- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Tue, 21 Oct 2014 10:24:43 +0200
- To: Web Payments CG <public-webpayments@w3.org>, public-webpayments-comments@w3.org
The more I look into this topic the more troubled I get because I don't see any "silver bullet", only a bunch of quite disparate solutions that all exhibit very distinct pros and cons. A list of issues I ran into: Merchants must prove ownership as well ================================= A receiver (merchant) of loyalty information should only get such that it has the right/need to know. That is, the receiver should prove ownership to a loyalty card in order to get it. This is also a way to filter loyalty cards so that the user in the case he/she must actively select/grant disclosure of such information does not have to select among cards that do not apply. This arrangement also stops receivers from learning about possible competitors the user in involved with. Trusted chrome? ============== Since loyalty networks and payments networks (usually) are independent they can't share the same trust scheme. It is unclear to me how to deal with loyalty cards except through some kind of built-in "trusted chrome" which though requires a fully standardized way of handling loyalty cards in order to work. This problem is (modulo merchant proving of ownership) the same issue you have when you want to select between entirely different payment methods such as PayPal, VISA/MC/AMEX or BitCoin. Tamper-proof =========== It shouldn't be easy to copy loyalty cards, otherwise the value of them becomes very limited. Semi-anonymous? ============== In theory an "ideal" loyalty system should only exchange semi-personal data such a frequent flier points, gender, age, and approximate location but that would require an anonymizing service which probably would greatly complicate roll-out. Automation ========== In case full automation is required, abiding SOP seems to be the only credible option. I haven't been able to "decipher" what Google and Apple does in this space. Anders
Received on Tuesday, 21 October 2014 08:25:17 UTC