Loyalty cards - Trust, Privacy, Security and Convenience issues

The more I look into this topic the more troubled I get because I don't
see any "silver bullet", only a bunch of quite disparate solutions that all
exhibit very distinct pros and cons.

A list of issues I ran into:

Merchants must prove ownership as well
=================================
A receiver (merchant) of loyalty information should only get such that it has the
right/need to know.  That is, the receiver should prove ownership to a loyalty card
in order to get it.  This is also a way to filter loyalty cards so that the user in the case
he/she must actively select/grant disclosure of such information does not have to
select among cards that do not apply.  This arrangement also stops receivers from
learning about possible competitors the user in involved with.

Trusted chrome?
==============
Since loyalty networks and payments networks (usually) are independent
they can't share the same trust scheme.  It is unclear to me how to deal with
loyalty cards except through some kind of built-in "trusted chrome" which
though requires a fully standardized way of handling loyalty cards in
order to work.  This problem is (modulo merchant proving of ownership) the
same issue you have when you want to select between entirely different payment
methods such as PayPal, VISA/MC/AMEX or BitCoin.

Tamper-proof
===========
It shouldn't be easy to copy loyalty cards, otherwise the value of them
becomes very limited.

Semi-anonymous?
==============
In theory an "ideal" loyalty system should only exchange semi-personal data such
a frequent flier points, gender, age, and approximate location but that would
require an anonymizing service which probably would greatly complicate roll-out.

Automation
==========
In case full automation is required, abiding SOP seems to be the only credible option.

I haven't been able to "decipher" what Google and Apple does in this space.

Anders

Received on Tuesday, 21 October 2014 08:25:18 UTC