Cyber fraud is on the rise, and public concern over the safety of their data is one of the biggest factors holding back the tide of digital payments. One team of researchers may have a solution.
Called the Databox, the idea is that individuals use a personal online portal to collect together their financial statements as well as search, payment and other personal data from all their devices and then stores this in a single, heavily protected location, which could also be replicated in an external drive if preferred. They then choose which companies have access to which data.
Rather than replacing existing payment methods such as PayPal, the system “fits right in”, simply adding an extra safety wall between the data and the recipient, explains researcher Anil Madhavapeddy.
Because online companies and organisations request access to the relevant information, the Databox owner will just have to choose whether to allow their request, rather than re-entering this data manually, which Madhavapeddy says will speed up online payments and other interactions. “We anticipate that it will actually get more people to buy online,” he says.
To protect the person’s data, the Databox uses a carefully designed custom operating system based on the Nymote infrastructure, which, says Madhavapeddy, creates the illusion of running from multiple systems, preventing a hacker from simply breaking in and stealing a life’s worth of data. Wheareas earlier attempts at data vaulting effectively meant choosing one company to trust with your most prized information instead of scattering this between many (the “if you give us all your data, we’ll look after it” approach, as Madhavapeddy puts it), the idea of the Databox is that, once the person has set up their portal, they own and control everything. The creators have no access, and no claim over the data itself.
If successful, the system would take the pressure off third parties to collect and safely store the information they need, and would give far greater control to internet users, who often have no idea where their information goes after entry, and whether it could find its ways into the hands of unscrupulous marketers or even criminals.
In fact, says Madhavapedddy, the Databox includes a self-tracking function that allows people to view themselves as Google or other internet giants see them.
This, he explains, gives them a clearer idea of what kind of data has already been harvested by the internet’s “nefarious mechanisms” and take steps to adapt or protect themselves better if necessary.
“We’re never going to get rid of tracking entirely,” says Madhavapeddy. “But at the moment we’re in this weird place where Google knows more about me than I do!”
It’s not just that data-driven internet companies and government institutions have the ability to keep tabs on internet users’ activities and potentially invade their privacy. They also have the power to use their findings based on our data, given away cheaply, for hugely profitable commercial ends. This imbalance has to shift, say the Databox team.
“We are in the middle of a ‘personal data gold rush’ driven by the dominance of advertising as the primary source of revenue for most online companies,” wrote the researchers in a paper published last week.
“Internet services, advertisers, and even governments are all casting a wide net to accumulate personal data about individuals. This accumulation is generally occurring with minimal consideration of us, the individuals at the heart of this process.”
Part of the problem, they say, is that free tools and services on the internet typically come with an invisible price tag – data. The tacit attitude is that, if you’re not paying for a product, you are the product, giving marketers and other organisations a free pass to use customer information in ways that can make them deeply uncomfortable. In the long run, knowing that your behaviours and purchases are being continually tracked for someone else’s benefit could turn many people off digital and mobile payment methods altogether.
To prevent this “asymmetric power relationship”, says the team, “there is a need for a technical platform enabling people to engage with the collection, management and consumption of personal data; and that this platform should itself be personal, under the direct control of the individual whose data it holds.” Namely, the Databox.
Or, as Madhavapeddy says, since the always-on lifestyle is here to stay, we need systems that allow us to “retain control and stay social.”
While the benefits to customers and payment entrepreneurs are clear, such a move is unlikely to be encouraged by internet advertising and data collection agencies. As a result, say the researchers, if the Databox is to become a reality, the push will have to come from consumers. If we want to keep our data safe, we’ll have to take back the keys to the goldmine.
This article was amended on 29/01/14
New data from Worldpay, which surveyed 4,000 shoppers in Europe, shows the continent is becoming more tech-savvy and a keen adopter of new payment technology.
Berlin neo bank N26 talks new products, UK launch and the advantages of being based in Berlin.
Just under twenty percent of all card purchases are now being made on contactless cards, according to new data from the UK Cards Association.
In this guest blog, Apriva's SVP, Stacey Tappin, talks about the evolving payment interactions and the increasing importance of providing a cohesive consumer experience across all channels.