The State of eCommerce
Download
Report
Transcript The State of eCommerce
The State of eCommerce
David Strom
[email protected]
(516) 944-3407
TISC Boston 11/12/1999
Consider the shopper
• Can’t find your store
• Can’t find the right product
• Can’t determine prices and shipping ahead
of time
• Can’t pay easily
• Can’t get decent service and support
2
Consider the developer
• Poor quality of tools to build storefronts
• Need to integrate several products for any
solution
• Have to deal with credit card snooping
perceptions
• And still have to satisfy customers!
3
It is a wonder anyone can buy
anything on the web!
•
•
•
•
BMW with page not found error
Gap missing any search function
Netmar payment screen confusing
Singapore jewelry directory outdated
4
Rent, buy, or build your store
• Rent: outsource to a CSP
• Buy suite of software
• Build it yourself
5
The cold hard reality of suites
• Suites are nothing more than collection of
products
• Lack integration among various elements
• Difficult to setup, customize, and use
• Require you to live “inside” their structure
• Limited payment options
• Sounds like early MS Office
6
Trends
• Suites will get better, but no one will really
care
• Rental options will continue to get cheaper
and more functional
• Web/database integration still difficult
problem that suites are ignoring
• Backoffice integration still difficult problem
but getting better
7
Technology status report
•
•
•
•
SSL vs. SET
eWallets
eCommerce hosting providers
Payment providers
8
SSL vs. SET
SSL
• Server authentication
– Merchant certificate as
legitimate business
• Possible for client
authentication
– Not tied to payment method
• Privacy
– Encrypted message to
merchant includes account
number
• Integrity
– Message authenticity check
SET
• Server authentication
– Merchant certificate tied to
accept payment brands
• Customer authentication
– Digital certificate tied to
certain payment method
• Privacy
– Encrypted message does not
pass account number to
merchant
• Integrity
– Hash/message envelope
9
SET issues
• Implementation of SET has some big drawbacks:
– Lack of interoperability among systems
– Management of public key infrastructure
– Distribution of digital certificates requires action on the
part of the consumer
– Will banks want to become cert authorities?
• And who will pay for all this?
• Meanwhile, eCommerce goes on
10
The future of SET
• Non-repudiation of transactions through
digital certificates for both merchant and
customer
• SET may be the industry standard for
payments, but yet to be implemented
• It will be far more difficult for a customer to
claim no knowledge of a transaction
• Demonstrations continue
11
Some problems with eWallets
•
•
•
•
Not transferable to other wallets
Tied to a single PC
Not available for use at many web storefronts
Just solve a small part of the overall payment
process
• And they just don’t work!
12
Trends
• eWallets will eventually go away
• SET becomes a server-side issue
• SSL still dominates eCommerce
transactions for many years
13
Interoperability is the key
• Wallets will become widely used when the
following events occur:
– Mass distribution of wallets to consumers is
easily made
– Will be accepted by all merchants, regardless of
wallet brand or payment brand
– Don’t require PKI knowledge or computing
expertise
14
Turnkey eCommerce hosting
providers
•
•
•
•
•
•
•
GeoShop/Yahoo
ViaWeb/Yahoo
iCat
Shopsite/Open Market
iTool
Shopzone
Encanto
15
What they have in common
• Relatively easy to setup simple storefronts
• Relatively difficult to setup anything else!
• Payments, order processing still mostly a
manual effort
• Limited catalog and page controls
• But good to learn about eCommerce!
16
Case study: Encanto
• Started out selling hardware appliance
• Now sells eCommerce hosting services and
gives away the box
• Will they make it on monthly fees?
• Best explanation of payment process around
but took it off their web site!
17
The state of payment systems
• Today the vast majority of web payments
are with SSL forms and credit cards
• Many new directions for payments, but still
far from general acceptance
• Banks at odds with software developers
18
Remember the old payment
providers?
•
•
•
•
•
Digicash
Cybercash (first generation)
First Virtual
Mondex
GlobeID
19
Why didn’t they work?
• Too complex to implement
• Too much cumbersome infrastructure
• Not too many stores took their kind of
money
• Too many other technical challenges
• Solved the wrong problem first (credit card
snooping)
20
Today’s sessions
• Choosing the right payment provider
• New alternatives to PKI for authentication
• Securing and integrating web and database
servers
• Web switching and caching
• Preventing cyberfraud
• PKI application implications
21
Our moderators
•
•
•
•
•
Christy Hudgins-Bonafield
Victor Danevich
Greg Yerxa
Greg Shipley
Jon Udell
22
Session 1:
Choosing the right eCommerce
payment provider
Christy Hudgins-Bonafield
Brian Boesch, Cybercash
David Strom, David Strom Inc.
Why use any payment system?
• Automate existing business practice (POs,
procurement, supply chain, etc.)
• Non-human transactions, businss-tobusiness
24
Three choices
• Outsource everything (Evergreen, BofA,
Amazon zShops)
• Use Cybercash online system
• Use PC POS (Tellan, PC Authorize)
25
Issues
• Real time or batch authorization
• Real time or batch capture/posting of
transactions
• Fraud detection
• Whether or not physical goods are involved
• Scalability, reliability
• Where and how customer account data is
stored
26
Diversity issues
• Shopping carts used to keep track of
sessions vs. committed order processing
• Rich reporting tools, backup, management,
history/log
• Open interfaces to extract information and
use across different legacy payment models
27
Three different levels of security
• Transaction level
• Session level
• Membership and directory level
28
What is the goal?
• To safeguard user identity and payment
information
• Across all transactions, sessions, and
wherever membership information is stored
• And to ensure that accurate transactions
occur!
29
Transaction level security
• Identity must be coupled with transactions
• Transactions must be persistent and grouped
for optimal payment authorization and
processing
30
Session level security
• Identity must be constantly verified during
eCommerce session and especially when
transactions committed for payment
authorization.
• Cookies, tokens, SSL
31
Membership level security
• Persistent way to store identity and payment
methods.
• Must be secure – or face legal
consequences!
• Critical for business-to-business automation
• Must leverage existing business PO
authorization systems
32
All of these are tied to your
shopping cart
• Usually, cart processes payments and sends
to banking network
• Demonstration from Perfectotech.com
• strom.com/pubwork/ecommerce/testcart.htm
33
Session 2:
Authentication alternatives for
secure eCommerce
David Strom
(516) 944-3407
The old method: SSL/credit cards
• How to deal with returning customers?
• How to deal with breaks in shopping
session?
• How to deal with peak loads?
• Are they really secure? (Perception vs.
reality)
35
Current authentication methods
• Cookies
• Database logins
• Certs and PKI infrastructure
36
Do you really want to do this?
•
•
•
•
Setup CA server
Generate a secure root CA
Train Reg Authorities to manage certs
Develop customer cert policies
37
New ways to authenticate
shoppers
•
•
•
•
•
•
1Clickcharge.com
qPass.com
Cybercash’s InstaBuy.com
ISP bill-backs (iPin, Trivnet)
eCharge.com
Personalized shopping portals (Shopnow,
iGive, eBates)
• ECML
38
Characteristics
•
•
•
•
•
Mainly for digital content delivery
Per day pass (WSJ)
Charge 8- 12% per transaction
Universal membership
Aggregate lots of small transactions into
one monthly bill
• Don’t leave site while completing purchase
• Build on “community” and “standards”
39
ShopNow, eBates
• Each user registers and sets up own mini
mall with links to stores
• Basic rebate program but large collection of
stores
40
iGive
• Percentage of sales goes towards charities
• Clickthroughs also are measured and
accumulate $
• Members have earned $300k for charities so
far
41
iPin, Trivnet
• Digital content only
• Aggregates purchases and bills your ISP
directly
• Only works if your ISP and merchant are
signed up
• Does this sound familiar?
42
Advantages
• Ease of use -- maybe
• No credit card transmission over the
Internet
43
Disadvantages
• Need to reach critical mass of users almost
at launch
• Still rely on username/password
combination which can be cumbersome
• Small companies without a lot of depth
• Standards still in play
44
Why use these any of these
services?
• Save money
• Build loyalty, return visits
• Make eCommerce easier? Not sure.
45
Panel
• Brian Smiga, 1ClickCharge
• Jamie Fullerton, Inflo
• Ted Goldstein, Brodia/ECML.org
46