Electronic Commerce Modeling Language

From HandWiki

Electronic Commerce Modeling Language (ECML) is a protocol which enables the e-commerce merchants to standardize their online payment processes. Through the application of ECML, customers' billing information in their digital wallet can be easily transferred to fill out the checkout forms.[1] There are various companies that have participated in ECML's alliances, including American Express and Mastercard.[1]

As a standard developed by the alliance, ECML has solved the problem of complex and confusing online manual payments caused by diverse web designs, and further reduces the chance of customer dropout (also called shopping cart abandonment).[1] On the other hand, ECML deals with sensitive information such as credit card numbers and home addresses—its data security is controversial, and privacy considerations should be taken.[2][3]

Alliances

The members of ECML Alliance listed in alphabetical order below:[1]

  1. American Express (www.americanexpress.com>
  2. AOL (www.aol.com)
  3. Brodia (www.brodia.com)
  4. Compaq (www.compaq.com)
  5. CyberCash (www.cybercash.com)
  6. Discover (www.discovercard.com)
  7. FSTC (www.fstc.org)
  8. IBM (www.ibm.com)
  9. Mastercard (www.mastercard.com)
  10. Microsoft (www.microsoft.com)
  11. Novell (www.novell.com)
  12. SETco (www.setco.org)
  13. Sun Microsystems (www.sun.com)
  14. Trintech (www.trintech.com)
  15. Visa International (www.visa.com)

ECML and customer dropout behaviors

Customer dropout is also called shopping cart abandonment—it is a type of behavior which customers display inclination of purchase without completing the final payment. According to a commercial study, there is a rate 25% to 75% that the customer would abandon a transaction before it is completed due to various reasons.[4] Aside from motivational factors such as customer's fundamental needs and spontaneous purchases, emotional factors such as irritation and disappointment also determine whether a transaction would be successful. Research has shown that payment inconvenience and perceived wasting time are factors that would contribute to customer's irritation.[4]

Electronic Commerce Modeling Language could potentially decrease customer irritation in two ways, and further benefit the industry of electronic commerce as a whole. First of all, it provides a standardized set of information fields which would improve the manual process of online payment. Entering relevant information into the checkout form would become an easier task for customers. Secondly, ECML allows a smooth information transfer between customer's digital wallet and e-commerce checkout form. Information does not has to be manually entered into the system.[1]

ECML and customer's privacy expectations

The application of ECML requires the online shoppers to disclose their personal information which includes financial, shipping, billing, and preference details.[1] According to relevant research, customers are able to categorize the level of risks associated with different types of information disclosure.[5] Among the information that is required to complete an online order, the user's home address is categorized as secure identifiers which is perceived as the most sensitive by customers. Other secure identifiers include DNA profile, medical history, and social security numbers.[5] Furthermore, other empirical studies has confirmed customers' consistent privacy expectation --- even they have revealed personal information in exchange for services, their expectation of privacy protection is unlikely to change.[6][7] Firms that adopt to ECML should undertake the responsibility and regulate themselves to actively protect the information collected during transactions.[8]

Privacy considerations and suggestions

Electronic Commerce Modeling Language is consistent with Platform for Privacy Preferences (P3P),[9] a controversial protocol which addresses online privacy concern. Initially, P3P is designed to simplify users' access and understanding on privacy policies posted on the websites. It has employed a multiple choice format to make connections between human readable privacy notices and privacy policies, as well as offering agents conduct policy evaluations.[2] On the other side, some studies have also argued that P3P has made users' private information more vulnerable.[3] The platform is accused for its exclusive nature that would disadvantage non-compliant websites with good privacy practices, and its lack of privacy policies' enforcements.[3]

Although the developers of electronic commerce modeling language have not explicitly specified how the information can be safely stored and protected, object security protocols (include XML encryption and XMLDsig), and channel security are all possible ways of privacy protection.[10]

Since ECML is an application related with sensitive information such as credit card numbers and home addresses. Privacy considerations thus have became crucial. There are several suggestions listed below to protect customer's privacy:[1][10]

  1. ECML memory of sensitive information cannot exist. If it is installed on a public terminal, the wallet has to be configurable.
  2. A password should be set up and required each time when the user wants to access the stored information.
  3. Users need to have control of whether the stored sensitive information is released or not.

See also

Platform for Privacy Preferences

Digital wallet

XML

XML Encryption

XMLDsig

E-commerce

Consumer privacy

References

  1. 1.0 1.1 1.2 1.3 1.4 1.5 1.6 Goldstein <tgoldstein@brodia.com>, Ted (April 2001) (in en). ECML v1.1: Field Specifications for E-Commerce. https://tools.ietf.org/html/rfc3106.html. Retrieved 2020-10-29. 
  2. 2.0 2.1 Cranor, L.F. (2003). "P3P: making privacy policies more useful". IEEE Security & Privacy 1 (6): 50–55. doi:10.1109/msecp.2003.1253568. ISSN 1540-7993. http://dx.doi.org/10.1109/msecp.2003.1253568. 
  3. 3.0 3.1 3.2 "Pretty Poor Privacy: An Assessment of P3P and Internet Privacy". https://epic.org/reports/prettypoorprivacy.html. 
  4. 4.0 4.1 Bell, Lynne; McCloy, Rachel; Butler, Laurie; Vogt, Julia (2020-07-03). "Motivational and Affective Factors Underlying Consumer Dropout and Transactional Success in eCommerce: An Overview". Frontiers in Psychology 11: 1546. doi:10.3389/fpsyg.2020.01546. ISSN 1664-1078. PMID 32714258. 
  5. 5.0 5.1 Milne, George R.; Pettinico, George; Hajjat, Fatima M.; Markos, Ereni (2017). "Information Sensitivity Typology: Mapping the Degree and Type of Risk Consumers Perceive in Personal Data Sharing" (in en). Journal of Consumer Affairs 51 (1): 133–161. doi:10.1111/joca.12111. ISSN 1745-6606. https://onlinelibrary.wiley.com/doi/abs/10.1111/joca.12111. 
  6. Martin, Kirsten E. (2019-11-24) (in en). Breaking the Privacy Paradox: The Value of Privacy and Associated Duty of Firms. Rochester, NY. https://papers.ssrn.com/abstract=3349448. 
  7. Karwatzki, Sabrina; Dytynko, Olga; Trenz, Manuel; Veit, Daniel (2017-04-03). "Beyond the Personalization–Privacy Paradox: Privacy Valuation, Transparency Features, and Service Personalization". Journal of Management Information Systems 34 (2): 369–400. doi:10.1080/07421222.2017.1334467. ISSN 0742-1222. https://doi.org/10.1080/07421222.2017.1334467. 
  8. Radin, Tara J. (2001). "The Privacy Paradox: E-Commerce and Personal Information on the Internet". Business & Professional Ethics Journal 20 (3/4): 145–170. doi:10.5840/bpej2001203/418. ISSN 0277-2027. https://www.jstor.org/stable/27801264. 
  9. Eastlake 3Rd, Donald E. (March 2003). RFC 3505 - Electronic Commerce Modeling Language (ECML): Version 2 Requirements. https://datatracker.ietf.org/doc/rfc3505/?include_text=1. Retrieved 2020-10-31. 
  10. 10.0 10.1 Eastlake 3rd <donald.eastlake@motorola.com>, Donald E. (June 2005) (in en). Electronic Commerce Modeling Language (ECML) Version 2 Specification. https://tools.ietf.org/html/rfc4112.html. Retrieved 2020-11-05.