The State of eCommerce David Strom [email_address] (516) 944-3407 TISC Boston 11/12/1999
Consider the shopper <ul><li>Can’t find your store </li></ul><ul><li>Can’t find the right product </li></ul><ul><li>Can’t ...
Consider the developer <ul><li>Poor quality of tools to build storefronts </li></ul><ul><li>Need to integrate several prod...
It is a wonder anyone can buy anything on the web! <ul><li>BMW with page not found error </li></ul><ul><li>Gap missing any...
Rent, buy, or build your store <ul><li>Rent : outsource to a CSP </li></ul><ul><li>Buy  suite of software </li></ul><ul><l...
The cold hard reality of suites  <ul><li>Suites are nothing more than collection of products </li></ul><ul><li>Lack integr...
Trends <ul><li>Suites will get better, but no one will really care </li></ul><ul><li>Rental options will continue to get c...
Technology status report <ul><li>SSL vs. SET </li></ul><ul><li>eWallets </li></ul><ul><li>eCommerce hosting providers </li...
SSL vs. SET <ul><li>SSL </li></ul><ul><li>Server authentication </li></ul><ul><ul><li>Merchant certificate as legitimate b...
SET issues <ul><li>Implementation of SET has some big drawbacks: </li></ul><ul><ul><li>Lack of interoperability among syst...
The future of SET <ul><li>Non-repudiation of transactions through digital certificates for both merchant and customer </li...
Some problems with eWallets <ul><li>Not transferable to other wallets  </li></ul><ul><li>Tied to a single PC </li></ul><ul...
Trends <ul><li>eWallets will eventually go away </li></ul><ul><li>SET becomes a server-side issue </li></ul><ul><li>SSL st...
Interoperability is the key <ul><li>Wallets will become widely used when the following events occur: </li></ul><ul><ul><li...
Turnkey eCommerce hosting providers <ul><li>GeoShop/Yahoo </li></ul><ul><li>ViaWeb/Yahoo </li></ul><ul><li>iCat </li></ul>...
What they have in common <ul><li>Relatively easy to setup simple storefronts </li></ul><ul><li>Relatively difficult to set...
Case study: Encanto <ul><li>Started out selling hardware appliance </li></ul><ul><li>Now sells eCommerce hosting services ...
The state of payment systems <ul><li>Today the vast majority of web payments are with SSL forms and credit cards </li></ul...
Remember the old payment providers? <ul><li>Digicash </li></ul><ul><li>Cybercash (first generation) </li></ul><ul><li>Firs...
Why didn’t they work? <ul><li>Too complex to implement </li></ul><ul><li>Too much cumbersome infrastructure </li></ul><ul>...
Today’s sessions <ul><li>Choosing the right payment provider   </li></ul><ul><li>New alternatives to PKI for authenticatio...
Our moderators <ul><li>Christy Hudgins-Bonafield </li></ul><ul><li>Victor Danevich </li></ul><ul><li>Greg Yerxa  </li></ul...
Session 1:  Choosing the right eCommerce payment provider Christy Hudgins-Bonafield Brian Boesch, Cybercash David Strom, D...
Why use any payment system? <ul><li>Automate existing business practice (POs, procurement, supply chain, etc.) </li></ul><...
Three choices <ul><li>Outsource everything (Evergreen, BofA, Amazon zShops) </li></ul><ul><li>Use Cybercash online system ...
Issues <ul><li>Real time or batch authorization </li></ul><ul><li>Real time or batch capture/posting of transactions </li>...
Diversity issues <ul><li>Shopping carts used to keep track of sessions vs. committed order processing </li></ul><ul><li>Ri...
Three different levels of security <ul><li>Transaction level </li></ul><ul><li>Session level </li></ul><ul><li>Membership ...
What is the goal? <ul><li>To safeguard user identity and payment information </li></ul><ul><li>Across all transactions, se...
Transaction level security <ul><li>Identity must be coupled with transactions </li></ul><ul><li>Transactions must be persi...
Session level security <ul><li>Identity must be constantly verified during eCommerce session and especially when transacti...
Membership level security <ul><li>Persistent way to store identity and payment methods. </li></ul><ul><li>Must be secure –...
All of these are tied to your shopping cart <ul><li>Usually, cart processes payments and sends to banking network </li></u...
Session 2:  Authentication alternatives for secure eCommerce David Strom (516) 944-3407
The old method: SSL/credit cards <ul><li>How to deal with returning customers? </li></ul><ul><li>How to deal with breaks i...
Current authentication methods <ul><li>Cookies </li></ul><ul><li>Database logins </li></ul><ul><li>Certs and PKI infrastru...
Do you really want to do this? <ul><li>Setup CA server  </li></ul><ul><li>Generate a secure root CA </li></ul><ul><li>Trai...
New ways to authenticate shoppers <ul><li>1Clickcharge.com  </li></ul><ul><li>qPass.com  </li></ul><ul><li>Cybercash’s Ins...
Characteristics <ul><li>Mainly for digital content delivery </li></ul><ul><li>Per day pass (WSJ) </li></ul><ul><li>Charge ...
ShopNow, eBates <ul><li>Each user registers and sets up own mini mall with links to stores </li></ul><ul><li>Basic rebate ...
iGive <ul><li>Percentage of sales goes towards charities </li></ul><ul><li>Clickthroughs also are measured and accumulate ...
iPin, Trivnet <ul><li>Digital content only </li></ul><ul><li>Aggregates purchases and bills your ISP directly </li></ul><u...
Advantages <ul><li>Ease of use -- maybe </li></ul><ul><li>No credit card transmission over the Internet </li></ul>
Disadvantages <ul><li>Need to reach critical mass of users almost at launch </li></ul><ul><li>Still rely on username/passw...
Why use these any of these services? <ul><li>Save money </li></ul><ul><li>Build loyalty, return visits </li></ul><ul><li>M...
Panel <ul><li>Brian Smiga, 1ClickCharge </li></ul><ul><li>Jamie Fullerton, Inflo </li></ul><ul><li>Ted Goldstein, Brodia/E...
Upcoming SlideShare
Loading in...5
×

opening keynote on the state of eCommerce

322

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
322
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

opening keynote on the state of eCommerce

  1. 1. The State of eCommerce David Strom [email_address] (516) 944-3407 TISC Boston 11/12/1999
  2. 2. Consider the shopper <ul><li>Can’t find your store </li></ul><ul><li>Can’t find the right product </li></ul><ul><li>Can’t determine prices and shipping ahead of time </li></ul><ul><li>Can’t pay easily </li></ul><ul><li>Can’t get decent service and support </li></ul>
  3. 3. Consider the developer <ul><li>Poor quality of tools to build storefronts </li></ul><ul><li>Need to integrate several products for any solution </li></ul><ul><li>Have to deal with credit card snooping perceptions </li></ul><ul><li>And still have to satisfy customers! </li></ul>
  4. 4. It is a wonder anyone can buy anything on the web! <ul><li>BMW with page not found error </li></ul><ul><li>Gap missing any search function </li></ul><ul><li>Netmar payment screen confusing </li></ul><ul><li>Singapore jewelry directory outdated </li></ul>
  5. 5. Rent, buy, or build your store <ul><li>Rent : outsource to a CSP </li></ul><ul><li>Buy suite of software </li></ul><ul><li>Build it yourself </li></ul>
  6. 6. The cold hard reality of suites <ul><li>Suites are nothing more than collection of products </li></ul><ul><li>Lack integration among various elements </li></ul><ul><li>Difficult to setup, customize, and use </li></ul><ul><li>Require you to live “inside” their structure </li></ul><ul><li>Limited payment options </li></ul><ul><li>Sounds like early MS Office </li></ul>
  7. 7. Trends <ul><li>Suites will get better, but no one will really care </li></ul><ul><li>Rental options will continue to get cheaper and more functional </li></ul><ul><li>Web/database integration still difficult problem that suites are ignoring </li></ul><ul><li>Backoffice integration still difficult problem but getting better </li></ul>
  8. 8. Technology status report <ul><li>SSL vs. SET </li></ul><ul><li>eWallets </li></ul><ul><li>eCommerce hosting providers </li></ul><ul><li>Payment providers </li></ul>
  9. 9. SSL vs. SET <ul><li>SSL </li></ul><ul><li>Server authentication </li></ul><ul><ul><li>Merchant certificate as legitimate business </li></ul></ul><ul><li>Possible for client authentication </li></ul><ul><ul><li>Not tied to payment method </li></ul></ul><ul><li>Privacy </li></ul><ul><ul><li>Encrypted message to merchant includes account number </li></ul></ul><ul><li>Integrity </li></ul><ul><ul><li>Message authenticity check </li></ul></ul><ul><li>SET </li></ul><ul><li>Server authentication </li></ul><ul><ul><li>Merchant certificate tied to accept payment brands </li></ul></ul><ul><li>Customer authentication </li></ul><ul><ul><li>Digital certificate tied to certain payment method </li></ul></ul><ul><li>Privacy </li></ul><ul><ul><li>Encrypted message does not pass account number to merchant </li></ul></ul><ul><li>Integrity </li></ul><ul><ul><li>Hash/message envelope </li></ul></ul>
  10. 10. SET issues <ul><li>Implementation of SET has some big drawbacks: </li></ul><ul><ul><li>Lack of interoperability among systems </li></ul></ul><ul><ul><li>Management of public key infrastructure </li></ul></ul><ul><ul><li>Distribution of digital certificates requires action on the part of the consumer </li></ul></ul><ul><ul><li>Will banks want to become cert authorities? </li></ul></ul><ul><li>And who will pay for all this? </li></ul><ul><li>Meanwhile, eCommerce goes on </li></ul>
  11. 11. The future of SET <ul><li>Non-repudiation of transactions through digital certificates for both merchant and customer </li></ul><ul><li>SET may be the industry standard for payments, but yet to be implemented </li></ul><ul><li>It will be far more difficult for a customer to claim no knowledge of a transaction </li></ul><ul><li>Demonstrations continue </li></ul>
  12. 12. Some problems with eWallets <ul><li>Not transferable to other wallets </li></ul><ul><li>Tied to a single PC </li></ul><ul><li>Not available for use at many web storefronts </li></ul><ul><li>Just solve a small part of the overall payment process </li></ul><ul><li>And they just don’t work! </li></ul>
  13. 13. Trends <ul><li>eWallets will eventually go away </li></ul><ul><li>SET becomes a server-side issue </li></ul><ul><li>SSL still dominates eCommerce transactions for many years </li></ul>
  14. 14. Interoperability is the key <ul><li>Wallets will become widely used when the following events occur: </li></ul><ul><ul><li>Mass distribution of wallets to consumers is easily made </li></ul></ul><ul><ul><li>Will be accepted by all merchants, regardless of wallet brand or payment brand </li></ul></ul><ul><ul><li>Don’t require PKI knowledge or computing expertise </li></ul></ul>
  15. 15. Turnkey eCommerce hosting providers <ul><li>GeoShop/Yahoo </li></ul><ul><li>ViaWeb/Yahoo </li></ul><ul><li>iCat </li></ul><ul><li>Shopsite/Open Market </li></ul><ul><li>iTool </li></ul><ul><li>Shopzone </li></ul><ul><li>Encanto </li></ul>
  16. 16. What they have in common <ul><li>Relatively easy to setup simple storefronts </li></ul><ul><li>Relatively difficult to setup anything else! </li></ul><ul><li>Payments, order processing still mostly a manual effort </li></ul><ul><li>Limited catalog and page controls </li></ul><ul><li>But good to learn about eCommerce! </li></ul>
  17. 17. Case study: Encanto <ul><li>Started out selling hardware appliance </li></ul><ul><li>Now sells eCommerce hosting services and gives away the box </li></ul><ul><li>Will they make it on monthly fees? </li></ul><ul><li>Best explanation of payment process around but took it off their web site! </li></ul>
  18. 18. The state of payment systems <ul><li>Today the vast majority of web payments are with SSL forms and credit cards </li></ul><ul><li>Many new directions for payments, but still far from general acceptance </li></ul><ul><li>Banks at odds with software developers </li></ul>
  19. 19. Remember the old payment providers? <ul><li>Digicash </li></ul><ul><li>Cybercash (first generation) </li></ul><ul><li>First Virtual </li></ul><ul><li>Mondex </li></ul><ul><li>GlobeID </li></ul>
  20. 20. Why didn’t they work? <ul><li>Too complex to implement </li></ul><ul><li>Too much cumbersome infrastructure </li></ul><ul><li>Not too many stores took their kind of money </li></ul><ul><li>Too many other technical challenges </li></ul><ul><li>Solved the wrong problem first (credit card snooping) </li></ul>
  21. 21. Today’s sessions <ul><li>Choosing the right payment provider </li></ul><ul><li>New alternatives to PKI for authentication </li></ul><ul><li>Securing and integrating web and database servers </li></ul><ul><li>Web switching and caching </li></ul><ul><li>Preventing cyberfraud </li></ul><ul><li>PKI application implications </li></ul>
  22. 22. Our moderators <ul><li>Christy Hudgins-Bonafield </li></ul><ul><li>Victor Danevich </li></ul><ul><li>Greg Yerxa </li></ul><ul><li>Greg Shipley </li></ul><ul><li>Jon Udell </li></ul>
  23. 23. Session 1: Choosing the right eCommerce payment provider Christy Hudgins-Bonafield Brian Boesch, Cybercash David Strom, David Strom Inc.
  24. 24. Why use any payment system? <ul><li>Automate existing business practice (POs, procurement, supply chain, etc.) </li></ul><ul><li>Non-human transactions, businss-to-business </li></ul>
  25. 25. Three choices <ul><li>Outsource everything (Evergreen, BofA, Amazon zShops) </li></ul><ul><li>Use Cybercash online system </li></ul><ul><li>Use PC POS (Tellan, PC Authorize) </li></ul>
  26. 26. Issues <ul><li>Real time or batch authorization </li></ul><ul><li>Real time or batch capture/posting of transactions </li></ul><ul><li>Fraud detection </li></ul><ul><li>Whether or not physical goods are involved </li></ul><ul><li>Scalability, reliability </li></ul><ul><li>Where and how customer account data is stored </li></ul>
  27. 27. Diversity issues <ul><li>Shopping carts used to keep track of sessions vs. committed order processing </li></ul><ul><li>Rich reporting tools, backup, management, history/log </li></ul><ul><li>Open interfaces to extract information and use across different legacy payment models </li></ul>
  28. 28. Three different levels of security <ul><li>Transaction level </li></ul><ul><li>Session level </li></ul><ul><li>Membership and directory level </li></ul>
  29. 29. What is the goal? <ul><li>To safeguard user identity and payment information </li></ul><ul><li>Across all transactions, sessions, and wherever membership information is stored </li></ul><ul><li>And to ensure that accurate transactions occur! </li></ul>
  30. 30. Transaction level security <ul><li>Identity must be coupled with transactions </li></ul><ul><li>Transactions must be persistent and grouped for optimal payment authorization and processing </li></ul>
  31. 31. Session level security <ul><li>Identity must be constantly verified during eCommerce session and especially when transactions committed for payment authorization. </li></ul><ul><li>Cookies, tokens, SSL </li></ul>
  32. 32. Membership level security <ul><li>Persistent way to store identity and payment methods. </li></ul><ul><li>Must be secure – or face legal consequences! </li></ul><ul><li>Critical for business-to-business automation </li></ul><ul><li>Must leverage existing business PO authorization systems </li></ul>
  33. 33. All of these are tied to your shopping cart <ul><li>Usually, cart processes payments and sends to banking network </li></ul><ul><li>Demonstration from Perfectotech.com </li></ul><ul><li>strom.com/pubwork/ecommerce/testcart.htm </li></ul>
  34. 34. Session 2: Authentication alternatives for secure eCommerce David Strom (516) 944-3407
  35. 35. The old method: SSL/credit cards <ul><li>How to deal with returning customers? </li></ul><ul><li>How to deal with breaks in shopping session? </li></ul><ul><li>How to deal with peak loads? </li></ul><ul><li>Are they really secure? (Perception vs. reality) </li></ul>
  36. 36. Current authentication methods <ul><li>Cookies </li></ul><ul><li>Database logins </li></ul><ul><li>Certs and PKI infrastructure </li></ul>
  37. 37. Do you really want to do this? <ul><li>Setup CA server </li></ul><ul><li>Generate a secure root CA </li></ul><ul><li>Train Reg Authorities to manage certs </li></ul><ul><li>Develop customer cert policies </li></ul>
  38. 38. New ways to authenticate shoppers <ul><li>1Clickcharge.com </li></ul><ul><li>qPass.com </li></ul><ul><li>Cybercash’s InstaBuy.com </li></ul><ul><li>ISP bill-backs (iPin, Trivnet) </li></ul><ul><li>eCharge.com </li></ul><ul><li>Personalized shopping portals (Shopnow, iGive, eBates) </li></ul><ul><li>ECML </li></ul>
  39. 39. Characteristics <ul><li>Mainly for digital content delivery </li></ul><ul><li>Per day pass (WSJ) </li></ul><ul><li>Charge 8- 12% per transaction </li></ul><ul><li>Universal membership </li></ul><ul><li>Aggregate lots of small transactions into one monthly bill </li></ul><ul><li>Don’t leave site while completing purchase </li></ul><ul><li>Build on “community” and “standards” </li></ul>
  40. 40. ShopNow, eBates <ul><li>Each user registers and sets up own mini mall with links to stores </li></ul><ul><li>Basic rebate program but large collection of stores </li></ul>
  41. 41. iGive <ul><li>Percentage of sales goes towards charities </li></ul><ul><li>Clickthroughs also are measured and accumulate $ </li></ul><ul><li>Members have earned $300k for charities so far </li></ul>
  42. 42. iPin, Trivnet <ul><li>Digital content only </li></ul><ul><li>Aggregates purchases and bills your ISP directly </li></ul><ul><li>Only works if your ISP and merchant are signed up </li></ul><ul><li>Does this sound familiar? </li></ul>
  43. 43. Advantages <ul><li>Ease of use -- maybe </li></ul><ul><li>No credit card transmission over the Internet </li></ul>
  44. 44. Disadvantages <ul><li>Need to reach critical mass of users almost at launch </li></ul><ul><li>Still rely on username/password combination which can be cumbersome </li></ul><ul><li>Small companies without a lot of depth </li></ul><ul><li>Standards still in play </li></ul>
  45. 45. Why use these any of these services? <ul><li>Save money </li></ul><ul><li>Build loyalty, return visits </li></ul><ul><li>Make eCommerce easier? Not sure. </li></ul>
  46. 46. Panel <ul><li>Brian Smiga, 1ClickCharge </li></ul><ul><li>Jamie Fullerton, Inflo </li></ul><ul><li>Ted Goldstein, Brodia/ECML.org </li></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×