PayWear: Wearable Identification in the Context of Payment ... › studier › emner › matnat ›...

PayWear Wearable Identification in the Context of Payment Transactions

INF5261 Final Report, November 2014

Christopher Neumann Ruud, Robin Alexei Pettersen, Ying Li, Ingvild Eide and Alisa Odincova

INF5261 Final Report C. Ruud, R. Pettersen, Y. Li, I. Eide, A. Odincova

1

1 Abstract .......................................................................................................................................................... 2

2 Introduction ................................................................................................................................................... 2

2.1 Initial Idea.............................................................................................................................................. 2

2.2 Main Research Question ........................................................................................................................ 3

2.3 Limitations ............................................................................................................................................. 3

2.3.1 Scope ................................................................................................................................................ 3

2.3.2 Deliverables....................................................................................................................................... 3

3 Literature Review............................................................................................................................................ 3

3.1 Mobile Payment .................................................................................................................................... 3

3.2 Authentication Mechanisms .................................................................................................................. 3

3.3 Wearable Technology and Ubiquitous Computing (Ubicomp) ................................................................. 4

3.4 Limitations and Challenges with Ubicomp .............................................................................................. 5

3.5 Privacy/Legal Concerns .......................................................................................................................... 6

3.5.1 Current Norwegian legislation on electronic transactions ................................................................... 6

3.6 A matter of privacy ................................................................................................................................ 6

3.7 Minimal Attention User Interface (MAUI) ............................................................................................... 6

4 Technology Review ......................................................................................................................................... 7

4.1 Android Wear ........................................................................................................................................ 7

4.2 Apple Pay .............................................................................................................................................. 7

4.3 Google Wallet ........................................................................................................................................ 7

4.4 mCash ................................................................................................................................................... 7

4.5 Microsoft Zero-Effort Payments (ZEP) .................................................................................................... 8

4.6 Zwipe .................................................................................................................................................... 8

5 Data Collection Methods................................................................................................................................. 8

5.1 Ethnographic Studies ............................................................................................................................. 8

5.1.1 Ethnographic Observation at KIWI ..................................................................................................... 8

5.1.2 Results .............................................................................................................................................. 9

5.2 Investigating Scenarios with SPES........................................................................................................... 9

5.2.1 SPES Experiment................................................................................................................................ 9

5.3 Interviews............................................................................................................................................ 10

5.3.1 Interview with Skandiabanken ......................................................................................................... 10

5.3.2 Interview with People on the Street ................................................................................................. 10

6 Findings and Prototyping .............................................................................................................................. 11

6.1 Scenarios ............................................................................................................................................. 11

6.2 Storyboarding ...................................................................................................................................... 11


2

6.2.1 Customer pays with single coins, queue builds up as a consequence ................................................ 11

6.2.2 Customer payment methods are rejected ........................................................................................ 12

6.2.3 Customer tries to remember balance/decide which card to use ....................................................... 12

6.2.4 Customer’s wallet is somewhere else............................................................................................... 13

6.2.5 Customer is busy packing their bags when payment is prompted ..................................................... 13

6.2.6 Customer stands in line carrying a baby ........................................................................................... 14

7 Discussion ..................................................................................................................................................... 14

7.1 Our Proposed Solution ......................................................................................................................... 14

7.2 Deciding the Threshold between Usability and Security........................................................................ 15

7.3 Graceful Fallbacks ................................................................................................................................ 15

7.4 Context awareness and accessibility..................................................................................................... 15

7.5 Make it seamless ................................................................................................................................. 16

7.6 Ethical issues of facilitating spending ................................................................................................... 16

7.7 One question leads to another ............................................................................................................. 17

7.8 Limitations and issues .......................................................................................................................... 17

8 Further Work ................................................................................................................................................ 17

8.1 Payment Limits .................................................................................................................................... 17

8.2 Payment everywhere? ......................................................................................................................... 17

9 References.................................................................................................................................................... 18

1 Abstract In this report we look into the payment process. We want to find out if the situation can be done in a different way,

but still be safe. Where does the boundaries between safety and seamlessness go? To find this out we looked in to

technology that already exists, we have interviewed users and Skandiabanken, and we observed people in the

situation. We also made scenarios and storyboards to illustrate the situations. We found out that there are ways of

being secure and at the same time be user-friendly. With two-factor identification we can make sure that the

system is safe. We have looked at different ways of identification, to day you have your bankcard and a PIN code.

We have looked at wearable technology, like the smartwatch and how that can be used together with fingerprint

and facial recognition.

2 Introduction 2.1 Initial Idea The group wanted to explore how wearable technology could facilitate the identification aspect of the payment

process: The balance between security and usability must be adjusted according to the users and context of

application.


3

2.2 Main Research Question How can wearable technology make personal identification seamless when conducting a payment transaction?

2.3 Limitations 2.3.1 Scope The target user group for this project are young adults between the age of 20 and 30. The reasoning behind this is

that the chosen age group consists of those who more or less grow up with the mobile technology present and use

mobile devices on a daily basis. We also have easy access to people this age, and that is relevant because we have

short amount of time.

2.3.2 Deliverables The technology that would be involved in developing a high-fidelity prototype, is difficult to acquire. Additionally,

the development time and cost would be too high. Therefore, the group aims to deliver a low-fidelity prototype

through storyboarding, depicting an ideal scenario.

3 Literature Review 3.1 Mobile Payment Mobile payment are full of potentials along with the growth of mobile device user population and the innovation

of different payment solutions. The mobile devices are effective in authorising and managing payment and banking

transactions. This offer security and convenience advantages compared to other devices such as PC (Herzberg,

2003). It has been predicted that by 2017, mobile payments will grow to over 1.3 trillion US dollar worldwide,

which is a growth of over 400% since 2012. It is also noticeable that as a conversion in recent years, the trackable

transactions are being substituted for anonymous transactions such as anonymous cash, gift card and barter

transactions. It opens more opportunities for mobile payments because as a ubiquitous artefact, the mobile device

has the ability of tying a transaction to a payer and a recipient (Sherman, 2014), which provides both security and

convenience.

The reasons behind the recent rapid growth of mobile banking and mobile commerce are, the reduced costs for

banks to provide mobile transaction, and the increased revenues caused by mobile banking attracting more users

to the financial system based on their simple access (Sherman, 2014).

While the growth of mobile payment is impressive on a worldwide scale, there are also the growing worries

regarding reliable mobile payment in the areas of authentication, commercial infrastructure, regulations, etc. The

core issue among these is authentication. We are going to discuss this next.

3.2 Authentication Mechanisms Mobile devices usually contains a lot of private information about the users. Exposing this information could cause

the users serious trouble. Regarding our project, extra caution is needed because the smartwatch is used as means

to make payment. This means the smartwatch will also contain the user’s credit card information in addition to all

the other private identification information. Therefore, the risk of exposing users’ sensitive information is extra

high and the responsibility of protecting the users’ privacy is significantly bigger.

Authentication is the process of identifying whether a person or a device should be given the access to the system,

the application or the data of the devices. Authentication schemes aim at lowering the risk of the devices being

misused by any unauthenticated or unauthorized users. It is a very important thing to be taken into consideration

when designing the smartwatch in our project.


4

In order to find a good solution for our product, we did a review on the most popular authentication schemes that

are currently adopted on mobile devices. The usual authentication schemes can be broadly divided into three

categories:

Knowledge, i.e., what we know, e.g., the traditional username/password, PIN-based authentication,

graphical passwords,

Ownership, i.e., what we have, e.g., smartcards, electronic tokens, RFID (Radio-frequency Identification)

tags, magnetic stripe cards, NFC (Near Field Communication) tags,

Inherence, i.e., what we are, e.g., biometric-based authentication, such as finger prints, faces, the iris,

voices, the handwriting, the gait, gestures, pulse (possibly in our case of smartwatch) etc.

Authentication schemes work against a variety of attacks. There are several attacks that concern our smartwatch

project:

Capturing. Several of this type of attacks that relate to our case are: shoulder surfing, meaning the user’s

being watched when entering sensitive information; spyware, meaning the users’ information are secretly

collected by other devices; eavesdropping, which relate to the misuse of NFC tags.

Cracking, which means using various ways to crack the authentication system of the devices.

Physical attacks. Theft is one major concern. Since the smartwatch contains important data, it may be a

natural target for thieves.

For each type of the attacks, different authentication schemes perform differently. There is hardly a single one

scheme that works perfectly for all types of attacks. Therefore, we should analyse the most common attacks in our

case and choose the authentication scheme accordingly.

Another concern is usability. Naturally, the more complicated the authentication schemes are, the more layers of

schemes the device uses, the more secure the device is. However, it’s not practically possible because the usability

will be very low if the case. The users themselves will have to go through several layers of complicated

authentication schemes in order to use the device every time. Therefore, we should also consider the balance

between usability and the design of authentication schemes (Schlöglhofer & Sameting, 2012).

3.3 Wearable Technology and Ubiquitous Computing (Ubicomp) Even though the word portable comes from French language and means “to wear” there is a distinction between

wearable and portable computers (Mann, 2013). The goal of wearable computing is to intertwine human and

computer in such a way that humanistic intelligence is achieved (ibid). It can be defined as “intelligence that arises

by having the human being in the feedback loop of the computational process”(ibid). Thus wearable computing

extends beyond “smart clothing”, while allowing for the possibility of some technology to be implanted inside the

human body (ibid). Features of such wearable technology would be constancy of human-computer interaction and

the ability for human to multitask (ibid). The main goal however, is to let users move freely in environments while

wearable computers have an awareness of the users’ personal context (Cheng & Robinson, 2011). That means that

users interact with virtual information that wearable computers associate with real world objects around users

(ibid).

In wearable computing, one’s context relationships are continually present so user’s divided attention is a must

(Agre, 2001). This could also mean that mapping between activities and places would dissolve making everything

accessible for everyplace all the time (ibid). The loosened mapping between activity and place hold such challenges

as complication of context awareness and emerging of loosely coupled activities that are hard to map (ibid). Main

tradition of solving this problem in system design is to “restructure activity itself in a way that computer can

capture relevant aspects of it” (ibid). Even though this helps integrating computers system into social systems, it

might degrade human performance, or the system might end up being used in a superficial way (ibid). That is what

can be considered the biggest challenges for context-aware computer systems (ibid). As a solution model systems


5

have to be confined to few aspects of contexts, impose grammar to the activity or register instead those aspects

that can serve as a proxy for variables or objects of interest (ibid). This means that systems might fail or become

failable once the choices of context aware systems become significant (ibid).

Coined by Mark Weiser in his article The computer for the 21st century (1991), "Ubiquitous Computing" (ubicomp)

envisions computers invisibly embedded in the environment and communicating with each other (ibid). Weiser's

vision took the regular computer that you brought with you or that was situated in one place only, and created a

space in which everything was a computer, interconnected with other computers to create a seamless working and

leisure environment. The proposed method was that the environment reacted to your presence (via some sort of

identifying device) and adjusted its content accordingly.

Where ubicomp lets the environment react to you, wearable computing can be defined as the opposite: a device

that you bring reacting to the surroundings (Rhodes, Minar & Weaver, 1999). The idea of a smart room that

contain multiple sensors is closely related to the concept of ubicomp. The main problems of pure ubicomp lie in

privacy and personalisation which can be considered a serious privacy risks (ibid). Such systems have potential to

leak actions, location and preferences of users and it’s difficult to maintain personalisation of a single user profile

(ibid).

On the other hand wearable technology offers excellent solution to problems mentioned above. Wearables would

travel with the user and thus require no environmental infrastructure or transfer of personal profiles to new

environments (ibid). Wearable computers don’t leave a person and therefore can be a more private location for

sensible data, as well as evolve user profile over time (ibid). Even though wearable technology is well suited for

privacy and personalisations, it can lack in localized control or information. It’s problematic for wearable system to

sense information beyond user’s local area or get updated on changes in such area (ibid). Likewise wearable

system won’t be suited to do low level controls over other devices in the environment or manage resources among

several people (ibid). Though a solution of a peer-to-peer network of wearable and ubiquitous components with

proper information flow as suggested by Rhodes, Minar and Weaver can mutually benefit and solve problems of

both paradigms simultaneously (ibid).

3.4 Limitations and Challenges with Ubicomp Despite the splendid picture ubicomp probably will bring us, some concerns are also raised. Technology is to bring

people and the society something good. People’s abilities to adapt to new technologies are surprisingly good. This

can be proved by the recent rapid adoption of smart phones and tablets as well as the embedding of their use in

our daily lives (Ling, 2014). We have enough reasons to believe that ubicomp as a technology to make life even

easier, is a future trend. However, this is just half the story. The other important half is how to make sense of this

technology in our society. In other words; how does the technology fit into the existing social structure (Ling, 2012)?

People perceive the technology in a different way. Some are deeply attached to the technology while some care

much less. Either use some certain technology or not is normally people’s individual choice. However in the case of

ubicomp, things may look a bit different (Ling, 2014).

Ubicomp diffuses the technology into different devices and enables people with a seamless social life. It is

therefore also considered as a social interaction mediation. Ubicomp makes it much easier to conduct social

interaction. In another word, it becomes much easier to involve people in the social interaction, no matter the

ones want it or not. It was only several years ago, people could be legitimately unreachable in the pre-mobile

world. There was no social requirement that people should be available to one another all the time. However as

the mobile phone becomes more or less a part of the social life, there is a collective demand/expectation from our

family, friends, work that we should be available via the mobile phone (Ling, 2014). With ubicomp, this expectation

is taken into a further level. As a social mediation technology, ubicomp is able to connect people’s social lives

together, such as mobile phone, calendar, clock, etc. When this technology embeds in society and gains a critical


6

mass of users either in society as a whole or in some groups, the people in it will therefore be governed by the

group-based expectations of being a part of it (Ling, 2012). Either in, or you are totally out.

“As a technology becomes more ubiquitous and taken for granted it moves from being an oddity to becoming

expected.” (Ling, 2014, p. 177).

For example, as a competent co-worker we need to use the electronic calendar system in order to keep our

schedule updated with others; as a good parent we need to keep the mobile phone charged and have the sound

turned on all the time. Instead of acting only as artefacts that facilitate our daily live, ubicomp on the contrary of

being calming, can be a way in which the power is executed (Ling, 2014). The ubiquitous expectation can turn out

to be a big burden along with the convenience ubicomp provides us. We need to be always aware of this when

designing the system.

3.5 Privacy/Legal Concerns 3.5.1 Current Norwegian legislation on electronic transactions As of 2014, the legislation concerning electronic payments and identification is stated in Esignaturloven (2001) and

Betalingssystemloven (1999.)

To grasp what can be done to the payment and e-ID systems we also need to define what the current legislation

requires and if anything is impossible in the current landscape.

Betalingssystemloven does not give any clear guidelines on how to define electronic transactions, only that they

have to be "secure and effective" (§3-3 ref §3-1) and registered with the financial authorities (§3-2)

Esignaturloven on the other hand gives far more specific requirements for the handling of electronic identification,

both simple and qualified signatures (§4) This legislation should not pose any hindrance for development of a

ubicomp-system since this kind of system would rely mostly on the same conventions already in place on the

internet and regular payment systems.

3.6 A matter of privacy Besides the purely legal requirements, electronic identification and by extension electronic payment raises a few

privacy issues, some of which are already taken into account into the legislation mentioned above, but some are

governed elsewhere. Personopplysningsloven (2000) handles much of the current legislations concerning

electronic handling of personal information, but since this law is built upon "basic perspectives of privacy" (§1, 2nd

sentence) and the EU Data Protection Directive (1995) it has to be supplemented by those. Schartum & Bygrave

(2011) lists a number of considerations that thus would form the "basic perspectives" that the law relies on, and in

the case of mobile payments, the following are relevant:

The interest of deciding the access to information concerning own person (Ibid, p. 46)

The interest of right of access and knowledge. (Ibid, p. 55)

The interest of quality of information and procedure. (Ibid, p. 60)

The interest in user-friendly proceedings. (Ibid, p. 74)

3.7 Minimal Attention User Interface (MAUI) Pascoe (2000) researched using mobile technology in fieldwork environments, and identified four characteristics

for these types of users of this technology: dynamic user configuration, limited attention capacity, high speed

interaction, and context dependency. Based on these characteristics, he proposed two principles based on

observation and prototype evaluation that could be applied to interface design when developing for such users:

MAUI (Minimal Attention User Interfaces), which is based on minimising attention required to operate an interface,

and context awareness, which allows for the technology to negate certain user input by providing trivial

information like location and time through sensory technology.


7

Three of the characteristics of Pascoe's (ibid.) observed field workers are true also for the PayWear user group:

firstly, the seamlessness that is part of PayWear's goal, indicates that it must draw on catering for users with

limited attention capacity. Secondly, along the same lines, in order to make a payment transaction seamless, the

technology must be able to handle high-speed interaction for e.g. users that are in a hurry. Lastly, context

dependency should be applied for the technology to handle rules defined by the users; e.g. when in this store, pay

with that account, and limit payment to certain amount. In addition to these characteristics identified by Pascoe, it

is also unlikely that a user will be stationary whilst shopping (unless shopping online), therefore the use of

PayWear will be truly mobile, not just portable (ibid.), and cater for wandering users.

PayWear explores how the payment process can be made more seamless. Therefore, both MAUI, and the context

dependency principles should be applied to reduce or even remove attention required by the interface, and

provide information to the device through context awareness so that the user can focus elsewhere. MAUI suggests

that minimal attention is exerted whilst operating the technology through modes of interaction that are effective

for certain situations (and are often tailored accordingly). However, PayWear would ideally require no attention

from the user during regular use, because the information provided by the context-awareness of the technology

(such as time and location) would ideally provide enough information to complete a payment without interaction

from the user.

4 Technology Review There are numerous digital wallet technologies available. We have chosen to review the technologies we felt

related most to PayWear due to their wearable and mobile applications:

4.1 Android Wear Android Wear uses Android’s platform to connect the smart watch with other devices and receive notifications

from the existing android applications. A new concept “glanceability” is created, meaning the users can get the

updating notifications “at a glance” by using Android Wear. Instead of tapping icons to launch apps as other

devices, a typical Wear app adds a card to the stream at a contextually relevant moment, which enables both

bridged notifications (between wearable and handheld) and contextual notifications (Android.com, 2014).

4.2 Apple Pay Apple Pay uses Apple’s platform to provide means of payment through their mobile and wearable devices, utilising

NFC. The service provides an interface for the user’s credit and debit cards, and is intended to be an easier and

more secure in terms of digitising and hiding away card numbers and PIN codes (Apple.com, 2014). Although, it

may still be a question whether Apple Pay will be widely adopted in the market. Based on the recent action of

blocking Apple Pay by several retail heavyweights in the US, the market of mobile payment is definitely full of

potential, opportunities and challenges (Williams, 2014).

4.3 Google Wallet Google Wallet uses Google’s mobile platform to provide payment options for users. As with Apple Pay, credit and

debit cards are digitised and hidden from view, providing privacy protection. The gift cards and loyalty

programmes can also be stored in the application so that the users do not need to carry a number of physical cards

everywhere. Google Wallet also enables money transaction directly from the bank account or Wallet Balance to

the targeting email address (Google.com, 2014).

4.4 mCash Mcash provides a common platform for banks, merchants, and users to manage and conduct transactions. They

provide their service on the mobile platform, and allow users to pay, and merchants to charge, through their own


8

devices. Unlike Apple Pay and Google Wallet, mCash uses QR codes to provide even greater compatibility between

devices (Mca.sh, 2014).

4.5 Microsoft Zero-Effort Payments (ZEP) Microsoft ZEP is a research project aimed at rethinking mobile payments - Payment without interacting with [users]

smartphones or opening their wallets (Microsoft, 2013). A prototype was set in place for a conference, where users

could pay for coffees by using only facial recognition, albeit aided by staff confirming face recognition. The users

received their receipt by email when the purchase was completed.

4.6 Zwipe The Zwipe MasterCard is a fingerprint authenticated contactless payment card. It requires no PIN code during the

transactions. The card includes an integrated biometric sensor and the Zwipe secure biometric authentication

technology which stores the cardholder's fingerprint data. It also contains an EMV certified secure element and

MasterCard’s contactless application. During the transaction, the user activates the card with a simple fingerprint

scan and can make payments of any amount. The Zwipe MasterCard aims at providing more convenient and secure

payment transaction with its featured less than 1 second fingerprint scan and no PIN requirement (Zwipe, 2014).

5 Data Collection Methods 5.1 Ethnographic Studies According to Lazar et al (2010), ethnography is defined as the researcher being completely immersed and

participative in regards to the subjects being examined (usually over a long period of time), we deployed a short-

term ethnography as complete observers in order to examine how payments were completed in the real world,

and to understand the requirements of the PayWear project: The gathered data was intended to be used as input

for creating scenarios at a later stage. We chose a fully observational approach as we regarded the payment as a

stressful part of shopping and we believe that people generally would not react kindly to disturbances in this

situation.

5.1.1 Ethnographic Observation at KIWI We completed two instances of observational ethnography. Before the observation, we created a template which

recorded the following information: duration of payment (measured from last item scanned to card

removed/change received), sex, method of payment, and other noteworthy events such as PIN code error, one-

handed operation, card rejections, etc. The observation was intended to last for 30-60 minutes.

5.1.1.1 Observation 1

Observation completed at KIWI Kringsjå from 16:30 - 17:00 on Wednesday 29th of October 2014.

Average payment time: 16,55 seconds. Payment methods: 16 paid with card, 4 paid with cash. Customer sex: 12 male customers, 8 female customers.

5.1.1.1.1 Notable comments

Most people who pay with card will put the card into ATM before scanning the product is finished.

Put coins into the coin machine one by one (this is a technical limitation of the coin machines)

Takes extra time to scan the gift card (or member card, etc.) first before paying on the ATM.

First time failure, put in the card a second time.

First time failure, put in the card a second time, it takes long time for ATM to read the card the second

time, but succeed.

The customer checks first if he has enough coins, then decides to pay with a paper cash.


9

The customer takes long time to take out the wallet from her bag, then take out the card from the wallet,

but was doing this while the products being scanned, due to the large amount of the products, the

customer was ready with the card to pay before the scanning is finished.

Pay with coin and paper cash, it takes long time for the paper cash machine to accept the paper cash.

Typed something wrong the first time, tried a second time.

Put the card into ATM before the scanning of the product is finished, something's wrong, took out the

card and tried a second time.

5.1.1.2 Observation 2

Observation completed at KIWI Slependen from 15:00 - 15:40 on Tuesday 28th of October 2014.

Average payment time: 19,6 seconds.

Payment methods: 26 paid with card, 6 paid with cash.

Customer sex: 15 male customers, 17 female customers.

5.1.1.2.1 Notable comments

Paid partly with pantelapp.

Card not read first time.

Busy packing.

Card inserted before shopping complete.

Child could not reach coin machine.

Carrying baby, managed to find card with one hand.

Could not find card, paid with cash.

Card inserted before shopping complete.

Card rejected, had to pay with another card.

5.1.2 Results The intended purpose of conducting an observatory ethnographic study was to gather data as input for creating

scenarios that could be used as a starting point for how to design PayWear.

5.2 Investigating Scenarios with SPES When conducting SPES, users are followed during their normal activities and are provided with very simple mock-

ups. The mock-ups help users envision and enact use scenarios as fruitful situations or incidents arise; reminiscent

of a future ethnography (Iacucci et al., 2000).

5.2.1 SPES Experiment The idea of using SPES to envision how technology could be, by using for instance, an imagined device, both the

designer and user can get an insight into how the technology can be implemented, and how and where it will be

used.

5.2.1.1 Summary

Due to time constraints and project scheduling, the SPES - enactment has not been conducted in a satisfactory

manner, although the technique itself has inspired the way the proposed solution (fig. 7.1) is drawn.

5.2.1.2 Application in PayWear

By conducting SPES, participants should provide insight into how the technology could be imagined in a real-life

use-scenario and thus implemented. The aim of this, is to extract utopian requirements of imagined technology

from the experiment, which then can be used to design and create the low-fidelity prototype. The SPES will also

provide means of acting out the storyboards, and perhaps give opportunities for adjusting the storyboards.


10

5.3 Interviews Interview is a qualitative method with the ability to “go deep”. The interview can be structured differently, it

depends on what you want to get out of the interview object. We used semi-structured interviews, where the

structure is loose, there is room to ask for clarification, add questions and follow interviewee comments wherever

they may take you (Lazar et al., 2010, p.190). We chose this structure to get the information we needed, we did

not necessarily know what the interviewee had that was interesting for us before the interview, so we felt it was

necessary to add questions along the way.

5.3.1 Interview with Skandiabanken We conducted a structured interview with Skandiabanken in order to get some bearings on what choices were

made in regards to security while developing their mobile banking app. The reason for doing this, was to get some

real-world input to what the threshold between usability and security should be when identifying users.

5.3.1.1 Summary Skandiabanken wanted to offer their users a solution that was at least as user friendly as their other banking

solutions, and decided to use a static personal identification number (PIN) that the user has to enter to log in. This

PIN is used together with the footprint of the phone to provide a two-factor authentication mechanism. Ideally,

this would hinder thieves accessing the user’s banking information unless they stole the user’s mobile device and

knew the PIN, in which case the user could block their device using one of the bank’s other banking solutions.

There were two different authentication mechanisms; one for logging in, and one for signing contracts.

5.3.1.2 Application in PayWear The decisions taken by Skandiabanken suggests that a static PIN can be used to identify the user, as long as there is

another factor involved in the authentication process. Ideally, this would involve an element of randomness to

ensure that if parts of PIN was snagged by people with malicious intent, it would render useless due to the

randomness.

5.3.2 Interview with People on the Street We interviewed 65 people in a shopping mall, 15 on a Friday afternoon and 50 a Monday afternoon in September.

We started out on Friday with open ended questions, we found out that it was hard to get the same data from the

interviewees.

5.3.2.1 Summary Of the 50 we spoke to on Monday, 15 did not have any trouble with the payment transaction today. 29 forget the

PIN now and then, 22 forget the card now and then, 18 had trouble remembering which card they had money

on/how much money, 5 lost a card during the last year, and 24 had cards not working of different reasons the last

year.

Of the 65 we asked in total, only 15 expressed that they would be open for paying with e.g. a smartwatch. Other

responses were varied, suggesting that the new ways of paying (e.g. Apple Pay), needs to mature before they are

adopted by the general public, and will most likely start with a certain group of users, as suggested by Ling (2014).

5.3.2.2 Application in PayWear The general consensus taken from the interviews suggests that users forget their PIN occasionally, and that there

will be a certain level of resistance to using new payment technologies. There are also minor annoyances when

using physical objects to complete a payment (e.g. forgetting/losing a card, and card not working).


11

6 Findings and Prototyping 6.1 Scenarios According to Carroll (2000), a scenario is an informal narrative description. These are used to facilitate specification

of use cases using the familiarity of storytelling, and is often the first step of establishing requirements with

stakeholders as they can participate in the process (Rogers et al., 2011). After completing the ethnographic

observation, we examined the notable comments recorded during the observation, and had an open discussion on

other possible scenarios in order identify the pain-points or bottlenecks of traditional payment methods. We

decided on the following:

Customer pays with single coins, queue builds up as a consequence.

Customer payment methods are rejected.

Customer stands in line, carrying a baby.

Customer tries to remember balance/decide which card to use.

Customer’s wallet is somewhere else.

Customer is busy packing their bags when payment is prompted.

6.2 Storyboarding According to Rogers et al (2011), low-fidelity prototyping through storyboards used in conjunction with scenarios,

allow stakeholders to explore and interact (through role-play) with the idea. Storyboards often consist of a series

of sketches, playing out steps of a scenario. Low-fidelity prototyping through scenario storyboarding was the

chosen prototype deliverable for the PayWear project, and also as a way to visualise the collected data for use in

further prototyping. We decided early on this level of abstraction in our prototypes because we were uncertain of

the feasibility for using existing technology for higher fidelity prototyping.

6.2.1 Customer pays with single coins, queue builds up as a consequence

6.2.1.1 Frames

Fig. 6.1: Payment scenario with lots of single coins

6.2.1.2 Description

Customer is asked for payment, and gets out a big bag of single coins and starts paying with these. After some time,

the queue builds up and gets really long, while other customers get annoyed.


12

6.2.2 Customer payment methods are rejected

6.2.2.1 Frames

Fig 6.2: Payment methods rejected

6.2.2.2 Description

Customer is asked for payment, and attempts to pay with coins, or a debit card. Two things could happen:

Coins are rejected based on recognition algorithm.

They enter their PIN code, but the payment is rejected due to the PIN code being entered incorrectly,

most likely because the customer could not remember the right one, or assumed they were using a

different card.

6.2.3 Customer tries to remember balance/decide which card to use

6.2.3.1 Frames

Fig 6.3: Customer is not sure what card he has brought


13

6.2.3.2 Description

Customer is asked for payment, and gets their wallet out. The customer struggles with deciding between multiple

cards as they are trying to decide which one to use for this particular shopping list.

6.2.4 Customer’s wallet is somewhere else

6.2.4.1 Frames

Fig 6.4: Customer has forgotten her wallet

6.2.4.2 Description

Customer is prompted to pay for a selection of items, only to realise their wallet containing all forms of payment

has been forgotten at home.

6.2.5 Customer is busy packing their bags when payment is prompted

6.2.5.1 Frames

Fig 6.5: Customer has initiated packing and is busy packing when prompted for payment

6.2.5.2 Description

Customer is asked for payment, but is busy packing their bags and cannot hear the cashier asking for payment due

to all the noise in the environment. Delays occur, and queue gets long.


14

6.2.6 Customer stands in line carrying a baby

6.2.6.1 Frames

Fig 6.6: Customer has impatient child, causing frustration

6.2.6.2 Description

A woman stands in line with her baby on the arm, after a while the baby gets restless and do not want to sit on the

arm anymore. This causes great distraction to the customer, and she is frazzled whilst trying to complete a

payment.

7 Discussion

7.1 Our Proposed Solution During the PayWear project, we discovered that there are technologies that offer ways of simplifying the payment

process (e.g. Apple Pay, Microsoft ZEP, Google Wallet, etc.). As we wanted to free the project of technology

constraints, we decided to use selected features of the reviewed technologies, and imagine a utopian combination

that would offer the best balance between usability and security. Even though we decided to imagine the PayWear

solution on unspecified wearable technology, we framed the project using a smartwatch, as this seemed to be the

most suitable technology for the payment process.


15

Fig 7.1: Proposed way of fitting the PayWear - system into an existing ecosystem

7.2 Deciding the Threshold between Usability and Security In order to offer identification that is both easy to use and secure, users identify using PayWear through a two-

factor authentication scheme which is based on checking both physical and digital presence: the digital presence is

provided by the wearable device itself (e.g. the smartwatch that the user is wearing), and the physical presence is

provided through unobtrusive facial recognition (i.e. a user’s face is recognised without much effort required by

the user to “pose”). Together, these provide two different steps/factors that the user must fulfil in order to identify

themselves.

7.3 Graceful Fallbacks We have thought about utilising different methods for identification of a user, and the issue about what to do

when the system does not work as intended arose pretty early.

For instance, if the system uses facial recognition as positive identification for a transaction, a scenario where you

are in a bad mood or have a different hair cut could render the system unable to complete the transaction. A

fallback could be to old legacy systems like VISA card.

This would seem to defeat the purpose of having a new technology if you have to fall back to the old systems ever

so often. But we argue that the current fallback systems, namely cash, rarely comes into play because of system

failures. We imagine that the occurrences where the new systems fail will be so rare that even though legacy

systems will be needed, they will not be more intrusive than what already exists.

7.4 Context awareness and accessibility The idea that the mobile payment application can react to the surroundings and the current use-context could

help alleviate challenges involved when thinking about accessibility when using normal payment systems. In a

normal use-case, the disadvantaged user could potentially have issues with identifying cards, keypad-layout for PIN

(is "1" at the top or the bottom?) identifying and handling coins when confronted with an automatic machine etc.

We believe that via ubiquitous computing environments that react to the presence of the user, the payment


16

context and the preset behaviour of the PayWear-system these barriers could be mostly removed in the same way

as proposed by Pascoe’s (2000) prototype for the field workers on the move.

On the other hand, if the system relies too much on user-specific input at the Point-of-sale, regular accessibility

issues will have to be taken into account for a system like this.

7.5 Make it seamless So how can we pay seamlessly without risking too much? We first thought of a smart-watch where we can use our

fingerprint instead of a PIN code. But that would not make it more seamless than today. You still need to use both

your hands and the watch to do a payment. From our interviews we know that people are sceptical to buy a watch

just to pay; they want it maybe even more seamless. So we thought of a gadget, maybe a chip, that can be in a

device of your choice, used for payment. It is like a banking card that is aware of the surroundings and knows when

you are going to pay. And instead of the tactile card, you can have it anywhere you like, and you never need to

look for it in your big bag. Instead of using our hands to pay we want to use our presence, facial image or our eyes,

in combination with the payment gadget. With this solution, you do not need to operate with your hands, which is

one of the things that restrict us in the daily life. This solution is dependent on awareness between different

technologies. Imagine you are wearing the PayWear, in your clock, your bag or as another item. You are standing in

line, now it is your turn. You put your groceries on to the cashier’s desk and you move to the front to pack your

groceries. When the cashier is done he tells you how much you need to pay. Then you look up in this camera,

blinks, and the payment is done. That sounds nice. But there are some things that can cause problems, For

instance, how do you select an account. If we connect the gadget to your phone or smart-watch, if you got one,

you can do your regular tasks like checking the balance, changing cards etc. But to avoid this under the normal

circumstances we thought that maybe it would be nice to have a set of rules like; which card to use in what shop,

which card to use in what part of the day and a maximum payment if you like that. This depends on the technology

being aware of the situation, the shop, the time of day and so on. It needs to be aware of the variables you would

like to apply rules to. So you define your everyday life, and just need to interact with the phone/watch when you

do something different from your routine.

Other issues might be the ecosystem or the infrastructure. To use PayWear you need shops who offers the

solution. This could be a problem in the beginning, or if the solutions does not work, if so you need something to

fall back to.

In addition, much of the Point-of-sale (POS) transactions today are dominated by few but large actors (Visa, MC on

the transaction - side, and store chains on the sales-side) Dinside.no (2014), who would have economic or logistical

interest in having control of the legacy systems. It is not clear if already established powers in the payment

industry would readily allow other players onto their field without guarding their own investments and practices.

The best solution for avoiding these interrelated issues seems to have a system like (fig. 7.1) that adds context-

awareness to already existing systems, but leaves most of the transactions in the hands on the established

infrastructure.

7.6 Ethical issues of facilitating spending Raghubir & Srivastava (2008) finds that there is a distinct causation between what form your payment appears in

and how much you are willing to spend. They conclude that our "mental accounting" Thaler (1999) loses track of

our spending when not handling real cash. This leads to the question if enabling even easier access to financial

transactions will lead to even more spending and a rise in the frequency of impulse purchases. This is the same

mechanism (among others) that is being exploited in so called "free-to-play" games (Shokrizade, 2013) when


17

forcing players to purchase virtual currencies and then spend that currency in the game; leading the player to lose

track of what you really spend.

In a ubicomp-system like PayWear this coupling between your real money and your ability to spend them should

be made clear, possibly with a notification stating the current balance on your accounts, or "after this purchase,

your account balance will be ..." - if the user so chooses. Although this is a bit contradictory to the MAUI-approach,

some kind of notification system should be made possible because otherwise you may end up over-spending. For

stores selling goods this could be a good thing (increasing sales) but for the customer spending the money this is

one step away from having real freedom.

7.7 One question leads to another We have also seen that many of the things we address is based on the queue getting longer, and that things take

time. We should look more into how PayWear can be used to make the shop more efficient, like packing while in

the shop and register your groceries on the way so when you are normally putting your groceries on the disk you

actually skip that part and just blink at the camera. This of course opens other discussions of security, trust, the

personnel in the shops gets new work tasks and so on. What we dream of is not just a seamless pay situation but a

seamless shopping situation, but that will be another project.

7.8 Limitations and issues We had many thoughts of how to do this project. Not everything went as we planned. We have maybe taken on a

too big project for our expectations. Due to the time and scale limit of the project, we did not get all the data we

wanted. We went from a goal of solving the payment challenge to a more theoretical approach. We wanted to use

the SPES method but we did not have the time. The two ethnographic studies were both done in KIWI which might

introduce bias or limitation based on the same store type. We also wanted to have a more finished picture of the

solution, but that will be for another project.

8 Further Work 8.1 Payment Limits We can make use of the notion that is brought up by Android Wear: Glanceable. This is something that is unique

about wearable device which can differ our design from Apple Pay and so on.

An idea of combining suggestion 1 and 2 would be:

When the transaction is low amount or within a certain limit during a day, we adopt the idea of

eliminating ALL interactions between the user and the device, so that the user can finish the payment

simply by providing the device to the receiving end.

When the transaction is over the amount limit, a two-factor authentication will be needed. In this case,

wearable device provides a natural advantage because of its glanceable feature. Besides providing the

device (digital presence), the user must also provide one other type of authentication such as physical

means, e.g. facial recognition, fingerprint, etc. This requires SOME interaction between the user and the

device, but with the wearable device, the energy input is very low.

8.2 Payment everywhere? In addition to creating an easier bridge between your finances and the POS-transaction, the PayWear - solution

could just as well interface with any other mobile device you could have with you, and act as a general

identification and payment solution for online services or virtual goods.


18

9 References Aagre, P 2001, Changing place: Contexts of awareness in computing. Interactions.

Android.com, 2014. Android Wear [online] Available at: http://www.android.com/wear/ [Accessed 6. October,

2014]

Apple.com, 2014. Apple Pay [online] Available at: https://www.apple.com/apple-pay/ [Accessed 3. October, 2014]

Braz, C., Seffah, A., & M’Raihi, D. (2007). Designing a trade-off between usability and security: a metrics based-

model. In Human-Computer Interaction–INTERACT 2007 (pp. 114-126). Springer Berlin Heidelberg.

Carroll, J. M., 2000. Introduction to the Special Issue on Scenario-Based Systems Development, Interacting With

Computers 13(1), 41-42.

Dinside.no, 2014, Derfor kan du ikke betale med mobilen på matbutikken [online] Available at

http://www.dinside.no/931285/derfor-kan-du-ikke-betale-med-mobilen-paa-matbutikken [Accessed 18.

November, 2014]

Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of

individuals with regard to the processing of personal data and on the free movement of such data Official Journal L

281 , 23/11/1995 P. 0031 - 0050

Google.com, 2014. Google Wallet [online] Available at: https://www.google.com/wallet/ [Accessed 3. October,

2014]

Herzberg, A. , 2003. Payments and banking with mobile personal devices. Magazine Communications of the ACM -

Wireless networking security. New York, USA, volume 46 issue 5, pp 53-58.

Iacucci, G. et al., 2000. On the Move with a Magic Thing: Role Playing in the Design of Mobile Services and Devices.

In the Proceedings of DIS2000, Designing Interactive Systems, New York City, USA, pp. 193-202.

Lazar, Feng & Hochheiser, 2010. Research methods, in human-computer interaction. United Kingdom, Wiley.

Ling, R., 2012, Taken for Grantedness: The Embedding of Mobile Communication into Society. MIT Press,

Cambridge, MA.

Ling, R, (2014) From ubicomp to ubiex(pectations), Telematics and Informatics, Volume 31 Issue 2, Pages 173-183

Lov om behandling av personopplysninger (Personopplysningsloven) Lov av 2000-04-14 nr 31 Available at:

https://lovdata.no/dokument/NL/lov/2000-04-14-31 [Accessed 16. November 2014]

Lov om betalingssystemer mm. (Betalingssystemloven) Lov av 1999-12-17 nr 95. Available at:

http://lovdata.no/dokument/NL/lov/1999-12-17-95 [Accessed 15. October 2014]

Lov om elektronisk signatur (esignaturloven). Lov av 2001-06-15 nr 81. Available at:

http://lovdata.no/dokument/NL/lov/2001-06-15-81 [Accessed 15. October 2014]

Mann, S, 2013, Wearable Computing. In: Soegaard, Mads and Dam, Rikke Friis (eds.). "The Encyclopedia of Human-

Computer Interaction, 2nd Ed.". Aarhus, Denmark: The Interaction Design Foundation. Available online at

https://www.interaction-design.org/encyclopedia/wearable_computing.html

Mca.sh, 2014. Payments done right [online] Available at: https://mca.sh/en/ [Accessed 3. October, 2014]

Microsoft.com, 2013. Zero-Effort Payments (ZEP). Available at:

http://research.microsoft.com/apps/video/default.aspx?id=188623 [Accessed 3. October, 2014]

http://www.android.com/wear/

http://www.w3counter.com/globalstats.php


http://www.dinside.no/931285/derfor-kan-du-ikke-betale-med-mobilen-paa-matbutikken



https://lovdata.no/dokument/NL/lov/2000-04-14-31

http://lovdata.no/dokument/NL/lov/1999-12-17-95

http://lovdata.no/dokument/NL/lov/2001-06-15-81



http://research.microsoft.com/apps/video/default.aspx?id=188623


19

Pascoe, J., Ryan, N. & Morse, D.: Using While Moving: HCI Issues in Fieldwork Environments. Transactions on

Computer-Human Interaction, Vol. 7, No.3. ACM (2000) 417-437

Shokrizade, R. The Top F2P Monetization Tricks [online] Available from:

http://www.gamasutra.com/blogs/RaminShokrizade/20130626/194933/The_Top_F2P_Monetization_Tricks.php

[Accessed 2014-11-16]

Rogers et al., 2011. Interaction Design – Beyond Human-Computer Interaction, Third Edition West Sussex, United

Kingdom: Wiley

Herman, M., 2014, An introduction to mobile payments: market drivers, applications, and inhibitors. In the

Proceeding 2014 Proceedings of the 1st International Conference on Mobile Software Engineering and

Systems. New York, USA, pp 71-74.

Raghubir,P. , Srivastava, J., 2008, "Monopoly Money: The Effect of Payment Coupling and Form on Spending

Behavior" Journal of Experimental Psychology: Applied 2008, Vol. 14, No. 3, 213–225

Rhodes BJ., Minar N. & Weaver J., 1999: Wearable Computing Meets Ubiquitous Computing: reaping the best of

both worlds. Symposium on wearable computing.

Schartum, D. W., Bygrave L, A. , 2011, Personvern i informasjonssamfunnet 2 utgave. Oslo: Fagbokforlaget

Vigmostad og Bjørke

Schlöglhofer, R., Sametinger, J. 2012. Secure and usable authentication on mobile devices. In the Proceedings of

MoMM 2012, Proceedings of the 10th International Conference on Advances in Mobile Computing & Multimedia.

New York, USA, pp. 257-262.

Thaler, R. H. , 1999. Mental accounting matters. Journal of Behavioral Decision Making, 12, 183–206.

Zwipe.no, 2014. Zwipe [online] Available at: http://www.zwipe.no/ [Accessed 27. October, 2014]

Weiser M., 1991, The computer for the 21st century. ACM SIGMOBILE mobile computing and communications

review, vol 3(3). ACM Press, New York, pp 3–11

Williams,O. 2014 [online] Available at: http://thenextweb.com/apple/2014/10/25/us-retailers-disabling-nfc-

readers-block-apple-pay/ [Accessed 27. October, 2014]

http://www.gamasutra.com/blogs/RaminShokrizade/20130626/194933/The_Top_F2P_Monetization_Tricks.php

http://www.zwipe.no/

http://thenextweb.com/apple/2014/10/25/us-retailers-disabling-nfc-readers-block-apple-pay/

http://thenextweb.com/apple/2014/10/25/us-retailers-disabling-nfc-readers-block-apple-pay/

Date post:	29-Jun-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

PayWear: Wearable Identification in the Context of Payment ... › studier › emner › matnat ›...

Documents