The Experience is the Brand

The Future Was Then: Micropayments Again

As Facebook begins to rollout a PayPal-driven micropayment system, and various other vendors attempt yet another land-grab on the “future of money”, I thought it’d be helpful to review some of the issues surrounding micropayments.

On the one hand, there are the very significant usability issues that must be addressed, but there are various approaches to that.

And while there is some speculation that increasing regulation of the credit card industry, or economizing by consumers hit hard in this recession, will drive people to adopt more micropayment schemes, I think the issues are somewhat more subtle than that.

And I don’t think credit card companies need to worry.

Until Facebook buys a bank.

Micropayments have a long history of falling flat (the earliest I remember was “Virtual Coin”, and I think that was back in 1995.) If you do a Google search for “Wired future of money”, there are maybe a dozen articles stretching back close to 20 years. So there have been a lot of attempts, and they run into all the same issues.

Essentially, the problem is this: it takes money to move money.

Granted, that’s not because the technology is expensive, or that costs scale up with volume: moving $1 between two banks costs about the same as moving $1 billion. The “problem” is that there are so many intermediaries who want a cut, albeit small ones.

Any micropayment scheme needs to deal effectively with three challenges:

1. It needs to be low friction (friction defined as the difficulty of moving money from one place to another)
2. It needs to be ubiquitous (everyone needs to accept it)
3. It needs to handle fraud effectively

Friction

There are basically two types of friction in payment systems: ease of use, and transfer costs. Rendering payment (me giving you money) needs to be as simple as possible. That’s a usability problem, and not very difficult to solve (you need to follow some standard conventions for handling sign-in/authentication, communicating the value of what you are purchasing, and communicating the end of the transaction (the receipt.)

Transfer costs are more difficult: Visa/Mastercard want 3% of every transaction, plus a base fee – and it’s this base fee that kills every micropayment platform. If V/MC wants $0.25 per transaction, you’re not going to do any transactions valued at less than a few dollars. And true micropayments would be dealing in transactions of less than a penny (i.e., 1/10th of a cent to read an article on the WSJ. 1 cent to print it, etc.)

Bank interchange fees come into play there too (that’s the fee one bank charges another to send money electronically.) Again, these fees are small, but significant to a sub-$1 transaction.

As soon as you try to move lots of small transactions between two banking institutions, you’re dead in the water. The embedded costs are too high (and the players have no incentive to make them lower. Remember: the cost is not a function of the transaction size, but transaction volume, and the banks prefer it that way.)

So if moving small amounts money between banks is too expensive, what do you do? You try to create your own ecosystem.

Ubiquity

What do PayPal, EZPass and SecondLife all have in common?

They are all semi-closed payment ecosystems.

Each one works basically the same way: you deposit “real” money from a “real” bank into a payment account with the vendor, and you’re given credits. Sometimes these credits are called “dollars”,  and sometimes they are called “Lindens.” But they all have the same basic characteristic: they can be exchanged readily, and at a near-zero transaction cost, between any two members of the ecosystem.

Moving money from one account to another at any of these “banks” is simply a matter of making a ledger entry. It’s instantaneous, and involves no other outside intermediary. The intermediary only comes back into play when you try to move money out of the ecosystem, back into the banking system. Notice that PayPal doesn’t charge the payer to fund a transaction from a credit card or bank account, but *does* charge the recipient. PayPal bakes these “external” costs into their internal system transactions, because this opens up their ecosystem to be used by non-members. I don’t need to have a PayPal account to pay someone with PayPal.

Sadly, however, baking in this external cost makes micropayments impossible. PayPal’s micropayments fee is 1.9% +$0.05. If I sell a digital good for $0.10, my profit margin (assuming 0 production costs) is only 30%. In the world of digital goods, that’s shameful.

However, once an ecosystem is ubiquitous enough (oh, say, 500 million to 1 billion users), the ratio of internal-only transactions way outstrips I/O transations (with users outside the ecosystem), and the ecosystem manager can afford to remove the external processing charges from these internal transactions.

Why does this matter? Because no one buys eggs from their bank. Eventually you want your money *out* of the ecosystem, so that you can go use it somewhere that the ecosystem doesn’t reach. (And forget the argument about “just putting it on a PayPal debit card”, and going grocery shopping. That debit card lives in Visa/Mastercard’s ecosystem, not PayPal’s.)

So, let’s assume that you’ve got a billion users in your system, and they’re all charging up spending accounts with external funds (for which the funding institutions – the banks – charge a small fee, which you decide to eat), and exchanging Credits with each other in 1/10th of a penny increments. And you take 1.5% of each transaction as your fee (that’s 1/2 what any other merchant card processor charges, and you don’t even charge a per-transaction flat fee, so hardly anyone notices), and so on every transaction you’re making  of a penny. Chump change, right?

1 Billion Users * 100 transactions/day * $0.001/transaction * 1.5% =  $548 million/year in fees.

Yeah, I think that might be worth exploring. And that’s assuming that these users spend an average of $0.10/day online within this ecosystem.

OK, you’ve got $100,000,000/day sloshing around in your ecosystem, which your users have deposited with you, what’s the problem? They are not going to let you hold on to their “real” money for free, so you have to pay interest on those deposits.

And now you are a bank. And that brings with it a host of complications, but it also gets you direct access to the global banking system, which is important if you want to do things like enable cross-border transactions, EFT transfers to other banks, etc. And there’s lower costs to doing those things, which you pass on to your users.

Fraud

I won’t go into it here in too much detail, except to state this: Visa/Mastercard exist for a host of reasons, and one of the big ones is fraud detection and reduction. Recently I read that about  7 cents of every $100 in credit card transactions is fraudulent, which in the above example means that about $25MM/year is fraudulent. And consider, Visa/Mastercard’s stats are from an ecosystem where many transactions are done face-to-face, with signature verification, mailing addresses, etc. In the above example ecosystem, there’s much less in the way of identity verification, so the risk for fraud is higher.

It’s far from clear whether or not there exist any emerging micropayment ecosystems which will meet these challenges. But I think Facebook at least stands a chance of getting there, because it has three things:

• Low friction: paying another user in Facebook can be a single button click, or even a wall post: “Ben pays 1 credit to Patrick”
• High ubiquity: 300MM users and growing, many internationally.
• Good leg up on fraud detection: Facebook knows an awful lot more about your identity than even Visa/Mastercard, and given good pattern matching can probably figure out quickly if you’re setting up a profile as a front.

Three issues with all the Apple tablet predictions

Besides the obvious – that I will want one – I have a few thoughts about the tablet Apple will supposedly unveil tomorrow. There are three areas which I think deserve some attention:

The Case
An enlarged iPhone-like tablet seems troubling. The case and screen of the iPhone seem unlikely to scale well to three or four times their current size, the end result of which would be a device which seems somewhat brittle. iPhone screens seems to crack like a pile of dry leaves, so increasing the surface area by two orders of magnitude seems a recipe for continual breakage.

The Weight
Again, simply scaling the iPhone up larger isn’t going to work – especially if the display uses the same optical glass and the case materials are similar. Assuming that the intent is to provide a device which, at least in some instances, can be held like a paperback book or magazine, the device has to be lighter per square inch than the iPhone – and significantly so.

It’s simply a matter of ergonomics: while you cradle an iPhone in your palm with your fingers and palm wrapped around the four edges, the weight of the device is distributed through your wrist and into your forearm. With a magazine-sized tablet, you can’t wrap your hands around it that way – you have to pinch the device with four fingers on the back, and your thumb on the front. While this is easy enough to do for extended periods with a magazine weighing less than an ounce, just try it with a tablet weighing a pound or more. Which brings us to the third quandry:

The Input “Device”
There are a number of intriguing possibilities, but one thing is nearly certain: your hands are involved. Voice control is clever, but pointless: in the best case scenario, complete and instant voice recognition still leaves you with a low-bandwidth control channel which can’t be used very well in public. (Most people can only say one thing at a time.) And some sort of facial recognition system is very futuristic sounding, but baffling: exactly what facial gesture does one make to “check email” or “empty the trash” or “redo last filter”?

And for anyone who wants to suggest some sort of eye-tracking technology, let me put that one to rest: even the best systems (my company owns one) require calibration each time you sit down in front of it, and the triangulation assumes that the screen itself remains fairly stationary.

OK, so you’re hands are involved. There are a couple of issues:

If you’re holding the tablet in landscape mode, with one hand on either side, then the UI controls need to be arrayed up and down each side. Ditto in portrait mode:

That’s all well and good, but while you’re holding the tablet with both hands, what are you using to control the applications?

The other possibility is that you hold it with one hand, and interact with the other. There are problems with this, too: single-handed interaction with a multi-touch display limits the kinds of applications you can have, and each tap with your free hand increases the fatigue on the other hand holding the device up.

So what about putting the device on a surface? Well, this frees up your hands, which is great: fully interactive display, multi-touch, virtual keyboard – all of these things become feasible and reasonable. But there’s another problem – with the device on a flat surface, you’d have to be hovering above it directly in order to have a good, clean view of the screen. At an angle (even assuming you don’t lose brightness and contrast) the perspective is going to make interacting with any application rather frustrating.

So, what’s the solution?

One possibility is the integration of a laser-based projected keyboard, and an integrated stand for propping the screen up on a surface. The former is already widely available, and the latter could be accomplished with with a built-in “wing” that worked much like the flap on the back of a picture frame backing, or as an optional wrap-around case.

It will be interesting to see what solution Apple chooses.

“2/3 of american web users object to online tracking.” Really? That few?

Reading a study recently written up in the NYTimes (ht, @TheGrok), I find the results amusingly obvious.

Question: when you shop online, or visit a website, or view an ad – who owns the data describing that activity?

At first glance, the question seems to be easy to answer, until you actually start asking people. Anyone in marketing or eCommerce would be hard pressed to say that they had no right to keep and use that data. Many would say that, if they’re a participant in the transaction (regardless of whether a purchase was consummated), that they had at least as much right as the individual to that data.

Privacy advocates and civil libertarians will maintain that the individual’s data is their own, and that maintaining control over how it is used and maintained is a matter of personal liberty (in the constitutional sense.)

Consider some alternative scenarios:

If you walk into The Gap and buy a pair of jeans, does The Gap have the right to keep a record of you doing that? Does the answer change if you pay with cash, as opposed to a credit card? What if the cashier just happened to ask you your name, and commits it to memory? (Try this variation: you live in a small town with a general store, run by Harold, who makes a habit of remembering what you buy, so he can keep the store stocked. How uncomfortable does that make you feel?)

Let’s say you walk into The Gap and don’t buy anything. But the surveillance cameras record everything you do, including every item of clothing you examine. Do you have the right to demand that those tapes be erased? What if the manager makes a habit of watching those tapes, and committing to memory the items you spend the longest time looking at, so she can be ready to recommend something the next time you come in?

What if The Gap uses facial-recognition technology to match up surveillance video of what you browse to compare that against what you actually buy, several visits later? Does this feel more or less uncomfortable? What if Harold just happens to have a photographic memory, and is particularly observant?

Your answer might be expected to shift somewhat based on the introduction of technology into the scenario; we tend to be more comfortable with a level of intimate knowledge about us being maintained by another human being, as opposed to an impersonal system. But why? How can we hold Harold more accountable to use his knowledge responsibly? Suppose Harold is a bit of a gossip, and suddenly everyone in town knows that you have a fondness for Fruit Loops and Vaseline. You might stop shopping there, and pretty soon Harold starts losing business.

Introducing technology into the picture may increase the extent and scope of the tracking that’s possible, and it might make you uncomfortable, but it also adds an unexpected dimension: the possibility of more control over your data.

You can’t make Harold forget what he sees; you could make DoubleClick lose track of what sites you’ve visited, and where you’ve purchased. (And trust me, DoubleClick isn’t going to go out of their way to reconstruct your browsing history; as a single individual, you’re just not worth the effort.)

You can’t erase your shopping history at the general store, but you can clear your Amazon cookie. You can stop using a credit card, and pay for everything with cash. You can turn off cookies and Javascript and install an ad-blocker. You will never be completely anonymous, but you need only raise the bar ever so slightly for most marketers and merchants to give up on tracking your behavior.

Though changes may be afoot for the legal framework which governs what ad networks and merchants may collect, how they may use that data and what kind of disclosure will be necessary, I’d be willing to bet that that framework will trail the advent of privacy-enhancing technology by a couple of years. If the outcry is loud enough to warrant legislation, it can’t be very long before PayPal or some other enterprising entrepreneur introduces a Privacy-Enhanced browser/credit card/pop-up blocker that gains wide adoption.

The technology is perfectly feasible; all that’s missing is the demand.

Running Interference: Google Brings Enterprise Analytics to Joe’s Tire Shack

In Joel on Software, one of my favorite writers on the business of software describes Microsoft’s strategy for keeping competitors at bay: just change the API.

Microsoft would be developing an email platform, for example, that made extensive use of some low-level programming within Windows, as would a competitor. But because those APIs were poorly documented (not a mistake), the competitor would have a hard time figuring out why their email program kept crashing. Microsoft’s Outlook team, on the other hand, could just walk over and talk to the programmers down the hall, and figure out how to deal with the issue.

And by the time the competitor had figured out their own problems, Microsoft would have released a service pack that broke all of their carefully-constructed workaround.

This is not a new strategy. Sun Tzu wrote:

Defend what cannot be attacked; attack what cannot be defended.

So, too, does Google employ a strategy of running interference. Writing about their constantly improving free Analytics product, Bill Glassman observers:

They might be showing obsession because of where they want to be, but then again, they could be throwing up a smoke screen to keep the competition too busy to attack Google on advertising.

We’re big fans here of Google Analytics – it’s price-to-feature ratio can’t be beat, and for many organizations that are tentative about taking the dive into web analytics, the barrier to entry is embarrassingly small. Three minutes and some copy-pasting, and you’re gathering data.

For Google, the value in providing an enterprise-level solution for free is not to reach deeper into the Fortune 500. The value is where Google has always been aiming: the vast and deep middle.

While the top 100 advertisers on Google’s ad network (by dollar volume) are certainly using an array of commercial campaign and traffic analysis tools, they certainly don’t account for more than 25% of total ad volume. That leaves a couple of million advertisers who could make better use of their ad dollar if they had better metrics. And remember, these advertisers aren’t necessarily trying to decide which search engine to buy ad space on – they’re weighing AdWords against the yellow pages, billboards, radio spots and placements in diners.

There is a huge, pent-up demand for information about the effectiveness of advertising, and as fast as the ad world is changing at the high end, the long tail of small business is mired in advertising techniques that have been dutifully driving their businesses for the past 40 years… and are about to get upended. By arming these companies with “enterprise-class” tools for evaluating the success of their campaigns, Google is creating a huge, loyal contingent of long-term customers who will shift their advertising budgets online in direct proportion to the growing certainty of that medium’s success.

The Sound of One Man Meeting

Yesterday I scurried off to a client’s location for two meetings set for the afternoon. About the time I arrived, I learned that the first one had been cancelled. OK, no problem, cancelled meetings are pretty much “found” time for me, so I set down to do some work.

And so a couple of hours later I grabbed my laptop and notepad and headed off to what I thought was my second meeting of the afternoon. I arrived at the conference room first (that’s usually the case), set up and waited. And waited. 15 minutes after the meeting was supposed to start, I emailed the meeting organizer:

Me: “So, I’m in [the conference room] now. Are we meeting? Has it been changed?”

Her: “The meeting’s on Thursday.”

Yesterday was Tuesday.

Me: “Oh. Ok then. Great. Thanks. See you then.”

*grumble*

Now frankly, I’m to blame for this. The meeting request came in, and I transcribed it by “hand” into my Outlook calendar, mistakenly putting it down for Tuesday instead of Thursday. So really, it’s my fault.

But it isn’t, really. I’m using Outlook. My company uses Outlook Exchange for meeting and resource scheduling, email, address books, etc. It’s really nice, especially since 90% of the company is on WinXP machines. (I myself used to be on a Mac, and miss it badly. I’d gladly put up with the scheduling inconvenience if it meant getting my Mac back.)

The thing is, the meeting organizer is also using Outlook. She’s also connected to an Exchange server, only a different one. And the two servers don’t talk to one another. As far as I know, two Exchange servers in seperate network environments can’t talk to one another. So when meeting requests come in from this person (or anyone else using exactly the same software as I am, but on a different server), it doesn’t look like a “normal” meeting request (which would be recognized as such by Outlook and automatically placed, in the correct spot, on my calendar), but instead it just looks like a plain ole’ email. Time, date, location and subject of the meeting are all dumped into one dumb text field, and I have to manually retype them all into my calendar.

This is pure idiocy. I’m not even asking for every scheduling application out there to come up with and use a single calendar/appointment format. I’m asking two instances of the same damn piece of software to talk to one another.

Don’t even get me started about making my calendar viewable to my own collegues, so they can see if I’m busy before sending a meeting request. Microsoft provides a public Free/Busy service to which I can publish my calendar (or at least, the times when I’m busy and when I’m free), but anyone else who wants to see my schedule not only has to be using Outlook, they need to have a Microsoft Passport account, and they need to follow some extremely tediouis instructions in order to get it working.

Ridiculous. So if I want to share this information with another person, I need to:

1. Sign up for a .NET passport account
2. Sign up for the Free/Busy Service
3. Modify my Outlook settings to publish & read Free/Busy information to & from the public service.
4. Authorize each individual I want to share my information with to view my calendar (or authorize everyone who uses the free/busy service.)
5. Send them an invitation to sign up for the .NET and the service
6. Wait while they complete the first three steps above.

And after all that, their meeting requests still won’t import directly into my calendar.

Freenet

I’ve wondered about Freenet before, and got quite interested at one point in trying to contribute to a solution to the ThinkCash problem. The basic idea is:

Given a distributed P2P architecture where two of the primary goals are anonymity and the indiscriminantly free flow of information, how do you develop a method of ensuring that computer-generated insertions of content into the network (or computer-generated requests for information) are minimized. That is, how do you ensure that the entity requesting or inserting information into the net is human, and not computer. Some further constraints:

• The test must be able to be generated by a computer, and the results judged by a computer.
• The test must be relatively easy for a human to solve.
• The test must be relatively difficult for a computer to solve.

After some careful pondering, I gave up and waited for this one to stew. It looks like a solution has emerged, at least in part:

Carnegie Mellon University’s CAPTCHA Project

Yahoo! Mail uses this technology to keep automated registration bots from creating Yahoo Mail accounts and using them to spam. The basic idea is this:

• Randomly select a word from a dictionary.
• Create an image of that word.
• Apply a filter and a background, making OCR exceedingly difficult.
• Ask the user to view the image, and type in the word that appears there.

Yahoo does an admirably good job of this, and further thwarts automated registration bots from defeating the validation method by not permitting multiple guesses. If you type in the wrong word, Yahoo simply returns another randomly generated word, similarly treated.

Several other problems that arose in the discussion over ThinkCash are also dealt with.

• The code for CAPTCHA is publicly viewable, so anyone can implement it. (I don’t know yet if it’s open source, but the philosophy behind CAPTCHA is that the code must be open, and thus not rely on obscurity to prevent breaking of the algorithm.)
• The concept does not rely on a specific language, so it can be internationalized. A user would have to indicate what language they wanted to take the test in, however.
• I think it’s relatively impossibly to defeat, without exceedingly good OCR (the type which, to my knowledge, does not yet exist.

So far, I can only find one big, gaping hole: The idea poses serious accessibility problems. Blind users, for example, are shit out of luck and won’t be able to gain access (accessibility, as a rule, typically relies on the machine-readability of content.)

Still, I do wonder. An audio version of this test would probably not work quite as well, but I’m not entirely sure. (Voice recognition technology seems to be quite a bit more evolved than OCR, to the point where many specialized systems need no training and are able to extract sensible commands from a high noise environment. And on the side of the tester, it’s markedly more difficult to generate human-sounding speech, in multiple languages, dynamically.)

Check this out. Nice video

Check this out. Nice video, but how long before it shows up in the Google rankings when you search for things like Starbucks, Coca-Cola, and Gap? And how long before those aforementioned entities make some legal threats regarding this “unauthorized use of intellectual property?”

Coming Soon: Hollywood Versus the Internet

Coming Soon: Hollywood Versus the Internet

Mike Godwin outlines, in typically outstanding form, the battle raging over digital rights management. Only this battle is not between media bohemoths and supposed enablers of copyright pirates, but between Hollywood studios, and technology hardware and software companies.

Particularly interesting (to me, anyway) is this tidbit:

Toasters have their place in any kitchen. They’re great at one thing, possibly quite a bit more proficient than any other tool you might find adaptable to the purpose. But imagine if you were stuck with one, and only one, tool in your kitchen, and it were just a toaster. Think of the all the things you wouldn’t be able to make, that would be absent from your list of culinary choices. True, there are plenty of foodstuffs you can make in a toaster, specifically because various companies have all sorts of products that fit in a toaster.

Which is exactly the kind of model that many media and content companies seem to like. If everyone has some slight variation on a toaster hooked up to their television (a digital entertainment system) that can only take toaster-like content, then they get to excercise whatever degree of packaging control they prefer for their products.

What a dull and mind-numbing alternative to the rich cornocopia the Internet offers us today.

License to Know

The discussion on the idea of a “License to know” rages on the Cluetrain list. I can confirm Doc’s comments regarding regulated speach in pharmaceutical circles. Not only is the environment highly regulated (ie, oodles of government codes standing between whatever the company’s “true voice” might be and the general public, but this environment is different in every country in which the company does business. This makes communication on the web a particularly tricky issue.

Advertising Report

Advertising Report — Unicast Lands Patents, Promises “Action”

Let me see if I get this: Online advertising, with some notable exceptions has failed miserably. But some how, “standardizing the industry” is supposed to help the web “aggressively compete against other media, like television, for ad dollars.”

Nope, I don’t get it. And I’m a little sketchy on why they should have been issued a patent for what is, in my humble judgement, little more than a process for downloading images. Maybe they should get a clue.