Security and Shopper-Focused Technology

I just saw a post from the NYTimes Bits blog about R&D Visa has been doing to create a “universal digital wallet.” It’s an interesting concept, for sure, but one that I think presents more questions about the technology and user experience than it answers (so far).

Image courtesy of the NYTimes Bits blog.

First, Visa is proposing a one-click web payment system.
This would allow users to have one master username and password connected to their (presumably) Visa card that they could use in any web checkout process. The trouble with things like this is that functionality that allows people to autosave login credentials presents significant security issues, but are too heavily used to ignore. Every time I log in to a web page, my browser asks me if I want to save that information so I don’t have to log in again next time. Additionally, some websites do this on their own, creating a unique cookie storing your user information. Both systems provide convenience, assuming the user is always in possession of their machine. If someone were to break in to or steal your computer, they could potentially go nuts with your card and potentially other personal information. Sure, it’s not that likely, but remember Murphy’s Law…

Visa also proposes a system using near-field communication technology to enable our smartphones to stand in for our credit cards.
Just one less thing to swipe, I guess. Unfortunately, I think the same risks are involved here, but to an even greater extent. Being perpetually logged in (as I am for many apps on my iPhone) would make the tool much more useful, since you’re not going to want to stand at the checkout and log in using your smartphone’s touch keyboard before paying. But that means that if someone steals your phone (or if you lose it), your financial vulnerability could skyrocket. Sure, you can have a 4-digit security PIN unique to your iPhone, but again, I invoke the ingenuity of hackers in pointing out the weakness of that system. Plus, not everyone enables it.

I imagined a web-enhanced bank card last year (left), and this year, the real thing is almost ready for production (right)!

I mentioned a similar technology last September created by Dynamics, Inc. called Card 2.0, which would enable users to toggle between multiple accounts, replacing the same plastic credit/debit-style cards we use now. The card would have a single PIN as its security protocol. Let the hacking commence…

The only true failsafe I could imagine for these systems is biometric login technology…
…which of course comes with it’s own set of issues. What’s strange to me is that we don’t seem to be willing to throttle our innovation in commercial areas to make bigger strides in preventing privacy vulnerabilities, identity theft, and fraud (the latter of which, by the way, were the top concerns of respondents to a poll I created almost two years ago asking What issues most concern you about the future of the web?

So, what do you think?

Anyone out there with a focus on the shopper experience care to chime in?