[107685] in Cypherpunks
No subject found in mail header
daemon@ATHENA.MIT.EDU (Mixmaster)
Thu Jan 21 09:04:01 1999
Date: Thu, 21 Jan 1999 05:45:21 -0800 (PST)
From: Mixmaster <mixmaster@remail.obscura.com>
To: cypherpunks@cyberpass.net
Reply-To: Mixmaster <mixmaster@remail.obscura.com>
JCP E-commerce and Security Newsletter, Number Seven, January 1999.
WELCOME to the first edition of the JCP E-commerce and Security
Newsletter for 1999. In this issue we take another look at e-cash and
the Internet and in light of Digicash's bankruptcy problems ask 'What
went wrong?' We also take stock of the current retail banking scene on
the Internet and in our final article look at the trust infrastructures
now being put in place by various industries in preparation for ever
increasing e-commerce activity. Look out for a follow up article in the
February issue that explains how such infrastructures are helping
financial institutions manage risk. As ever, we actively encourage you
to contact us with ideas for future articles in the newsletter. Please
e-mail us if you have something you'd like to see in forthcoming issues.
Should you not wish to receive the newsletter again, please see the
'Subscribe/Unsubscribe' section at the bottom of this email.
---------
Contents:
1. Bankruptcy, tokenism and smart cards - The future for Internet
Payments
2. Herding and culling - Retail banking on the Internet
3. Trust Services and Banking - Building trust infrastructures for
business
---------
BANKRUPTCY, TOKENISM AND SMART CARDS - THE FUTURE FOR INTERNET PAYMENTS
According to the Boston Consulting Group, online sales topped $13
billion in 1998. And it is a fair bet that nearly all of those purchases
were made using credit cards. There are two main reasons for this. The
first is one of opportunity. In the absence of other widely accepted
payment instruments, most trading sites only support credit card
transactions. The second reason is to do with familiarity. Most people
are well acquainted with credit cards and how they work, and as the
Internet gains credence as a trading channel, typing a credit card
number into an online order form is not so different from giving an
anonymous operator the same number over the telephone (something most
credit card holders seem happy to do).
As a payment mechanism the credit card, and its cousin the debit card,
are in many ways ideally suited to ecommerce. They offer convenience and
an established (and largely trusted) method to transfer funds over
distances. However they generally cease to be useful when the value of
transactions falls beneath a certain level. This is because the
transaction costs associated with card payments can remove the profit
margin on a sale. (That's why cut-price CD stores often add 50p to the
cost of any CD purchased using a credit card). The actual value of the
transaction is not the most important issue. It is the percentage of the
profit that the transactions costs eat up that are key. Obviously the
lower the price of a good or service, the more likely it is that credit
and debit transactions are unfeasible. (The average value of
transactions on the net in 1998 was $55).
This problem with credit cards is unfortunate as the Internet is an
ideal medium for selling small ticket goods and services, notably pages
of information. (Other small ticket purchases might include small
software components or credits for online gaming). The question is how
is this potentially lucrative market to be realised? Without an
appropriate payment mechanism for smaller amounts we are left with
cumbersome workarounds such as 'customer accounts' (that are maintained
until the accrued charges reach a 'billable' level).
The desire to solve the problem of 'micropayments' gives us the reason
for the investment frenzy around e-cash vendors like Digicash and
Cybercash that we saw several years ago. The words 'Internet' and
'Payment' in the same sentence were as blindly attractive to venture
capitalists as the words 'current', 'pop' and 'star' appear to be to
Patsy Kensit. The ability to immediately transfer small amounts of value
over a network in e-cash seemed to solve the micropayments problem. But
in November Digicash filed Chapter 11 bankruptcy protection. CyberCash
has been losing money hand-over-fist (the most recent figures show a
quarterly loss of $9.3 million) and is in the process of reinventing
itself (with the aid of $45 million of newly raised equity capital).
Cybercash is now a back-end gateway service provider taking care of the
whole payment handling nightmare for merchants, ISPs and so on. In
effect the company is now a payment hosting service, its e-cash dreams
largely forgotten. What happened?
The problem that floored both Cybercash and Digicash was that in
providing a form of cash that was portable over a network, they
sacrificed one of the key characteristics that people attribute to and
expect from cash - that it is portable in the direction of the pub, the
shops and the local swimming baths. As a result Digicash and Cybercash's
systems seemed to be something 'other' than cash. And nobody wanted
that. (Even though the mechanisms are different, we generally see cash,
credit and debit as essentially the same thing - "our money"). Digicash
and Cybercash weren't seen as 'money' - rather more like 'Internet
buying tokens' which you had to acquire first, before you could exchange
them for goods and services you actually wanted.
The other fatal assumption made by Digicash and Cybercash was that such
tokens would be stored on PCs. But PCs are not the only way to access
the Internet. With the arrival of other net access 'clients' such as
Java stations, Digital TVs, the new generation of mobile phones and so
on (many of which will have no storage space of their own), the proposed
e-cash model was doomed to the status of an interesting learning
experience. Some vendors are still persisting with similar token type
models (notably Digital Equipment Corp. with its Millicent system).
However, it is unlikely that any such moves will prosper on a large
scale.
What is needed then is a form of cash that exhibits all the
characteristics of real notes and coins (portability, anonymity etc.)
and can be used both in cyberspace and the 'real' world. Currently, the
most feasible solution seems to come in the form of smart card based
e-cash. (For supplementary information on e-cash see 'Who's Who In The
Future Of Money' from Issue 3 of this newsletter). With smart card
readers already part of the mobile phone network, being shipped as
standard with many PCs and being used as the access mechanism for
digital TV services - a smart card e-cash option looks the most likely
solution for facilitating micropayments. It offers both net transferable
payment and a purse for taking your money down to the local. And with
multi-function smart cards in the pipeline a single card could hold
various payment mechanisms (including credit and debit instruments for
larger purchases).
For micropayments to become feasible there are two possible options. The
first is that the transaction costs associated with credit and debit
instruments come down (or are modified so that smaller value
transactions attract a lower charge). The second is that smart card
based e-cash becomes widely adopted. The first is unlikely, especially
when you consider that all the major credit card organisations are
backing their own e-cash initiatives. The latter option therefore looks
more feasible, although it is clear that the migration will take some
time. It will be interesting to see how smart card e-cash vendors like
Mondex and Visa approach this opportunity.
-----------
HERDING AND CULLING - RETAIL BANKING ON THE INTERNET
This article is updated from an original that appeared in Net Profit,
www.net.profit.co.uk
Banks are lining up to put their services online, though it is not
always clear why. Electronic banking has been receiving a great deal of
attention recently, not all of it flattering. Ernst and Young surveyed
more than 100 of the world's largest retail banks, and found that
although their electronic business budgets were rising rapidly "many
institutions confirm that they lacked a defined business base, are not
sure if their customers will accept e-commerce, and do not know the
positioning or the strategy of the competition".
London-based Fletcher Research, on the other hand, reports that up to 7m
people will bank online in the UK by 2003, and says, "British financial
institutions need to move fast to capture some of the market. The recent
European launch of Citibank's Web-based service is a sign that the US
giants are girding their electronic loins."
The interesting point about the E&Y report is that it suggests that
although the banks are following a herd mentality, the herd may be
heading in the right direction. It believes electronic commerce will
speed up the creation of "value networks - formed when banks, insurance
companies, stockbrokers and other financial service providers get
together to provide packages for customers. The Internet, E&Y say,
becomes an easy access point to such networks.
There are other more obvious reasons to offer online banking. First, the
Internet is the cheapest way of doing business with a customer -
although this becomes a cost saving only if other channels are cut back
as a result (which, E&Y says, will happen very slowly). Second,
traditional banks are in danger of being bypassed by direct banking
operations (such as First Direct), by 'pure' Internet banks, of which
there are a handful in the US (and more coming in Europe) and also by
companies from other sectors.
Retailers such as Sainsbury's have set up their own banks, but a greater
long term threat could come from groups expert in handling or
transmitting data - notably in the IT and telecom sectors. All these
have cost advantage over the traditional banks, with their hefty
property and staff overheads. BT has already openly discussed the
possibility of providing retail banking services and is trialling
software from JCP in its investigations of the area.
So, what's the state of play?
PC banking - using special dial-up software and a dedicated phone number
- is not giving up the ghost yet, even though it is more expensive and
less flexible than Web-based systems (notably because some client
software must be shipped to the user). NatWest is starting a pilot,
while Barclays will run its PC system alongside the new Web-based one.
The perceived greater security is still seen as a selling point though
this is being eroded as Internet security technology advances and
increased education improves user confidence in net-enabled services.
The Citibank service is significant because it marks an attempt by a
major foreign bank to expand across Europe without branches. The Web
service, which replaces a PC-based one set up in April 1997, is aimed at
well-off individuals, and has a number of intriguing elements. First, it
offers a generous 4.75 per cent interest on current accounts. Second,
customers keeping £2,000 on account for more than 30 days get a year's
free Internet access through Virgin Net, an attempt to tackle the
problem of low Internet usage. Third, it lays the foundations for an
international retail bank. Customers can transfer money to other
Citibank customers in Belgium, France, Germany, Greece, Luxembourg and
Spain - accounts can be in foreign currencies including the Euro.
Below is a summary of most of the current offerings from the main banks:
Barclays
www.barclays.co.uk
Web: Check balance, view history, pay Barclaycard bills, transfer
between accounts.
PC: As Internet plus can pay bills, work offline, integrate with MS
Money.
Lloyds
www.lloydsbank.co.uk
Web (pilot): Check balance, view history, transfer between accounts, pay
bills, amend standing orders. Full version, with enhancements, to be
launched at the end of October.
TSB
PC: 'Go TSB on CompuServe'. Check balance, view history, transfer
between accounts, pay bills.
NatWest
www.natwest.co.uk
PC (pilot): Check balances, view history, transfer between accounts, pay
bills.
Co-operative Bank
www.co-operativebank.co.uk
Web: Check balance, view history, transfer between accounts, pay bills,
order cheque books etc, cancel direct debits, amend/cancel standing
orders.
Nationwide
www.nationwide.co.uk
Web: Check balance, view history, print mini-statements, pay regular
bills, transfer between accounts, order statement.
Citibank
www.citibank.co.uk
Web: Check balance, view history, integrate with Quicken, MS Money, pay
bill, transfer money to other UK bank customers, or to Citibank
customers in six European countries.
Royal Bank of Scotland
www.royalbankscot.co.uk
Web: Check balance, find past transaction, pay bills, transfer between
accounts, order cheque book, integrate with MS Money, Quicken, or
spreadsheet.
Bank of Scotland
www.bankofscotland.co.uk
PC: Check balance, view history, pay bills, transfer between accounts,
check standing orders/direct debits, request pay-in book.
First Direct
www.firstdirect.co.uk
Web: Check balances, view history, pay bill, transfer between accounts,
integrate with MS Money/Quicken, apply for Visa card or loan, arrange
travel insurance.
The market is already hotting up and a Web-based banking service in
itself will soon not be a competitive advantage, but a minimum 'must
have'. What will distinguish the main players from one another are the
services they offer on-line and their speed to market in offering those
services. (This is why BT is entering the banking infrastructure market,
see 'Beyond the Web Tone - Telecoms services in the Information Age'
from Issue 6). Innovative applications like a facility that allows you
to move your account from your current bank to a competitors in a single
click will be the sort of thing that we, as consumers, may be looking
forward to. As we enter the Internet Age, retail banking will become
more cutthroat than ever.
----------
TRUST SERVICES AND BANKING - BUILDING TRUST INFRASTRUCTURES FOR BUSINESS
As the Internet becomes an accepted trading channel services which make
transaction secure are essential. Digital certificates are now widely
accepted as one of the key mechanisms for securing communications,
providing evidence that can authenticate individuals and transactions.
There are two different models for implementing digital certificate
technology:
- an in-house implementation with technology from suppliers such as
Entrust, Entegrity, etc
- an outsourced service model where digital certificate functions are
delivered as a service e.g. by Verisign, BT Trustwise and InterClear
The past year has seen many organisations piloting the base technology.
Typically these pilots have been with small, internal communities and
lower value (and therefore lower risk) applications such as email.
However, these experiences have demonstrated that the expense of
implementing a complete infrastructure often can't be justified. For
this reason the service model is likely to predominate in the short term
- in the form of a public key infrastructure provided by trusted third
parties.
Digital certificate technology has already been proven by organisations
such as Barclays with their Endorse service, providing the capability to
register for self-employment with the government based on a digital
certificate contained on an Endorse branded smart-card. The key question
is now is 'What are the profitable and/or strategically important
services to provide over this certificate infrastructure?'
There are many areas that provide the prospect of lucrative third party
service offerings as the amount of business transacted on the Internet
grows. These include dispute resolution services (the capability to log
and audit transactions to ensure that they are binding), authorisation
services (provision of a gateway service that checks the authority of a
user to access certain services based on information in their
certificate) and liability management (an extension of the authorisation
process whereby a third party assumes some liability for a transaction).
Third parties can provide the basis for trusted transactions on an open
network and offer a service that manages risk and liability.
One of the consequences of the shift in focus to the provision of
(application) services is the conclusion that much of the base
infrastructure is common to all applications and provides little
competitive advantage. There is a case then for sharing the investment
required in the base functions to reduce cost and speed time to market
for a certain group of organisations. This is the reason behind the
emergence of various consortia and jointly funded companies aiming to
provide certification authority services within a particular industry.
IBM spotted this opportunity in the US and tried to facilitate the
Integrion consortium with IBM as the shared service provider to US
banks. A more successful approach appears to be the emergence of jointly
funded companies. The Global Trust Enterprise has been established by 10
of the largest banks in the world (including Barclays, Bankers Trust,
Deutsche Bank) and Origo provides a similar approach for UK insurance
industry. Major shipping companies are also working with Bolero,
established by the Through Transport Club and SWIFT to provide
certification services.
All of these organisations are now busy implementing the digital
certificate infrastructure for their members. The challenge before the
member companies concerns which services to implement and how to roll
them out quickly. The success of these joint ventures, the individual
member companies and the industries which they serve could well depend
on how well they tackle this issue.
As banking moves into the Internet age financial institutions are under
pressure to migrate their services on-line. In order to maintain
customer relationships banks must be able to assure their clients that
the on-line version of financial services are secure. A brandable
security infrastructure like that provided by GTE allows banks to offer
this assurance. With this taken care of, banks are free to concentrate
on developing new applications to reap competitive advantage as well as
having an infrastructure which enables them to manage risk more
effectively.
------
Feedback
We welcome your comments. Send your feedback on the JCP E-commerce and
Security Newsletter to:
listfeedback@jcp.co.uk
* Subscribe / Unsubscribe
The names on the JCP E-commerce and Security Newsletter mailing list are
used for internal JCP purposes only.
To subscribe, please email:
list@jcp.co.uk with the words:
subscribe ecommnews
in the body of the message.
To unsubscribe, please email:
list@jcp.co.uk with the words:
unsubscribe ecommnews
in the body of the message.
For the latest news and more in-depth comment on e-commerce and Internet
security, please visit;
http://www.jcp.co.uk/secMarket/index.htm
* Copyright
Copyright 1999 JCP Computer Services Ltd, All rights reserved.
