Privacy Experts: Consumer Trust Is Vital for Mobile Payments and Apps

Paul Westrick puts his personal touch on each wallet he carefully handcrafts from luscious Italian leather. His micro-wallets, smaller than a deck of cards, are neatly displayed in a hip, hyperlocal workshop “Zeroz” that would seem more at home in SoHo than downtown Columbus, Ohio. He personally shows and sells his wallets to each customer, completing each transaction seamlessly with nothing more than his Square card reader and his iPhone.

Westrick says that the simplicity and convenience of mobile payments helps to build trusting relationships with customers: “It’s way more convenient. Our style is more personal and approachable and we don’t need to run off to a cash register,” Westrick told Street Fight in a recent interview.

Building relationships with consumers is all about trust — and trust is exactly what consumers lack when it comes to most mobile transactions. New statistics show that 41% of consumers do not trust businesses with their personal information. Another survey from U.C. Berkeley reveals that 96% of consumers do not want to disclose their locations to retailers while shopping. Exacerbating the mistrust are accusations that businesses have been collecting users’ email addresses, locations and their address books without telling the consumer or getting permission. Bloomberg reported on May 5, 2012 that Google may be negotiating the terms of a fine it may pay the Federal Trade Commission after accusations were made that Google found a way to modify the security features on an iPhone’s Safari browser to track users.

On April 23, 2012, the Center for Democracy and Technology warned that mobile payment methods are capable of collecting more information than standard retail cash registers. Mobile payment methods can collect telephone numbers, email addresses and mailing addresses. “Without strong user privacy controls, mobile payments may turn your cell phone into a magnet for telemarketing, spam, and online behavioral advertising,” Harley Geiger posted on a CDT blog. Several days later, the Federal Trade Commission held a workshop in Washington to explore privacy issues with mobile payment methods, prompting a plea from the National Retailers Association urging the FTC to “move cautiously” in establishing regulations for mobile payments. “The government should not impose regulations that would forestall yet-to-be-imagined advances and innovation in order to avoid potential ‘harm’ based largely on speculation,” NRF senior VP and general counsel Mallory Duncan said.

Gary Schwartz, president and CEO of Impact Mobile and chair of the North American Chapter of the Mobile Entertainment Forum, tells Street Fight that building trust should be the core of a retailer’s mobile and online strategy. “The key to engaging with the consumer in a trusted relationship in a retail environment is you don’t want to engage with people who don’t want to engage with you,” says Schwartz. “The outreach should be focused on loyalists with a retailer’s brand. It’s about your loyalists putting up their hand and saying ‘hey I want to talk to you because I love your product.'”

“You need to make a call to action on all your touch points, and say if you love my product opt in. Once you have that, you have to let them opt out at any time,” Schwartz adds. He believes the strategy can be outrageously successful: “If you’re on target, if you are talking to them and they love your product, they will stay with you. It will attract 10x over your email channel.”

Building trust requires developers and businesses to implement a strategy that give consumers a better idea of what information is collected from them, and what choices they have to control it. Regulators have encouraged developers and businesses to engage in “privacy by design,” that is, incorporate transparency and protections for consumers on their information as products are built and launched.

Regulators have become increasingly aggressive in addressing what they perceive as abuses in the use of consumer information from mobile devices. Already, Apple, Google, Microsoft, Hewlett-Packard and Research in Motion and other major application stores have agreed with the California Attorney General to require all developers to provide privacy policies with their applications, include a process to display such policies in their stores, and report developers that are not complying. The California Attorney General’s office warned it will take enforcement action if the privacy policy process is not in place within six months.

The Federal Trade Commission will hold a workshop on May 30, 2012 regarding consumer privacy online and on mobile devices. The FTC is pushing for a uniform “do not track” process for online and mobile behavior advertising.

Some major developers are sharing ideas to improve providing consumers with transparency and control. Mozilla requires that all applications offered for its Firefox browsers must have privacy policies. At a recent privacy conference, representatives from Microsoft and Mozilla suggested the use of a uniform set of icons that would show in a simple and graphic way what information an application may be collecting, how it will be used, and how a user can control it. The developers believe such icons can convey information clearly on smaller mobile screens compared to lengthy privacy policies presented by text. This year likely will be a turning point on whether businesses and developers can implement a uniform privacy scheme for mobile apps and mobile payment systems or face more legislation and regulation.

Brian Dengler is an attorney with Vorys Legal Counsel and journalist who covers legal issues in eMedia. He is a former vice-president of AOL, Inc., a former newspaperman, and an EMMY-winning TV journalist. He teaches new media issues as an adjunct at Kent State University and formerly at Otterbein University.


Just FOUR weeks left until Street Fight Summit West. Join top execs from Patch, Foursquare, JiWire, Topix, Yelp, Coca-Cola, Group Commerce, and many more! Register today before ticket prices rise.

  1. May 7, 2012

    So how do i increase the trust levels? What do i need to build into my app that drives higher levels of trust?

    1. Brian
      May 7, 2012

      Peter, very good question. I suggest you look at my other articles and see the “punch list” of privacy principles proposed by the FTC and the Future of Privacy. How they will be adopted will depend on what the industry and regulators can work out.

      Preliminarily, you’ll need a privacy policy created with the assistance of your counsel and find a way  to present it to users before you start collecting information from them. The app stores will be required to provide you with a mechanism later this year to post a privacy policy as part of thier settlement with the California Attorney General.

      Next, in your product description, you could disclose certain information practices so the user is not caught by surprise, such as, if you provide LBS. For example, a marketing statement such as “We use your location to help you find the services you want as provided by this app.” Thus, the LBS is offered as a benefit.

      I believe the major apps store provide mechanisms to provide pop ups if you want to collect additional information. For example, when I logged into my Facebook app, it asked for access to my smartphone address book to find friends:

      “Find Friends on Facebook”
      “Chose contacts on your phone to add as friends on Facebook.”
      “Not Now”  “Find Friends”

      In the “Nearby” feature on the Facebook App, it asked if I wanted to give my location:

      “Facebook would like to Use Your Current Location”
      “Don’t allow”  “OK”

      In both circumstances, I said “no” and my expectation is that Facebook is not collecting the information above from my device. An additional approach is to give the user the ability to change settings. So, if they allow LBS, they should be able to turn it off.

      Mobile apps are in the spotlight because of recent controversies involving allegations that developers and businesses were capturing address books and other information from Smart Phones without getting clear consent from the user.

      Finally, you should consult with counsel and keep track on developments and news in this space. This posting is not intended to give legal advice and the mobile privacy issue is much more complex than we can cover here. The mobile privacy issue is in flux, and much will change as the year moves on.

      1. May 7, 2012


        I’ve read your articles and also looked at the guidelines for Privacy by Design, the FTC and also the Future of Privacy. And IMO they all miss the mark. There’s no ability to “Trust and Verify” – what i really want in an app is an “audit capability” so that i can verify that that no information was transferred.

        I think the future of Privacy is Trust. However there have to mechanisms (not legal policies) that allow me to be in control of the storage, use and flow of my information. Without that i’m left with no visibility into what is taking place. 

        Here’s an interesting thought – why is there no Audit log built into the browser. Something that i can simply select, and then every 14 days see who accessed my private data? Once the consumer can start to trust then the equation changes dramatically.

        1. Brian
          May 8, 2012

          Peter, from a regulatory/policy standpoint, I don’t see a push by anyone to require apps to carry audit capabilities. I’m not sure how it would affect performance of the app or device, whether it would be accurate (what if users delete cookies and cache?) or whether consumers would really use it. Most of the policy is focused on telling the user what’s going on, and giving them some options to turn the “tracking” switch on or off. Your concept of an audit app is an interesting one, almost like a security suite.

          1. May 8, 2012

            The audit capability is actually pretty cool and not a performance hog. Think of it as a black box recorder that sits in the background and monitors what you do and what’s sent to you. Then every few days it uploads the content to a web service and you can view your results. 

            The real problem i see with DNT is that i can’t see what the content provider is really doing. In fact no one can unless you get inside the cache and look at all the cookies. For example think about this – I set the DNT flag to 1 which means do not track. I go to a site and they ask me for a site wide exemption so they can track. I say yes and then they set a cookie that says DNT=0. I leave the site and come back 3 days later – my DNT flag is set to 1 but the cookie is still there and says 0 – now what happens? This is going to happen all the time. The web server will simply use the cookie because it allows them to track AND that drives revenue.

  2. May 8, 2012

    Until we get proper legislation making app developers  have you op in instead of opting out, you never know what you have downloaded to your mobile device.  There will be a backlash as people learn how their
    privacy has been compromised. 

    People can take control of their own privacy when it comes to SmartPhone
    tracking. MIAmobi SilentPocket addresses this issue and many more problems
    associated with mobile devices. With over 500,000 mobile app developed for
    smartphones, many of which are stealth and are eavesdropping on your every
    move. Some are capable of turning on functions on your phone like your mic,
    camera, GPS, address book and more, even when it has been turned off. There is
    only one way to stop this if you really want to know for sure that you have
    control of your mobile device is to block all forms of wifi coming in or going
    out. Get informed at

Leave a Reply

Your email address will not be published. Required fields are marked *

Will Facebook’s New Offers Product Appeal to Merchants?