This blog post, and the source blog from the Center for Democracy and Technology, illustrate, once again, the challenges of the payment system in conjunction with the Internet and mobile worlds. Many of the concerns raised regarding privacy in both posts are the result of non-payment data being added to the payment data stream. The impacts cut across a range of areas including online privacy as well as telephone based marketing.
Mobile payments can expose payments data to more parties than traditional credit cards do. In the case of Google Wallet, for example, you expose your data to Google, which serves as the mobile payments provider, in addition to credit card issuers and payment processors, the nonprofit group said. Third-party apps can potentially gain access to data, too, it said. Once all the small bits are combined, like the customer’s e-mail addresses, phone numbers and purchase histories, merchants have a pretty detailed customer profile.
The CDT doesn’t get it quite right as everyone in the payments chain has access to some of the same data but not all. But, as other articles have shown, even without mobile device data, “Targeting” (caps intended) can get very specific indeed. And merchants are already doing it. Amazon, for example, fits the parameters of the last sentence above perfectly. That rich data set is among the principle reason for Amazon’s success at risk management, taking a card not present environment and getting card present fraud rates. With mobile devices, the granularity of risk decisioning just gets better.
Commercial data usage regulation, especially as it pertains to privacy, is a big area of discussion that will only get larger. Right now, with CISPA and other bad legislation, we are fighting unnecessary government intrusion into our personal privacy. Once that gets beaten back (let your representatives know your thoughts) expect a lot more on the privacy front.