================================
Management vs. Technology in  Electronic Commerce
================================

By Ravi Kalakota and Andrew B. Whinston

=============================================================
Author Information: Ravi Kalakota is a research associate and 
Dr. Andrew Whinston is a Chair Professor of Information Systems 
at the University of Texas at Austin. 
They are the co-authors of a forthcoming book titled 
"The Frontiers of Electronic Commerce" to be 
published by Addison-Wesley in Spring 1995.
=============================================================


With the growth of value-oriented network publishing on the Internet, 
there is a need for the development of a mercantile process that captures 
the chain of interaction between the business and the customer.  While doing
business on the Internet appears deceptively simple on the surface, there
are several important management issues centered around the purchasing 
process that need to be carefully evaluated.

First, let us consider the Internet buying process.   At the 
moment, the simplest and widely used method to make purchases on the 
Internet is to enclose credit card numbers in an e-mail message (or go off-
line and use the telephone).  Given the open nature of the Internet, the e-
mail method leaves itself wide open for fraud. A network packet sniffer 
can easily collect the credit card numbers by checking messages as they 
move along the network.

To combat this, an increasing number of payment schemes based on 
cryptographic techniques are beginning to appear on the Internet that are 
aimed at addressing the issue of authentication (are you who you claim to 
be and is your payment valid?). These payment schemes are broadly of 
two types: electronic tokens such as Digicash and NetCheque; and 
encrypted credit cards such as NetScape. There is another payment 
scheme in use which uses third-party processors such as First Virtual, 
where a telephone call is used to establish authentication.

A mercantile process scenario would be roughly as follows:

1) buyer and seller engage in a dialogue which identifies a product/service 
the buyer desires, and a price quote. This dialogue might be interactive 
on-line, e.g. through World Wide Web (WWW), or over E-mail, or even 
off-line through a electronic catalog and telephone)

2) On agreement of price and other issues, buyer sends seller the 
encrypted credit card number or certain number of electronic tokens. On 
getting the payment, seller informs seller's payment scheme, identifies the 
buyer, the product/service and the agreed upon price, and asks for the 
funds transfer to be credited to seller's account. 

3) The seller's payment scheme attempts to authentication of the buyer by 
using either calling him/her and asking about the transaction or by using 
the digital signature method which does not require any interaction.

4) Seller's payment scheme identifies buyer's payment scheme, and sends 
a standardized message giving details of transaction so that buyer's 
account is duly debited or charged.

5) Seller is notified of completed financial transaction and then 
despatches goods or in the case information purchase provides a key to 
unlock file.  

6) At the end of the billing cycle, buyer receives list of transactions. 
He/she can then either deny certain transactions or complain about over-
billing. Suitable audit or customer service actions are then initiated 
depending on the payment scheme.

The above process is very similar to the way credit-card transactions are 
currently processed.  While the process appears to be technically sound, it 
may not meet certain "hidden" criteria needed for successful business 
practice. Take, for instance, simplicity.  Let's face the facts, most 
typical customers like Aunt Sally or Uncle Bob are techno-phobes and 
if they have to muck around with public-keys, private-keys and key management 
that form essential parts of the cryptographic methods, they going to give up 
commerce on the Internet very rapidly no matter how much razzle-dazzle. 
This issue will have to addressed with user interfaces 
that are intuitive and hide the complexity of the underlying technology. 

Another issue is speed of transaction completion. This is an issue which 
has not been addressed so far. The payment schemes would need to be 
sophisticated enough to happen in near real time, for information 
transactions (accessing documents for which payment is required).  
Studies have shown that most of us don't have the patience to wait 20 
seconds while a hyperlink is being looked up or processed by the server. 
Most cryptographic methods will take some finite time to process.  Add 
other layers of processing to this and we have a significant wait. This 
raises a business question: What is the optimum time that a customer is 
willing to wait before the transaction is consummated? We know from 
customer service research that fast service is often the key competitive 
differentiator.

Finally, as a vendor which payment scheme should I choose?  If vendors 
each sign up for only one of these schemes, then buyers will have to join 
several in order to do business with several vendors. It would be good if 
all vendors could be expected to join all the schemes so that buyers need 
only join the scheme of their choice, but given that some vendors will be 
very small, this appears to be unlikely. 

So, we can expect several competing schemes in existence simultaneously 
making inter-operable electronic commerce a necessity.  It would be 
extremely valuable to the future of electronic commerce on the Internet if 
it could be arranged so that both vendors and buyers need each only join 
one scheme of their choice. To achieve this would require a way of 
passing order and payment details between the payment schemes. And, to 
complicate matters even futher, the payment process should flexible 
enough to map on the other emerging network media for doing business 
namely cable TV and wireless networks,

These are some business issues that need to be considered. Obviously, the 
right time to address these issues is right now before we get to a situation 
where we have several "islands of electronic commerce".