Is “Empty Hands” Safe? We Ask PayPal’s Patrick Gauthier

Have you bought anything with your finger yet?

That’s the new consumer experience being offered at the register by PayPal. A long-time champion of the online payment space, the up-and-coming payments network now aims to be involved at the physical point of sale. Its official goal is to reach 20 national retailers by the end of 2012.

The first step in achieving that goal comes through a well-publicized partnership with the Home Depot. By mid-March, consumers will be able to pay at each of the home-and-garden retailer’s 2,000 U.S. locations with “empty hands” — no swiping, no tapping with a phone or card, no shuffling through one’s bag or purse, just the tap of a finger on a number pad.

But without ol’ reliable — the plastic card — at the point of sale, consumers might wonder about the transaction’s security. Indeed, at our inaugural “Dining with the Payments Stars” event, special guest Damien Balsan was asked about that very issue. Traditional multi-factor authentication has typically included, in the words of a dinner attendee, providing “something you know, and something you have,” at the point of sale.

Balsan had an answer at the time, but our dinner conversation covered much more than security. (Read Karen Webster’s recap, linked above, for a more detailed description.) So to get more focused comments, we followed up with Patrick Gauthier, head of product strategy and retail business operations for PayPal.

Gauthier’s response to our direct question — is empty hands safe? — was immediate.

“Of course it is,” Gauthier declared. To support his claim, he pointed out that PayPal has been facilitating eCommerce for 13 years — and never has a plastic card been involved until recently. Instead, PayPal’s fraud department is constantly analyzing a diverse stream of data from several different input sources to detect evildoing.

Furthermore, PayPal’s web security history — particularly its 100% clean bill of health — is also worth noting, Gauthier says. Because all of PayPal’s network operations are backed by the same infrastructure, the historical integrity of that system should reassure consumers at any purchase point, whether they’re buying online or in-store. Even when cyberterrorist group Anonymous named the eCommerce industry as a stated target, he points out, PayPal’s security held strong. As Gauthier put it, “There is no more adverse environment than the internet,” and PayPal’s defenses have remained intact despite being headquartered in that very environment.

Finally, Gauthier points to the top-notch reputation of the authorization method built into empty hands — the PIN. PayPal PINs can be extended to eight digits, arguably improving on a method that’s vastly superior to the signature by 10,000 times.

With PayPal’s case for the security of the empty hands purchase having been made, the next question is obvious: when will this method of payment reach critical mass? That question is answered in part two of my conversation with Mr. Gauthier, available online soon.



Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.

Click to comment