paint-brush
paypal's UX for digital identityby@padenfool
310 reads
310 reads

paypal's UX for digital identity

by Alex PadenMarch 19th, 2022
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

"Our bots got confused, try again later!"

People Mentioned

Mention Thumbnail

Companies Mentioned

Mention Thumbnail
Mention Thumbnail

Coins Mentioned

Mention Thumbnail
Mention Thumbnail
featured image - paypal's UX for digital identity
Alex Paden HackerNoon profile picture

Identity Platform

Swish is a fictitious company name I am using to name the identity platform.


& doodle bob











The PayPal product description

PayPal is an online payment platform that offers individuals and businesses low-cost services.

The Swish product description

Swish is an online identity platform that offers individuals and businesses low-cost services.


Is it starting to make sense yet?

This is how you remove uploading documents to random sites, poor identity infrastructure, and a shit load of bot accounts from sites that use an identity provider to handle user login or signup.


This is an adapter that acts as the blue checkmark of verified identity on your decentralized account and identity system so that it can be used in legal situations.


It is a place to dispute such irreversible account and identity systems so that if your keys were… stolen, you could re-verify yourself and throw up a flag saying “yo, that’s not me anymore”.


“hey, someone stole my irreversible identity enabled wallet!”


And yes, this is novel in that they still can’t remove your stolen identity from the blockchain because afaik nobody wants that. Also, Swish doesn’t also own or produce the Blockchain.


What’s the matter-

Cat got your tongue 99.8% of digital identity self-sovereign or decentralized identity plays?


A Simple Visual Experience (Consumer)

This is a hypothetical identity platform view as experienced from a Consumer perspective.


A New User


You log in to a new Swish and are prompted to complete a basic profile that contains information shared with any person who acts as a manager for your identity.


A New Manager

  • You sign up to request the verification confirmation of a user and minimal information regarding the identity of a user on behalf of KYC requirements.


  • You are required to provide an accessible email for users to contact you.

A Manager Ready To Verify

If you sell game items, most people use something like PayPal to purchase the items.

  1. PayPal allows chargebacks and there is a fraud market for buying game items on stolen financial accounts.


  • [x]You confirm your user is verified with the email provided in your transaction. You don’t collect the user’s ID or sensitive data.


p.s. I used a link for demo sake but this would be your social login/fido login/OpenID login.


I have now connected with a manager for my identity on Swish. I don’t think it really matters if it’s a game item seller, a car dealership, or a housing agency. None are qualified to maintain my raw identity data security.


Looking at my PayPal Dashboard

  • Can view who I’ve connected with and request to terminate the connection.
  • Used a legally compliant 3rd-party to verify identity with diligence and privacy.
  • Connected while pending

A Simple Visual Experience (Manager)

This is a hypothetical identity platform view as experienced from a Manager/Org perspective.


An Organization POV


First, we looked at what the consumer would see in a “Paypal for Identity” experience.


Next, we will visualize what would generally be seen by the managers/Organization on an identity platform.


Necessary display only

  • Not all managers need to view your address.
  • Not all managers need access to a fragment of your ID to satisfy legality.
  • Not all managers will need to query your identity in the case of a legal situation.
  • Not all users will choose to allow these things knowingly.

Interoperability of Identity Collection

I find this important because it’s easy to focus on only the market’s big fish. Today with Identity, that is either verification providers or possibly mild reusability. But it doesn’t solve consumer problems.


Identity today earns money on a fundamentally inaccessible to the masses revenue model.


I designed this with the intention of having a single platform that can allow the connection and management of identity whether through a wallet, a login, or a provided web link to collect on.


A vast majority of services are priced out of identity today. But with minimal disclosure, many new services are included in the market of benefiting from cheap reusable identity as a reliable account and verification metric.


Even with minimal disclosure

  • Account security needs a facelift.
  • Understandable and segmented by purpose.
  • With default requirements in place.
  • I find account settings & security synonymous

Making that moneyyy

I think in terms of identity and account services you have a few options.

  • Verified checkmarks for a provided email or key.

  • KYC Identity with fragmented legal storage.

  • The traditional $1 per document verification (but cheaper) and +$0.50 for face checks.


    To Start.


Literally onboarding from everywhere

Like, when you’re buying a car and confirming their internal fraud checks via iPad hosted identity storage and government document verification scans. But it’s not stored or confirmed on a car dealership Automotive-CRM SaaS.

To view my full Figma prototypes and design, click here.


Quickfire user-flow & stories

  1. You buy weed Online and don’t want them to store your passport.

    1. You sign up to the weed site using Swish login, done.


  2. You buy a car and don’t want them to store your passport.

    1. You log in or verify via Swish on the dealership iPad app.

    2. Optional password aka future account.


  3. You buy RSGP gold and the seller wants to know you’re real to accept PayPal.

    1. You confirm your identity associated with the PayPal name/email via Swish.

    2. The gold seller does not receive full or partial identity document copies.


  4. You are using an Online Service and they request you email them your ID.

    1. You send them a link to Swish with temporary ID photo access. Or not.

    2. You don’t have non-unique passport photos in your/their email.


  5. Twitter wants to reduce the Vitalik Buterin spammers offering me free Eth.

    1. They allow sign up via Swish which inherently is also a verified identity profile.


  6. You want to feel safe on Tinder and know your date can be identified.

    1. You sign up via Swish without giving Tinder your passport photos.


  7. You want to legally exchange NFT, crypto, or money in the USA.

    1. You reduce signup friction with a reliable reusable identity.


  8. You want to connect your DiD wallet identity to a legal verification process.

    1. You use Swish as an uninterested in you, 3rd-party verification checkmark.
    2. Can use decentralized identity with compliance.



Acknowledging Identity Types

I believe it is important we break Identity into different types and utilities.


With Swish currently, I am discussing Digital Identity.

That means I am referring to Identity in Legal situations such as AML/KYC.


Internet Identity:

Internet Identity1.0: The social profile can be erased by the host.

Internet Identity2.0: The social profile can be filtered out of the host’s app.

Internet identity is a social identity established on social networks, games, apps, and otherwise.

Sometimes intertwined and other times disconnected from each other.

Digital Identity:

Digital Identity1.0: The account can be erased by the host.

Digital Identity2.0: The identity cert can be flagged as no longer reliable by the host’s app.

Digital identity is a legal identity established on private or public services to maintain legal compliance often for the service host.


The typical situation would be uploading your passport to a site/service and cross-confirming with live-face recognition.

Physical Identity:

Physical Identity1.0: This is a pre-patriot-act driver's license & passport in the USA.

Physical Identity2.0: This is a real-ID driver's license & passport in the USA.

Physical Identity3.0: This is a digital identity driver’s license as seen in Europe.

Physical identity is something you hear less about as the primary function is government utility.

An interconnection with this and digital identity is Apple providing your digital passport at an airport terminal…


Another example would be age verification at bars, clubs, shops, or dispensaries.

Online Identity:

Online Identity1.0: This is internet and social profiles.

Online Identity2.0: This is internet and digital identity profiles.

Online Identity3.0: This is identity that your wallet connects/disconnects from beside 2.0.

Online identity is my catch-all term for the aforementioned identity branches. It is a wrapper identity that can be segmented into the social, legal, and worldly identities noted above.


Web(x) Outlook and Concerns

web3

The concern is the unusability of decentralized and anonymous systems in the day-to-day. The network has little structure or UX for reliable identity.

  • DiD as a trackable once identified system.
  • DiD for trackable (or not) verified identity.

web2

The concern is central account systems where the data is collected by a single party and accounts can be shut down by a single party. The network is dependent on this central party.

  • Social Login, OAuth, FIDO2 (non-sovereign)
  • Cookie Policy on Account Edits (& Security Logging)
  • Granting authority for verification in DiD profile
  • Magic Login (email, qr, etc) / Convenience

Combination in Physical:

For real, I want a hardware wallet & yubikey as a case for my phone. or better yet, segmented hardware in the phone.

https://soundcloud.com/synchronyze/your-soul-hippie-sabotage


MVP and NFT Hype

Below we will try to outline a possible starting point of MVP for such a system as Swish with minimal infrastructure and maximum profits per user.

NFT Identity Certificate

For those involved in the web3 market or at least hybridization towards such a market, one of the primary concerns is usable KYC identity.


That is a reliable form of identification that can be used in regulatory situations such as KYC.


I am proposing a user-facing and business integration business that provides the minting of valid verified identity certificates as NFT for the use by a user within the web3 marketplace.


This would be a cross-chain service meaning the 1/1 NFT is published to the chain of user choice.


ID Verify Economics

Identity is expensive, roughly $1-3 for an inclusive KYC and user security-focused scan.


This burden translates to us as an identity provider- as well as our customer who is avoiding the charges themselves.


Sample Business Model

  1. Swish charges $10 for a user to mint their identity cert.


  2. Swish covers the $3 investment into identity verification.


  3. Swish mints KYC cert on user chosen Blockchain (interoperable).


  4. KYC org relies on Swish identity certificate for tx.


  5. KYC org uses nft tx id to validate if the certificate has been flagged as compromised.

“Swish” MVP Mission

To provide accessible identity infrastructure to any level of the web.


To provide non-monetary identity to decentralized infrastructure.


To provide monetary highways upon identity transactions for internet consumers and businesses.


To build out reusable identity on a compatible account network.