Monday 4 January 2010

Idea: Why doesn't PayPal (or others) also manage my PII like Email, Address, Phone?

Following a couple Tweets I posted earlier today:
  • Why doesn't #paypal also manage my personal information like my address (I prefer to pay using paypal so that I don't use my CC everywhere)
  • ...so why don't PP provide a service where ONLY PayPal knows my address (so that I don't have to give it to EVERYBODY I trade)
  • ...you could have some interesting variations of this service where in some cases the goods would have to be shipped via PayPal
  • ... In fact if #PayPal doesn't do it and if #FedEx or #UPS or#Amazon do it, I will start using them instead of #PayPay
I had this question sent via email:


"Typically people buying things online do release  their postal address to the merchant/seller, since they need tocan ship goods.  Sellers/merchants don’t always need to have your address of course, but I don’t believe you  exclude it when dealing with a merchant, unless you just do a “send money” transaction to them, in which case they do not get your postal address."

to which I replied:


"...Sure and isn't just "send money" what PayPay currently does?




It just hit me when I was buying a book from an independent publisher (which I will only use once) that I had no option but to give my full personal details (name, address, phone number, etc..). 


I was happy that I could use PayPal (since that way I don't have to give them my CC details) but was not happy that I could not use PayPal (or other) to protect my other PII (Personal Identifiable Information).


See the only reason I use PayPal or Amazon is because I have more trust in them (in fact, in this case I checked if Amazon had the book (which it didn't))


Although the PII in this case it not mission critical, it is a good case study for the types of 'Security related data management services' that we will need on the Internet in order to allow users to have trust in buying goods online (and even more as we move into the cloud). It will get much more complicated when we need to also have similar services/controls for Health or Financial records.


From my point of view I want to have one (or just a couple) web brokers, who are able to manage (probably even better than me) my sensitive data and make money by charging (me or my bank) a little bit for their service (just like Amazon does with their postage charges). Can't you see how a bank would prefer this? They (the bank) could say "OK... for web transactions we will not send you CC or its details, but will instead send them to PayPal/Amazon/FedEx/Google and you can access it (i.e. buy using it) via your Phone or the Web"


This is why I also Twitted that this service could be provided by FedEx or UPS since they are able to provide this "buy book from publisher XYZ" service without the seller having any idea of who the buyer is (note that these companies have already 'sorted out' the delivery mechanism)


Does this make sense?..."