I. The E-Commerce Opportunity
A secure e-commerce website can provide businesses with powerful competitive advantages, including increased online retail sales, as well as streamlined application processes for products such as insurance, mortgages or credit cards. E-commerce credit card sales can be especially lucrative: according to independent analysts, cash transactions on the Internet will reach $9 billion in 2000 and $30 billion in 2005.

By offering products and services on the Web, businesses can gain unique benefits:

  • New customers: Anyone with an Internet connection is a potential customer: millions around the world are already using the Internet for business transactions. Web storefronts are open 24 hours a day and require no investments in brick and mortar.
  • Cost-effective delivery channel: Many products and services, such as software or information, can be distributed directly to customers via the Web, enhancing the customer experience and increasing profitability by eliminating the shipping and overhead costs associated with order fulfilment.
  • Streamlined enrolment: Paper-based enrolment workflows are fraught with delays. Applications for insurance, a mortgage or a credit card, for example, can be held up in the post. Once received, application information must be entered into computer systems manually, a labour-intensive process that can introduce errors. By accepting applications via a secure website, businesses can speed application processing, reduce processing costs and improve customer service.
  • Better marketing through better customer knowledge: Establishing a storefront on the Web positions enterprises for one-to-one marketing - the ability to customise products and services to individual customers rather than large market segments. The Web facilitates one-to-one marketing by enabling businesses to capture information about demographics, personal buying habits and preferences. By analysing this information, enterprises can target merchandise and promotions for maximum impact, tailor Web pages to specific consumers and conduct effective, tightly focused marketing campaigns.

No business can afford to ignore this opportunity. But businesses also cannot ignore the potential pitfalls. Before entering the fiercely competitive e-commerce arena, businesses must carefully assess and address the accompanying risks.

A. The Risks and Challenges of E-Commerce Trust
To succeed in the fiercely competitive e-commerce marketplace, businesses must become fully aware of Internet security threats, take advantage of the technology that overcomes them and win customers' trust. Eighty-five percent of Web users surveyed reported that a lack of security made them uncomfortable sending credit card numbers over the Internet. The merchants who can win the confidence of these customers will gain their loyalty - and an enormous opportunity for expanding market share.

In person-to-person transactions, security is based on physical cues. Consumers accept the risks of using credit cards in places like department stores because they can see and touch the merchandise and make judgments about the store. On the Internet, without those physical cues, it is much more difficult to assess the safety of a business. Also, serious security threats have emerged. By becoming aware of the risks of Internet-based transactions, businesses can acquire technology solutions that overcome those risks:

  • Spoofing - The low cost of website creation and the ease of copying existing pages makes it all too easy to create illegitimate sites that appear to be published by established organisations. In fact, con artists have illegally obtained credit card numbers by setting up professional-looking storefronts that mimic legitimate businesses.
  • Unauthorised disclosure - When transaction information is transmitted "in the clear," hackers can intercept the transmissions to obtain customers' sensitive information.
  • Unauthorised action - A competitor or disgruntled customer can alter a website so that it refuses service to potential clients or malfunctions.
  • Eavesdropping - The private content of a transaction, if unprotected, can be intercepted en route over the Internet.
  • Data alteration - The content of a transaction can be not only intercepted, but also altered en route, either maliciously or accidentally. User names, credit card numbers and dollar amounts sent "in the clear" are all vulnerable to such alteration.

B. The Goals of Implementing an E-Commerce Trust Infrastructure
To take advantage of the opportunities of e-commerce and avoid the risks of communicating and transacting business online, every business must address practical problems and questions involving privacy, security and overall confidence in the underlying features of the system. Such concerns include:

"How can I be certain that my customers' credit card information is not accessible to online eavesdroppers when they enter into a secure transaction on the Web?"

"How can I reassure customers who come to my site that they are doing business with me, not with a fake set up to steal their credit card numbers?"

"Once I've found a way to authoritatively identify my business to customers and protect private customer information on the Web, what's the best way to let customers know about it, so that they can confidently transact business with me?"

"When customers feel confident enough to buy something from me online, how can I enable them to pay me easily using their credit cards or other payment methods?"

"How can I verify that customer credit card information is valid?"

"What do I do with payment information once customers send it to me?"

The process of addressing these general security questions determines the fundamental goals of establishing an e-commerce trust infrastructure:

Authentication: Customers must be able to assure themselves that they are in fact doing business and sending private information with a real entity - not a "spoof" site masquerading as a legitimate bank or e-store.

Confidentiality: Sensitive Internet communications and transactions, such as the transmission of credit card information, must be kept private.

Data integrity: Communications must be protected from undetectable alteration by third parties in transmission on the Internet.

Nonrepudiation: It should not be possible for a sender to reasonably claim that he or she did not send a secured communication or did not make an online purchase.

Previous Page Previous Page Next Page Next Page
[an error occurred while processing this directive]