Re: Loyalty cards - Trust, Privacy, Security and Convenience issues

On 2014-10-28 16:09, Nate Otto wrote:
>
> Hi, Anders
>
> I'm coming from an Open Badges background, so that perspective on credentials has me not seeing the same problems here.
>
> Existing loyalty cards are physical artifacts containing an identifier key that is linked to personal information in a store's (for example) customer database. Since the credential is issued by store, I haven't experienced doubt about where it is appropriate to use that credential. Would this be different if there weren't a physical card?
>
Hi Nate,
The difference is the discovery and hand-over processes which are potentially privacy sensitive.  At least the browser vendors consider a static number as privacy impeding if it is discoverable in an uncontrolled manner.  But manual processes adds other difficulties so this is an area needing more exploration.


> I am new to this list as of a couple months ago, so maybe I haven't seen the ideas or prototypes you're thinking of, but from the Open Badges community, it seems clear that this type of credential would have to be more robust than the simple ID numbers encoded into the magnetic strips of cards. The credential holder must demonstrate that they have the authority to use the credential to the store, but what situation do you imagine where a user would be confused about whether they are shopping at the store they intend to shop at? Seems like that problem would need solving before you ever got to the point of payment.
>

If you are talking about domains like "merchant.com", the authenticity of such are dealt with by other parties so I would leave it "as is".
In some cases the customer's FI will be able to stop the transaction but that depends on the payment system.

> And on semi-anonymity, I think unless loyalty cards begin to be issued by 3rd parties instead of retailers themselves, the credential issuer has an incentive to collect whatever personal information the think might be useful. I don't see much incentive to accept outside credentials if it means losing a rich source of customer data.
>
> Digital credentials may be much easier to copy than physical magnetic strip cards, but with most of the schemes I've seen proposed or demoed, there is a prove-you-have-the-authority-to-use-this step assumed in the designs.
>

Would this really apply to payments + loyalty cards as well?  If the payment is anonymous like Apple Pay, there's nothing to bind the loyalty card to, which makes me wonder if we maybe need "active" loyalty cards (=backed by private keys).

> Interesting conversation
>

I think so too :-)

Regards
Anders Rundgren
WebPKI.org

> Nate Otto, Developer
> concentricsky.com <http://concentricsky.com>
>

Received on Wednesday, 29 October 2014 11:22:59 UTC