1 / 46

The State of eCommerce

The State of eCommerce. David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999. Consider the shopper. Can’t find your store Can’t find the right product Can’t determine prices and shipping ahead of time Can’t pay easily Can’t get decent service and support.

bliss
Download Presentation

The State of eCommerce

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999

  2. Consider the shopper • Can’t find your store • Can’t find the right product • Can’t determine prices and shipping ahead of time • Can’t pay easily • Can’t get decent service and support

  3. Consider the developer • Poor quality of tools to build storefronts • Need to integrate several products for any solution • Have to deal with credit card snooping perceptions • And still have to satisfy customers!

  4. It is a wonder anyone can buy anything on the web! • BMW with page not found error • Gap missing any search function • Netmar payment screen confusing • Singapore jewelry directory outdated

  5. Rent, buy, or build your store • Rent: outsource to a CSP • Buy suite of software • Build it yourself

  6. The cold hard reality of suites • Suites are nothing more than collection of products • Lack integration among various elements • Difficult to setup, customize, and use • Require you to live “inside” their structure • Limited payment options • Sounds like early MS Office

  7. Trends • Suites will get better, but no one will really care • Rental options will continue to get cheaper and more functional • Web/database integration still difficult problem that suites are ignoring • Backoffice integration still difficult problem but getting better

  8. Technology status report • SSL vs. SET • eWallets • eCommerce hosting providers • Payment providers

  9. SSL Server authentication Merchant certificate as legitimate business Possible for client authentication Not tied to payment method Privacy Encrypted message to merchant includes account number Integrity Message authenticity check SET Server authentication Merchant certificate tied to accept payment brands Customer authentication Digital certificate tied to certain payment method Privacy Encrypted message does not pass account number to merchant Integrity Hash/message envelope SSL vs. SET

  10. SET issues • Implementation of SET has some big drawbacks: • Lack of interoperability among systems • Management of public key infrastructure • Distribution of digital certificates requires action on the part of the consumer • Will banks want to become cert authorities? • And who will pay for all this? • Meanwhile, eCommerce goes on

  11. The future of SET • Non-repudiation of transactions through digital certificates for both merchant and customer • SET may be the industry standard for payments, but yet to be implemented • It will be far more difficult for a customer to claim no knowledge of a transaction • Demonstrations continue

  12. Some problems with eWallets • Not transferable to other wallets • Tied to a single PC • Not available for use at many web storefronts • Just solve a small part of the overall payment process • And they just don’t work!

  13. Trends • eWallets will eventually go away • SET becomes a server-side issue • SSL still dominates eCommerce transactions for many years

  14. Interoperability is the key • Wallets will become widely used when the following events occur: • Mass distribution of wallets to consumers is easily made • Will be accepted by all merchants, regardless of wallet brand or payment brand • Don’t require PKI knowledge or computing expertise

  15. Turnkey eCommerce hosting providers • GeoShop/Yahoo • ViaWeb/Yahoo • iCat • Shopsite/Open Market • iTool • Shopzone • Encanto

  16. What they have in common • Relatively easy to setup simple storefronts • Relatively difficult to setup anything else! • Payments, order processing still mostly a manual effort • Limited catalog and page controls • But good to learn about eCommerce!

  17. Case study: Encanto • Started out selling hardware appliance • Now sells eCommerce hosting services and gives away the box • Will they make it on monthly fees? • Best explanation of payment process around but took it off their web site!

  18. The state of payment systems • Today the vast majority of web payments are with SSL forms and credit cards • Many new directions for payments, but still far from general acceptance • Banks at odds with software developers

  19. Remember the old payment providers? • Digicash • Cybercash (first generation) • First Virtual • Mondex • GlobeID

  20. Too complex to implement Too much cumbersome infrastructure Not too many stores took their kind of money Too many other technical challenges Solved the wrong problem first (credit card snooping) Why didn’t they work?

  21. Today’s sessions • Choosing the right payment provider • New alternatives to PKI for authentication • Securing and integrating web and database servers • Web switching and caching • Preventing cyberfraud • PKI application implications

  22. Our moderators • Christy Hudgins-Bonafield • Victor Danevich • Greg Yerxa • Greg Shipley • Jon Udell

  23. Session 1: Choosing the right eCommerce payment provider Christy Hudgins-Bonafield Brian Boesch, Cybercash David Strom, David Strom Inc.

  24. Why use any payment system? • Automate existing business practice (POs, procurement, supply chain, etc.) • Non-human transactions, businss-to-business

  25. Three choices • Outsource everything (Evergreen, BofA, Amazon zShops) • Use Cybercash online system • Use PC POS (Tellan, PC Authorize)

  26. Issues • Real time or batch authorization • Real time or batch capture/posting of transactions • Fraud detection • Whether or not physical goods are involved • Scalability, reliability • Where and how customer account data is stored

  27. Diversity issues • Shopping carts used to keep track of sessions vs. committed order processing • Rich reporting tools, backup, management, history/log • Open interfaces to extract information and use across different legacy payment models

  28. Three different levels of security • Transaction level • Session level • Membership and directory level

  29. What is the goal? • To safeguard user identity and payment information • Across all transactions, sessions, and wherever membership information is stored • And to ensure that accurate transactions occur!

  30. Transaction level security • Identity must be coupled with transactions • Transactions must be persistent and grouped for optimal payment authorization and processing

  31. Session level security • Identity must be constantly verified during eCommerce session and especially when transactions committed for payment authorization. • Cookies, tokens, SSL

  32. Membership level security • Persistent way to store identity and payment methods. • Must be secure – or face legal consequences! • Critical for business-to-business automation • Must leverage existing business PO authorization systems

  33. All of these are tied to your shopping cart • Usually, cart processes payments and sends to banking network • Demonstration from Perfectotech.com • strom.com/pubwork/ecommerce/testcart.htm

  34. Session 2: Authentication alternatives for secure eCommerce David Strom (516) 944-3407

  35. The old method: SSL/credit cards • How to deal with returning customers? • How to deal with breaks in shopping session? • How to deal with peak loads? • Are they really secure? (Perception vs. reality)

  36. Current authentication methods • Cookies • Database logins • Certs and PKI infrastructure

  37. Do you really want to do this? • Setup CA server • Generate a secure root CA • Train Reg Authorities to manage certs • Develop customer cert policies

  38. New ways to authenticate shoppers • 1Clickcharge.com • qPass.com • Cybercash’s InstaBuy.com • ISP bill-backs (iPin, Trivnet) • eCharge.com • Personalized shopping portals (Shopnow, iGive, eBates) • ECML

  39. Characteristics • Mainly for digital content delivery • Per day pass (WSJ) • Charge 8- 12% per transaction • Universal membership • Aggregate lots of small transactions into one monthly bill • Don’t leave site while completing purchase • Build on “community” and “standards”

  40. ShopNow, eBates • Each user registers and sets up own mini mall with links to stores • Basic rebate program but large collection of stores

  41. iGive • Percentage of sales goes towards charities • Clickthroughs also are measured and accumulate $ • Members have earned $300k for charities so far

  42. iPin, Trivnet • Digital content only • Aggregates purchases and bills your ISP directly • Only works if your ISP and merchant are signed up • Does this sound familiar?

  43. Advantages • Ease of use -- maybe • No credit card transmission over the Internet

  44. Disadvantages • Need to reach critical mass of users almost at launch • Still rely on username/password combination which can be cumbersome • Small companies without a lot of depth • Standards still in play

  45. Why use these any of these services? • Save money • Build loyalty, return visits • Make eCommerce easier? Not sure.

  46. Panel • Brian Smiga, 1ClickCharge • Jamie Fullerton, Inflo • Ted Goldstein, Brodia/ECML.org

More Related