Trusted e-Commerce: What Does It Really Mean?
Bath
September 7th 2000
Agenda
• Introduction to TrustMarque
• Trusted e-Commerce - what’s important
• How do we define the trust spectrum?
• The Building Blocks of Trust
• How TrustMarque’s solutions have helped
Introduction to TrustMarque
• Established in 1999
• Seven locations on five continents
• More than 200 employees world-wide
• Privately held - financial backing by the Royal Bank of Scotland/ NatWest Group
• Revenues US$80+ million this year
• A leading provider of Risk Management and Transactional trust based systems
TrustMarque Mission
“To be the world’s leading provider of trusted e-commerce solutions”
• TrustMarque is a backbone trust infrastructure company which develops trust enabled solutions
• Critical Internet infrastructure services
So what is Trust?
• Its intangible but is central to all e-Business success whether B2C or B2B• Trust encompasses:
– Privacy– Security– Customer service
• No Trust = No business• You can’t buy it out of a box• Trust is a combination of technology, services and business processes
How Trust gets undermined
How Trust gets undermined
How Trust gets undermined
"The fear of identity theft has gripped the public as few consumer issues have,”
Jodie Bernstein, director of the Federal Trade Commission's
Bureau of Consumer Protection.
By Caroline E. Mayer and John SchwartzWashington Post Staff Writers
Thursday, July 13, 2000; Page E01
ID Theft Becoming Public Fear No. 1
Trusted e-Commerce - What’s Important?
Consumer• To whom they are
actually making advance payments
• Anonymous transactions • Invisibility of store• Privacy and use of
information
Business• Need to distinguish
between legitimate shoppers and fraudulent users in real time
• Identification: verification and authentication of new trading partners globally
Trust and the Consumer
The Impact• 64% of Net users have little faith that site operators wouldn’t
misuses private information• Over 80% of net users are concerned about privacy online• Only 3% are always comfortable about providing credit card
information• 53% of on-line shoppers are concerned about privacy and
security
• 20% of websites had detected unauthorised access – FBI
• Visitor to buyer conversion rates only 1.8%
I don’t trust …..
• Your security• The identity with whom I am doing business with• Your trading practices• What you do with my information• How you might abuse my details
What Dynamics Drive Trust?
• Fraud 12 times more online than offline - Gartner Interactive
• Fear of Fraud is the #1 reason users decide against making online purchases - WebAssured Survey
• 64% of online consumers are likely to trust a web site even with a privacy policy - Jupiter Communications
• 25% of online orders not fulfilled properly• Online fraud could reach $60billion by 2005 - Meridian Research
• 37% provide false information - Market Explorers (US)
• User name and password offer inadequate protection• Trust in the real world is driven by relationships and personal connections
What Consumers Want
• Trust that the site keeps information private• The site offers a secure environment to purchase
products• Site is technically reliable• The content is up to date• Products ordered are delivered in a timely fashion
NOP Interactive on-line
The Building Blocks of Trust - Consumer
• Brand reputation• Site Interaction:
– Ease of use, presentation, technology• Fulfilment• History of transactions• Privacy policies and disclosure• Seals of Approval – independent endorsement
Source: Cheskin Research
What Seal is Best?
What do they communicate?
Associate the web site with other parties:• Merchant level:
– Mastercard, Visa, Amex
• Process/procedures: – TrustUK, CaseTrust
• Network/CA level: – Verisign, WebTrust
• Technology: – IBM e-business mark
• Methodolgies:– self assessment; independent review e.g. using accountants
Trust and B2B, B2C Transactions
B2B and B2C Trust Issues
• Developing trust means minimising risk• User name and password easily broken• Identity theft key issue• Trust Infrastructures must be an integral part
of e-business• No Trust = No Business• Prevention is better than cure!
Identity theft
• On the internet you can be anybody• Uses valid cards and identities• Easy to trap in the physical world • Ideal for digital products• It’s your son using your credit card
The Tools are a Click Away!
Credit Card Generators
• Windows based software• Use “legitimate” BIN’s• Can generate 1000’s of VALID credit cards• Worldwide coverage• Anonymous• Ideal for digital products
Global Infrastructure24x7 Secure Servers
Global Infrastructure24x7 Secure Servers
Strong Management Team
Strong Management Team
Powerful Partner RBS/NatWest Group
Powerful Partner RBS/NatWest Group
TRUST
e-Merchant EnablingRisk ManagementPayment Systems
Image Security
e-Merchant EnablingRisk ManagementPayment Systems
Image Security
Leading Edge Technology
Leading Edge Technology
ASP SolutionsAdvanced Tool Kits
T.O.MSmartMerchant
ASP SolutionsAdvanced Tool Kits
T.O.MSmartMerchant
e-ProcurementTenderTrust
SNAPLocal Lease
e-ProcurementTenderTrust
SNAPLocal Lease
Trust: Our Business Backbone
Where TrustMarque Puts Trust into e-Commerce
TRUST SPECTRUM
'SOFT'
No digital certificateRisk management Software certificates
'HARD'
Banking Strength DigitalcertificatesRigorous authenticitySmart CardsUSB DonglesEncryption
Liability/Guarantees
Compliance with Identrus and APACS ECPS Schemes
OUTSOURCED REGISTRATION AUTHORITY
TENDERTRUST
LOCALLEASE
’MEDIUM'
One time, short term,Digital Certificates
Managed Service,
Policy, ProceduresTrusted Time,
RISK GUARDIANMARQUEIT
“Credit card fraud is growing and accounts for 25% of all on-line transactions. Credit card generators are freely available identity theft is common”
How Trustworthy is the Transaction?
RiskGuardianHelping e-merchants reduce credit card fraud
• The most comprehensive system to intercept attempted fraud.
• Platform independent.• User definable settings• Low cost• Plug & Play installation• Integration into core
payment systems
• Useful for any organisation wishing to protect their logo
• Logo fired onto site, locked to IP address and site
• No copying of logo allowed• All activity tracked and
recorded
Protecting the Seal of Approval - MarqueIT
Protection using Triangulation
TrustUK – In Action
TrustUK - In Action
TrustUK - Validation Window
B2B Trust
• How do you trust on-line business partners:• Who are you doing business with
Solutions:• Digital certificates to ensure identity• Ratings service that assist in supplier evaluation• Sophisticated payment, risk management, insurance
and inspection services to mitigate risk• Risk Protection insurance
The Business Building Blocks of Trust
Trust Policies Trust Procedures
Security
Identity Checks Liability/Protection
Applications
PKI Infrastructure
Technology
Business
Processes
{
{
Requires implementation of best business practices:
Authentication, verification, confidentiality, transaction integrity
PKI – More Than Technology!
Delivery & Operations
25%Procedures
20%
Technology - Hardware &
Software10%
Technical Skills, Expertise & People30%
Policy15%
TenderTrust
• The world’s first smart card digital certificate • Internet e-tendering solution
• Franchise Program for other Banks/partners
Internet
Create ITT or RFP
Publish
Alert ITT opportunity
Prepare response
Submit response
Check identity & validity Carry out other services
Deliver Tenders
Purchaser
Intranet ?Supplier
Third Party Services
e.g. Credit Checking
TenderTrustTenderTrust
Certification Provider
CertificatesCert. RevocationTime stamping TenderTrust
Security
Bank provides digital certificates, trusted time, CA/RA function
Validity of certificate checked with every use
Proven identity
Digital certificates and signatures
held on TenderTrust smartcard
Developed to X509 banking strength by the Royal Bank of Scotland
Irrefutable audit trail
Secure storage of ITT’s and responses
Summary
• Trust is the backbone of e-commerce for both B2C and B2B markets
• Consumers gain trust from many signals• B2B trust solutions can range from ‘soft’ to ‘hard’. Ideally they
should be backed by digital certificates, which can range from medium to high strength.
• For trust to be implemented it needs infrastructure that includes technology, processes and associated trust procedures and methodologies
Trusted e-Commerce: It Matters!
John Williams
CEO
TrustMarque International Limited