Have a question? Want to advertise? Something else? Contact us: [email protected]

From the Front Page


Categories: General

Paypal's Anonymity Play

Published on August 9th, 2013 by bcohen
image What is Anonymity? Let me start off by explaining what I mean by “anonymity.” What I refer to anonymity is really pseudonymity, the right to privacy and the tight restriction of access to account numbers and credentials (...pseudonymity doesn’t sell headlines).  I think we all are re-evaluating the concept of what privacy means online and if there really is such a thing as being anonymous... I never pay with a credit card if I know that I will lose sight of my card.  So this usually rules out using a credit card at a restaurant.  The last thing I want to think about when i’m ordering my "Sesame Crusted Yellowfin Tuna" is if I can trust the waiter with my credit card details. Phone numbers are disposable,email is disposable and so should your credit card number. As I have mentioned before, the genius behind PayPal (Bitcoin notwithstanding) is the anonymity that it provides its users in that they do not provide merchants with their credit card details. One has to wonder if there is a real world equivalent on the way ...Debit and credit cards that randomize credentials (i.e. your credit card number) and these numbers should be generated on the fly and disposable. This might already sound familiar to you because PayPaldiscontinued a virtual credit card plugin back in August  2010.  These dynamic “throw away” credentials are often referred to as substitute credit card numbers and one-time use credit cards.eHow still has instructions online how the system worked (see “How to Generate a Card Number Through PayPal”). Then there are the Radio Frequency Identification or RFID cards.  Chances are that you have an RFID card in your wallet.  These contactless transactions go by the name of  PayPass (Mastercard), Blink (Chase), PayWave (Visa), Zip (Discover), ExpressPay (American Express).  Though there has been some scrutiny of this technology over skimming concerns, it is actually a step in the right direction.  Andy Greenberg of Forbes explains in “Hacker's Demo Shows How Easily Credit Cards Can Be Read Through Clothes And Wallets”:
“...contactless cards do offer one security feature traditional cards don’t: Along with the card’s 16-digit number and expiration date, the cards are set to offer up a one-time CVV code with every scan. Those codes can only be used for one transaction, and have to used in the order they’re generated. If a payment processor detects multiple transactions with the same code or even codes being used to make transactions in the wrong order, it will disable the card.”
Could eBay/Paypal use Virtual World Concepts for Real World Solutions? Last October, The United States Patent Trademark Office published eBay’s patent application 2012025402 for an “Online Payment For Offline Purchase.” The Abstract details the patent quite clearly:
“A user receives a unique purchase identifier from a merchant during an offline purchase transaction. The merchant holds the purchase. The user makes an online payment at a later time by entering the purchase identifier through a payment provider, who retrieves details of the purchase and processes the payment if the user approves of the payment. The merchant is notified and releases or ships the purchase to the user.”
The Summary further details:
"...{The} consumer selects one or more items for purchase at a physical merchant location. The merchant "holds" the purchase for the consumer, giving the consumer a unique identifier, such as a barcode or a number, to identify the purchase. The consumer then goes online, such as through a computing device, to access a payment provider service site...."
And the detailed description (Block Diagram Numbers have removed for reader clarity) further clarifies how the user’s privacy is maintained
“...{The System} maintains a plurality of user accounts...For example, account information may include private financial information of users of devices such as account numbers, passwords, device identifiers, user names, phone numbers, credit card information, bank information, or other financial information which may be used to facilitate online transactions by user . Advantageously, payment application may be configured to interact with merchant server on behalf of user...”
The above patent is interesting in that it appears that this can be used in part to maintain one’s privacy but does not explicitly state this fact. Moreover, eBay and Amazon both filed patent applications for anonymizing shipping. Amazon filed 20120143709 “Protection of Privacy in Connection with Shipment of Products” and eBay filed 20130018759, “Third Party Token System For Anonymous Shipping.  I discussed these patents in “eBay to Let Buyers Keep Their Addresses Private?” over at EcommerceBytes earlier this year. So we have established that eBay/Paypal are exploring different ways to secure their users transactions through anonymity and are looking at different methods of conducting in person real world transactions. image Idea I (am one of the few people who) use PayPal’s Security Key fob which generates a  “two-factor authentication” random number on a device the size of a credit card (above).  I enter this number with each PayPal purchase that I make... What I propose (assuming this has not been proposed before) is that “physical” credit card and debit card numbers are randomized in a similar fashion (using a LCD display).  Of course you will still have your static card/account number but merchants would only get access to the disposable number, not your static number.  Card numbers should be as confidential as your Social Security Number (or at least in theory). While researching possibilities of this concept I found an interesting idea for an “Instant Disposable Credit Card filed with the patent office. image Instant Disposable Payment Card / 20130166441 The United States Patent and Trademark Office (USPTO) recently published Egor Kobylkin and Robin Schuil’s patent application 20130166441 for “Instant Disposable Payment Card.”  Egor Kobylkin also happens to be the Senior Analyst, End To End Manager, PayPal Germany and Robin Schuil  Innovation Program Manager @eBay Classifieds (Netherlands / Marktplaats.nl). Schuil and Koblykin tackle their disposable credit card concept through a QR code. In the Background of their patent application they describe the problem:
“...payment cards have some important deficiencies. Payment cards are not as safe as desired. For example, a payment card or a payment card number can be stolen, thus potentially providing a thief with access to the legitimate cardholder's purchasing power and possibly providing the thief with access to an account, such as a bank account of the cardholder...”  
The Patent Abstract describes their solution:
“An instant disposable payment card can have a quick response (QR) code. The QR code can be scanned by the user. Scanning the QR code can facilitate activation and/or funding of the instant disposable payment card and/or can facilitate a creation of an account or an activation of a pre-created account at a payment system provider. The user can then use the instant payment card to pay for purchases. A merchant can scan the QR code or swipe a magnetic strip of the instant disposable payment card to effect payment to the merchant for the purchase. An account of the instant disposable payment card can be funded after use thereof to make a purchase.”
The Detailed Description of the patent application describes how the QR solution is implemented:
“...funding of the instant disposable payment card after the purchase can tend to minimize the user's exposure to risk with respect to the account...”
“...Funding of the instant disposable payment card can be done prior to a purchase with the instant disposable payment card or after the purchase with the instant disposable payment card...”
“...The instant disposable payment card can lack any information, such as the user's name...”
Let’s Talk Bitcoin! reached out to Mr. Schuil and Mr. Kobylkin for comment on on their innovative patent including if and when this technology would be commercialized.  We were referred to Paypal’s Public Relations office which did not provide comment by press time.  Though just because a patent application is filed, it is not necessarily an indication that a product is imminent.  It is also unclear if the patent application has been (re)assigned to eBay/Paypal. Meanwhile, Peter Thiel, co-founder of Paypal recently led an investment round in Bitpay (See John Oates’ CoinDesk article “Peter Thiel & Founders Fund lead $2m funding round in BitPay”) and David Marcus, President of Paypal has stated that Paypal is Interested in Bitcoin. image While Paypal ponders the pursuit of Bitcoin payments, players such as Bitinstant have been pursuing a Bitcoin Debit Card that would interface with legacy banking systems such as Visa and Mastercard.  The BitInstant Support Center has stated since Apr 12, 2013:
“The Bitinstant debit card is still in the works. Unfortunately, we don't have an exact ETA. We encourage you to check back with our website in the coming months to see all of our added services and updates including those relating to the debit card.”
Looking at the concept image above it appears that it could be beneficial for Bitinstant to include a way for cardholders to anonymize their account number. And then there is the  Mycellium Card, The Bitcoin Card with a Brain, prototype shown at the Bitcoin 2013 Conference which promises to allow merchants to “Omit credit card companies and keep your profit for yourself” and was compared to fitting a “1990-class mobile phone into a the size of a credit card.” The Mycelium Bitcoincard will offer an easy way to pay at retail locations, and it can do transactions from card to card, even without internet. The merchants will provide gateways that enable bitcoincards to be used even when the customer himself has no internet connection. Because it is an embedded system, there is no chance of a virus or malware on the device. A status update on the Bitcoincard development was posted on the Bitcoincard Blog image Going Forward Perhaps we are moving towards a “CreditSticks” future predicted in the cyberpunk role-playing game Shadowrun.  The First Edition was 1989 but it wasn’t immediately clear to me when CreditStick first appeared in the world of Shadowrun.  Though, I prefer the future’s past by Edward Bellamy in his 1897 utopian novel Looking Backward. Bellamy  coined the term “credit card” in his novel.  Bellamy, however, referred to what we would today call a debit card for spending a citizen's dividend rather than buying on credit. I know some of you are reading this and asking yourselves, “Won’t we be using our mobile phones instead of  credit cards?”  Well, I’m going to ask you a question.  Do you have a credit (or debit) card in your purse/wallet... and why? Feel free to respond below.  The trajectory for a cashless society started with credit cards (or the “credit coin” ---see below) and I believe there is still a future for credit and debit cards.  In fact a credit/debit card (especially an anonymized one) is now starting to look more like an “off the grid” alternative to cash as more people start to use their mobile phones to conduct in person real world transactions.  And we all like alternatives----right? image Factoid: Did You Know? // Credit cards originated as Credit Coins (a.k.a Identity Coins) and were popularized around the turn of  the twentieth century.  These coins were small metal tokens with the coin holder's account number engraved on them and served as identification of their account in department stores. See Credit Cards—A Prelude to the Cashless Society, 4-1-1967, by Eric E. Bergsten [PDF: Digital Commons @ Boston College] Credit Coins Popularized at the Turn of the Twentieth Century: The Credit Coin In Philadelphia
“The Introduction of the credit coin seems to be almost universal not only in department stores, but other large establishments”
image Source: Philadelphia Record, via New York Tribune, June 2,1901 via Library of Congress, Chronicling America Additional article corroborating Philadelphia/Turn of the Century Invention of the Credit Coin (as well as information how to get a free soda): The Pharmaceutical Era: Shop Talk; May 23, 1901 via Google Books 1922: Early Case of Credit Identity Theft: Arrest Cabaret Singer: Girl Accused of Using Credit Coin without Authority image Evening Public Ledger., August 10, 1922 via Library of Congress, Chronicling America According to the CPI Inflation Calculator $200 in the year 1922 is equivalent to $2,773.15 in  2013.   First Court Case For Credit Coin Identity Theft: Department Stores and Court Asserted that Victim of Identity theft was Liable for the Store’s Losses: Department store coin: Liability of owner for goods purchased by finder on credit of coin
“...a new question of considerable importance...”
“...Neither the court nor counsel have been able, after diligent search, to find any reported case on the subject..."
“...The defendant made this possible by keeping her coin and her visiting cards with her address theron in an insecure place.  The coin was received and accepted by the plaintiff in the course of business for value and without notice.  The case before us works a hardship upon both parties, but, as between two innocent parties "he who makes the loss possible should bear it": State v. First National bank, 203, Pa., 69.”
“The defendant accepted and used the coin given to her by plaintiff; she lost it, and by reason thereof she made it possible for the finder to obtain merchandise to the amount of $61.10, the sum sued for in this case.  The plaintiff, being without notice of said loss, was in no way to blame.  We are in the opinion that the facts as presented before us warrant us in finding in favor of the plaintiff.”
“And now, July 27, 1915, the court finds in favor of the plaintiff in the sum of $61.10, together with interest, $1.64 - $62.74."
Source: Wanamaker v. Megary, 24 Pa. Dist. 778 (Municipal Court. Philadelphia 1915) Lancaster Law Review: Volume 32 Inquirer Printing and Publishing Company, 1915 via Google Books According to the CPI Inflation Calculator $62.74 in the year 1915 is equivalent to $1,447.03 in 2013.

Views: 5,716


Comments

Make sure to make use of the "downvote" button for any spammy posts, and the "upvote" feature for interesting conversation. Be excellent.

comments powered by Disqus