Coffee-shop loyalty card, an identity?

In this blogpost I was explaining why I didn’t think the example of a coffee-shop loyalty card as an identity was very good. Pat Patterson was so kind to comment, explaining why such a card was indeed an identity. After some thought I think we are thinking about two different things. In other words, it comes down to the definition of a coffee-shop loyalty card.

I started by:

… a coffee-shop loyalty card is used as an example of a card-based identity. That confuses me. Assuming, from the example, that the card does not contain any personal information like name or address, how can it be seen as a card-based identity? The only connection this loyalty card has with a person (identity) is that it is carried around by one. But that would make a lot of items suddenly card-based identities. The card cannot be used to identify or authenticate a person and has only value to the person carrying it around but it is in no way connected to that person. Following this reasoning, the 10 EURO note I am carrying around also is a card-based identity.

Then Pat commented

The coffee-shop loyalty card is an identity. The coffee-shop can build a profile of your purchasing habits over time. Sure, it’s identified as ‘74382432′ rather than ‘Joe Schmoe’, but it’s still your coffee habit.

And it’s easy for the coffee shop to link ‘74382432′ to ‘Joe Schmoe’ – they could encourage you to register your card online in return for free coffee; alternatively, they can just read your name off your credit/debit card the first time you use it to pay for coffee…

If the loyalty card points to me, either direct or indirect, it is representing an identity. However, I started with the assumption (although I admit that this was not very clear from the earlier post) that the loyalty card did not contain any such information.

If you say that a coffee-shop loyalty card is an identity, whose identity are you referring to? In case the card is completely anonymous (no number, no name …) it is the identity of whoever is carrying the card around at that time. If I drop the card on the floor then the person who finds it will get the benefits associated with the card.

So, depending on what information the card contains, it can point to nobody (or should I say everyone) or to a very specific person. I personally wouldn’t call the card an identity when it is pointing to nobody.


1 thought on “Coffee-shop loyalty card, an identity?

  1. Hmmm, we’re on tricky ground here…

    Even an unnumbered coffee-shop loyalty card could be considered a card-based identity. It is a bearer token that authorizes you to obtain a discount for coffee, identifying you as one of a set of customers eligible for the discount. There are similar tokens in the world of identity protocols,

    Consider, for example, a SAML bearer token, signed by some authority trusted by the recipient, that contains an attribute statement asserting that you are eligible for some benefit. The token need not contain any information identifying you individually. If this token was to be ‘dropped’ on the wire without adequate protection, another party certainly could intercept it, present it to the intended recipient and obtain the benefit.

    So, the coffee-shop loyalty card allows you to assert your identity as a loyal customer. It’s down to you to look after it and not drop the card on the floor 🙂


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.