330 likes | 347 Vues
Auplex responds to iDA's consultation paper on building trust in e-commerce, covering topics such as PKI, risk assessment, trust marks, and legal framework.
E N D
Building Trust In E-commerce BUILDING TRUST IN E-COMMERCE Response to iDA’s consultation paper
Building Trust In E-commerce SCOPE • Introduction of Auplex • Auplex’s research on trust building (for sharing) • Consumers’ Perspective • Businesses’ Perspective • Response to iDA’s questions covering • PKI • Standards and practices • Risk assessment and credit bureau • Escrow services • Trust marks • Insurance • ASPs • Legal framework • Taxation and regulations
Building Trust In E-commerce INTRODUCTION OF AUPLEX Auplex is a young and dynamic company formed by individuals from diverse background, including IT, consultancy, Government, HR, marketing and operations. We deliver affordable, personalized and trusted e-business consultancy services to emerging enterprises to develop and launch their e-businesses. We have a robust Analyze-Construct-Transform methodology to assist our clients in this process.
Consumers' Perspective: Risk Perception Risks in Commercial Transactions • Traditionally, consumers seek to reduce • Financial risk (losing money / paying too much) • Functional risk (receiving wrong / malfunctioned good) • Social risk (using product that reflect badly on user) • Physical risk (being harmed by product) • In E-commerce, transactions take place between faceless strangers, across geographical locations, via relatively open network • Financial and Functional risks are exacerbated • New & additional risks
Consumers' Perspective: Risk Perception Risks in E-Commerce Transactions • Authenticity & Quality • Will the business deliver the products, services and warranties it promises? • Will there be any recourse if the business fails to deliver? • Transactions • Will transactions be processed accurately, completely, and be secured? • Privacy • Will consumer info be protected or abused?
Consumers' Perspective: Risk Perception To overcome risks & build trust, consumers desire • Authentication • Recourse • Integrity • Confirmation • Privacy • Anonymity [Please refer to notes for this slide for explanation on each point] Source: Froomkin, A.M., The Essential Role of Trusted Third Parties in Electronic Commerce, 1996
Consumers' Perspective: Risk Perception Trust isn’t Everything. . . But it’s a lot • Only 10% perceived little or no risk • Issues of trust, particularly, security of personal info remain important • People buy online: • Convenience • Ease of use • Good prices • Wide selection
Consumers' Perspective: Risk Perception Privacy and Security are key concerns 3 7
Consumers' Perspective: Risk Perception Privacy and Security are key concerns 3 8
Consumers’ Perspective: Models of Trust Six Components of E-commerce Trust Brand Name Recognition Effective Site Navigation Transaction Fulfillment Professional Presentation Up-to-date Technology Web-Based Seals of Approval [Please refer to notes for this slide for explanation.] Source: Studio Archetype/Sapient & Cheskin Research, eCommerce Trust Study, Jan 1999.
Consumers’ Perspective: Models of Trust Model of E-commerce Trust Development • Info vulnerable to hackers • Tech. unreliable • Perception of chaos • Desire for control • User control still a concern • Individual assured of some control over personal info • Seals of approval reassure user • Sense of security • Focus on other signifier of trust Source: Studio Archetype/Sapient & Cheskin Research, eCommerce Trust Study, Jan 1999.
Consumers’ Perspective: Models of Trust Source: Studio Archetype/Sapient & Cheskin Research, eCommerce Trust Study, Jan 1999. Source: Studio Archetype/Sapient & Cheskin Research, eCommerce Trust Study, Jan 1999.
Consumers’ Perspective SUMMARY • Key issues are authentication and identification • Other issues are • Privacy (Analysis was based on data from an American survey. Separate survey in Singapore and in an Asian context may be required for a more accurate analysis.) • Consumer protection • Use of digital document as legal instrument • Mechanism for dispute resolution • Scope for use of established brand and experience with brick and mortar companies as a starting base
Businesses' Perspective: Risk Perception Risks in E-Commerce Transactions • Authenticity • Will goods and services be delivered to customers who can authorise purchases and pay for them? • Security • Will sensitive info, transaction data and online communications be secured? • Non-repudiation and recourse • As e-commerce opens up new business opportunities, companies will transact with new business parties • Will buyers and sellers honour their commitment? • Are the existing mechanisms and legal framework sufficient to resolve e-commerce disputes, especially for cross-border trade ?
Businesses' Perspective: Risk Perception To overcome risks & build trust, businesses desire • Authentication • Certification • Confirmation • Payment • Anonymity [Please refer to notes for this slide for explanation.] Source: Froomkin, A.M., The Essential Role of Trusted Third Parties in Electronic Commerce, 1996
Businesses' Perspective: Risk Perception A note on payment • Instruments like LCs, B/L and S/G play an essential role in addressing issues of risks, credit terms and trust between transacting parties in a brick and mortar world • These are inefficient instruments and the information captured by each instrument overlap with each other to a large extent. (IT and e-commerce can therefore be useful tools enhance efficiency.) • There are no parallel instruments in e-commerce to link the information and material flow at this stage to bring greater efficiencies to trade, or to facilitate cross border trade.
Businesses’ Perspective SUMMARY • B2b e-commerce is still at its early stages of development • It is between the stages of “Unaware” and “Build Trust”. (See slide 12.) • There are a few key challenges w.r.t. building trust • Authentication and control • Payment mechanism and credit facilities • Established security devices and practices • Established certification standards
Auplex’s Feedback Overview • The rules of engagement for transactions between businesses and that between businesses and consumers exist for a reason • Authentication of buyer and seller to minimise fraud • Existence of middleman/distributors to assume/minimise risks and facilitate delivery and payment (eg clearing house) • Banking and insurance facilities to cover exposure • Secure network for transmission and capture of information • Legal and government framework for recourse and regulation • Relationships and checks for credit worthiness and credit terms • The same rules apply very much to e-commerce. The only differences are • the medium and tools are different in some ways; and • the processes and information flow tend to be faster and more transparent.
Auplex’s Feedback Overview • We need a holistic approach as the problems are inter-connected • the issues identified by iDA in its consultation paper cover most of the issues involved • The relational diagram in the next slide maps out the issues identified by iDA and also the other components which we think are important but were left out in the consultation paper • Auplex’s feedback is centred around b2b EC.
Security & checks Risk assessment & credit bureau PKI Authentication (PKI?) information flow internal process internal process Business Business material flow cash flow Facilitation Infrastructure/ ASP Escrow Insurance Logistics Auplex’s Feedback Overview – factors to facilitate growth of e-commerce 3 1 4 7 8 9 5 Trust Marks Training 6 Security standards and practices ISO? Legal framework Tax 10 Awareness 6 2 ADR Regulation Process Recourse Cross-border frmwk Inertia
Auplex’s Feedback 1: PKI • Agree that PKI is a useful infrastructure for security • Challenges for it to be adopted and to be useful are: • Standard. PKI has to be standardized for trade beyond Singapore. The Singapore market is too small. • Costs. Service provided must be affordable, overall costs should be lower than traditional means for e-commerce to make sense. • Adoption. Gadget-based PKI should be easy-to-use and affordable for wide-adoption. • Phasing. PKI should preferably be built on existing e-commerce systems to minimize financial and psychological costs.
Auplex’s Feedback 2: Standards and practices • There may be a case for iDA to look into non-gadget based standards and practices w.r.t. to e-commerce security • These system/standards/practices will be applicable to • Businesses • ASPs • Escrow Service Providers • These system/standards/practices should be compatible with/complement PKI and certification bodies • Government could also consider working with the industry players to pioneer the development and implementation of such standards. (Auplex is willing to offer our ASP services as the pilot.)
Auplex’s Feedback 3: Risk assessment and credit bureau • Risk assessment is essential for trading activities in the physical world e.g. approval for letter of credit. • It is even more important for e-commerce. However, to make it useful there need to be: • A Common standard. This is useful for intra and cross border transactions. • Achievable within acceptable costs. Especially so if businesses are to pay for it. • Any mandatory credit ratings should be considered with care as emerging enterprises should not be unduly disadvantaged. • Government could consider the following • Set standards and framework for risk assessment and its application • Educate SMEs on ways to improve and manage their credit ratings • Work with international bodies to establish common standard. This is also key to the plan to make Singapore a hub. Standards that apply here should also be accepted elsewhere (if possible)
Auplex’s Feedback 3: Risk assessment and credit bureau • There are many different credit bureaus in USA. Questions are • How reliable are they? • How can people apply and make use of them? (education) • Is there a common standard? • Credit assessment services could be better provided by the private sector than by Government. It could be banks, escrow or third party. • Government could help in education as well as setting up the framework for standards and accreditation of such service providers. • Other impediments: issue of who is going to pay for it?
Auplex’s Feedback 4: Escrow • Escrow services can be a very useful means to address trust issues. • Escrow services mirrors most parts of the current trade financing system in the physical world. Escrow services can be useful in the facilitation of a seamless e-commerce experience because: • Cost would be higher for business to switch between online and offline system to complete a transaction • Process could become more efficient by integrating the trade financing elements • The greater convenience, lower costs and better coverage of exposure can help to reduce inertia to go onto e-commerce.
Auplex’s Feedback 4: Escrow • Currently, the banks are fulfilling the function in some way through instruments like LCs. However, there are problems: • Banks are protective. Most banks require transacting party to open an account with them. • Banks require full security from buyer on top of a fee. • In cases where the bank representing the buyer/seller here does not have a relationship with another bank representing the seller/buyer overseas, a third bank would be involved. higher cost • Process is manual and inefficient thus driving up costs (Eg Information flow is inefficient. Fields in Purchase Orders, Sales Orders, LCs, Shipping Guarantee and Bill of Lading are similar and this can be managed more efficiently between buyer and seller through e-commerce.) • Most banks are not quite ready to open up yet. Also largely due to the lack of supporting services like credit assessment, PKI, etc
Auplex’s Feedback 4: Escrow • Escrow services could be done by • Banks and financial institutions • Logistic companies • Independent service provider • Criteria: financial resources and global presence or alliance
Auplex’s Feedback 5: Trust Marks • Most trust marks are for b2c e-commerce • We believe it would help but it has to be backed by • Educational effort on the value of trust marks • Accreditation and quality control of trust marks • Mechanisms and means to carry out recourse or rectification actions should the e-merchant failed to deliver • There would be limitations when consumers buy from overseas or when foreign consumers want to buy from Singapore e-merchants. Same issues as PKI and credit bureau. • Government can consider • Working with establish brands like NTUC co-ops whose objective is to safe-guard consumer’s interests. • Setting up a framework and standards for trust marks • Collaborating with foreign authorities on a common standard (similar to ISO)
Auplex’s Feedback 6: Training • iDA has already identified training as one of the elements under Infocomm 21 • Educational effort useful to raise awareness and acceptance and should form part of the framework • Training is even more important if a national PKI is adopted
Auplex’s Feedback 7: Insurance • We are of the view that it may be too pre-mature to talk about insurance at this stage • Businesses need to ascertain risk before deciding on whether insurance is worth it • Cost of insurance have to be viewed in totality with costs of PKI, credit assessment, escrow services etc
Auplex’s Feedback 8: Infrastructure/ASP • Trusts needs to be build up between businesses and ASPs and infrastructure provider (if they go on EC on their own) • ASPs lowers costs of EC and are critical to accelerating the adoption rate of EC for business users • Many businesses still have the misconception that hosting on their own is more secure • Efforts in (1), (2), (5) and (6) are needed to support ASPs
Auplex’s Feedback 9: Legal Framework • Besides ADR, legal mechanisms to settle dispute besides ADR should also be easily understood and made accessible. • Government could consider looking into the following • issues of law and jurisdiction/ agreements & treaties • mechanisms and standards for dispute resolution • work with bodies to provide training and education on this area e.g. contract law, online transaction
Auplex’s Feedback 10:Tax & Regulation • Outstanding aspects of taxation have to be sorted out • Eg GST, VAT, etc • Jurisdiction and right to tax • Regulations could also be refined • e.g. import and trading regulations online • Restrictions made known, etc