commerce Électronique séance 5

Commerce ÉlectroniqueCommerce ÉlectroniqueSéance 5Séance 5

La gestion et l ’utilisation de l ’information sur internet

Jacques Nantel

octobre 2002

La notion de vie privée telle de vue par les consommateurs

SurfingTechnology solutions, consumers can dismantle tracking software.General control maintained.

PurchasingUse cash (not feasible online), technology.General control maintained.

SurfingAble to access privacy statements, opt-in and opt-out options, technology solutions.Consumer owns information.

PurchasingAble to access privacy statements with opt-out option if using credit card, ability to pay cash with opt-in option.Consumer owns information.

SurfingMovements tracked by software.Consumer no longer owns information.

PurchasingUse credit card, no privacy statement.Consumer no longer owns information.

SurfingAble to access privacy statements, no opt-in and opt-out options, no technology solutions.Consumer no longer owns information.

PurchasingHave to use credit card.Privacy statement, no opt-out.Consumer no longer owns information.

Consumer ControlGoodwin, C. (printemps 1991), “ Privacy : Recognition of a Consumer Right ”, Journal of Public Policy and Marketing, Vol. 10, No 1, pp. 149-66.

NO YES

NO

Consumer Knowledge

YES

Group G47 "Terms and Conditions" (Value tabulated = 1)

Pct of Pct ofDichotomy label Name Count Responses Cases

What's Being Collected Q39 838 19.3 56.5How it will be Used Q40 1084 24.9 73.1In Exchange for Access to Site Q41 345 7.9 23.3Discount at Site's Store Q42 361 8.3 24.4Some Value Added Service Q43 459 10.6 31.0Aggregated Only Q45 831 19.1 56.1Would Not Give Q46 130 3.0 8.8Other Q47 302 6.9 20.4 ------- ----- ----- Total responses 4350 100.0 293.5

Nature des informations colligées

• Nombre de clicks

• Click streams

• Temps moyen par page

• Circuits et liens– entre les sites– pour un usager

• Achats

Quelques mécanismes de base

• Identification minimale d ’un usager– Pays– Nature du serveur

• Distinction entre la machine et l ’utilisateur

• Utilisation des «cookies»

• Utilisation des «cookies étendus»

• Notion de passeport électronique

• Combinaison avec d ’autres mécanismes

Nature des modèles de réponse

• Aucun modèle

• Identification pour fins publicitaires

• Identification pour fins de revente de l ’information

• Identification pour fins de configuration du site– «Customization (rules-based systems)– Collaborative filtering– Open Profiling Standards

L’intérêt, pour l’entreprise à utiliser de la donnée privée

• La personnalisation

• Le courriel

• La commercialisation croisée

Ce que viennent changer les systèmes CRM

• Ils composent avec de plus grandes bases de données

• Ils sont plus rapides

• Ils sont souvent plus efficaces

• Ils permettent de coordonner plusieurs vendeurs

• Ils sont efficaces pour démontrer le ROI

• Ils peuvent être plus coûteux

Mesures de performance de l ’action marketing selon la nature du commerce

Sites webavec CRM

Sites web Catalogue Tradition Moyenne

CoûtsD'acquisition 14$ 55$ 14$ 34$ 29$

Revenusrécurrents 55% 42% 40% 34% 40%

Coûts deRétention 6$ 24$ 8$ 16$ 13%

Source: BCG déc. 2001

La commercialisation par courriel

• Spams

• Permission

• Viral

Marketing par personnalisation

• Amazon

• Land’send

Web-based Personalization

• Personalized services

–My Virtual Model

–My Personal Shopper

–E-Mail

• Personalized products

–Lands’ End Custom

My Virtual Model

• 13% of landsend.com visitors use it

• 34% higher conversion rate

• 7% higher average order value

Mark UgarDirector, Retail Vertical MSN

Microsoft .NET Passport June 2002

Authentication• What is it?

– Presentation of valid credentials to convince a network that you are allowed to access some set of resources

• Why is it important?– Sites, devices, networks and applications need a

way to provide a secure, customized experience– A secure authentication mechanism is

important to ensure the integrity of the transaction

What is Microsoft .NET Passport?

Internet scale

authentication service

available to any web site

Key features:Key features: Single sign in across Single sign in across

multiple sitesmultiple sites

Enables easy, secure Enables easy, secure commercecommerce

Enables parents to Enables parents to make informed make informed decisions for kids decisions for kids (Kids .NET Passport)(Kids .NET Passport)

User in control, data User in control, data stored is minimalstored is minimal

PUID .NET Passport Unique ID defined by .NET Passport

User profile

•User's e-mail address or phone number

•First and last names

•Demographics data:– Country/region, postal code, and state– Time zone, preferred language,– Accessibility– Occupation– Birth date and gender

Credentials

Standard User's e-mail address (from the user profile)

Password of at least six characters

Secret question and answer

Alternate (optional)

Phone number and 6 digit PIN

Strong (optional)

Four-digit security key

Three secret questions and answers

Wallet Card type, card numbers, name on card and associated expiration dates, billing addresses (first and last names, address, city, state/region/province, postal code, phone, e-mail) and friendly description

Shipping addresses (first and last names, address, city, state/region/province, postal code, phone, e-mail) and associated friendly description

Benefits for Consumers• Single sign-in

– Only one user name and password to remember– Common experience on all participating web sites

• Anytime, anywhere, any device– Personalization associated with user, not device

• Privacy and security– User in control of their information

• Faster & easier online purchasing

Benefits for Partners• Enables deeper relationships with customers

– Single click log-in removes registration barriers– .NET Passport identifies a customer consistently

across multiple Web sites– Authentication for additional services

• Lets partners focus on core competencies– Microsoft manages evolution of new technologies

(mobile devices, smart card, biometrics) – Microsoft supports users (password resets)– Saves money

.NET Passport: Running at .NET Passport: Running at Scale TodayScale Today

165 million accounts165 million accounts Growth – millions per monthGrowth – millions per month 2 billion authentications per month2 billion authentications per month Used for most Microsoft online Used for most Microsoft online

properties & growing number of properties & growing number of third partiesthird parties

.NET Passport Usage Today• Over 270 signed and implementing• 77 total live today• 64 live express purchase• 13 live Single Sign In (SSI)• Some examples:

800.com800.com800Flowers.com800Flowers.comStarbucks.comStarbucks.comExpedia.comExpedia.comOffice DepotOffice Depot

OfficeMaxOfficeMaxMcAfee.comMcAfee.comRadio ShackRadio ShackVictoria’s Secret Victoria’s Secret CatalogCatalogBuy.comBuy.com

Privacy• Critical success factor: trusted data management

– Microsoft will make no secondary use of .NET Passport data– Microsoft will not mine, sell, rent, lease .NET Passport

or .NET My Services data– Easy user management of consent/permissions

• We are legally accountable to honor our privacy guidelines

• Partners contractually agree to privacy standards

• We support Safe Harbor for all customers worldwide

• Microsoft services subject to same conditions as other partners

Security• Secure data centers

– Physical access controls– User information stored on servers that are not

connected to the Internet

• Credential information never shared with partner sites

• .NET Passport data is always encrypted

• Sophisticated intrusion detection

• Multiple security levels

.NET Passport Consent model• User decides what part of their .NET Passport profile they want to share

with Web sites at Sign In:

– Email address

– First and last name

– All other profile information

• Default during registration is that nothing is shared (full affirmative consent). In that case, only the PUID is transferred to participating sites at Sign In and .NET Passport provides a true ‘anonymous’ authentication system (No personal information is shared)

• No partner specific information (e.g. shoe size, favorite music, etc.) is ever shared with .NET Passport

• Selected wallet information is shared only when using the .NET Passport express purchase service

ParticipatingWeb Site

.NET .NET Passport Manager Object(encryption library, authentication

and data access interfaces)

ParticipatingWeb Site

Passport Manager Object(encryption library, authentication

and data access interfaces)

Microsoft .NET PassportDomain Authority

User Registration and AuthenticationWeb Servers and Databases

Microsoft .NET PassportDomain Authority

User Registration and AuthenticationWeb Servers and Databases

Microsoft .NET PassportDomain Authority

User Registration and AuthenticationWeb Servers and Databases

.NET Passport Sign In.NET Passport Sign InBrowser

(SSL, Javascript, Cookies)

ParticipatingWeb Site

.NET Passport Manager Object(encryption library, authentication

and data access interfaces)

(3) AuthenticationRequest

(4) Auth ResponseCookies:In pp.comRedirect URL:Includes site specifict=ticket and p=profileon the query string

(1) InitialPage Request

(2) Redirect forAuthenticationId=site-id, ru=return URL

(5) AuthenticatedPage RequestT=ticket, P=profile

(6) Page includingSet cookie for MSPAuth and MSPProf

•No server-to-server communication at authentication

•Central Configuration Service

•.NET Passport Manager server object resident at SSI Site

•Alternative Interfaces (not shown)

•Digest security packages for non-HTML clients

•XML interfaces for clients

Central Config Service‘Nexus’

Valid Domains, Schema, URLs

Configuration and Database Servers

Registration and Login Servers

The Truth About .NET Passport• Users choose what data is shared with partners• Partners do not share their data with .NET Passport• .NET Passport collects a limited set of user information• .NET Passport does not track what users do on the web• Microsoft will not use .NET Passport information to

market to customers• .NET Passport is not required to use Windows XP• MSN sites play by the same rules as other partner sites

Business Model Guiding Principles

• .NET Passport– End users will not be charged for .NET Passport

authentication functionality– Partners who use the service will be charged a fixed

annual fee plus a utilization charge above a certain threshold

Principales questions

Ad networks

Other third parties

PartnersAffiliates

Subsidiaries

Offline transactions

2

2

3

4

5

1) What kinds of notice should Web sites be required to provide before they collect information? Should limits be imposed on what can be collected and how long it can be kept?

2) Can on- and offline data be merged? What are the notification requirements?

3) Should consumers have a right to opt out or opt in before Web sites channel ad networks’ cookies to their machines?

4) What kind of sharing takes place with a Web sites’ business partners -- which are considered “third parties”?

5) Should Web sites be required to have opt-in or opt-out policies on third-party data sharing?

Web sites

1 6

6) What access should consumers have to their information?

Forrester May 2000