Who are you?

Sarah is about to shell/pay out $246.

At this point in this forum, talk would turn to various methods of payment and Customer Experience (CX).

Sarah has lots of options to pay: she has multiple credit and debit cards, she has a number of Pay apps on her phone, she has a QR code, she has a tag on her wrist, she has Bitcoin, and she even has cash. Also, using the latest biometric devices, she has the option of paying by her face or finger.

She is spoiled for choice.

But aside from privacy, the new biometric payment methods throw up a problem that good old cash and multiple cards has solved already.

 WHO IS SARAH?

§ Every year, on their respective birthdays, Sarah and her friend Anna go to their favourite restaurant for a long and liquid lunch, reminiscing about old and new times. Because it is Anna’s birthday, Sarah pays using her personal credit card, and she leaves the tip in cash, as she and Anna remember the days working in school holidays when they did not always get the tips.

In this case, Sarah is paying as an ‘Individual’, with her ‘own money’

§ Sarah is in her mid-30s and her daughter, Laura, is the star of the local under-14 (mixed) soccer team. Sarah is buying Laura a new pair of soccer boots, shin protectors and kit bag, and pays the $246 using the ’joint’ debit card. Here Sarah is acting as a parent/family member and the boots could just as easily have been paid for by her partner, Blake.

§ Sarah is a chartered accountant and hence in demand by all sorts of groups. As treasurer of her daughter’s soccer club she is buying a set of referee’s flags and she pays by cash asking for a receipt so that she can claim $246 back from ‘petty cash’. Here Sarah is acting an elected official of a formally chartered association – the soccer club. Sarah also performs the same role for a number of charities in the local town and collects lots of receipts.

§ Sarah works at a local technology start up where she is Chief Financial Officer (CFO), a demanding job where she is currently working with Venture Capital companies with an eye to a new funding round.

Today, Sarah is having a quick lunch at the local pizzeria with three of her staff to discuss next week’s schedule of VC meetings. As an authorised executive, Sarah pays the bill using her corporate credit card, and keeps the bill for evidence. Note she is just one of about a dozen people in the company who has been given an executive card, and, as CFO, Sarah ensures that they are used properly and for the purposes intended.

§ To take a cab to the airport, Sarah calls an Uber, which is paid automatically from the company’s employee cab charge account. As is the travel policy, Sarah shows her employee pass to the driver. Here, Sarah makes the payment as an authorised employee of the firm. Note Sarah paid for her airline ticket using PayPal online with her corporate American Express card.

§ Sarah’s father, Jim, lives in the same town, is independent and capable but has mobility problems. Sarah, therefore, does some shopping for him, including collecting his medicines. As an ex-accountant, Jim likes to retain control of his finances, so gives Sarah his credit card and she ‘waves’ it to pay for his medicines. Sarah is not happy with the situation but does not want to see the day when she has to act as an official power of attorney on financial matters. In this instance, Sarah is acting on behalf of Jim. 

 Making payments on behalf of others is not unusual, there are many people who act as Authorised Agents of others, such as lawyers, estate agents and investment agents.

 SO, WHO IS SARAH? 

The individual, the friend, the parent, the partner, the soccer team treasurer, the manager, the employee, the agent of others?

 ALL OF THE ABOVE! (at one time or another)!

So, the agent involved in making payments (and indeed executing other financial transactions) is NOT the individual BUT the individual acting in a Role.

It is a grave mistake to assume a one-to-one correspondence between individual and role, which is assumed in some technology implementations. That is why we carry wads of cards in our wallets.

WHO ARE YOU? 

You are who you want/need to be, to execute the financial transaction at hand, always assuming of course that you are authorised to do so.

But with biometric identification, you are who the picture of the face or fingerprints says you are. You are singular and hopefully unique.

So how do you, as an identified individual), perform the many roles that you need to just get through the day?

The answer, of course, is to be able to choose who you want to be, when you need to.

Chaumian Identity

There is a nice FinTech solution to this general problem of ‘Identity’ but happens to be about 35 years old and hasn’t really been built yet[i].

In 1985, David Chaum, a pioneer of cryptography, published a paper in the Communications of the ACM called ‘Security without Identification - Card Computers to make Big Brother Obsolete”. In 1991, Chaum also introduced the concept of “Zero-Knowledge Undeniable Signatures’ similar to so-called Zero Knowledge Proofs (ZKPs) to preserve privacy.

In the first paper, Chaum claimed that

“You may soon use a personal "card computer" to handle all your payments and other transactions. It can protect your security and privacy in new ways, while benefitting organizations and society at large.”

With hindsight, Chaum’s claim missed the mark by a mile, but it looks like his ‘card computer’ concept could solve some real problems in finance today. And with the evolution of technology, it does not have to be ‘card’ but could be a computer chip embedded in a card, a wristband, a mobile phone or even IN a finger.

At the highest level, Chaum proposed that an individual would control a ‘computer’ that could generate a ‘pseudonym’ for each party that the individual transacted with and would generate the necessary ‘keys’ to interact with various parties, depending on the pseudonym required.

Isn’t this just a glorified password manager?

Sort of, and maybe in initial implementations so, but the promise is that secure and private communications could be instigated between individuals and (say) banks that would solve the identity and role problem in one very small device.

How might it work?

Say Chaum’s ‘card computer’ was embedded in a biometric device, such as a fingerprint reader, and when the fingerprint was read, the reader would pose the question – what role?  The individual would choose the role, say using voice or touch menu, and the necessary biometric and role keys would be constructed and sent to the associated entity, such as a bank. Using Chaum’s techniques, not only would the communications be encrypted but also the privacy of the sender and receiver would be protected.

Could it work? Yes, but not until industry standards were developed that implemented the interactions.

However, regardless of whether Chaum’s concepts are used or not, unless the individual/role problem is solved, we will be carrying around a wallet full of biometric devices in addition to our stack of cards. 

Cash would be easier?

[i] An Invention that has not been Integrated yet?