Re: The Payment Identity Problem (was: Re: Proof of Concept: Identity Credentials Login) from Adrian Hope-Bailie on 2014-06-26 (public-webpayments@w3.org from June 2014)

From: Adrian Hope-Bailie <adrian@hopebailie.com>
Date: Thu, 26 Jun 2014 22:40:11 +0200
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: Web Payments CG <public-webpayments@w3.org>
Message-ID: <CA+eFz_KHCNxKPLHho6kF3Tqn-HbbqdDvO3ZZntXT3aUX-MC==w@mail.gmail.com>
I agree 100% that identity is a major issue and needs to be solved.
As I dig into the Identity Credentials stuff I can see how this may be a
great approach.

My issue is this:

We have agreed that we want to put together a standard that uses push
payments ( I think this is what we agreed?).
I define push payments to mean:
1. The payer initiates the payment via their provider of choice (using a
mobile, internet, whatever channel that they trust between them and the
provider).
2. The provider processes a payment to the payee.
3. The payee gets some form of notification that they have been paid and
they trust this.

Other steps like invoicing, exchanging identity credentials,
selecting/negotiating terms are not essential.
They are important to discuss and to at a minimum define where they would
fit in, but are not essential.

I will bet that 99.99999% of the people involved in the projects, start-ups
or initiatives you have linked to are trying to solve one of the following
problems:
1. KYC - A payment provider getting proof of identity credentials for a new
customer when they sign them up
2. Protecting identity (and payment) data of a payer when it is passed via
the payee and the rest of the payments ecosystem onto their provider (card
issuer). i.e. Most payments today.
3. Generic identity exchange and protection issues which are important for
things like eGovernment, privacy etc

If I look at the high level process I describe above and these three issues
I see very little overlap.
KYC - Dealt with between the payer and provider at sign up. Not relevant to
the payment process.*
Protecting identity (and payment data) passed to payee - Not relevant under
this model.*
Generic identity exchange - Not relevant to payments process.*

*  As I have said before, if the payee needs to get identity credentials
about the payer then identity exchanges comes into scope.
   This is important to discuss (even if we just define where and how it
would fit in) but is not essential to the completion of most payments done
today.
   It's not done today in BaM store when I pay so why is it suddenly
essential?


On 26 June 2014 17:03, Manu Sporny <msporny@digitalbazaar.com> wrote:

> On 06/24/2014 07:03 AM, Adrian Hope-Bailie wrote:
> > Notice that all of this can be achieved without the payer doing any
> > identity exchange.
>
> Just a few recent links to highlight the problem w/ identity, Know Your
> Customer, and Anti-Money Laundering. Identity isn't an edge case on the
> Web when it comes to payments.
>
> 1. Identity theft wrt. payment fraud is a $24.7B problem in the US
> alone, and startups are being funded just to deal with that problem alone:
>  *
>
> http://techcrunch.com/2014/06/26/blockscore-lands-2m-in-funding-for-making-i-d-verification-easier/
>  *
>
> http://techcrunch.com/2012/04/30/internet-identity-system-miicard-raises-2-5m-to-help-you-prove-you-are-who-you-say-you-are-online/
>
> 2. 72% of all papers to the Web Payments Workshop mentioned the lack of
> a good identity capability on the Web as one of the biggest problems
> related to online payments:
>  * http://www.w3.org/2013/10/payments/minutes/2014-03-24-s2/#7
>
> 3. The cost of international KYC is rising with no impact on security:
>  *
> http://www.bankingtech.com/195632/cost-of-kyc-too-high-says-swiss-start-up/
>  * It costs roughly $100 to onboard a new banking customer, which means
>    banking services will not be available to the vast majority of the
>    worlds poor that will typically have less than that in their bank
>    account (thus earning fees on the order of several dollars a year
>    for banks). Onboarding customers faster by having a solid identity
>    solution will help make opening a bank account more affordable for
>    the worlds poor.
>
> 4. SWIFT is considering a centralized KYC database due to the increased
> cost and security issues:
>  *
>
> http://www.out-law.com/en/articles/2014/march/banks-sign-up-to-help-develop-centralised-kyc-database/
>  * http://www.swift.com/products_services/kyc_registry_overview
>
> 5. Resume fraud and degree-mill fraud are now a $1B/year business:
>  *
>
> http://www.employeescreen.com/iqblog/cost-of-education-perpetuates-fake-academic-credentials/
>  * http://www.counterfeitdegrees.com/
>
> 6. The "online identity" problem has been around for a very long time
> now, and it's only getting worse:
>  * http://www.zdnet.com/blog/digitalid/the-identity-silo-paradox/57
>  * http://www.internetidentityworkshop.com/
>
> 7. The US Government has started an initiative to try and fix it due to
> the lack of private industry movement in the area and the increase in
> online security breaches.
>  * http://www.nist.gov/nstic/
>
> Those are just a few of the more recent links. There are many more
> stories that come out on a weekly basis about fixing the identity
> ecosystem on the Web, hopefully this small sample is enough to highlight
> that the issues are bigger than most people realize.
>
> -- manu
>
> --
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> Founder/CEO - Digital Bazaar, Inc.
> blog: The Marathonic Dawn of Web Payments
> http://manu.sporny.org/2014/dawn-of-web-payments/
>
>
Received on Thursday, 26 June 2014 20:40:39 UTC