Commerce on the
World Wide Web
Patrick Brooks
CS 6204
Oct 22, 1996
WWW has Caused Tremendous
Change to Business
- Online catalogs
- Technical support
- Product announcements
- Advertising
- Career Opportunities :)
- Financial Information
Current Big Issues
- Secure payment schemes
- Microcent transactions
- Other issues (time allowing)
Secure Payment Schemes
The major issue restraining the commercial use of the WWW is the
lack of a common, trusted, secure system of paying for products
or services
Payment Schemes
- First Virtual
- CyberCash
- NetBill
- Digicash
- Millicent
- MasterCard's Secure Electronic Transactions (SET)
First Virtual
- Set up an account with credit card over the phone
- Receive a VirtualPIN (ID number)
- Orders are confirmed through email
- All money transfers done off Internet
- Cost to user is $2 annual fee, to vendor is $0.29 per transactions
plus 2% of price
A First Virtual Transaction
- User gives VirtualPIN to vendor
- Vendor verifies VPIN through finger, telnet, email, or fv-api
- Vendor emails First Virtual with VPIN and amount of sale
- FV confirms transaction with user through email
- User answers email with 'yes', 'no', or 'fraud' (to immediately
cancel VPIN)
- FV bills user's credit card, notifies vendor of confirmed
transaction, deposits income into vendor's account
CyberCash
- Credit card transactions since April, 1995
- World-wide export license of 1024-bit RSA encryption algorithm
- Offers electronic coin (CyberCoin) as micropayment product
($0.25 to $10)
- Browser independent
- Netscape to bundle CyberCash's CyberCoin into Netscape LivePayment
(Oct 7, 1996)
A CyberCash Transaction
- User chooses item, vendor returns invoice
- User sends encrypted payment info
- Merchant strips order info from payment info (credit card/account
number remains encrypted)
- Merchant forwards encrypted payment info to CyberCash
- CyberCash decrypts and sends transaction to merchant bank,
who passes credit card traffic to credit card vendor
A CyberCash Transaction (cont)
- Credit card vendor returns authorization to merchant bank
- Merchant bank returns authorization to CyberCash
- CyberCash sends authorization to vendor
- Vendor passes product to consumer
- Total time (claimed by CyberCash) 15 - 20 seconds
NetBill
- Electronic commerce project at Carnegie Mellon (currently
in alpha on campus)
- NetBill accounts linked to conventional financial institutions
- Kerberos authentication at intermediate stages, RSA public
key at final stages
- Requires 'Money Tool' software on user's machine
A NetBill Transaction
- User chooses item, window pops up with order info -- user
clicks 'Buy'
- Vendor sends encrypted product to user's machine
- Vendor sends verification of encrypted transport, account
info and decryption key to NetBill
- NetBill confirms sufficient funds, stores key, and returns
report to vendor
- Vendor sends key to user
- User's software decrypts product
Digicash (ecash)
- Purchase/Deposit 'coins' from bank (Mark Twain in St. Louis,
EUnet of Finland)
- From that point, coins exist on local hard drive (can be replaced
like travelers checks)
- Software installed on client machine handles transactions
- Uses public-key cryptography
- Anonymous, like physical cash
- Double spending problem
Millicent Proposal (DEC)
- 'Scrip' is electronic currency
- Each vendor issues their own scrip to brokers
- Brokers issue broker scrip to users so users don't need to
buy each vendor's scrip
- Goal to reduce costs and increase transaction rate -- makes
microcent transactions feasible
MasterCard SET
- Partners with GTE, IBM, Microsoft, Netscape, Visa, others
"MasterCard, together with these partners, has developed
a single method that consumers and merchants will use to conduct
bankcard transactions in cyberspace as securely and easily as
they do in retail stores today" (www.mastercard.com/set)
Secure Payment Thoughts
- PC Week 4/10/95 says there is just as much danger in using
a credit card at the mall as on the Internet!
- Credit cards allow chargebacks when a card is used without
permission or the vendor doesn't send the purchased product
Until a big name (MasterCard, Netscape, Microsoft, etc.) makes
a big push to gain consumer confidence, payment schemes won't
be widely used
- My guess is CyberCash or Millicent
Current Big Issues
- Secure payment schemes
- Microcent transactions
- Other issues (time allowing)
Microcent Transactions
- Online services have individual items that could be sold for
a fraction of a cent
- Web pages, newspaper articles, stock prices, horoscopes, academic
papers
- USA Today from Monday, Oct. 21 had roughly 126 articles and
cost $0.50 = $0.0040 cents/article
- Some articles could be broken into smaller pieces
Why Microcent?
- Users more likely to create a $0.001 relationship with an
unknown vendor than a $1 or $10 relationship
"Scrip is not worth stealing, unless you can steal lots of
it, and if you steal lots, you will get caught." -- Mark
Manasse (Millicent -- DEC)
- Users less likely to steal content because the original is
inexpensive
- Revenue goes to content provider, not (necessarily) to service
provider -- stimulates quality WWW content
Against Microcents
- Current advertising model works -- easier to keep up with
100 advertisers than thousands of small microcent transactions
- Technology not available to support microcent (yet)
- Fraction of total cost of product that pays for the transaction
must be small
Other Web Commerce Issues
- Usage-based pricing (Digital Silk Road includes pricing info
in the protocol headers -- pay per packet)
- Pricing as a means of congestion control (are you willing
to pay to get bandwidth? -- dynamically done with smart pricing)
- Shareware/Demo software as a marketing medium (Doom, Quicken
Lite)
- Internet as public relations front (IBM/Lotus merger on the
web during the press conference)