What
is E-Commerce?
|
Most people think
e-commerce means online shopping--workaholics pointing their
browsers to Amazon.com to order an emergency present because
they forgot someone's birthday again. But Web shopping is only
a small part of the e-commerce picture. The term also refers
to online stock and bond transactions and buying and downloading
software without ever going near a store. In addition, e-commerce
includes business-to-business connections that make purchasing
easier for big corporations. And many people hope that so-called
microtransactions will let people pay small amounts--a few cents
or a few dollars--to access online content or games. As for
the hottest areas of e-commerce, in terms of tangible goods
sold via the Internet and other electronic means (such as interactive
TV), Simba Information says the biggest sellers are computer
products, consumer products, books and magazines, and music
and entertainment products. |
The term "electronic
commerce" has been used to describe all steps of the commercial
process that are managed via computer. We prefer to use the
term in a more limited scope, specifically referring to computerization
of the selling process. In other words, advertising is not electronic
commerce per se, though clearly it is important to commercial
success. When doing business over the Internet first
became possible, it was mainly restricted to electronic advertising
and marketing, with users browsing on-line catalogs and purchasing
goods and services via credit cards over the phone. Transfer
of physically purchased goods is still handled via the U.S.
mail or express mail services, since electronic transfer of
matter is still exclusively the domain of science fiction writers. |
For the purposes
of this paper, we will consider electronic commerce as the process
of arranging transfer of goods or services, including arranging
or performing payment and exchanging customer information. If
you imagine this in terms of telephonebased mail order, the
Internet electronic commerce role replaces the transactions
that occur between the point at which the phone service agent
answers the phone, and the phone service agent schedules the
customer's product shipment and hangs up. During that time,
the customer places an order including the desired items, their
quantity, and a credit card or account number and shipping address.
Internet electronic commerce attempts to automate this process
wherever possible.
From a security perspective, there are several important things
to take into account during the customer transaction process,
which apply to "real life" or telephone commerce as
well as to electronic commerce:
|
|
In "real life" a major store is difficult and expensive
to fake. On the Internet it is not.
Long-established businesses and their name recognition factors
have a powerful market clout that newcomers do not. Does the
electronic commerce revolution threaten this? In a sense it
may no longer be a question of "how big you are" it
may now be a matter of "how big you look".
|
|
In some transactions
the merchant does not need or wish to know the identity of the
customer. In the current market, customers who wish to remain
anonymous can use cash or money orders instead of credit cards,
and the merchant is protected by the relative difficulty of
forging cash. When a customer wishes to pay by credit card,
the approval process tries to verify the customer's identity
by checking that the card is active, not overdrawn, that the
holder knows the expiration date, and often that the shipping
address matches the billing address. |
|
In some transactions
the merchant does not need or wish to know the identity of the
customer. In the current market, customers who wish to remain
anonymous can use cash or money orders instead of credit cards,
and the merchant is protected by the relative difficulty of
forging cash. When a customer wishes to pay by credit card,
the approval process tries to verify the customer's identity
by checking that the card is active, not overdrawn, that the
holder knows the expiration date, and often that the shipping
address matches the billing address.
|
|
In "real
life" commerce there are a number of options for payment.
Electronic commerce almost always assumes some kind of electronic
identity (usually a credit card) that is exchanged as a promise
to pay. Electronic cash technologies exist, but are less popular
than credit card based systems, and are a concern to governments
that fear anonymous transactions may make money laundering easy.
|
|
The shipping
address for goods is often used to reduce credit card fraud
by crossreferencing it with the credit card billing address.
Electronic commerce systems that make it easy to change billing
or shipping addresses may be vulnerable to attack by redirecting
goods or invoices.
|
|
|
Many aspects
of a transaction a customer may not wish disclosed. Home addresses
and telephone numbers, for example, may be protected for the
customer. Law may protect other transactions such as medical
record lookups or bank balances, and an electronic merchant
may liable for damages in the event of disclosure.
|
|
Many Internet-based
electronic commerce applications rely on credit cards for payment.
As a result, the regulations limiting damages from credit card
abuse may apply. It is unlikely that electronic commerce will
enjoy wide market acceptance unless the extent of end-user and
vendor liability is well understood by both parties.
|
|
|