This is sort of frightening. Paypal has a recent history of locking people out of their own accounts as they layer upon layer of draconian "security" measures. These "security" measures seem designed to gather as much personal information as possible, and to restrict access to your funds as frequently as possible. I log into Paypal about four times per year, and each time its a frustrating tangle of new user agreements, forced requirements to add new security questions, and ridiculous restrictions. For example, when I decided I was going to move to a mobile phone-free life, Paypal decided they would force me to verify my account via SMS, but they cannot send SMS to google voice, so I spent 10 hours over four days to get access to my account.
Paypal is less trustworthy than Facebook or the federal government.
I don't think there's a more trustworthy contender nowadays (definitely not facebook). Many of their requirements for new terms and compliance are due to state regulations, especially here in the EU. For me, the fact that they require verification through official documents makes me trust them more, not less.
That's sort of the problem. Paypal is acting more and more like a bank, yet they're investing millions in lobbyists to make sure they don't become a bank, legally. If they were a bank they would be accountable and would fall under all of the rules and regulations that banks must follow, and they wouldn't be abe to withhold funds from their customers so readily.
Part of this that they have to know their customers. They can't allow someone without proper ID verification to collect a few hundred thousands of dollars through simply providing an email account and a name.
Its ok that they require verification through official documents but PayPal is known for locking people out of their accounts even after they have submitted these verification proofs. The Resolution Center is a farce. I have uploaded many different documents, but it keeps showing me the same verification problem. This has gone on for over an year now. PayPal is not important to me and so I can just ignore this problem. I don't even the worst bank here, in India, keeping people out of their accounts in such a way.
"PROSPECT SCORE
This API enables you to know the purchasing potential of a user visiting your site. Users are classified into Gold, Silver, or Bronze based on their average spending value, frequency, and online transactions. Product details..."
This doesn't feel right. Aren't there privacy issues here? Have I unwittingly signed some T&C on this?
Lots of companies sell your demographic information, including your bank, credit cards and magazine subscriptions.
Ansira* has an amazing product that ties into all of this. It's really creepy, but packed full of pretty accurate demographic information compiled from all kinds of sources.
* not affiliated with them. probably others. only one I know of right this second.
Yeah but most of the companies that sell your info aren't payment processors / pseudo-banks that have direct access to your checking accounts, who you paid last month, how much, and for what. The implied value in Paypal rating your users is that Paypal can and will tell you their income level.
There are a few things wrong with Paypal doing this. Firstly, they're notorious for freezing any user account with more than $2-3k in it, without warning or reason, until you have a lawyer send them a letter. Hasn't happened to me, but it's happened to enough friends that I wouldn't trust them with more than a couple hundred bucks at a time. Sometimes for no reason other than that they logged on from an IP address Paypal had flagged previously for someone else's transgressions. We can leave Wikileaks out of this, but suffice to say that if Paypal has any reason whatsoever for seizing your funds, they'll be happy to do so and ask questions later. The fact that they don't adhere to any open standards and never reveal their reasons for freezing accounts should raise the question of who they are to be an independent arbiter of identity.
Secondly, consider the ramifications of walking into a store with your tax bracket printed on your t-shirt. This one's obvious to anyone that's spent time as an American in a third-world country...the price of Phở goes up by 300% right off the bat. There's no doubt the market wants to rid itself of inefficiencies by selling to every single consumer at the highest price she's willing to pay and not a dime less, but the ethical consequences are staggering.
I would never enter my paypal info for any reason, on any site, other than to submit a payment -- just like I wouldn't give them my bank account number or answer questions about my salary. I think many consumers would feel the same way.
It happens all the time. The most prominent case was/is American Express mining spending patterns to characterize users into various categories. Here's a slightly dated NYT article on the issue:
I would say it's quite different: Amex looking at its own data to make its own decisions versus PayPal making such data available via API to third parties.
I believe this is a smart move by paypal. For the most part, they are a trusted brand on the Internet.
The few aspects I don't like are the domain name x.com and the actual website occupying that domain. x.com to me is too close to xxx.com and doesn't have any meaning besides being the shortest domain name. The website design is poor and the "win a bose" and "win an ipad" banners are atrocious. They should have used a subdomain of paypal.
A signature (from Latin: signare, "to sign") is a handwritten (and sometimes stylized) depiction of someone's name, nickname, or even a simple "X" that a person writes on documents as a proof of identity and intent.
Not only is it short, but X has a connotation of identity.
People are used to logging into PayPal in order to send money or pay for purchases, so I would think that associating PayPal with a website login is going to be hard for a lot of people to feel comfortable with, particularly because people are so used to the PayPal logo being used with actual purchase buttons. As developers we can try to explain the difference, but ultimately I think that PayPal logo has a pre-existing connotation in most people's minds and I think that will work against them as an OpenID provider.
This was the conclusion me and a friend came to while there last week. Talking to some of the PayPal people, they understand this is a huge hurdle they have to clear to succeed. I'm not totally convinced they'll be able to clear it, though. If I can't give out information incrementally and in a way I'm comfortable with, I'll certainly not use it.
Can't see this working for things like logging in to leave comments or play games like Twitter and Facebook identities.
Where I can see it working (and working well) is SaaS subscription services - it streamlines the signup process, provides additional data to the provider and pushes signups towards Paypal (and away from merchant account or other providers).
Hey.. it's totally safe to key in your Paypal username and password on a completely different site with a completely different graphical profile. That right there is a standard we need to set..
Also wouldn't it be trivial to make this pretty damn privacy invasive with the segmentation feature. I mean just profile when the site switches between the enumerations and you know pretty accurately what the average spend of people signing up for your site is. Combine that with a similar procedure for transactions per year and you have a decently accurate picture of spend / year. They might as well just have numbers instead of enumerations. I would not touch this with John Holmes' penis.
X.com used to be a bank back in the day, my first bank I got while in college as it happens. They bought paypal (I think it was that way, not the other way around but I may be mistaken) and killed the bank. X.com just resurfaced a few years ago in its new form.
Are there any companies that do nothing but paid identity management?
One of the sticking points I've always had when using my TwitBookOogle account as an OAuth provider is that if something happens to that account & it gets locked out, I'm screwed everywhere that I've used that identity provider.
I'm also of the opinion that the only reason these companies provide identity is for user lock-in. I would pay money to have a reliable service that only cared about managing my identity securely online.
I don't think this entirely addresses what you want, but if you use OpenID, you can use a delegate. I use my own domain name for the purposes of an ID (http://abevoelker.com), which then defers to myopenid.com when I need to authenticate (you can see this in the HTML of the page). If something ever happens to myopenid.com, I just find a new OpenID provider and change the HTML of my homepage to point there (the site that is asking for my ID stores abevoelker.com, not myopenid.com).
The problem, of course, is that most sites do not support OpenID. The only ones that come to mind are StackOverflow and some blog commenting systems.
And even if you don't need a website, you can just configure the domain (or a subdomain) as a CNAME to MyOpenID. It's faster too, although probably not enough to be noticeable.
I guess "PIP" fits into this category. It's been in beta about as long as OpenID has been a term. I used it for a several years before finally giving in an using my Google Account for everything.
EDIT: Oh.. it's now Symantec, and they will no doubt try and sell you their other products :( ... well at least it used to just be an identity provider.
Yikes this is scary stuff. I really hope congress takes a very close look at regulating paypal like a bank and giving consumers some rights against them, very soon.
PayPal users better have the ability to opt out of their buying habits being transmitted to unknown 3rd parties.
I think the parent comment is referring to: "PROSPECT SCORE This API enables you to know the purchasing potential of a user visiting your site. Users are classified into Gold, Silver, or Bronze based on their average spending value, frequency, and online transactions. Product details..."
Which, if you had been a Paypal customer prior to this, it might prove difficult to get your spending habits scrubbed if you no longer wanted to be a customer/didn't want your data available in this way.
How is this much different than a credit score? One is estimating your purchasing potential, while the other is estimating your likelihood to pay. Two sides of the same consumer purchasing coin.
In fact, I am surprised I haven't seen the credit reporting companies already pushing this kind of product. Seems like a natural extension.
It's not meant for "any arbitrary website". But it will surely help where you need a real identity. Places like when you shop for something, some where. Definitely better than sharing your CC/Bank info!
Paypal is less trustworthy than Facebook or the federal government.