Global Security, Privacy, & Risk Management

Of Payments, Privacy and Social Networks June 13, 2012

By now, many of you have probably heard about the smartphone app creatively and aptly named “Girls Around Me.” For those that have not heard, it is essentially an application that aggregates the “check in” location data of women using Facebook, foursquare, and other social, location based services.  It then displays for the user the locations and names of “girls around” him (or her, I don’t think the app discriminates).  The app promises to “turn your town into a dating paradise.”  For privacy professionals, the app sparks an interesting debate.  Is privacy infringed if the person in question volunteers the information.  On one side of the argument are those that would say “no – if the user has volunteered information then privacy is not compromised by the application.”  The converse of that argument, however, is one that centers on a definition of privacy that hinges on the appropriate use of information.  If the user did not volunteer the information in an effort to join this “dating paradise” then privacy is certainly infringed.  Certainly, one can see that the application in the wrong hands has the potential for misuse.  But, what if we use the information for good, rather than evil?

Mobile payments today pose a number of interesting conundrums for acquirers and ISOs, not the least of which center around risk and fraud.  Last week, I had the good fortune to attend and participate in the Merchant Acquirers’ Committee meeting in Las Vegas.  Not surprisingly, many of the conversations in which I was involved centered around managing and monitoring fraud among mobile merchants.  The topic of using geo-location as chargeback protection certainly came up.  Imagine if a payment company was able to leverage a tool like Girls Around Me, demonstrating that Facebook or foursquare users were in the immediate vicinity of the merchant at the time of the purchase.  Would we be up in arms about the invasion of privacy, or would we be commending ourselves for the innovative solution to a difficult problem.

This topic is interesting on a number of levels.  As a privacy professional, one should be aware of the impact of technology not only on our behavior but on our very definition of privacy.  Technology has rendered privacy something of a  moving target.  What is considered an invasion of privacy in one setting (aggregating data of individuals nearby and broadcasting it to other smartphone users for purposes of introduction), might just as easily be considered an innovative way to solve a difficult problem if applied differently.  Similarly, consumers shift their own privacy definitions according to the context.  If the technology behind Girls Around Me were used to notify people of nearby registered sex offenders, would the level of outrage be the same?

As a payments professional, the interest lies in finding the right balance.  Mobile payments are changing the way merchants do business and the way consumers pay.  The payments industry has to devise a way to ensure that both of those constituencies are protected from fraud.  Perhaps leveraging the technology of social networks and marrying that to mobile payments is the answer.  However, it is a fine line to walk for everyone involved.  Where does protection and better service cross the line into invasion of privacy?