The State of eCommerce David Strom [email protected] (516) 944-3407 TISC Boston 11/12/1999.
-
date post
18-Dec-2015 -
Category
Documents
-
view
218 -
download
0
Transcript of The State of eCommerce David Strom [email protected] (516) 944-3407 TISC Boston 11/12/1999.
![Page 2: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/2.jpg)
2
Consider the shopper
• Can’t find your store
• Can’t find the right product
• Can’t determine prices and shipping ahead of time
• Can’t pay easily
• Can’t get decent service and support
![Page 3: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/3.jpg)
3
Consider the developer
• Poor quality of tools to build storefronts
• Need to integrate several products for any solution
• Have to deal with credit card snooping perceptions
• And still have to satisfy customers!
![Page 4: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/4.jpg)
4
It is a wonder anyone can buy anything on the web!
• BMW with page not found error
• Gap missing any search function
• Netmar payment screen confusing
• Singapore jewelry directory outdated
![Page 5: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/5.jpg)
5
Rent, buy, or build your store
• Rent: outsource to a CSP
• Buy suite of software
• Build it yourself
![Page 6: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/6.jpg)
6
The cold hard reality of suites
• Suites are nothing more than collection of products
• Lack integration among various elements
• Difficult to setup, customize, and use
• Require you to live “inside” their structure
• Limited payment options
• Sounds like early MS Office
![Page 7: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/7.jpg)
7
Trends
• Suites will get better, but no one will really care
• Rental options will continue to get cheaper and more functional
• Web/database integration still difficult problem that suites are ignoring
• Backoffice integration still difficult problem but getting better
![Page 8: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/8.jpg)
8
Technology status report
• SSL vs. SET
• eWallets
• eCommerce hosting providers
• Payment providers
![Page 9: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/9.jpg)
9
SSL vs. SETSSL
• Server authentication– Merchant certificate as
legitimate business
• Possible for client authentication– Not tied to payment method
• Privacy– Encrypted message to merchant
includes account number
• Integrity– Message authenticity check
SET• Server authentication
– Merchant certificate tied to accept payment brands
• Customer authentication– Digital certificate tied to
certain payment method
• Privacy– Encrypted message does not
pass account number to merchant
• Integrity– Hash/message envelope
![Page 10: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/10.jpg)
10
SET issues• Implementation of SET has some big drawbacks:
– Lack of interoperability among systems
– Management of public key infrastructure
– Distribution of digital certificates requires action on the part of the consumer
– Will banks want to become cert authorities?
• And who will pay for all this?• Meanwhile, eCommerce goes on
![Page 11: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/11.jpg)
11
The future of SET
• Non-repudiation of transactions through digital certificates for both merchant and customer
• SET may be the industry standard for payments, but yet to be implemented
• It will be far more difficult for a customer to claim no knowledge of a transaction
• Demonstrations continue
![Page 12: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/12.jpg)
12
Some problems with eWallets• Not transferable to other wallets
• Tied to a single PC
• Not available for use at many web storefronts
• Just solve a small part of the overall payment process
• And they just don’t work!
![Page 13: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/13.jpg)
13
Trends
• eWallets will eventually go away
• SET becomes a server-side issue
• SSL still dominates eCommerce transactions for many years
![Page 14: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/14.jpg)
14
Interoperability is the key
• Wallets will become widely used when the following events occur:– Mass distribution of wallets to consumers is
easily made– Will be accepted by all merchants, regardless of
wallet brand or payment brand– Don’t require PKI knowledge or computing
expertise
![Page 15: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/15.jpg)
15
Turnkey eCommerce hosting providers
• GeoShop/Yahoo
• ViaWeb/Yahoo
• iCat
• Shopsite/Open Market
• iTool
• Shopzone
• Encanto
![Page 16: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/16.jpg)
16
What they have in common
• Relatively easy to setup simple storefronts
• Relatively difficult to setup anything else!
• Payments, order processing still mostly a manual effort
• Limited catalog and page controls
• But good to learn about eCommerce!
![Page 17: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/17.jpg)
17
Case study: Encanto
• Started out selling hardware appliance
• Now sells eCommerce hosting services and gives away the box
• Will they make it on monthly fees?
• Best explanation of payment process around but took it off their web site!
![Page 18: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/18.jpg)
18
The state of payment systems
• Today the vast majority of web payments are with SSL forms and credit cards
• Many new directions for payments, but still far from general acceptance
• Banks at odds with software developers
![Page 19: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/19.jpg)
19
Remember the old payment providers?
• Digicash
• Cybercash (first generation)
• First Virtual
• Mondex
• GlobeID
![Page 20: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/20.jpg)
20
Why didn’t they work?
• Too complex to implement
• Too much cumbersome infrastructure
• Not too many stores took their kind of money
• Too many other technical challenges
• Solved the wrong problem first (credit card snooping)
![Page 21: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/21.jpg)
21
Today’s sessions
• Choosing the right payment provider
• New alternatives to PKI for authentication
• Securing and integrating web and database servers
• Web switching and caching
• Preventing cyberfraud
• PKI application implications
![Page 22: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/22.jpg)
22
Our moderators
• Christy Hudgins-Bonafield
• Victor Danevich
• Greg Yerxa
• Greg Shipley
• Jon Udell
![Page 23: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/23.jpg)
Session 1: Choosing the right eCommerce
payment provider
Christy Hudgins-Bonafield
Brian Boesch, Cybercash
David Strom, David Strom Inc.
![Page 24: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/24.jpg)
24
Why use any payment system?
• Automate existing business practice (POs, procurement, supply chain, etc.)
• Non-human transactions, businss-to-business
![Page 25: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/25.jpg)
25
Three choices
• Outsource everything (Evergreen, BofA, Amazon zShops)
• Use Cybercash online system
• Use PC POS (Tellan, PC Authorize)
![Page 26: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/26.jpg)
26
Issues
• Real time or batch authorization• Real time or batch capture/posting of
transactions• Fraud detection• Whether or not physical goods are involved• Scalability, reliability• Where and how customer account data is
stored
![Page 27: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/27.jpg)
27
Diversity issues
• Shopping carts used to keep track of sessions vs. committed order processing
• Rich reporting tools, backup, management, history/log
• Open interfaces to extract information and use across different legacy payment models
![Page 28: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/28.jpg)
28
Three different levels of security
• Transaction level
• Session level
• Membership and directory level
![Page 29: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/29.jpg)
29
What is the goal?
• To safeguard user identity and payment information
• Across all transactions, sessions, and wherever membership information is stored
• And to ensure that accurate transactions occur!
![Page 30: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/30.jpg)
30
Transaction level security
• Identity must be coupled with transactions
• Transactions must be persistent and grouped for optimal payment authorization and processing
![Page 31: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/31.jpg)
31
Session level security
• Identity must be constantly verified during eCommerce session and especially when transactions committed for payment authorization.
• Cookies, tokens, SSL
![Page 32: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/32.jpg)
32
Membership level security
• Persistent way to store identity and payment methods.
• Must be secure – or face legal consequences!
• Critical for business-to-business automation
• Must leverage existing business PO authorization systems
![Page 33: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/33.jpg)
33
All of these are tied to your shopping cart
• Usually, cart processes payments and sends to banking network
• Demonstration from Perfectotech.com• strom.com/pubwork/ecommerce/testcart.htm
![Page 34: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/34.jpg)
Session 2: Authentication alternatives for
secure eCommerceDavid Strom
(516) 944-3407
![Page 35: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/35.jpg)
35
The old method: SSL/credit cards
• How to deal with returning customers?
• How to deal with breaks in shopping session?
• How to deal with peak loads?
• Are they really secure? (Perception vs. reality)
![Page 36: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/36.jpg)
36
Current authentication methods
• Cookies
• Database logins
• Certs and PKI infrastructure
![Page 37: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/37.jpg)
37
Do you really want to do this?
• Setup CA server
• Generate a secure root CA
• Train Reg Authorities to manage certs
• Develop customer cert policies
![Page 38: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/38.jpg)
38
New ways to authenticate shoppers
• 1Clickcharge.com
• qPass.com
• Cybercash’s InstaBuy.com
• ISP bill-backs (iPin, Trivnet)
• eCharge.com
• Personalized shopping portals (Shopnow, iGive, eBates)
• ECML
![Page 39: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/39.jpg)
39
Characteristics
• Mainly for digital content delivery
• Per day pass (WSJ)
• Charge 8- 12% per transaction
• Universal membership
• Aggregate lots of small transactions into one monthly bill
• Don’t leave site while completing purchase
• Build on “community” and “standards”
![Page 40: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/40.jpg)
40
ShopNow, eBates
• Each user registers and sets up own mini mall with links to stores
• Basic rebate program but large collection of stores
![Page 41: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/41.jpg)
41
iGive
• Percentage of sales goes towards charities
• Clickthroughs also are measured and accumulate $
• Members have earned $300k for charities so far
![Page 42: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/42.jpg)
42
iPin, Trivnet
• Digital content only
• Aggregates purchases and bills your ISP directly
• Only works if your ISP and merchant are signed up
• Does this sound familiar?
![Page 43: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/43.jpg)
43
Advantages
• Ease of use -- maybe
• No credit card transmission over the Internet
![Page 44: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/44.jpg)
44
Disadvantages
• Need to reach critical mass of users almost at launch
• Still rely on username/password combination which can be cumbersome
• Small companies without a lot of depth
• Standards still in play
![Page 45: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/45.jpg)
45
Why use these any of these services?
• Save money
• Build loyalty, return visits
• Make eCommerce easier? Not sure.
![Page 46: The State of eCommerce David Strom david@strom.com (516) 944-3407 TISC Boston 11/12/1999.](https://reader036.fdocuments.net/reader036/viewer/2022062320/56649d225503460f949f8b62/html5/thumbnails/46.jpg)
46
Panel
• Brian Smiga, 1ClickCharge
• Jamie Fullerton, Inflo
• Ted Goldstein, Brodia/ECML.org