few organizations are trying to understand how this channel can be used cost-effectively to serve their customers.
A deterrent to more Internet commerce activity is the perception that the network is inherently insecure. True or not, this perception must be faced and dealt with. Much of the industry activity over the past two years has been to develop appropriate standards for information privacy, data integrity, authentication of parties involved in the transaction, and nonrepudiability of the transaction in cases of customer disputes.
That led to development of SET, the payment card industry's Secure Electronic Transaction protocol, which has proved difficult to implement and expensive to support. There is much good to be said about SET -- it was a cooperative development with cross-industry support and was demonstrated in various pilots around the world. But e-commerce requires a range of security solutions based on the attendant risk and costs of transactions. For instance, the risks associated with a credit card purchase over the Internet are entirely different from those in an international corporate trade between, say, New York and Geneva.
If SET seems unlikely to be used extensively in the short term to enhance the development of e-commerce, then concerted industry action is required to propel e-commerce forward on the global stage.
A particular need is to differentiate between traditional fraud perpetrated on the Internet and "Internet fraud."
Today's model for e-commerce replicates that associated with card purchases in the physical environment, with a buyer and seller plus the respective issuer and acquirer associated with a card-based payment. The fundamental difference in the virtual environment is that the Internet becomes a medium by which the buyer interacts with the seller. This is what leads to many of the security concerns.
Some of those concerns arise because account-related information is passing through the Internet and, therefore, through a number of unknown intermediary computer servers. Though unpredictable transaction routing in itself is not a problem, there is a problem revolving around the retention by intermediaries of account details that could lead to abuse. Such retention -- either by intermediaries or within the seller's server -- enables hackers to obtain account-related information for subsequent misuse.
Another major area of concern involves fraudulent activity by buyers and/or sellers. Fraud trends associated with fulfillment in a virtual environment -- for example, the downloading of software products -- are alarming.
Given these issues, plus the challenges associated with SET, the time is right to consider an alternative model that would be based on a fundamentally different transaction flow, allowing flexibility in the choice of security solutions in different parts of the transaction chain.
This latter point is crucial. The model is not presented as an alternative to SET but rather as an alternative transaction flow. If appropriate, elements of the SET protocol could be used to secure transactions across one or more of the links, as could the more widely used Secure Sockets Layer or any other system that can protect the data in a cost-effective and efficient manner.
The model also proposes new roles for financial institutions that underpin the crucial brand values of trust and integrity that new competitors find hard to mimic.
Like the conventional one, this model is also developed on the basis of four elements, but now the issuer and acquirer roles become buyer authenticator and seller authenticator. These are roles that should be undertaken by financial institutions, and they represent a new business opportunity for the financial services industry.
This business model operates regardless of the payment process, although we would suggest that it is best suited to card payment.
This new model looks to overcome the issues associated with the creation of a trust hierarchy for digital certificates -- the basis of the original SET protocol -- and replaces it with a trust chain, derived from the development of trusted domains. This can overcome the complexity inherent in the implementation of systems such as SET. Security is controlled through the trusted domain based on pre-existing relationships -- and should, therefore, be far easier to implement and operate.
The trust chain is simply the series of bilateral links between buyer and buyer authenticator, seller and seller authenticator, and across those two authentication entities. The last might operate via international payment systems such as MasterCard and Visa, or emerging global trust organizations.
The buyer will have a pre-existing relationship with the buyer authenticator, likely to be through a pre-registration with an electronic wallet on the buyer authenticator's server. This trusted domain operates far more effectively if tied to some form of on-line authentication based on, for example, a smart card.
The seller authenticator would likewise have a pre-established relationship with the seller -- once again, through some form of pre-registration process. The seller authenticator, in guaranteeing the authenticity of the seller, will have to accept some liability for individual transactions within the system's boundaries. This is akin to the relationships that exist today between merchant-acquirers and retailers, and is a natural role for financial institutions that have the skills to undertake risk assessments.
In the virtual trusted domain created between the buyer and seller, both parties can now transact with trust. This achieves a number of goals related to security issues on the Internet. For example, account information is not passed from the buyer to the seller across an open network. The data flowing from the buyer to the buyer authenticator can be further limited through the use of server-based electronic wallets.
Seller access to buyer account information is deferred until both parties have been proved to be bona fide. Access can be denied if the seller cannot be authenticated.
Mutual authentication of the parties is achieved through the use of trusted domains. Payment guarantee can be provided prior to virtual fulfillment.
From a financial industry perspective the alternative model provides a platform to overcome the perceived threat of disintermediation. With the gradual but inextricable move toward server-based wallets, financial institutions should seize the opportunity to leverage their relationships with customers to provide value-added services such as the maintenance of a generic wallet. Ultimately, that wallet becomes a strategic imperative, positioning the buyer authenticator as the bedrock of e-commerce transactions.
Before long, server-based wallets will become ubiquitous, not relate to an individual card or account brand. Soon those wallets will contain details of multiple buying instruments, some of which may not even be based on an existing relationship between the buyer and the buyer authenticator.
This is both a threat and an opportunity to financial institutions, and those that move quickly and capture the high ground will benefit from this in the long term. The model described here overcomes the brand or product limitations of SET through the authentication of an individual to (potentially) a Personal Electronic Data Store that contains all payment instruments. Thus, registration for buyer authentication needs to take place only once, which is a considerable benefit in its own right.
A window of opportunity exists to change the business model of e-commerce exists, and the alternative model described here should be considered as a means of hastening the development of secure, cost-effective, and profitable e-commerce. We have developed this model to counteract the challenges that exist with the systems in operation today, together with the threats to our business posed by the global nature of the Web. To provide ubiquitous access for our customers requires a simple and cost-effective approach. Today's model will not do that.
The role of the financial institutions as buyer and/or seller authenticator is critical in achieving a model that is underpinned by trust. Fundamentally, this provides those financial institutions with a key position on the "value chain" that others would find difficult to replicate.
The common goal -- to provide secure, cost-effective, and profitable e-commerce -- can be achieved only through cross-industry dialogue at the highest levels. Debate is needed now on the broader issues associated with that goal. This model may help in the development of a truly global e-commerce marketplace.
