Digital Commerce Solutions

8/3/2019 Digital Commerce Solutions

1/15

The second generation of digital commerce solutions

Steve Mott

BetterBuyDesign, 1386 Long Ridge Road, Stamford, CT 06903, USA

Abstract

Since early 1995, when the invocation of the World Wide Web (WWW) rst triggered mass adoption of the Internetfor public access to digital communications and exchanges across the globe, purveyors of a safe and sound technology

infrastructure have scrambled to oer the ``ultimate'' solution for digital commerce. To get the mass market on the

Web, the reasoning went, a special security infrastructure would need to be put into place transforming the wild-and-

wooly Internet into a network with end-to-end protections. Many dierent approaches to this quest have been taken in

the ensuing four years, but none have emerged as a clear front-runner for widespread implementation and market

dominance. Now, as eCommerce is booming and the Net is revolutionizing industry after industry, it is obvious that

the world did not wait for a specialized technology infrastructure after all, and eBusiness is clearly mushrooming o

what was already in place. And it is becoming clearer with each passing day that a new generation of digital commerce

solutions is beginning to emerge, with new priorities (e.g., privacy) and higher value-added requirements (e.g.,

smartcard integration, biometrics, etc.). Sorting out the winners and losers in this second generation will be harder still,

since one of the prerequisites is that all the technology will ultimately become transparent to the user! 2000 Elsevier

Science B.V. All rights reserved.

Keywords: Security; Privacy; Public key infrastructure; SET; Smartcards; Biometrics; Credit cards; Debit cards; Digital commerce;

Digital certicates; Online retailing; Internet; Authentication; Verication; Transaction integrity

1. A brief history of the rst generation of digital

commerce solutions

The overarching premise of the ``need'' for a

specialized solution to support commerce con-

ducted via the Internet was the expectation that its

basic lack of security would expose millions of

consumers and merchants to substantial risk of

fraud and compromise. Secure Socket Layer (SSL,

originally oered to the Net by Netscape, and now

re-introduced by the Internet Engineering Task

Force as Transport Layer Security, or TLS) of-

fered the ability to protect information while in the

various communications ``channels'' that make up

the Net. That provided substantive condentiality

for Net users, but in 1995 and 1996, exposure of

the ``ends'' of SSL ``pipes'' namely at a merchant

or ISP server-resulted in some highly visible com-

promises of highly sensitive information like credit

card numbers. Tens of thousands of credit card

numbers at a time, in some cases, were compro-

mised.

Sensing an opportunity to extend their credit

card franchise further, the payment card associa-

tions rushed to provide bank-oriented ``solutions.''

First up was Visa, in a partnership with Microsoft,

with a protocol specication called Secure Trans-

Computer Networks 32 (2000) 669683

www.elsevier.com/locate/comnet

E-mail address: [email protected] (S. Mott).

1389-1286/00/$ - see front matter

2000 Elsevier Science B.V. All rights reserved.PII: S 1 3 8 9 - 1 2 8 6 ( 0 0 ) 0 0 0 2 4 - 4


2/15

action Technology (STT), in mid-1995. Pushed to

the sidelines by this preemptive move, MasterCard

agreed to team with everybody-who-was-afraid-of-

Microsoft (e.g., IBM, GTE, Netscape, etc.) for a

rival protocol Secure Electronic Payment Pro-

tocol (SEPP). The payment card schemes were

quickly pulled back into collaboration by their

big-bank members toward the end of the year

(something the US Department of Justice looked

askance at), resulting in a draft specication of the

Secure Electronic Transaction (SET) protocol in

early 1996.

While to-date adoption of SET as THE digital

commerce solution has been very limited (except

for some European countries (namely France,

Scandinavia, Netherlands, Switzerland) and Asia(especially Singapore, Taiwan and Japan)), the

components of the SET ``solution'' oered up to

the Internet marketplace provide very vivid proof-

points of why this initial generation of oerings

did not scale. Among the more obvious discon-

nects were:

A rather heavy-handed imposition of Public Key

Infrastructure (PKI). PKI calls for the use of

public (from the same authorizing entity) keys

that can encrypt sensitive information, which

can in turn, only be unscrambled and read byprivate keys (which come from the same mathe-

matical basis). While extensively embraced by

the intelligence community, PKI has struggled

with broader market acceptance for years. Rela-

tively few ``commerce'' applications of PKI are

extant (see Fig. 1), although PKI has made stea-

dy inroads in corporate network security uses

especially securing remote access users over cor-

porate Virtual Private Networks (VPNs). More-

over, SET proposed a monopoly for the RSA

``brand'' of data encryption in its initial imple-

mentation a business decision that strained

credulity when faster, better, cheaper alterna-

tives (such as elliptic curve cryptosystems) were

already available. Vendors objected, but count-

ed on the banking industry to make markets

for this relatively arcane infrastructure imposi-

tion. To-date, their investments and faith

have been little rewarded. A very complex (and expensive) invocation of dig-

ital identifying certicates. So remote parties

could know each other online, the notion of dig-

ital identiers, or digital certicates, came

about. These IDs would be granted by ``trusted

institutions'' utilizing Certicate Authorities,

and maintained and revoked by Registration

Authorities and other complex and expensive se-

cure server-based systems. The problem was,

too many parties wanted to be CAs, too much

time and eort and expense was needed to pro-cess IDs that were essentially static rather than

dynamic, and few considered the customer ser-

vice implications. Most banks wanted to be a

Fig. 1. Principal uses of public key infrastructure through 1999.

670 S. Mott / Computer Networks 32 (2000) 669683


3/15

CA because trust was their business; few wanted

to bear the hassle and expense of full deploy-

ment. Worse, after being tantalized by low-cost

pilot-system oerings by vendors, implementers

discovered that these initial oerings rarely

scaled to production-system capabilities without

costs exceeding $100 per user! (Whether this ini-

tial round of pricing reected the true costs of

the vendor, or their need to justify their Initial

Public Oering (IPO) valuations, is another

question.)

An assumption that consumers would load ponder-

ous security technology onto their PCs. Deploy-

ment of this grand security design came to be

premised on so-called digital ``wallets'', resem-

bling the physical-world function of account pay-ment and ID cards in one handy location. But

consumers did not take to the idea of 5MB, sin-

gle-purpose chunks of new software, and banks

were slow to see the promise of getting ``wallet-

share'' on consumer PCs. PC and software ven-

dors have recognized the enormous marketing

potential of presence at the ``point-of-virtual-

sale'', however, and many of these functions are

now resident in the ``bloatware'' all of us are

now using on our PCs. Quietly and subtly, this

marketplace moved on without the banks. A premise that consumers cared most about secu-

rity in the rst place. The prophets of doom for

Net security horrors clung tightly to survey af-

ter survey showing that ``consumers'' were

avoiding shopping over the Internet because of

security concerns. In 1998, surveys began to

show privacy surfacing as the major issue,

eclipsing security. And late last year, a new sur-

vey showed that the initial wave of digital com-

merce was becoming as much or more

concerned about low prices, convenience and

service merchandising issues as security

(see Fig. 2), began to take center stage. This

was fueled by new developments from PC and

software vendors, as well as a raft of new tech-

nologies that promised advances in monitoring

and proling real-time consumer behavior in or-

der to better target sales pitches. Security did

not sell in this rst generation of digital com-merce, but maybe consumer-protection will.

Pretty Good Privacy (PGP) became widely ac-

cepted as the standard for protecting e-mail

and text transmissions, and privacy start-ups

and solutions abound.

A belief that the Internet community would wait

for a bank-oriented solution. Many still believe

that consumers will not move en masse to the

digital marketplace without trusted brands

guaranteeing the experience. This may not mat-

ter in the short term, as todays digerati have the

wealth and impulses to produce a trillion dollars

or more in commerce (according to a recent

Forrester Research projection) [1]. Financial in-

Fig. 2. Improvements required by online shoppers in order to increase use.

S. Mott / Computer Networks 32 (2000) 669683 671


4/15

stitutions certainly retain for now the going-

in position as front-runners in trust (see Fig. 3

and Table 1). But will they capitalize on this he-

reditary advantage? So far, the evidence seems

to indicate the contrary.

Moreover, the initial wave of eCommerce was

characterized by concentrations of business in

relatively few sites some 75% of trac (eyeballs)

and more than 80% of transactions occur on about

20 major eCommerce sites/portals. Those venues

(Amazon, Yahoo!, AOL, ebay, etc.) created their

own levels of ``trust'', and won voluminous ad-

herents. ALL of them weighed in favor of building

on existing infrastructure albeit as it evolved and

improved rather than creating something new.

2. The ``real'' security risk

So, were all our concerns about Internet secu-

rity risks just media hype? Wishful anticipation by

security vendors and the banking industry? Not

Fig. 3. Proportion of people who professed trust for various institutions.

Table 1

eCommerce challenges for banks

eCommerce trend Evidence Implication

Financial activities are moving online

faster than most industries

Full-service brokers are playing catch-up to

rst-mover discount traders

Loss of market position and mind-share

for most desirable customer base

Merchants are up-in-arms over highcredit card charges and fraud liability

Anti-banking merchant associations arisingin several countries to protest

By-pass solutions by new providers arebeing vigorously pursued

Key new Net-based industries (digital

content, gaming, etc.) exploding

Traditional four-party credit card transac-

tion too costly and slow to accommodate

New, non-bank payment solutions are

springing up everywhere

Desire for online banking and bill

payments continues to rise

Bank-based solutions are slow to appear,

and experi-ences are disappointing

Intuit, computing rms, utilities and oth-

ers jumping into market

B2B commerce is burgeoning every-

where: 10 consumer commerce

Online-community oerings handle more of

transaction exchange/ow

Slow reaction and paucity of ecient

solutions threaten to leave banks behind



5/15

really. It turns out that there is a rising tide of

security issues, and the criminal element is, indeed,

nding its way to the Net. As of mid-1999, there

were serious and representative signs of trouble

ahead:

Whose site is it, anyway? In mid-1998, using a

website replication program, fraudsters dupli-

cated a Dutch online banking site. Then they si-

phoned o one in every 50 transactions from the

ISP server head. Then they sent an applet back

to the browser of the consumer, changing the

URL ever so slightly. When the online banking

customer re-dialed what they assumed was the

real site, they got the bogus site instead. The

fraudsters got the account information, and

indeed committed many acts of fraud. This in-cident was quickly and resolutely hushed up

once it was exposed, but the banking communi-

ty had its ultimate proof-point: Serious verica-

tion of remote parties will ultimately be

necessary, invading consumers not just mer-

chants!

Major online retailers got hit last shopping sea-

son. An informal survey by Visa of 10 of the

top 20 ``e-tail'' sites in the 1998 holiday shop-

ping season indicated that half had chargeback

rates between 5% and 10% an unsustainablelevel if prots are ever to be expected. Visa also

reported in early 1999 that HALF of their

chargebacks (when the credit card holder rejects

a transaction which must be investigated before

the merchant may be paid) in Europe overall

were from Net transactions [2]. Under existing

credit card rules (except for SET transactions),

the merchant gets stuck with the fraud, meaning

their bottom-lines suer greatly.

One in 15 Net consumers has been victimized. A

Lou Harris/National Consumer League poll in

mid-1999 estimated that six million consumers

(7% of the online population) had been victim-

ized by fraud or unauthorized use of sensitive

data. ``This survey shows that Web-era consum-

ers are every bit as vulnerable as those who were

around before the Internet changed the way that

more of us do things,'' said National Consumer

League President Linda Golodner. While the

Web can empower consumers with information,

it also leaves the unwary exposed to new varia-

tions on old fraud and abuse schemes. This poll

indicated that more than 70% of consumers

still are not comfortable giving out credit card,

other nancial, or personal information over

the Net!

Net-centric merchants get hit harder. Smaller

merchants particularly those new to credit

card processing and remote transactions are

by all reports getting hit harder by fraud and

chargebacks than the major e-tailers. Digital

content providers are getting hit much worse;

Bank of America, which hosts many of them

from their California base, has indicated that

2040% fraud rates are not uncommon (not to

mention the unauthorized duplication and pro-

mulgation of contraband copies of the digitalmaterial). Many of these companies are not

big enough or rich enough to fund the invest-

ments in existing payment- and product-protec-

tion infrastructure. They, too, are looking for

faster, better and cheaper solutions.

We do not hear about the scary incursions com-

panies do. The FBI/Computer Industry Security

annual survey of corporate network security in-

cursions (in 1998) indicated that some $200 mil-

lion in actual damages from a dozen dierent

types of abuse (breaks, theft, unauthorized use,etc. see Table 2) were reported. Many experts

believe that the internal or related costs (e.g.,

loss of business or contracts) for xing such in-

cursions can be 10 times that amount. NetCom-

merce magazine estimated that Net fraud costs

overall could be as high as $7 billion! (Even

so, numerous surveys show that fewer than

40% of Fortune 2000 companies spent more

than $1 million on network security last year;

no wonder security industry vendors are frus-

trated.)

It would seem, then, that the security time-

bomb is still ticking. Moreover, it is entirely likely

that the really dangerous consumer incursions

(where entire sites are compromised, with thou-

sands or tens of thousands of accounts revealed)

are no longer being revealed to the public. What

we do see, though, is the same criminal element

that thrives on mail-order/telephone-order (MO/

TO) transactions mostly use of stolen credit

cards and information is rapidly migrating to the



6/15

Net. On the Net, merchants for the most part

particularly new, small, Net-only e-tailers have

NOT yet invested in the types of protections (such

as fraud monitoring, address-verication, negative

le lookups, etc.) that direct-marketers have pio-

neered and perfected over the past dozen years.

3. What we have learned

It would appear, then, from this brief history of

eCommerce and the attendant update on the real

security threat, that we have learned a few im-

portant lessons that point to what is likely to come

in the next generation of digital commerce solu-

tions.

Security does not sell. Mass consumers still can

be herded by media alarms, but the digerati have

moved on to other concerns. Online early adopt-

ers learned quickly that one of the advantages of

lowly old credit cards was they protect consum-

ers quite well in remote transaction environ-

ments. Thus, telling them to be concerned

about the potential fraud losses merchant banks

would incur was hardly a compelling argument.

Why worry? So the online security industry is

scrambling to hide the security, or disguise it un-

der the mask of privacy toggles and/or third-

party, hosted interactions.

Credit cards get the party started, but will not

make it last. Similarly, it was almost exhilarat-

ingly easy to trigger digital commerce by using

credit cards. Consumers were protected, and

merchants were guaranteed of getting paid (al-

beit, net of fraud and other chargebacks). Now

the costs of using old, expensive banking and

payment card networks, and rising fees being

charged on those outdated networks seem to

be driving merchants into rebellion. Further,

key Net products especially digital content

and Business to Business (B2B) require moreexible and cost-eective modes of payment.

The party has hit a lull, while many, many pay-

ment wannabes vie to don the lampshade.

Dicult, expensive bank-centric approaches do

not pay o. The Net remains unabashedly and

determinedly about getting things free and easy.

Bank-centric solutions that require everyone to

do things slower, less eciently and on dramat-

ically more costly terms defy digital logic. Banks

seemingly continue to have a standing invitation

to join the party, but few have responded to an

expectant market. In the lurch, a host of alterna-

tive solutions have emerged, making more agile

and customer-friendly use of technologies that

should be bank sweet-spots. Worse, Net-infra-

structure technology providers have pretty

much moved on to greener pastures. Critical-

mass adoption once thought to be dictated

by banks and other nancial institutions is al-

ready occurring through more opportunistic

sources.

Table 2

Costs of computer crime

Categorya Incidents Low cost High cost Average Amount

Info theft 20 $300 $25 million $1.68 million $33.45 million

Laptop theft 162 $1 K $500 K $32 K $5.25 million

Sabotage 25 $400 $500 K $86 K $2.14 million

Eavesdropping 10 $1 K $200 K $56 K $562 K

Wiretapping 5 $30 K $100 K $49 K $245 K

Invasion 19 $500 $1 million $86 K $1.64 million

Abuse 67 $500 $1 million $36 K $3.72 million

Financial fraud 29 $1 K $2 million $388 K $11.24 million

Denial of serv. 36 $200 $1 million $77 K $2.79 million

Virus 143 $50 $2 million $55 K $7.87 million

Unauth. access 18 $1 K $50 million $2.81 million $50.56 million

Telco fraud 32 $500 $15 million $539 K $17.26 million

Totals 566 $136.82 million

a

Source: CSI/FBI 1998 Computer Crime Survey.



7/15

It is the convenience, not the technology, stupid!

While there is certainly some small portion of

the current infrastructure marketplace that

gravitates to all new technology and techniques

(after all, SOMEBODY must be using all those

functions in bloatware PC applications), the dig-

ital marketplace has proved time and again that

it will move forcefully and relentlessly to the

simplest, easiest and cheapest solution (witness

online trading). The rst generation of digital

signatures and certicates has come and gone

from the consumer perception; it was just too

hard, and the benets too uncertain. The one

real opportunity left for technology providers

is to provide real, substantive and sustainable

value but each and every time, in the nameof utility and convenience. Thats what sells on

the Net.

And it is not just about payments. Perhaps the

biggest detour in the path toward a produc-

tion-system digital commerce infrastructure has

been up until now a single-minded and my-

opic focus on handling payments. Everyones fo-

cus started out on how to get paid, while the

Net continues on its monolithic path toward

making things free (or at least cheaper). What

was lost in this focus on payments was whetherany tangible value to either buyers or sellers was

being created in the course of processing online

payments. Up until now, digital commerce has

fed o advertising revenues the sugar-daddy

for all information and entertainment services

to-date. More recently, digital commerce inno-

vators have been charging to ``relationship-cre-

ation and value-fees'', whereby online

consumers are willing to pay for the added con-

venience and utility they get from a gratifying

online relationship. But ghting over the ``vigo-

rish'' or cut in per-transaction costs has alienat-

ed both buyers and sellers, making it bad

business, in addition to being misguided. Whats

largely been missing, until very recently, has

been top-drawer customer service, ecient ful-

llment, pain-free loyalty programs, construc-

tive online notications and ordering advice,

provision of international orders, streamlined

navigation, and cross-selling that is useful rather

than invasive. Online consumers the buyers

repeatedly demonstrate (with their clicking pref-

erences) that they take payments for granted

and look for value elsewhere.

4. Tools for a new generation

It is perhaps ironic, then, that we nd ourselves

at the dawning of a new millennium with most or

all of the requisite technology at our hands to meet

the needs of a safe and sound digital commerce

ecosystem but perhaps not the business acumen

or market consensus to deploy it sensibly and cost-

eectively. This may have as much to do with the

unusual vagaries of the investment environment

for Internet stocks as anything else. Very smallcompanies have very large ambitions these days,

and few seem to have the perspicacity or the in-

vestor exibility to put coherent, inexpensive so-

lutions together. One fairly well-known example

should illustrate the point.

A major US-based brokerage and mutual funds

company recently was convinced by technologists

and eCommerce gurus on sta that ``wallet-share''

might be eectively combined with improved (and

more cost-eective) customer service by means of

smartcard-based remote access to accounts.Twelve million customers could securely access

intimate account information, switch assets from

fund to fund, and conduct trading online all

from their PCs (and potentially other devices)

from home or work! The target solution was a

strong smartcard housing industrial-strength PKI

and digital IDs, tied into a corporate host system,

which could manage the various deployment

functions on an integrated basis with the legacy

systems.

An RFI was issued, and the leading PKI pro-

vider came back with a bid in excess of $1 billion,

or $85 per account. The client was said to be

aghast! A supplementary RFI was tendered, for an

alternative conguration that did not utilize digital

IDs or require CAs, but the vendors apparently

got greedy as well, and bid more than $40 per user.

Meanwhile, the client, who was expecting a $1015

deployment cost, shelved the project.

Nothing about this landmark-to-be project was

especially dicult technically. Nor by anyones



8/15

reckoning are the actual deployment costs for

projects of this type anywhere near the levels that

were bid by the vendors. Did the vendors get

greedy, sensing a showcase, critical-mass deploy-

ment that could make their business model/case

overnight? And were the vendors guilty of believ-

ing their own investor hype on the bounties

available in the market for this technology, miss-

ing the chance to price ``ahead-of-the-curve'' to

``land the big one''? One can only assume so, and

regret that a breakthrough opportunity was lost

at least for awhile for the industry overall. But

we can speculate from this example, and others

like it being played out around the world, that

tools are in place to build-out the requisite infra-

structures, once the technology providers get theirbusiness models straightened out.

We can, in fact, point to a number of promising

implementations of digital commerce infrastruc-

tures working their ways into the marketplace. We

will examine several of these later in this article.

All of these implementations satisfy three primary

conditions for handling remote interactions in a

safe and sound fashion:

1. making sure the parties to the interaction are

who they say they are;

2. assuring the interaction was completed underterms they agreed to; and

3. conducting the interaction under appropriate

and understood levels of privacy and protec-

tion.

The rst of these conditions concerns the pri-

mary task of authentication (see Fig. 4). We now

have a number of ways to determine the buyer and

seller (and third parties) online identities, as well as

complementary methods to verify these identities.

4.1. Authentication

The most common approach for online au-

thentication is, of course, PKI. PKI is now ex-

tensively used in corporate networks and e-mail

systems, exchanging a digital ID (something you

have) between the communicating parties. For a

variety of reasons, this is better than relying upon

online exchanges of PINs or passwords (something

you know) which could be intercepted and mis-

used and thus provide little in the way of veri-

cation for remote transactions.

So-called software tokens, however, have theirown vulnerabilities. Take for example, the instance

of laptop theft, where the laptop has no or limited

access protection. The online-literate thief could

simply dialup Internet merchants, exchange the

resident digital IDs, change the shipping address

(rarely questioned by merchants in this initial

generation of online commerce) and consummate

the transaction (using wallet information in the

PC, the credit card number registered in the site, or

just a stolen credit card number).

In some ways, this virtual ID is stronger thanthe commensurate physical ID, because the digital

ID the digital certicate in an increasing number

of places conveys the support of the ``trusted

authority'' (the CA) who issues and maintains the

certicates. And, few if any PKI/CA systems

utilize ecient (much less interchangeable) real-

time checks on the validity of certicates. So the

Fig. 4. Authentication hierarchy.



9/15

thief (or the deadbeat user/buyer) might enjoy

buying privileges conveyed by the CA/issuer that

he/she would not get in the real world! Moreover,

existing credit card rules ordain that the merchant

is responsible for all identication and verication

for remote transactions (with the recent exception

for SET transactions); repudiation by the buyer

(`Ì didnt do it'', `Ìt wasnt me,'' etc.) is already

half of all chargebacks in the US in direct mar-

keting transactions, and an even bigger and

growing problem for Internet transactions [3].

The trick in authentication is to have at least

two factors involved in identication and veri-

cation. A digital ID in software might be checked

by a merchant, who also asks for a registration

password (a la Amazon.com) for a transaction tobe processed. However, frequent shoppers may

utilize the ``toggles'' oered to bypass the pass-

word conrmation for each transaction entry

(Amazon calls it `òne-click'' purchasing). If I leave

that toggle on, my kids (or anyone with access to

my computer) could shop indiscriminately and at

will (until the conrming email or monthly credit

card statement came in!). In fact, without some

iron-clad verication of who `Ì'' am (biomet-

rics), anyone who has compromised my computer

(password protection is woeful generally onPCs) possesses a very good compromise of my

identity!

Maybe the software token could be replaced

with or supplemented by a hardware token-gen-

erating mechanism (e.g., a smartcard, or some-

thing you have). Suppose the smartcard reader had

a secure PINpad that required the holder of the

smartcard to verify (through issuer-conrmed en-

try of PIN numbers) something you know. Have

we bought more authentication? Well, the user/

buyer now has to have a smartcard reader (no

problem in monolithically oriented national in-

frastructures, such as in Europe and some Asian

countries). And he/she has to have a valid smart-

card. The smartcard has to be checked with the

issuer of the card (via the passing of a cryptogram

specically tailored to the issuer). And the correct

PIN has to be entered by the user/buyer, and

conrmed by the issuer. Sounds pretty good? It

should France, UK, Germany, Netherlands,

South Africa and other nations are well on the way

to building out national infrastructures that do

essentially this combination of authentication

factors.

But is this enough assurance for authentication?

Many security specialists believe that cyber-crimi-

nals will eventually exploit the very power of dig-

ital networking technology to disarm the

protections it puts up against them. In eect, we

can expect an endless cycle of chasing, not unlike

Wile E. Coyote trying to trap the Roadrunner,

with the ``good guys'' trying to stay out in front of

the cyber-criminals so long as we are working

with software and hardware solutions to authen-

tication. To move beyond the ``chase'', we are now

looking at a third level of authentication bio-

metrics for the `ùltimate'' solution.Biometrics are simply something you are. It

could be your ngerprint, the geometry of your

hand or face, a digitized imprint of your iris even

your DNA. Capturing a digital rendering of

something unique about your body and comparing

it to a locally or remotely accessed stored repre-

sentation of the same enrollment data oers a

third, and dramatically more accurate means of

remote (or local) authentication. As with other

forms of digital identiers, verication via bio-

metrics needs to be real-time (not stored data) toensure true identities. Already being utilized in

dozens of pilot tests around the world in com-

bination with something you know, and/or some-

thing you have something you are promises to be

a major leap forward in the next generation of

digital commerce.

4.2. Transaction integrity

Associated with identication, verication and

authentication is the integrity of the remote

transaction itself. This involves both the integrity

of data that the buyer was charged for exactly

what he/she ordered at exactly the prices and other

terms oered at the point of remote sale and

assurances that the transaction and payment were

authorized (typically by the credit card company).

Fortunately in this rst generation of digital

commerce, existing mechanisms provided by credit

cards oer extensive coverage for buyer repudia-

tion of the transaction (`Ì didnt get it,'' `Ìt wasnt



10/15

as described'', ``That wasnt the price'', ``I got

charged incorrectly'', etc.).

But this is also a large and growing problem for

Internet transactions. In their haste to build mind-

share and market-share, Internet retailers are

handling the mounting numbers of rejected pur-

chases as a transitory cost of doing business

eventually, they will need to police these transac-

tions, and develop ways with card issuers to

manage buyers to accept responsibility for their

purchases (just as in the instances of identity re-

pudiations).

One transitional solution widely utilized is to

email the specics of a transaction back to the

user/buyer upon conrmation of the shipment

(which triggers the credit card billing). But thebuyer can deny receiving the e-mail, or receiving it

in time to raise an issue with the transaction. SET,

where it is used, oers integrity and authorization

checks within the live message exchange. Some

online merchants even take the tack of having the

buyer conrm (real-time) the specics of the

transaction before the transaction is consummat-

ed, permitting the creation of a journal record that

can be used by the merchant to reject the eventual

chargeback.

From a hardware perspective, smartcard de-ployment also oers a nuance that may be of great

use in the next generation of digital commerce: the

secure PINpad smartcard readers can also be

equipped with an LCD display that reiterates the

amount being charged to the buyer during a re-

mote transaction. The buyer then conrms the

amount (which implies quantity purchased and

other data) online, and receives re-conrmation

back on what was charged to his/her account

thus gaining protection for both integrity and au-

thorization.

Clearly, something like the above variations

also needs to be a part of a production-level, in-

dustrial-strength digital commerce solution (along

with the means to secure the computer!).

4.3. Condentiality

More and more, privacy protections are be-

coming a critical component of eective digital

commerce solutions. Condentiality about who

purchased what where and when has enormous

import for protecting both buyers and sellers.

From exposing the online behavior of politicians,

celebrities and the like, to providing taxation au-

thorities with detailed private information, to

putting the average consumer at the mercy of di-

rect marketers, digital commerce is fraught with

new and powerful threats to all involved.

In the physical world, particularly in the OECD

countries, buyers and sellers tended to be insulated

from direct exposure to each other by relatively

benign intermediaries, such as content providers

(TV, newpapers, magazines) and advertisers.

``Caveat Emptor'' prevailed, but in reality, buyers

encountered very predicable and tractable experi-

ences by responding to ads and informing them-selves in this paradigm.

In a virtual world, there are many dierent

venues for consummating transactions, and while

buyers and sellers in theory come together in cy-

berspace, in reality new technology-based partici-

pants (searching engines, directories, bots, agents,

etc.) join content providers and advertisers in

matching buyers and sellers, and an entirely new

layer of intermediaries (auction venues, buyer-

bidding sites such as priceline.com, micropay-

ments engines, and privacy/personalization mech-anisms) are also involved in brokering

transactions. Example: there are a dozen and a

half new start-ups in mid-1999 alone oering pri-

vacy protection toggles (and their ip-side per-

sonalization engines). Some of these are

manifested as digital wallets; some as client-side

software; some are part of hardware-token con-

gurations (e.g., Wave Systems, smartcards, etc.;

some are third-party hosted applications for web-

site navigation.

While obviously complicating the interaction of

transaction parties, and increasing contention for

who will share what portion of the transactions

fees, or ``vig'', these mechanisms create obvious

consumer confusion over whos doing what with

their condential information. In particular, most

of the so-called privacy-protection solutions are

actually designed to capture detailed information

about the buyer, the online conguration, and the

transaction in the event the consumer wants to

provide this information in stages, over time



11/15

with websites he/she trusts. Moreover, substantial

investments are being made in advertising and

transaction monitoring/reporting engines (Engage/

Accipitor, AOL/Enliven, DoubleClick, etc.) that

gather information about transactions in unprec-

edented detail real-time! This, in turn, is now

permitting transaction-intermediation players

(priceline, CyBuy, etc.) to oer virtually real-time

pricing and supply (trade-ups, cross-sells, add-ons,

etc.) using intimate knowledge about both buyers

and sellers in aggregate, cross-sectioned, or on an

individual basis!

An extension to the privacy and personalization

tradeo will be the ability to accommodate buyers

and sellers across any network, via any device,

navigating through any system anytime, any-where, and virtually anyway they choose to come

together to consummate transactions. Communi-

cations protocols will continue to evolve quickly to

support these new purchasing activities, putting

pressure on client, host, and networks systems to

accommodate them. Moreover, the exploding

volume of online transactions will force many in-

novations in mechanisms, protocols and languages

to interface with key legacy systems (billing, or-

dering, inventory, distribution, shipping, taxation,

exporting, etc.) not only to achieve the ecien-cies of online automation, but to support the sheer

magnitude of digital commerce from a fulllment

perspective.

5. A new generation of digital commerce is already

upon us

Thus, it is now possible to speculate that many

of the features and functions that have been ex-

perimented with in the initial generation of digital

commerce just passing will be concatenated into a

combination of clienthost-network capabilities

delivered as transparently as possible to Internet

buyers and sellers. Surely, these capabilities will

include not only the core functions of security and

privacy, but will also extend out to other requisite

components. These include digital rights and user

management (crucial for digital content) on a dis-

tributed basis; multiple payment (debit, stored

value, micropayment, and other ways to pay be-

sides credit cards) and order mode handling; device

integration (whether for smartcards, biometrics or

other supplementary hardware-based systems); and

communications command and control (ranging

from handling personalization to navigating mul-

tiple networks, consumer devices and system-spe-

cic and/or online community protocols.

Importantly, a host of incipient technology de-

ployments have arisen in 1999 to point the way

forward manifesting some of the lessons learned

and principles established in the rst generation of

digital commerce. Although there are too many to

even mention here, a number of key implementa-

tions warrant scrutiny.

5.1. E-wallets

In late 1998, a bit of market fanfare arose as

Excite, AOL, Microsoft (and even SET purveyors)

announced the pending availability of electronic

wallets that would house credit card data, regis-

tration information, shipping and billing address-

es, and security components all in one easy-to-

use piece of client software. For various reasons

largely having to do with size, cumbersome ac-

quisition, installation and use, and incompatibility

this initial generation of digital wallets enjoyedone nal ourish in the 1999 holiday shopping

season. With Microsofts wallet now rened and

standard, joined in the marketplace by well--

nanced start-ups such as Brodia and lo and be-

hold! a major banks oering (Citibanks

``ClickCiti''), more than few million consumers are

expected to enjoy signicant convenience (and

safety) during the New Millennium shopping

surge. Whether they enjoy privacy as they spend as

well could not be determined yet.

5.2. Barclays Bank9s Endorse system

Whether banks prove to be ``roadkill'' in the

pursuit of electronic commerce remains to be seen,

but some banks have gured out meaningful ways

to blend technology solutions with real needs in

the marketplace. Barclays Banks Endorse system

solves a key business problem, while ensuring that

trusted institutions like banks have an important

role in digital commerce [4].



12/15

In UK, the taxation authorities decided that

new, entrepreneurial businesses should register,

report, and be taxed online in order to promote

eciencies on both sides. Endorse requires the

business principal to visit a Barclays branch, reg-

ister for a smartcard and a digital ID, then activate

the account with the government. The principal

accesses the requisite government agencies online,

utilizing a smartcard reader hooked to their PC.

From that point on interactions between the

business and the government agencies is conducted

online, including paying taxes. Barclays guaran-

tees the security and integrity of the system, and

gets fees for doing so.

This application has real promise in B2B com-

munities, as well as any related applications thatmust handle both documentation and payments

securely and conveniently online.

5.3. Identrus

Barclays is one of eight major founding banks

(others are Citibank, Chase, Bankers Trust,

BankAmerica, Deutsche Bank, ABM-Amro, and

Hypovereinsbank) and dozens of other supporting

banks to create a trusted hierarchy of digital IDs

that are transferable (and compatible) among B2Bcustomers of each bank across borders for pro-

curement, exchange of bidding and ordering doc-

umentation and other business uses. Buyers and

sellers access the system via smartcards, and ex-

change high-level PKI IDs [5].

In eect, some of the worlds largest trusted -

nancial institutions are succumbing to common

business requirements in order to ensure they are

wired into B2B digital commerce, which is mush-

rooming. The projected 150 member banks even-

tually housed in the Identrus hierarchy will

constitute a comfortable majority of global busi-

ness assets under bank management. By so doing,

Identrus when fully implemented could consti-

tute the critical mass necessary to dictate the di-

rection and infrastructure play-out for this sector.

5.4. E-cheque

Another system aimed at B2B, but with pow-

erful implications for Business-to-Consumer (B2C)

and Consumer-to-Consumer (C2C) markets, is the

Financial Services Technology Consortiums (a

group of 140 members, including many banks) e-

cheque program. E-cheque assumes that a buying

entity pretty well knows the other entities they do

business with. As a buying community, they reg-

ister for smartcards, which are linked to their

Demand Deposit Accounts. When a purchase

takes place, the buyer logs into the network with

his/her smartcard, exchanges a digital ID, then

consummates the purchase.

The actual exchange of funds occurs totally

electronically, as an electronic Automated Clear-

ing House (ACH) transfer between the two

checking accounts. Documentation of the trans-

action is journaled, stored, and accessed in simpleways. Purchase consummation is virtually instan-

taneous, at a cost of pennies versus a few per-

centage points for a credit or purchasing card

transaction. It is not hard to imagine that large

communities of users even consumers trading

Beanie Babies toys and Pokemon cards on ebay

could enroll and participate in a friendly, ecient

system such as e-cheque. (The e-cheque program is

now being managed by CommerceNet [6].)

5.5. Cyber-COMM

We previously mentioned the Cyber-COMM

program for France [7]. Cyber-COMM is a fusion

of 1998s rival eorts between a few French banks

and Visa (the ecomm project) and Cartes Banc-

aires/Europay (the chipSET program). Those

programs attempted to harness SETs high-secu-

rity approach with national infrastructure needs

for smartcard origination of payments. In eect,

the buyer logs on with a smartcard, gets identied

and veried with a PIN check, then consummates

the online transaction checking the amount be-

ing charged on the smartcard readers LCD dis-

play (see Fig. 5) The rest of the transaction is being

handled via SET-protocol handshaking between

the merchant, acquiring bank, and issuing bank.

All parties have digital IDs, but the buyers

smartcard ID is considered both stronger and

faster for online transactions.

Imposition of the Cyber-COMM solution re-

quires a monolithic infrastructure build-out



13/15

(smartcards, IDs, readers, SET IDs, SET wallets,

servers, gateways and certicate management sys-

tems, etc.). But France has already proved its

willingness to leap to production-system infra-structure solutions in the past (Minitel in the

1970s, then adding smartcard chips to 28 million

magnetic stripe payment cards in the 1980s). An-

ticipating gradual acceptance and incorporation of

SET around the world, French banking strategists

are envisioning that their country will be the rst

entire nation wired to a secure, global eCommerce

environment. With millions of French already

enabled by this solution, it is hard to discount its

future role and importance.

5.6. B2B communities

Amidst all this activity, but acknowledging the

general slowness in promulgation of solutions by

trusted nancial institutions, B2B communities are

rapidly evolving their intranet/extranet congura-

tions to accommodate more and more components

of online commerce. Typically, these implementa-

tions are characterized by standard PKI/software

certicate exchanges. Some experimentation is

taking place with smartcards, although the prev-

alent ``hardware'' token tends to be random

number generating cards (such as the SecurID

from Security Dynamics) that match up numericalsequences between remote access users and cor-

porate servers across a corporate network.

Newly emerged enterprise portals are acceler-

ating this trend, expanding extranets into a more

interactive and capable mode. Similarly, enterprise

CAs are proliferating and being tested. Further,

vertical market communities are moving into

higher value-added applications, such as real-time

trading, RFP issuance and bidding, and online

exchange of data and documentation. The real

question is: What kind of participating entity ful-

lls the central role of service provider for B2B

community transactions? Many such communities

are nding adequate, non-bank providers can ll

these roles. Are B2B Collectives prepared to move

into their own risk management roles next?

5.7. SEMPER

Looking well beyond the payment aspect of an

online transaction, the European Community pi-

Fig. 5. Cyber-COMM's hardware/software hybrid.



14/15

oneered a project involving more than two dozen

organizations, led by IBM, to develop a speci-

cation for handling all of the important compo-

nents of a purchase from the parameters of the

business application being navigated to the con-

tract, risk and insurance terms related to doing the

transaction remotely. As with many other second-

generation systems, secure access is supported by

smartcard interfaces and PKI, with software ap-

plications and plug-ins for each party to the

transaction. A variety of payment options are

supported as well. And, potentially important is-

sues such as revocation, time-stamps, and autho-

rization periods are dealt with.

The theory behind the Secure Electronic Mar-

ketplace for Europe (SEMPER) initiative [8] is thatwhile immediate B2C digital commerce can be

supported for simple transactions piggy-backing

on the credit card global acceptance and settlement

mechanisms, downstream B2B and government

interactions will require a lot more tooling and

capabilities. Demand for automating all the intri-

cacies of complex transactions while still accom-

modating the multitude of nuances of doing these

transactions on a remote basis will grow rapidly

beyond todays infrastructure support, so some-

body needs to do the plumbing to handle this re-quirement for greater sophistication. (Other

initiatives, such as the Open Trading Protocol for

B2C, and Open for Buying on the Internet for B2B,

are attempts to do pretty much the same thing.) In

eect, SEMPER was the rst philosophical man-

date to move to a production-level generation of

comprehensive digital commerce infrastructure

that supports the totality of business needs.

6. Where we go from here

From this small, but intriguing sampling of

next-generation infrastructure solutions, it is easy

to see the common threads that are emerging in the

new generation of digital commerce solutions:

use of hardware tokens, and ultimately biomet-

rics, for better authentication;

incorporation of more sophisticated capabilities

to handle bespoken applications as completely

as possible, in remote environments;

access to and use of lowest cost network cong-

urations possible;

use of major, trusted parties to stand behind the

transactions (often, but not necessarily banks);

movement beyond credit cards to handle broad-

er payment-mode needs of buyers and sellers;

ability to accommodate all the components (se-

curity, privacy, rights management, payment

and ordering options, device integration, and

proling/communications protocols) of an in-

dustrial-strength infrastructure in a transparent,

logical and cost-eective way.

Some recent initiatives focusing on the more

private and inexpensive debit card may oer

some early indications of where the next genera-

tion of eCommerce is heading. In Netherlands,national acquirer Interpay has Web-enabled a

Maestro debit card with SET handshaking and a

smartcard identier to demonstrate the viability of

this concept [9]. The US super-regional ATM

network NYCE is planning a mid-2000 introduc-

tion of its Web-enabled debit card. ATM network

rival Star Systems is teaming with Citibank for a

smartcard-based version of the same thing. Innia

holdings, a UK start-up, has introduced Innia, a

Web-enabled debit card linked to an e-cash ac-

count, facilitating low-cost person-to-person valuetransfers. And priceline.com is utilizing debit cards

for authorization of pickups for products and

services bought online and redeemed at bricks-

and-mortar stores. As faster, better, cheaper, cert-

less and more exible substitutes for credit cards,

the worlds fast-growing hoard of debit cards now

appear to be early favorites in the next leg of the

race to be the preferred payment system for digital

commerce.

Before major organizations will be willing to

invest large amounts for production systems,

however, they are likely to need some clarity in

seeing where things are heading. It is dicult to

target Return on Investments (ROIs) when the

landscape appears to be shifting constantly. One

source of clarity could well be eorts by super-

organizations (such as the EC, the US govern-

ment, the IETF, W3C, etc.) to standardize the

standards. Across various market segments and

payment modes, multiple standards organizations

weigh in frequently in conict and usually in-



15/15

compatible with each other. Typical for an initial

generation for any automation solution, these

disparate eorts must begin to fuse and function in

the interests of the marketplace for the next gen-

eration infrastructure to truly take hold.

Ultimately, digital commerce is going to be

about creating intimate relationships between

buyers and sellers on a robustly remote basis.

Organizations and their customers will go through

a process akin to the human ``mating ritual'',

where the ``buyer and seller'' identify and qualify

each other, experiment in increasingly intimate

interactions that build trust and co-dependence,

then immerse themselves in a two-way, balanced

and transaction-rich relationship that provides

enormous eciencies and gratication to bothparties. And that means doing things digitally

much, much better than can be done in the phys-

ical world today above all, learning to ``lock the

house'' when it comes to securing the access de-

vice!

The infrastructure of the future that supports

these meta-relationships will indeed prove to be

the sustainable solution for production-strength

eCommerce. Getting there will be chaotic, head-

long-rush kind of experience. But we are clearly

making progress, now that we have learnedsomething about how this new marketplace works.

If we have learned our lessons well, the rewards at

the end of this infrastructure revolution will be so

compelling that we will probably forget about the

hardships and heartaches we have suered in get-

ting there this rst go-round. In digital commerce,

the reward is the reward, not the journey.

References

[1] Forrester Research Reports, various, 1999.

[2] VISA International, CNET, 12 May 1999.

[3] MasterCard International, Merchant/Acquirer presenta-

tion, various venues, 1998.

[4] Steve Collins, Barclays Bank, CardTech/SecurTech, Chi-

cago, May 1999.

[5] Guy Tallent, Identrus, CardTech/SecurTech, Chicago,May 1999.

[6] CommerceNet website, ``BUZZ'' Newsletter, 1999.

[7] Claude Meggle, Cyber-COMM, Presentation at CardTech/

SecurTech, Chicago, May 1999.

[8] Michael Waidner, Open issues in secure electronic com-

merce, IBM Zurich Research Laboratory, October 1998.

[9] Richard Rolfe, Debit cards on the Internet, European Card

Review (September/October) 1999.

Steve Mott is currently serving asPresident of Priceline WebHouse Club,an aliate of priceline.com. Steve isalso CEO of BetterBuyDesign.com, avirtual investment and consultingcompany specializing in brokeringhigh technology ideas for the NewEconomy. Steve and a syndicatedgroup of consultants provide adviceand development expertise to e-busi-ness clients ranging from small start-up rms to VCs to large global con-cerns. Named by Inter@active Weekmagazine one of ``Top 25 Unsung

Heroes of the Internet'' (12/97) and by Business2.0 one of ``Top25 Most Intriguing Minds for the New Economy'' (7/98), Ste-ve's speciality is helping design and implement electroniccommerce initiatives that utilize emerging digital transactionsystems for the next century subjects about which he fre-quently speaks and writes. Steve was formerly SVP-ElectronicCommerce/New Ventures for MasterCard International, wherehe led eorts to deploy business-responsive security systems andintegrate smartcard use for both B2B and B2C Internet com-merce. In prior assignments, Steve managed three advancedtechnology software development companies, headed MCI In-ternational's data communication sales, marketing and productdevelopment eorts, conducted strategic planning for McGraw-Hill and was an Information Industry consultant at McKinsey.Steve is a graduate of U.C. Berkeley and Harvard BusinessSchool, a White House Fellow appointee, and a former Marine.


Documents

Digital Commerce Solutions