Standardization of electronic commerce

Posted by arlene

The automation and dematerialization of monetary exchanges are not objectives per se, but are solely means to improve the productivity of financial institutions. In this regard, an overabundance of standards, and sometimes their competition, may constitute a barrier to the establishment of electronic commerce. Even if some manufacturers think they can profit from this situation, a commercial network cannot function efficiently unless common interfaces are well defined and remain stable. Nevertheless, standardization may be an obstacle if it allows one manufacturer to capture a key position and permits that manufacturer to impose products of mediocre quality.

Thus, the standardization of the applications of electronic commerce must consider, at a minimum, the following domains:

• The operating systems of the smart card
• The protocols for charging the electronic or virtual purse or jeton holder with value
• The interfaces between the user and the various applications
• The interoperability of systems for the same category of applications, such as micropayment systems
• * The procedures for certification and revocation of certificates

From the user viewpoint, it is desirable that telephone cards, toll cards, parking cards, restaurant cards, etc., all use interoperable (if not the same) electronic purses or jeton holders; this avoids immobilizing some of the user’s value for an unnecessarily long time. The competition among operators should focus on the quality of service and on the attention given to the subscribers throughout the cycle of payment and not on details that are secondary from the user’s viewpoint, such as protocol exchanges. Similarly, certain uniformity in the criteria for key and certificate management would facilitate the comparison of services and the performance of effective audits.

Standardization will not be an easy task, given the many ramifications of the subject and the wide diversity of the participants. Clearly, the contributions of the W3C and the IETF are important. However, even though the ITU has been somewhat overtaken by the rapid development of the Web, it remains a prime participant. Most likely, ISO, despite the slowness of its procedures, will continue to be in the forefront regarding the specifications of terminals, smart cards, and readers.

Furthermore, the organization of electronic commerce goes beyond the domains of telecommunications and informatics, which explains why the subject is already on the agenda of several other international organizations, such as the OECD (Organization for Economic Cooperation and Development), the WOIP (World Organization for Intellectual Property), the UN/ECE, etc.

Several industrial consortia are focusing on individual aspects of electronic commerce. Among these are EMV (Europay-Master Card-Visa), Multos for the smart cards, CommerceNet for the EDI, the OBI Consortium and the OTP Consortium for purchasing protocols, as well as the diverse bank groups working on electronic checks. The interoperability of the certification infrastructures is necessary to form a homogeneous community of users and not exclusive clubs. Patent problems, particularly in the area of encryption, have slowed the adoption of several standards projects. The expiration (on September 20, 2000) of the patent on the public key RSA algorithm may give a boost to many activities.

Elements for Reflection

Through dematerialization, money becomes information, and thus storable and controllable. If push technology allows electronic delivery of personalized information, exploitation of the information available on the Internet gives enterprises, individuals, secret services, and criminals the ability to search and obtain substantial amounts of private data. The development of electronic commerce, as it is being carried out today, therefore leads to increased spying. Surveys have confirmed that a third” of U.S. employers are already equipped with tools to monitor the online activities of their employees, including checking on electronic messages that they send or receive. Nevertheless, access to the Internet is done primarily from the workplace.

As for business-to-consumer electronic commerce, even at the national level, the lack of a real infrastructure (or realistically, a service) for a certificates directory is a serious impediment. The difficulties of managing and maintaining a distributed database of certificates have not yet been mastered or sometimes even considered. Private authentication services do not offer any guarantees with respect to either their mode of operation or protection given to privacy. The criteria for evaluating certification requests appear arbitrary and there is practically no way to appeal the decisions or to verify and correct the databases utilized. In such a situation, the constitution of a worldwide certification infrastructure would mean the formation of international networks for data treatment and for the automatic processing of information, without a center or boundaries and practically unaccountable to any law.

The situation is quite different for business-to-business transactions because the bilateral rules are usually defined in interchange contracts that assign the legal and technical responsibilities of the participants. These rules specify, for example, the elements of proofs, the opposability to third parties, the way to identify and authenticate entities, the jurisdiction in case of litigation, the policy for achiving of financial data, and the conservation of electronic documents. Today’s cryptographic techniques allow the verification of the identity of the sender of an electronic message, to give proof of the integrity of the received message, and to ensure the nonrepudiation of the reception. However, the reliability of the medium of support of these messages is precarious. Magnetic forms are to be excluded because they can be rewritten, and hence falsified, contrary to old storage media that could not be reused, such as perforated paper or punched cards. Similarly, throw-away integrated circuit cards offer the required guarantees because there is a progressive destruction of the memory cells as data are recorded. In contrast, the rechargeable microprocessor card needs encryption algorithms to ensure nonrepudiation. Finally, without protection, optical disks raise the same set of problems because it is possible to copy the engraved data on a different medium, modify them, and then move them to a different disk. To compensate for this weakness, it may be possible to take advantage of watermark algorithms that protect copyrights for virtual goods sold over the Internet, such as musical recordings, by using appropriate markers.

The fundamental problem that remains is that of the survivability of the supporting medium and its readability. This depends not only on the physical condition of the medium, but also on the availability of reading equipment and software. A requirement to archive materials for 30 years may be out of the question given the speed with which technological developments are taking place. Where is it possible today, for example, to find readers for 51/4-in. floppy disks, which less than a decade ago was the most prevalent storage medium, to access the reams of data that these disks contain?

To conclude, electronic commerce offers exciting issues that should keep many of us (engineers, computer practitioners, lawyers, sociologists, marketers, investors, bankers, politicians and consumers) gainfully employed for the next few decades.

Possibly related posts: (automatically generated)
Standardization of electronic commerce

• E-NEWSLETTERS - DEFINING AND REFINING Part 5
• Commerce and the Internet
• Basic Ethics of Online Marketing Part 4
• The influence of the Internet and the electronic commerce
• Electronic Commerce Payment Concern
• Building blocks of set up and develop your own e-commerce business
• Data Analysis Tools, what I favorite?
• E-NEWSLETTERS - DEFINING AND REFINING Part 4
• Electronic Commerce, Ecommerce, Network and Internet Payment part 2
• Six Functional Parts—Website Content Pages