A NOVEL FRAMEWORK FOR BUSINESS TO CONSUMER E-COMMERCE
M Y SIYAL
School of EEE, Information Engineering Division
Nanyang Technological University
SINGAPORE 639798
Abstract: - In recent years an upsurge in the business-to-business electronic commerce has been observed. The popularity of electronic commerce among the masses is still not what it was expected and the fall of DOT.COMs has made it even worst. Whereas business-to-business electronic commerce has found the Internet as a new medium to deploy age old EDI based trading mechanism and thus getting a new boost, while business-to-consumer electronic commerce is finding it hard to gather the customer's confidence in trading over the Internet. Many people are reluctant to adopt the new way of doing business mostly because of distrust on the products and services advertised by many vendors and as a whole on the Internet itself. While the distrust on the Internet is abating thanks to improved cryptographic techniques, the former reason of distrust is still there. In this paper we present a framework to improve customer's trust on the products and services provided over the Internet. Our solution also takes into consideration smaller merchants who want to enter the huge Internet marketplace by providing them a venue for competing with the bigger organizations something that they cannot do in the traditional markets.
Key-Words: - E-commerce, E-Trust, Third Party, E-Security, and Framework.
1 Introduction
In a recent report [1], Gartner Group has reported that by end of year 2002 business users will account for 63 percent of all the people logging on to the Internet. This is contrary to the previous predictions about the Internet as being a billion dollar plus consumer electronic marketplace. The clearing picture shows that business-to-business (B2B) electronic commerce (EC) is leading business-to-consumer (B2C) EC in terms of transaction volume [12]. Many reasons have been attributed to this outcome. The first reason is the expertise and infrastructure available to the companies to do business on the Internet. This infrastructure is based on the heavily used and tested Electronic Data Interchange (EDI) standard that is in use for more than two decades [2,11,12]. Traditionally EDI requires a Value Added Network (VAN) that adds a lot of cost (subscription or maintenance) to the transactions. A VAN is a dedicated network between trading companies and adds various special functions, such as mailboxing, digitally signed e-mail, conversion to and from the company's document format to EDI format. Companies are finding Internet as an alternative to VAN by putting these functions on the Internet. This has resulted in a dramatic cut in costs.
Aside from these technological advantages gained by the B2B EC, B2C EC suffers from some disadvantages not found in B2B EC. In B2B EC, a prior business relationship between the trading parties already exists so the trust problem is not serious. However, in B2C EC, no prior relationship between the customer and the vendor exists. So, buying goods or information over the web corresponds, security and liability wise, to buying merchandise from a street vendor. Other concerns are personal privacy, risk of being cheated by the vendor, lack of information or distrust on vendor given information about the product.
This research, therefore, focuses mainly on a framework whose foundations are laid on the notion of providing essential trust services for the Internet Commerce. We aim to provide a framework, which integrates well with the existing, and tested services present on the Internet and automate as much of the trust aspect of the business transactions. The bottom line is that entities will have the means to assess the value and risk involved, in a reliable way (e.g. customer is assured that what you see is what you get!).
This paper is organized as follows: Section 2 presents our proposed framework for enhancing trust in general EC, Section 3 highlights its business, legal, and technical aspects, Section 4 gives an analysis of the framework and compares it with other trust enhancing solutions, and Section 5 ends the paper by giving the conclusion and future work.
2 The Proposed Framework
There are many mechanisms available on the Internet that can be thought of providing some level of trust. Certification authorities and Endorsement agencies are well established and provide a necessary support to, for example, public key infrastructures. These agencies are then used by other mechanism such as payment protocols to facilitate payment over the Internet. Moreover, a large number of online catalogs and their associated searching mechanism along with brokerage and negotiations services are also in use of general public. However, there exists no such entity that can provide security, trust, and accountability services in all. The available services are also unable to talk to each other thereby limiting the range of services they provide.
Our framework proposes the idea of a Trust Service Provider (TSp), which is a more advanced form of A Third Part, Trusted Intermediary. Trusted Intermediaries have been found very successful in business transactions where transacting parties have no prior relationship. For instance, the use of trusted intermediaries has been very successful in information commerce where information is bought over the Internet [4]. In future E-Commerce architectures, we envision a network of TSps, which will provide not only trust services, but also search and negotiating services. Each TSp is supposed to provide a set of necessary or Core services. In addition to this, a TSp may also provide search, negotiation, brokerage, payment, and logistics services either by implementing itself or by out sourcing from other service providers. We call these services collectively as Peripheral services. In providing the notion of a trust service provider, we have emphasized on the simplicity, implementability, and maintainability of the framework. The necessary services have been identified by closely observing the needs of the today's retail customers. Moreover, on the technical side, reuse and interoperability issues have also been taken care of in the framework. As reported in [1], future EC markets and service providers will collaborate more closely. Collaboration or association is, thus, an important part of our proposed framework. Figure 1 illustrates the concept of a TSp.
2.1. Trust Services
As mentioned above, a TSp can provide two types of services; the core services and the peripheral services. We identify three core services; Quality evaluation, Contract enforcement and a policy package, and Collaboration among TSps. The peripheral services are the one needed by the customer but not necessarily requiring trust. These are cataloging, brokering, negotiation, payment, and logistics services.
2.1.1. Core Services
Each TSp has to provide following essential services:
(i) Quality evaluation.
(ii) Contract enforcement and a policy package.
(iii) Ability to collaborate with other TSps.
By providing the quality evaluation service, a TSp provides a measure of either the quality of the product the customer intends to buy or that of merchant. In the case of the products, they may be tangible or intangible. Tangible products require physical examination whereas intangible goods can be evaluated on the basis of some publicly available ratings or endorsements of some accepted authority. For example, software can be evaluated on the basis of the feedback provided by the current users or the rating of some popular magazine. A TSp specializing in tangible goods may have to define special procedures for examining different goods. This involves more work on part of a TSp. Quality evaluation of a merchant is actually the evaluation of the quality of the products the merchant provides as well as that of the services. Nowadays many merchants and companies carry ISO 9000 quality certification. In these cases, providing quality evaluation becomes trivial for the TSp.
The policy package is an ensemble of various policies depending on the type of customers the TSp is serving. At the very basic it should provide clear cut policies for the enforcement of contracts; i.e. what measures are taken when the product is not as advertised, or what liability or indemnity is placed on a transacting party when it backs out of the contract. Moreover, it also insures the transacting party against any possible damages. All in all we see enforcement of contracts as one of the most difficult aspect of Internet Commerce. Additional policies can be provided for tax collection, customs, and privacy. The last one is important because anonymity is not always desirable [5] especially in the case when transaction involves a lot of money or the parties are across political boundaries. Again we can see that a single TSp may not provide all types of policies. For example, policies dealing with customs can only be offered by specialized TSps called gateway TSp because it operates across international boundaries.
The last core service is the ability of a TSp to associate or collaborate with other TSps to extend the range of services and/or products. Since we assume that a TSp cannot cover all types of products or policies, the TSps can ask others for providing such policies. In this way we can envision a TSp web where a chain of TSp exist along the path from customer to merchant.
2.1.2. Peripheral Services
These are the services that a TSp may additionally provide besides the core services. Examples of these services are:
1. Search and Catalog services.
2. Brokerage services
3. Negotiation services
4. Payment services
5. Logistic services, etc
These services are not entirely independent of the core services, for example, the output of the negotiation service may be required by the second core service, i.e. policing and enforcement of contracts. The interaction and integration of peripheral services is a major future work of this research.
3. Implementation Aspects
In this section we show some of the implementation aspects involved in realizing the proposed framework. We give more attention to the core services as they represent the core of the framework. We treat the first two services briefly as they contribute to the future work. The details of realizing the third service are also partial because some of its aspects are dependent on how the rest of the services are implemented.
3.1. Quality Evaluation
For quality evaluation, we have already suggested the use of customer feedback lists or the use of ISO 9000 certification that a merchant carries. Note that the quality evaluation is for the merchants or the products only, a customer does not need to be evaluated. Once the payment from the customer is verified and acknowledgement of the product delivery is received, no other verification is required.
3.2. Contract Enforcement And Policy Package
Before a TSp can get any acceptance from the customers, it should take care of various aspects. Without these the trustworthiness of TSp cannot be established. We mention a few of the business and legal aspects.
3.2.1. Liability
Liability is the ability and willingness (and under certain circumstances, the obligation) of a Service Provider to cover financial losses suffered by its users as a result of its failure to deliver service in accordance with an agreed service definition.
It is an important element, which identifies and limits the potential risk associated with doing transaction over Internet. Liability is clearly linked with the financial standing of the Trust Service Provider’s organization. A subscriber of a TSp service has to be sure that the TSp is able to cover the financial obligations associated with his liability conditions. To provide these liability conditions, TSp has to provide following (not mutually exclusive) solutions.
(i) Insurance
Whenever a TSp is either not able or is not willing to take the complete risk associated with the liability conditions in relation to his customers, he can take out insurance [6]. With this he can transfer the risk to the insurance company and can provide the customer with the confidence that financial losses will be covered (to the extent that they are defined in the contract or relevant regulation, etc.) if the TSp fails to provide the service as defined in the service agreement with the customer.
(ii) Financial Standing
This element is defined as the ability of a TSp to manage any failure in their operations and to cover liability cases using their own financial resources. The financial resources of the TSp from which liability cases can be covered are therefore another important aspect These financial resources will also be used in those cases that are not or can not be covered by insurance, e.g. in cases of deliberate misuse of the service or customer data by the TSp or one of its employees [6]. A good financial standing will on the one side provide the customer with a high level of confidence that the TSp will cover his liability and on the other side give some confidence that the TSp himself will set up appropriate security controls to prohibit such deliberate misuse because of the high financial loss he may have to face.
3.2.2. Policy Package
We can define Policy as the set of rules and practices that regulate how the trust service, including its security provisions, is managed and how the trustworthiness of the TSp is assessed. Three elements are important in the policy package offered by the trust service provider. These are: