Transcript Trusted e-Commerce: What Does It Really Mean? Bath September 7th 2000 Agenda • • • • • Introduction to TrustMarque Trusted e-Commerce - what’s important How do we define the.

Trusted e-Commerce: What Does It Really Mean?
Bath
September 7th 2000
Agenda
•
•
•
•
•
Introduction to TrustMarque
Trusted e-Commerce - what’s important
How do we define the trust spectrum?
The Building Blocks of Trust
How TrustMarque’s solutions have helped
Introduction to TrustMarque
• Established in 1999
• Seven locations on five continents
• More than 200 employees world-wide
• Privately held - financial backing by the
Royal Bank of Scotland/ NatWest Group
• Revenues US$80+ million this year
• A leading provider of Risk Management and
Transactional trust based systems
TrustMarque Mission
“To be the world’s leading provider of
trusted e-commerce solutions”
• TrustMarque is a backbone trust
infrastructure company which develops trust
enabled solutions
• Critical Internet infrastructure services
So what is Trust?
• Its intangible but is central to all e-Business success
whether B2C or B2B
• Trust encompasses:
– Privacy
– Security
– Customer service
• No Trust = No business
• You can’t buy it out of a box
• Trust is a combination of technology, services and
business processes
How Trust gets undermined
How Trust gets undermined
How Trust gets undermined
ID Theft
Becoming Public Fear No. 1
By Caroline E. Mayer and John Schwartz
Washington Post Staff Writers
Thursday, July 13, 2000; Page E01
"The fear of identity theft has gripped the
public as few consumer issues have,”
Jodie Bernstein, director of the Federal Trade Commission's
Bureau of Consumer Protection.
Trusted e-Commerce - What’s Important?
Consumer
Business
• To whom they are
actually making advance
payments
• Anonymous transactions
• Invisibility of store
• Privacy and use of
information
• Need to distinguish
between legitimate
shoppers and fraudulent
users in real time
• Identification: verification
and authentication of
new trading partners
globally
Trust and the Consumer
The Impact
• 64% of Net users have little faith that site operators wouldn’t
misuses private information
• Over 80% of net users are concerned about privacy online
• Only 3% are always comfortable about providing credit card
information
• 53% of on-line shoppers are concerned about privacy and
security
• 20% of websites had detected unauthorised access – FBI
• Visitor to buyer conversion rates only 1.8%
I don’t trust …..
•
•
•
•
•
Your security
The identity with whom I am doing business with
Your trading practices
What you do with my information
How you might abuse my details
What Dynamics Drive Trust?
• Fraud 12 times more online than offline - Gartner Interactive
• Fear of Fraud is the #1 reason users decide against making
online purchases - WebAssured Survey
• 64% of online consumers are likely to trust a web site even
with a privacy policy - Jupiter Communications
• 25% of online orders not fulfilled properly
• Online fraud could reach $60billion by 2005 - Meridian Research
• 37% provide false information - Market Explorers (US)
• User name and password offer inadequate protection
• Trust in the real world is driven by relationships and personal
connections
What Consumers Want
• Trust that the site keeps information private
• The site offers a secure environment to purchase
products
• Site is technically reliable
• The content is up to date
• Products ordered are delivered in a timely fashion
NOP Interactive on-line
The Building Blocks of Trust - Consumer
• Brand reputation
• Site Interaction:
– Ease of use, presentation, technology
• Fulfilment
• History of transactions
• Privacy policies and disclosure
• Seals of Approval – independent endorsement
Source: Cheskin Research
What Seal is Best?
What do they communicate?
Associate the web site with other parties:
• Merchant level:
– Mastercard, Visa, Amex
• Process/procedures:
– TrustUK, CaseTrust
• Network/CA level:
– Verisign, WebTrust
• Technology:
– IBM e-business mark
• Methodolgies:
– self assessment; independent review e.g. using accountants
Trust and B2B, B2C
Transactions
B2B and B2C Trust Issues
•
•
•
•
Developing trust means minimising risk
User name and password easily broken
Identity theft key issue
Trust Infrastructures must be an integral part
of e-business
• No Trust = No Business
• Prevention is better than cure!
Identity theft
•
•
•
•
•
On the internet you can be anybody
Uses valid cards and identities
Easy to trap in the physical world
Ideal for digital products
It’s your son using your credit card
The Tools are a Click Away!
Credit Card Generators
•
•
•
•
•
•
Windows based software
Use “legitimate” BIN’s
Can generate 1000’s of VALID credit cards
Worldwide coverage
Anonymous
Ideal for digital products
Trust: Our Business Backbone
e-Merchant Enabling
Risk Management
Payment Systems
Image Security
Powerful Partner
RBS/NatWest Group
Global Infrastructure
24x7 Secure Servers
Leading Edge
Technology
Strong
Management Team
T
R
U
S
T
ASP Solutions
Advanced Tool Kits
T.O.M
SmartMerchant
e-Procurement
TenderTrust
SNAP
Local Lease
Where TrustMarque Puts Trust into e-Commerce
TENDERTRUST
RISK GUARDIAN
MARQUEIT
LOCALLEASE
TRUST SPECTRUM
’MEDIUM'
'SOFT'
No digital certificate
Risk management
'HARD'
One time, short term,
Software certificates Digital Certificates
OUTSOURCED REGISTRATION AUTHORITY
Policy, Trusted Time, Managed
Service,
Procedures
Banking Strength Digital
certificates
Rigorous authenticity
Smart Cards
USB Dongles
Encryption
Liability/Guarantees
Compliance with Identrus
and APACS ECPS Schemes
How Trustworthy is the Transaction?
“Credit card fraud is growing and accounts for 25% of all on-line transactions.
Credit card generators are freely available identity theft is common”
RiskGuardian
Helping e-merchants reduce
credit card fraud
• The most comprehensive
system to intercept
attempted fraud.
• Platform independent.
• User definable settings
• Low cost
• Plug & Play installation
• Integration into core
payment systems
Protecting the Seal of Approval - MarqueIT
• Useful for any organisation
wishing to protect their logo
• Logo fired onto site, locked
to IP address and site
• No copying of logo allowed
• All activity tracked and
recorded
Protection using Triangulation
TrustUK – In Action
TrustUK - In Action
TrustUK - Validation Window
B2B Trust
• How do you trust on-line business partners:
• Who are you doing business with
Solutions:
• Digital certificates to ensure identity
• Ratings service that assist in supplier evaluation
• Sophisticated payment, risk management, insurance
and inspection services to mitigate risk
• Risk Protection insurance
The Business Building Blocks of Trust
Requires implementation of best business practices:
Authentication, verification, confidentiality, transaction integrity
Applications
Business
Processes
Technology
{
{
Identity Checks Liability/Protection
Trust Policies
Trust Procedures
Security
PKI Infrastructure
PKI – More Than Technology!
Technology Hardware &
Software
10%
Technical
Skills,
Expertise &
People
30%
Delivery &
Operations
25%
Procedures
20%
Policy
15%
TenderTrust
• The world’s first smart card digital certificate
• Internet e-tendering solution
• Franchise Program for other Banks/partners
TenderTrust
Certificates
Cert. Revocation
Time stamping
Check identity & validity
TenderTrust
e.g. Credit
Checking
Carry out
Third Party
other services Services
Certification Provider
Alert ITT opportunity
Publish
Supplier
Intranet ?
Internet
Prepare response
Deliver Tenders
Submit response
Create ITT or RFP
Purchaser
Security
 Digital certificates and signatures
held on TenderTrust smartcard
 Developed to X509 banking strength
by the Royal Bank of Scotland
 Proven identity
 Validity of certificate checked with every use
 Irrefutable audit trail
 Bank provides digital certificates, trusted time, CA/RA function
Secure storage of ITT’s and responses
Summary
• Trust is the backbone of e-commerce for both B2C
and B2B markets
• Consumers gain trust from many signals
• B2B trust solutions can range from ‘soft’ to ‘hard’.
Ideally they should be backed by digital certificates,
which can range from medium to high strength.
• For trust to be implemented it needs infrastructure
that includes technology, processes and associated
trust procedures and methodologies
Trusted e-Commerce: It Matters!
John Williams
CEO
TrustMarque International Limited
[email protected]