• No results found

Building Consumer Trust Internet Payments

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Building Consumer Trust Internet Payments"

Copied!
10
0
0

Loading.... (view fulltext now)

Download now ( 10 Page )

Full text

(1)

Introduction

There is no doubt that the existence of appropriate payment systems is vital for the development of e-commerce. Whenever the Internet is only used for ordering material goods, payment may be made in the traditional way at time of delivery. However, when goods or services become purely digital (news, music or other entertainment, software or a financial service), an appropriate payment system is needed. Processing the corresponding transaction wholly online without the need to use a traditional paper-based system (i.e. avoiding a break of media) is a keystone for the development of e-commerce. It would open a worldwide market for the benefit of both, business and consumers.

Status Quo

The current situation is unsatisfactory: Classical payment systems either depend on the physical exchange of some paper (like cash or cheques) or require a hand-written signature (like credit

or debit card payment10). What is behind the problem of using classical payment systems online is the fact that they use an infrastructure that is not available on the Internet.

During the last 10 years many new payment systems were developed that were specially designed for online usage. Some systems created a new cyber currency as a substitute for cash, others built systems based on a new authentication scheme.

The typical problem with these new payment systems was that vendors were not willing to integrate new payment systems until they gathered a reasonable market share, customers at the same time did not apply to a system that was only accepted by a small number of online shops. As a consequence, these new systems could not reach a critical mass of users. Since payments is a business of scale, payment providers could not survive with small number of transactions – and many of them vanished

10 PIN-Systems may replace the need for a hand-written signature in the stationary point of sale, but they require a secure connection (i.e. a closed system) and can thus not be used in the Internet.

Building Consumer Trust

Internet Payments

Leading Co-Chair (Europe/Africa): Hermann-Josef Lamberti

Executive Vice President & Member of the Board

Deutsche Bank

Co-Chair (Asia/Oceania): Toshiro Kawamura

Executive Vice President & Member of the Board

NEC Corporation

(2)

because investors were not satisfied with the (expected) revenues.

This left the online economy with an unsolved problem: Still only classical payment systems – often without any additional fraud prevention mechanisms – were used taking into account some losses due to online fraud. Prominent examples are credit card payments or direct debits where only a card or account number is transferred. Even if the channel itself is secure (like, for example, an SSL connection), neither the vendor nor the payment service provider can determine who was the person that typed in the digits. The financial risk of misuse of the card or the account number is mostly covered by the vendor, the payment service provider or some insurance. However, the losses due to rejected payments or the costs of the insurance will be included in price and harm both, vendors and customers.

In addition, security problems make a system “insecure” in the customer perception – and customers are afraid to give away their card or account numbers on the Internet.

As a consequence, payment systems are likely to become a bottleneck of e-commerce, if the situation is not changed.

Results from Own Research

Given the status quo and the importance of payment systems for the development of e-commerce, the GBDe asked stakeholders from various regions representing different branches of industry what, in their view, are the major barriers to Internet payment.

The key findings in this study were that the payment market was clearly identified as a business of scale, making it hard for new payment systems to evolve if they are not built upon an existing infrastructure. It is widely agreed amongst private sector leaders that the existence of a widely available, low priced and easy to use authentication system would very much help to build up Internet payment systems.

Also the problem of fraud was said to be closely related the authentication issue.

Since reaching the critical mass is a problem in general, standardization is important to all payment systems – otherwise adopting the system requires (too) much effort. Technical interoperability has to go hand in hand with international legal harmonization in order to allow cost effective cross border payments11.

Authentication – the Key to

Internet Payments

In accordance with the results of the research, the GBDe states that authentication is the key to Internet payments. In addition, authentication is important not only for payments: Some commercial activities require 12 that the information exchanged proves to be authentic. In general, one needs authentication whenever a legally binding contract should be signed. Furthermore, user authentication is required by law in many e-government applications13.

Internet payments are closely related to authentication: In the real world, the existence of cash makes it possible to purchase goods without being identified – because the payment cannot be reversed. However, in all other cases (e.g. cheques, debit or credit cards), money is not transferred immediately. Formally, the customer promises to let the vendor charge some amount from his account. If, in the worst case scenario, the customer later rejects the payment, the vendor has to enforce this claim in a legal dispute. Such a dispute requires facts. In particular, the vendor has to prove evidence that the messages he or she received from the customers are authentic and have not been changed (integrity).

11 E.g., there are still too much reporting requirements that make cross border payments cumbersome and costly.

12 In particular, financial services like opening an account or closing a contract with an insurance company.

(3)

Following the results of our own research, the problem of fraud is mainly due to a lack of authentication. Other issues like, for example, insufficient credit worthiness play a minor role. This means that our answering parties indicate that vendors know how to deal with customers that do not have the money to pay the bill, as long as they can clearly identify the customer. One way to cheat is to pretend to be someone else and, in the worst case, try to take over the other identity. This can be very unpleasant for the person whose identity was stolen: they have to reject the payment, vendors might not be willing to deal with them any more because they think they are fraudulent, and they might appear in a bad light in general.

But fraudulent customers might even use their correct identity data. When the payment is settled, the customer could argue that it was not they who initiated the payment. Since the vendor has only a card or an account number, they cannot provide evidence that it was the fraudulent customer who authorized the payment.

In both cases, there will be a loss for the economy that in most cases the vendor will have to cover (if they have not taken out insurance).

An infrastructure of trust would solve this problem. However, from its early usage in the scientific society, the Internet was designed for free and unlimited access to information and does not require any authentication. Therefore, an authentication infrastructure has to be built as a kind of new layer upon the existing Internet protocol. Technically, such a new layer of trust is not hard to realize. However, building a new infrastructure of trust comes along with substantial costs. A problem is that the benefit for early adopters is limited as long as there are only a few others whom they can securely communicate with. This well-known critical mass problem has become a barrier to most recent initiatives and limits their economic success.

How to Build an Infrastructure of Trust

Since the attractiveness of an infrastructure depends on the number of customers and application providers that have already joined, it is a crucial success factor to reach a critical mass. The GBDe wants to open a discussion with all stakeholders, business, governments and consumer organizations, to see how to overcome the current stalemate and generate this critical mass. A joint initiative(s) including different industry branches and public authorities at the same time appears to be most promising.

Private-public-partnerships may be organized in different ways: The government itself may fit its IDs with a chip that can be used for secure authentication. In this case, industry can on the one hand serve as service provider for public authorities, and, on the other hand, set-up applications (like, for example, a payment system) that use this ID.

Another approach would be that business commits to a joint initiative to invest and set-up the infrastructure. In this case, the public authorities should adjust the legal framework in order to allow the usage of well established business processes, they should commit to use the infrastructure in their e-government projects and, last but not least, they should support a joint marketing initiative.

The GBDe does not want to favor one approach over the other, but in those cases where the infrastructure is run as a private responsibility, public authorities should commit to make use of it and refrain from building an alternative infrastructure of their own.

Many countries have introduced legislation on digital signatures. In these countries, legally binding contracts may be signed digitally, in principle. In reality, digital signatures have been used only in niches (or have not been used at all): most countries have not offered digital IDs, and private investors stepped back from building trust infrastructures because of high investments and questionable returns.

(4)

Therefore, if governments decide not to run the infrastructure, they should support private initiatives by:

• lowering barriers, in particular letting industry use well established processes in order to reduce the investment to a minimum;

• at an international level harmonizing legislation so that systems do not become proprietary;

• building up e-government applications and be a major player on the demand side.

Some Comments on Online Fraud

Whenever two parties do business, there is a risk that one party is going to cheat. In the online environment, it seems to be easier to be fraudulent simply because the parties do not see each other face by face, the contact is anonymous, and there is no secure authentication tool.

As long as there is no legally binding way to sign a payment order digitally, the payer may argue that they have not approved the payment. The payee cannot decide whether someone misused the payer’s account information or whether the payer only pretends that there has been a misuse. As a consequence, the vendor has to cover the loss in most cases.

Although a customer can initiate a charge back if their information was misused, the situation causes trouble that many customers want to avoid – sometimes simply by doing no e-commerce. The GBDe’s research implies that the effect of this is significant. Securing online transactions like Internet payments would thus not only help vendors to reduce their losses due to fraud, but would also increase the potential number of customers that are willing to purchase online.

Providing an alternative dispute resolution system or joining a trustmark initiative can help

to increase consumers trust – a point on which the GBDe has made a lot of progress in the last years.

Legal systems

By its nature, electronic commerce is not limited to any national border. National legislation should reflect this situation and be in line with the legislation in other countries. Inconsistent legal systems build a barrier and limit the success of e-commerce. The GBDe has already mentioned some points in its Tokyo and Brussels recommendations. However, our research shows that most e-commerce vendors still feel hampered by inconsistent legal systems, particularly in the field of payments.

New business models

Building up a new payment system or an infrastructure of trust for secure authentication comes along with significant investments. These investments will generate a return only if the new infrastructure is widely used. One may doubt that one single company is able to set up such an infrastructure. Thus, a joint cross-sector effort is needed.

Governments can take part in this effort. In particular, they should support the initiative by adjusting legislation and avoiding regulations that increase the initial investment (e.g. by prescribing expensive processes).

Micropayments

The GBDe’s research shows that the importance of micropayments varies for different businesses. For some goods or services, which are predestined for distribution over electronic channels, the existence of micropayments would be a very helpful. For example, small pieces of information (like a newspaper article) and some personal requests (like location-based services or information about telephone numbers) require adequate billing systems.

(5)

Without a micropayment system, low priced items can either not be sold on the net or are available to subscribers only – but it is difficult to allow a purchase on an individual basis. This fact limits the services to those customers that are willing to take out a subscription and creates a barrier for consumers that want to use a service for the first time.

For practical reasons, micropayment systems are often built up on existing infrastructures14. Here, regulations are likely to become a crucial barrier, because the effort to run a micropayment transaction must be very low.

Recommendations

Based on our own research, the input from companies all over the world and in line with the above statements, the GBDe recommends the following measures:

1. Authentication is the key to all Internet transactions including payments. Building up an infrastructure of trust (like a PKI) that allows secure authentication needs a joint effort of both, private and public sector. Thus, whenever a trust infrastructure is not run by public authorities themselves, the GBDe recommends that:

• governments should adjust legislation in a way that the effort for building the trust infrastructure is kept to a minimum, in particular that it is possible to make use of existing processes (like e.g. in the financial sector);

• governments should use this trust infrastructure in their e-government projects and avoid proprietary solutions; • business should start a cross sector initiative including providers and application owners in order to agree on the basic concept, including not only financial service and telecom providers, but also online vendors and content providers;

14 For example, this could be an infrastructure run by a telecommunication provider.

• consumer organizations should be included in the process and encourage consumers to take part in the infrastructure of trust;

• businesses (of different sectors), governments and consumer organizations should work together to find fair models to allocate the costs and profits of the trust infrastructure to all participants that gain an advantage by using it.

2. National laws are still not harmonized: A service provider that is allowed to run an Internet payment system in one country might not be allowed to offer the service in another country. Sometimes, even for micropayment systems customers have to be identified in a long and expensive process. Governments should lower such administrative barriers.

3. The GBDe is not so optimistic that Internet payment systems or trust infrastructures will be created with a worldwide scope in the first step. Therefore, interoperability is the key to link these systems up in a second step. Governments and local business should both encourage proprietary systems abiding to open standards.

(6)

Appendix: Questionnaire and the Evaluation of Answers

1. Only very few e/m-payment providers have reached their break-even – many new service providers had to terminate their service. What is the reason for this situation?

a) Payment is a business of scale. The concentration process will continue before payment service providers become profitable.

+ + b) Each (international) payment system has to be based on credit-card

payment – and there is no room for an additional service provider.

O c) Customers and/or merchants are not willing to pay for an

e/m-payment service.

(–) d) Customers use the Internet as an information platform, but not for

transactions. Thus, there is no real need for e/m-payment systems.

– –

2. In the off-line world, customers are used to choose between different types of payment systems: direct debit, credit card, cheque, cash and pre-paid systems. What does this mean for the online world?

a) We have to offer payment systems for customers that do not have a credit card or even a bank account (like school children).

O b) We need online payment systems that allow customers to stay

anonymous.

O c) We need pre-paid systems that limit a customer’s risk to the pre-paid

amount.

(+) d) We need new solutions in order to process micropayments. (–) e) There is no equivalent of cash in the cyber world. All private

initiatives in the past were not successful. Therefore the central banks should issue cyber money.

(–) f) The Internet is different to the off-line world. It is sufficient to

provide payments that are based on a credit card or a bank account.

O

3. Fraud is said to be a major problem for Internet transactions. What are the reasons for this? a) Fraud is mainly due to a lack in authentication. + + b) The major problem is still credit-worthiness. O c) It is too difficult or too expensive to achieve a legal title, in

particular in cross boarder trade.

+ d) Fraud is a mental problem. Customers fear fraud although they do

not carry a substantial risk. Payment service providers and mer-chants can deal with fraud.

(7)

4. Security concerns are often said to be the reason why customers do not use an e/m-payment system. What is the core problem with security?

a) Security problems are mostly technical in nature. O b) Security is a problem only because there is no universal trust

infrastructure (like a PKI).

+ c) In the customers’ view, secure systems are too expensive or too

inconvenient.

+ d) Customers expect secure transactions without any additional

transaction fee.

+ + e) Merchants only implement payment systems that provide security

free of charge.

f) The existing e/m-payment systems are better than their reputation.

The reason why customers feel insecure is rather a psychological one than a rational.

+ g) Some (new) payment systems exceed the adequate level of security

by far. Thus, the systems became too complex.

+

5. There is no universal authentication infrastructure in the online world today. What does this mean for Internet payments?

a) If there was a universal authentication system, it would be much easier to introduce an Internet payment system and to overcome the critical mass problem.

+ + b) Such an authentication system should be based on PKI. (+)

6. The financial sector is one of the most regulated. Some regulations might not have been designed to work in e/m-Commerce. Do Internet payment systems still suffer from this problem?

a) There are legal barriers that make it difficult or inconvenient for consumers to subscribe to (some) Internet payment systems.

(+) b) There are legal obligations (like reporting requirements) that make it

expensive to run an Internet payment system.

+ c) Procedures for dispute resolution are too difficult. + d) Inconsistent legal systems pose a barrier towards payment systems

entering international markets.

(8)

7. Today, there is a huge number of different Internet Payment systems – partly based on different underlying national off-line payment structures. Is interoperability the key for solving the critical mass problem?

a) The lack in technical interoperability is a barrier for adopting a new payment system for merchants. We need improvement in standardisation.

+ b) The major problem (in particular for cross-border payments) is not a

technical one but non-commensurable off-line payment systems.

(+) c) It is not a problem of standards but of business models. O

8. Last, but not least, we want to ask what is the most important problem in e/m-payment systems today?

a) We need an infrastructure of trust. + +

b) The legal situation has become a barrier to e/m-payment systems.

c) We need new business models. + +

d) We are seeking efficient Micropayment systems. + e) We are seeking efficient cross-border payments systems. + f) It is simply a question of time – so we need more patience.

g) There is no demand for e/m-payments at all.

h) Others: ……….. Legend: ++ Apparently positive + Positive O Neutral - Negative -- Apparently negative

(+) Split answers with positive majority (–) Split answers with negative majority

(9)
(10)

Remark

We left out answers to questions that differed in a way that no clear statement could be achieved.

Observations

1. In Figure 1, the highlighted numbers indicate questions on which the answering parties were remarkably alike. These questions became an important source for the recommendations stated above. 2. Figure 2 shows that the answering parties have different views on some issues. This fact has also become a source for the recommendations, taking into account that there is no unique view on some areas on Internet payments.

References

Download now ( PDF - 10 Page - 1.04 MB )

Related documents

You broke another plate? Why are there socks on the stairs? No! You do not get another smoke break until the dishes are done.

That way, the hard work is done and all we have to do is make sure it’s warm.” She was busy cutting vegetables with the hope that he would just be able to let it simmer for a

5_PowerbuildingWorkouts

During the third and fourth week of training, ten sets of maximum triple reps MTR are done with no rest other than the time it takes the lifter, or training partner, to remove

Evaluating \u3ci\u3eColumbia Pictures Industries v. Bunnell\u3c/i\u3e and the Role of RAM under the Federal Rules of Civil Procedure on E-Discovery

Today, the type of information subject to electronic discovery (e-discovery) under the Federal Rules of Civil Procedure varies greatly in terms of.. volume, range, and how

Bankruptcy & Business Reorganization

● Represented the State of West Virginia in all the major coal company bankruptcy cases. throughout the country since 2012, including Patriot Coal and Alpha Natural Resources

D4.1 Preliminary Architecture of the Multi-Cloud Network Virtualization Infrastructure

With the above three challenges in mind – the dependency of a single cloud provider of current solutions; the lack of security and dependability techniques in their design; and

Can the image processing technique be potentially used to evaluate quality of frying oil?

The results showed that all chemical qualities of oil being used to fry carbohydrate- and protein-based foods increased with frying time (Figure 5).These are similar to a study

Distributed Ledger Technology and External Mandatory Reporting in Banking Industry

Privacy protection in regions where the AML/CTF controls are not inserted into the local law or the supervisors or regulatory are not considered trustworthy, the AML process could

Monetary Policy and Long-Term Interest Rates in South Africa

While explaining the reasons why short- and long-term interest rates move in opposite directions after an exogenous policy action, Peersman (2002), referring to the Ellingsen