Trusted e-Commerce: What Does It Really Mean?

Bath

September 7th 2000

Agenda

• Introduction to TrustMarque

• Trusted e-Commerce - what’s important

• How do we define the trust spectrum?

• The Building Blocks of Trust

• How TrustMarque’s solutions have helped

Introduction to TrustMarque

• Established in 1999

• Seven locations on five continents

• More than 200 employees world-wide

• Privately held - financial backing by the Royal Bank of Scotland/ NatWest Group

• Revenues US$80+ million this year

• A leading provider of Risk Management and Transactional trust based systems

TrustMarque Mission

“To be the world’s leading provider of trusted e-commerce solutions”

• TrustMarque is a backbone trust infrastructure company which develops trust enabled solutions

• Critical Internet infrastructure services

So what is Trust?

• Its intangible but is central to all e-Business success whether B2C or B2B• Trust encompasses:

– Privacy– Security– Customer service

• No Trust = No business• You can’t buy it out of a box• Trust is a combination of technology, services and business processes

How Trust gets undermined

How Trust gets undermined

How Trust gets undermined

"The fear of identity theft has gripped the public as few consumer issues have,”

Jodie Bernstein, director of the Federal Trade Commission's

Bureau of Consumer Protection.

By Caroline E. Mayer and John SchwartzWashington Post Staff Writers

Thursday, July 13, 2000; Page E01

ID Theft Becoming Public Fear No. 1

Trusted e-Commerce - What’s Important?

Consumer• To whom they are

actually making advance payments

• Anonymous transactions • Invisibility of store• Privacy and use of

information

Business• Need to distinguish

between legitimate shoppers and fraudulent users in real time

• Identification: verification and authentication of new trading partners globally

Trust and the Consumer

The Impact• 64% of Net users have little faith that site operators wouldn’t

misuses private information• Over 80% of net users are concerned about privacy online• Only 3% are always comfortable about providing credit card

information• 53% of on-line shoppers are concerned about privacy and

security

• 20% of websites had detected unauthorised access – FBI

• Visitor to buyer conversion rates only 1.8%

I don’t trust …..

• Your security• The identity with whom I am doing business with• Your trading practices• What you do with my information• How you might abuse my details

What Dynamics Drive Trust?

• Fraud 12 times more online than offline - Gartner Interactive

• Fear of Fraud is the #1 reason users decide against making online purchases - WebAssured Survey

• 64% of online consumers are likely to trust a web site even with a privacy policy - Jupiter Communications

• 25% of online orders not fulfilled properly• Online fraud could reach $60billion by 2005 - Meridian Research

• 37% provide false information - Market Explorers (US)

• User name and password offer inadequate protection• Trust in the real world is driven by relationships and personal connections

What Consumers Want

• Trust that the site keeps information private• The site offers a secure environment to purchase

products• Site is technically reliable• The content is up to date• Products ordered are delivered in a timely fashion

NOP Interactive on-line

The Building Blocks of Trust - Consumer

• Brand reputation• Site Interaction:

– Ease of use, presentation, technology• Fulfilment• History of transactions• Privacy policies and disclosure• Seals of Approval – independent endorsement

Source: Cheskin Research

What Seal is Best?

What do they communicate?

Associate the web site with other parties:• Merchant level:

– Mastercard, Visa, Amex

• Process/procedures: – TrustUK, CaseTrust

• Network/CA level: – Verisign, WebTrust

• Technology: – IBM e-business mark

• Methodolgies:– self assessment; independent review e.g. using accountants

Trust and B2B, B2C Transactions

B2B and B2C Trust Issues

• Developing trust means minimising risk• User name and password easily broken• Identity theft key issue• Trust Infrastructures must be an integral part

of e-business• No Trust = No Business• Prevention is better than cure!

Identity theft

• On the internet you can be anybody• Uses valid cards and identities• Easy to trap in the physical world • Ideal for digital products• It’s your son using your credit card

The Tools are a Click Away!

Credit Card Generators

• Windows based software• Use “legitimate” BIN’s• Can generate 1000’s of VALID credit cards• Worldwide coverage• Anonymous• Ideal for digital products

Global Infrastructure24x7 Secure Servers

Global Infrastructure24x7 Secure Servers

Strong Management Team

Strong Management Team

Powerful Partner RBS/NatWest Group

Powerful Partner RBS/NatWest Group

TRUST

e-Merchant EnablingRisk ManagementPayment Systems

Image Security

e-Merchant EnablingRisk ManagementPayment Systems

Image Security

Leading Edge Technology

Leading Edge Technology

ASP SolutionsAdvanced Tool Kits

T.O.MSmartMerchant

ASP SolutionsAdvanced Tool Kits

T.O.MSmartMerchant

e-ProcurementTenderTrust

SNAPLocal Lease

e-ProcurementTenderTrust

SNAPLocal Lease

Trust: Our Business Backbone

Where TrustMarque Puts Trust into e-Commerce

TRUST SPECTRUM

'SOFT'

No digital certificateRisk management Software certificates

'HARD'

Banking Strength DigitalcertificatesRigorous authenticitySmart CardsUSB DonglesEncryption

Liability/Guarantees

Compliance with Identrus and APACS ECPS Schemes

OUTSOURCED REGISTRATION AUTHORITY

TENDERTRUST

LOCALLEASE

’MEDIUM'

One time, short term,Digital Certificates

Managed Service,

Policy, ProceduresTrusted Time,

RISK GUARDIANMARQUEIT

“Credit card fraud is growing and accounts for 25% of all on-line transactions. Credit card generators are freely available identity theft is common”

How Trustworthy is the Transaction?

RiskGuardianHelping e-merchants reduce credit card fraud

• The most comprehensive system to intercept attempted fraud.

• Platform independent.• User definable settings• Low cost• Plug & Play installation• Integration into core

payment systems

• Useful for any organisation wishing to protect their logo

• Logo fired onto site, locked to IP address and site

• No copying of logo allowed• All activity tracked and

recorded

Protecting the Seal of Approval - MarqueIT

Protection using Triangulation

TrustUK – In Action

TrustUK - In Action

TrustUK - Validation Window

B2B Trust

• How do you trust on-line business partners:• Who are you doing business with

Solutions:• Digital certificates to ensure identity• Ratings service that assist in supplier evaluation• Sophisticated payment, risk management, insurance

and inspection services to mitigate risk• Risk Protection insurance

The Business Building Blocks of Trust

Trust Policies Trust Procedures

Security

Identity Checks Liability/Protection

Applications

PKI Infrastructure

Technology

Business

Processes

{

{

Requires implementation of best business practices:

Authentication, verification, confidentiality, transaction integrity

PKI – More Than Technology!

Delivery & Operations

25%Procedures

20%

Technology - Hardware &

Software10%

Technical Skills, Expertise & People30%

Policy15%

TenderTrust

• The world’s first smart card digital certificate • Internet e-tendering solution

• Franchise Program for other Banks/partners

Internet

Create ITT or RFP

Publish

Alert ITT opportunity

Prepare response

Submit response

Check identity & validity Carry out other services

Deliver Tenders

Purchaser

Intranet ?Supplier

Third Party Services

e.g. Credit Checking

TenderTrustTenderTrust

Certification Provider

CertificatesCert. RevocationTime stamping TenderTrust

Security

Bank provides digital certificates, trusted time, CA/RA function

Validity of certificate checked with every use

Proven identity

Digital certificates and signatures

held on TenderTrust smartcard

Developed to X509 banking strength by the Royal Bank of Scotland

Irrefutable audit trail

Secure storage of ITT’s and responses

Summary

• Trust is the backbone of e-commerce for both B2C and B2B markets

• Consumers gain trust from many signals• B2B trust solutions can range from ‘soft’ to ‘hard’. Ideally they

should be backed by digital certificates, which can range from medium to high strength.

• For trust to be implemented it needs infrastructure that includes technology, processes and associated trust procedures and methodologies

Trusted e-Commerce: It Matters!

John Williams

CEO

TrustMarque International Limited

drjohn@trustmarque.com