Re: Loyalty cards - Trust, Privacy, Security and Convenience issues

Hi, Anders

I'm coming from an Open Badges background, so that perspective on
credentials has me not seeing the same problems here.

Existing loyalty cards are physical artifacts containing an identifier key
that is linked to personal information in a store's (for example) customer
database. Since the credential is issued by store, I haven't experienced
doubt about where it is appropriate to use that credential. Would this be
different if there weren't a physical card?

I am new to this list as of a couple months ago, so maybe I haven't seen
the ideas or prototypes you're thinking of, but from the Open Badges
community, it seems clear that this type of credential would have to be
more robust than the simple ID numbers encoded into the magnetic strips of
cards. The credential holder must demonstrate that they have the authority
to use the credential to the store, but what situation do you imagine where
a user would be confused about whether they are shopping at the store they
intend to shop at? Seems like that problem would need solving before you
ever got to the point of payment.

And on semi-anonymity, I think unless loyalty cards begin to be issued by
3rd parties instead of retailers themselves, the credential issuer has an
incentive to collect whatever personal information the think might be
useful. I don't see much incentive to accept outside credentials if it
means losing a rich source of customer data.

Digital credentials may be much easier to copy than physical magnetic strip
cards, but with most of the schemes I've seen proposed or demoed, there is
a prove-you-have-the-authority-to-use-this step assumed in the designs.

Interesting conversation

Nate Otto, Developer
concentricsky.com