tens of thousands of sources of fraud at each individual point-of-sale or merchant site," said Matthew Mengerink, VP of Platform at PayPal. "PayPal has to be able to identify potential sources of fraud from the almost 90 million browsers and mobile phones that are constantly connecting to our payment processing services. We're dealing with a much larger challenge, and we've designed systems to identify and manage fraudulent activity often before it has started."

PayPal, Amazon, and Google have all developed sophisticated analytical tools and infrastructure to identify patterns of fraudulent activity. Paypal, for example, has a series of Fraud Management Filters that screen payments and sort out transactions that warrant review because of their amount, their origin, or other factors that can be set by a merchant. But the opportunity to identify fraud reaches far beyond this virtual point of sale. PayPal and Amazon have developed fraud detection tools that depend on massive datasets containing not only financial details for transactions, but IP addresses, browser information, and other technical data that will help these companies refine models to predict, identify, and prevent fraudulent activity. PayPal and Amazon have had years to amass databases of the transaction details for hundreds of millions of customers across thousands of merchants.

These tools vastly improve on the periodic, offline analysis that has been the norm. Institutions traditionally sampled existed data and ran nightly or weekly analyses using fraud-detection models. The newer approaches perform continuous, real-time analysis on large datasets, applying some of the lessons that Google and others have learned for indexing the web to the problem of calculating the risk of fraud for individual consumers or merchants. There's a swarm of activity around a new crop of "big data" tools like Hadoop, MapReduce, and BigTable that can deal with huge amounts of data. The fraud question is a large driver of all this activity.

"Sampling is dead," said Abhishek Mehta, a big data lead at a large U.S. bank institution. "When banks stored petabytes of information on magnetic tape, it was impossible for them to develop appropriate models to measure risk without resorting to sampling techniques. Today we can run analysis on upwards of 50 petabytes of data to more accurately calculate risk. Technologies such as Hadoop allow us to do things that were previously impossible."

Mitigating risk is just one use for all this data. With everything that payment platforms know about their customers — transactions, searches, messages, likes and dislikes — they can increasingly use this information to devise sophisticated advertising models or predictive analytics for selling products and services. Privacy advocates might be alarmed, but the payment providers are just continuing a model pioneered by financial institutions decades ago for identifying consumer preferences and identifying fraud risks. The emergence of tools for processing big data creates new opportunities for payment platforms and vendors to get better at what they already do.

A payment system built on top of systems that facilitate real-time analytics creates some interesting possibilities. Consider the architecture of a modern advertising network like Google's DoubleClick. DoubleClick and other ad networks have refined real-time auctions that deliver targeted ads to users in milliseconds. When a request for an ad comes in from a browser, it's quickly passed to one or more advertisers, each of whom has between 10-20 milliseconds to match that user to a profile and assign a potential value to its bid. The high bidder gets to place its ad — and it all happens in under a second. These interactions are happening with every click, generating a massive amount of real-time modeling and calculations that drive an efficient market for advertising.

Imagine a similar system for electronic payments in which a payment platform offers potential transactions to competing credit issuers. As you browse an e-commerce site, your browsing history and the item you're considering come together to create a risk profile. The site or payment platform may offer that profile and the details of the transaction to a handful of competing lenders so that at checkout you receive several offers for financing from different banks. If you have previously chosen to pay automatically with the most advantageous offer, the site could automatically select the credit source offering the best terms. From your perspective, your funding sources and credit card don't have a fixed APR; the rate is variable and can change depending on your evolving real-time risk and the risk of the merchant.

Real-time analysis like this was, until recently, an impossible idea. But the innovations of ad networks like DoubleClick and Google AdSense have shown their potential and created an efficient market for advertising. A real-time approach to analytics in payment will undoubtedly lead to a wave of innovation among merchants and banks at the point of sale.

Excerpts from "ePayments: Emerging Platforms, Embracing Mobile and Confronting Identity" will be published throughout the week. You can download the full report here.


Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!