Electronic Commerce on the Web
(E-Commerce)
CS6204 - Java and the
WWW
CS4984 - WWW: The
Underlying Technology
Patrick Brooks and Marc Abrams
References:
WWW has Caused Tremendous Change to Business
-
Online catalogs
-
Technical support
-
Product announcements
-
Advertising
-
Financial Information
Current Big Issues
-
Secure payment schemes
-
Microcent transactions
Secure Payment Schemes
Major issue restraining commercial use of WWW is lack of a common, trusted,
secure payment system.
Most people want a payment scheme that does not require credit card
numbers to be sent.
Payment Schemes
-
First Virtual
-
CyberCash
-
NetBill
-
Digicash
-
Millicent
-
MasterCard's Secure Electronic Transactions (SET)
-
Designed for low to medium priced software and fee-for-service information
purchases
-
Requires no special software or hardware on customer end or vendor end
-
Procedure:
-
Customer first sets up an account with credit card over phone
-
Customer then receives a VirtualPIN (ID number)
-
When customer makes a purchase on a Web page, (s)he provides their VirtualPIN
instead of a credit card number.
-
First Virtual will later send customer e-mail to confirm order, and customer
must reply approve or disapprove. So customer can detect
a fraudulent transaction if you get e-mail for a transaction you never
made.
-
All money transfers done off Internet
-
Cost to customer is $2 annual fee, cost to vendor is $0.29 per transactions
plus 2% of price.
A First Virtual Transaction
-
Customer gives VirtualPIN to vendor
-
Vendor verifies VirtualPIN through finger, telnet, email, or First Virtual
Application Programming Interface
-
Vendor emails First Virtual with VitualPIN and amount of sale
-
First Virtual confirms transaction with user through email
-
User answers email with 'yes', 'no', or 'fraud' (to immediately cancel
VirtualPIN)
-
First Virtual bills user's credit card, notifies vendor of confirmed transaction,
deposits funds into vendor's account
-
Both a debit and credit card system
-
Customer intalls specialized software on his/her computer for credit card
mode
-
Credit card transactions permitted
-
World-wide export license of 1024-bit RSA encryption algorithm
-
Offers electronic coin (CyberCoin) as micropayment product ($0.25 to $10)
-
Browser independent
-
Netscape bundled CyberCash's CyberCoin into Netscape LivePayment
A CyberCash Transaction
-
Procedure:
-
User chooses item, vendor returns invoice
-
When WWW browser requests credit card number, Cybercash software pops up
a wndow requesting number.
-
Encrypted number is sent to vendor's server.
-
Vendor strips order info from payment info (credit card/account number
remains encrypted)
-
Vendor forwards encrypted payment info to CyberCash Corporation
-
CyberCash decrypts and sends transaction to merchant bank, which passes
credit card information to credit card vendor
-
Credit card vendor returns authorization to merchant bank
-
Merchant bank returns authorization to CyberCash
-
CyberCash sends authorization to vendor
-
Vendor passes product to consumer
-
Total time (claimed by CyberCash) 15 - 20 seconds
NetBill
-
Electronic commerce project developed at Carnegie Mellon
-
NetBill accounts linked to conventional financial institutions
-
Kerberos authentication at intermediate stages, RSA public key at final
stages
-
Requires 'Money Tool' software on user's machine
A NetBill Transaction
-
Customer chooses item, window pops up with order info -- user clicks 'Buy'
-
Vendor sends encrypted product to customer's machine
-
Vendor sends verification of encrypted transport, account info and decryption
key to NetBill
-
NetBill confirms sufficient funds, stores key, and returns report to vendor
-
Vendor sends decryption key to customer
-
Customer's software decrypts product
-
A product of Netherlands Digicash Company
-
A debit system that provides an electronic checking account.
-
Customers make a lump sum deposit to a bank (Mark Twain in St. Louis, EUnet
of Finland) and receive "E-cash" or coins.
-
From that point, coins exist on local hard drive (can be replaced like
travelers checks)
-
Software installed on client machine handles transactions
-
Uses public-key cryptography
-
Anonymous, like physical cash
-
Double spending problem
-
Requires special software on customer and vendor machines.
Proposed by MasterCard and VISA.
SET is an open industry protocol that details how payment card transactions
on the Internet and other open networks will be secured using encryption
technology and digital identification.
Vendors Supporting SET
GTE
IBM
Microsoft
Netscape
SAIC
Terisa Systems
Verisign
Visa
Netscape's encryption will encode and approve credit card purchases;
no additional software will be required.
E-Commerce Steps Covered by SET
-
Bowsing and Shopping
-
Merchant and Item Selection
-
Negotiation and Ordering
-
Payment Selection
-
SET -> Payment Authorization and Transport
-
SET -> Confirmation and Inquiry
-
Delivery of Goods
-
SET -> Merchant Reimbursement
Transaction Steps
-
Cardholder shops, selects item, optionally negotiates price (e.g., for
merchants that match competitors' prices)
-
Cardholder sends electronic order form to merchant's server along with
digitally signed payment instructions. This step requires cardholder
to possess one or more certificates.
-
Merchant requests payment authorization from the cardholder’s financial
institution via an organization called an acquirer (a financial
institution)."The Acquirer incorporates the authorization data into a request
that is sent via a payment network for processing by the financial institution
(Issuer) that issued the payment card to the cardholder." [SET]
-
Merchant ships ordered item.
-
Merchant requests payment from the cardholder’s financial institution via
acquirer.
Fuji Bank of Japan is piloting world's largest Internet debit card project,
and is first company to use SET security protocol for an online debit card
transaction.
Fuji uses IBM's CommercePOINT* payment software including:
-
Consumer wallet, for Internet shopping and payment
-
Merchant server, which uses IBM Net.Commerce* SET-enabled system.
Uses DB2 database in back-end.
-
Acquirer gateway, which allows Fuji to capture Internet debit transactions
for processing
-
IBM Registry* for SET, providing certificate authority to issue digital
identities to consumers and merchants
Millicent Proposal (DEC)
-
'Scrip' is electronic currency
-
Each vendor issues their own scrip to brokers
-
Brokers issue broker scrip to customers so customers don't need to buy
each vendor's scrip
-
Goal to reduce costs and increase transaction rate -- makes microcent transactions
feasible
Microcent Transactions
-
Online services have individual items that could be sold for a fraction
of a cent
-
Web pages, newspaper articles, stock prices, horoscopes, academic papers
-
USA Today from Monday, Oct. 21 had roughly 126 articles and cost $0.50
= $0.0040 cents/article
-
Some articles could be broken into smaller pieces
Why Microcent?
-
Users more likely to create a $0.001 relationship with an unknown vendor
than a $1 or $10 relationship
"Scrip is not worth stealing, unless you can steal lots of it, and if you
steal lots, you will get caught." -- Mark Manasse (Millicent -- DEC)
-
Users less likely to steal content because the original is inexpensive
-
Revenue goes to content provider, not (necessarily) to service provider
-- stimulates quality WWW content
Against Microcents
-
Current advertising model works -- easier to keep up with 100 advertisers
than thousands of small microcent transactions
-
Technology not available to support microcent (yet)
-
Fraction of total cost of product that pays for the transaction must be
small
Other Web Commerce Possibilities
-
Could have usage-based pricing (Digital Silk Road includes pricing info
in the protocol headers -- pay per packet)
-
Pricing could be a means of Internet congestion control (are you willing
to pay to get bandwidth? -- dynamically done with smart pricing)
Last modified by abrams@vt.edu
on 21 April 1998.