Making Purchases with Zero Effort
Inside Microsoft Research
It’s convenient, it’s secure, and, given the popularity of smartphones, it just could be the future of commerce.
The scenario above is no idle fancy. In Building 99 on Microsoft’s Redmond, Wash., campus, it’s currently a reality, part of the Zero-Effort Payments research project, a rethinking of mobile payments by the Mobility and Networking Research group at Microsoft Research Redmond.
The group had created a team, including 11 researchers, investigating ways that mobile-payment security for Windows Phone could be enhanced even further. Zero-Effort Payments (ZEP) is a consequence.
“We thought that mobile payments are an instance of a much more ambitious problem: seamless customer identification—the ability of a store to identify its customers in a seamless manner without relying on any specific or deliberate actions on behalf of the customers,” says Stefan Saroiu, one of the researchers on the project. “We charged ourselves with building an end-to-end system that would provide seamless custom identification using inexpensive, off-the-shelf components.”
And as the researchers devised the technology, they recognized that the project had privacy implications, so they made sure to build in privacy safeguards.
The project uses the concept of seamless customer identification (SCI), which could have implications for a variety of scenarios.
“Let’s start with shopping,” Saroiu says. “With SCI, any store could immediately know the shopping history and personal preferences of a customer registered with their SCI systems.
“As a customer enters the store, the store could dispatch the ‘right’ sales associate, depending on the customer profile. In the absence of a sales associate, the store could try to infer what the customer’s interests are and issue a coupon in the store directly to the customer’s smartphone. The customer could make use of the coupon during the visit before the payment takes place.”
The system also could make returning an item a breeze. A receipt wouldn’t be necessary to gain return credit, because the system would recognize the customer and have evidence of past purchases. And Zero-Effort Payments scenarios include booths at a trade show featuring an SCI system. Upon leaving, participants could receive an automatic summary of the booths they visited.
Such a system is up and running in the coffee stand in the atrium of Building 99, enabling Microsoft Research personnel to pay for coffee and snacks through face recognition, provided by the Face SDK project from Microsoft Research Asia, and wireless proximity.
The payment system works through Microsoft employee badges. Microsoft cafeterias and cafes are equipped with employee-badge readers connected via USB to the payment terminal, the cash register. A ZEP tablet is connected to the USB port of the payment terminal, and the cashier confirms the results of the identified person on the tablet. A camera behind the stand captures video that is processed in real time.
The system was deployed in March during TechFest, Microsoft Research’s annual showcase of new projects and technologies, and generated sufficient word of mouth that Saroiu was invited to present the work during the Society for Foodservice Management Critical Issues Conference in April in New York.
For now, the project will continue to require human validation. In addition, the researchers understood from the start that Zero-Effort Payments could have privacy implications.
“Different people have very different tolerances for the privacy implications of such systems,” Saroiu observes. “Clearly, these systems all aim at providing more convenience and richer experiences in people’s lives. These come with privacy tradeoffs. Some people are happy to make these tradeoffs, whereas others aren’t.”
For that reason, the research team—which also includes Alec Wolman, Bryan Parno, intern Chris Smowton, David Molnar, Jay Lorch, Jitu Padhye, Oliver Foehr, Ronnie Chaiken, Victor Bahl, andWeidong Cui—is making it easy for potential users of Zero-Effort Payments to opt in to participate by devising project-specific privacy principles that adhere to Microsoft’s Privacy by Design approach.
“First,” Saroiu says, “people should not be automatically registered in such systems. Instead, an opt-in policy is required. Second, the identifiable data stored by such a system cannot be abused. Such data should be used only for the original goal of the system, the one described to each participant at registration time. Any change in policy should not happen without notifying the participants and allowing them to permanently erase their data from the system.”
Making purchases with no physical effort at all ... and you thought online shopping was easy!