Privacy is about 'managing expectations': eBay

Banks’ efforts to engage customers through mobile applications and social networking may backfire if not carefully handled, eBay’s global privacy leader Scott Shipman has warned.

As smartphones become increasingly pervasive in Australia, telecommunications companies and financial institutions have questioned how they might extract more value from mobile payments.

Analysts speculate that without innovative new services, there is no compelling business case for the introduction of contactless phone payment technology despite more than four years of trials.

The Commonwealth Bank of Australia will likely be the first Australian bank to launch contactless, near field communications (NFC) capabilities in its new Kaching iPhone application early next year.

Kaching combines contactless payments, traditional mobile banking features and the ability to pay Facebook friends. In time, the bank said it could facilitate payments to service providers within Facebook itself through better integration with the site.

In Asia, multinational bank Standard Chartered offers mobile applications that serve advertisements based on customers’ wish lists and location information.

Shipman, who manages privacy issues for eBay and its subsidiaries Gumtree and PayPal, said managing customers’ expectations was key to avoid being deemed “spooky”.

“I don’t currently expect to get shopping offers from my bank; it’s not the service that I’ve used with my bank,” he said.

“So if I were to start to see them use my information in different ways, they would need to do a much better job at managing my expectations.

“You don’t want to shock someone with your service, you want to delight someone with your service,” he said.

During the past 12 months, eBay has acquired location-based mobile application developer Where and product-finding service Milo as it attempts to move PayPal into the offline payments arena.

It is integrating PayPal into the Where mobile application, which offers discounts based on a users’ physical location.

Shipman said geolocation was an opt-in, rather than an opt-out, feature.

“For all geo-location types of issues, we require that all customers opt-in ... we are not going to require customers to turn it off,” Shipman told iTnews this week.

“Because if you get that first thing that says, ‘Hey, look left and you’ll get 20 percent off’, that’s really spooky unless you’ve turned that on.”

Shipman said eBay is a proponent of ‘Privacy by Design’ principles suggested by Canadian Privacy Commissioner Ann Cavoukian in 2009.

The principles call for openness, user-centricity, having privacy as a default setting, and avoiding risk so that breaches do not occur.

Shipman said PayPal is designed to be more private than credit cards because PayPal merchants only received the buyer's username and money instead of a full set of credit card details that could be reused fraudulently.

Meanwhile, auction site eBay monitors user behaviour, including browsing history, sales, purchases and failed bids, but promises users that it will not share any personal, identifiable information with third parties.

Instead, eBay aggregates that data to inform merchants about the demand for products and their average selling price in different parts of the world to inform business decisions.

It also serves customised advertisements through its “Ad Choice” behavioural advertising engine – which is an opt-out service.

Shipman notes that much of the behavioural information also allowed the site to detect and address illegal activity like money laundering and fraud, similar to how banks monitored their customers’ accounts.

“There’s two critical components of the [eBay] community; the piece on top of that is trust,” he said. “The buyers have to trust the sellers, the sellers have to trust the buyers and everyone has to trust each other, including eBay.

“The key piece to that is making sure that we’ve managed their expectations, so sellers and buyers understand why we collect certain pieces of information.

“They collectively can then, over time, trust that we use that information for those stated purposes and we don’t use their information for other purposes.

“When you change how you use information, you have to be able to communicate that clearly to the customer and make sure that they’re comfortable with how you’ve done that.”