Electronic Commerce Modeling Language

Electronic Commerce Modeling Language (ECML) is a protocol which enables the e-commerce merchants to standardize their online payment processes. Through the application of ECML, customers' billing information in their digital wallet can be easily transferred to fill out the checkout forms.[1]

There are various companies that have participated in ECML's alliances, including American Express and Mastercard.[1]

As a standard developed by the alliance, ECML has solved the problem of complex and confusing online manual payments caused by diverse web designs, and further reduces the chance of customer dropout (also called shopping cart abandonment).[1] On the other hand, ECML deals with sensitive information such as credit card numbers and home addresses—its data security is controversial, and privacy considerations should be taken.[2][3]

Alliances

The members of ECML Alliance listed in alphabetical order below:[1]

  1. American Express
  2. AOL
  3. Brodia
  4. Compaq
  5. CyberCash
  6. Discover
  7. FSTC (www.fstc.org)
  8. IBM
  9. Mastercard
  10. Microsoft
  11. Novell
  12. SETco
  13. Sun Microsystems
  14. Trintech
  15. Visa International

ECML and customer dropout behaviors

Customer dropout is also called shopping cart abandonment—it is a type of behavior which customers display inclination of purchase without completing the final payment. According to a commercial study, there is a rate 25% to 75% that the customer would abandon a transaction before it is completed due to various reasons.[4] Aside from motivational factors such as customer's fundamental needs and spontaneous purchases, emotional factors such as irritation and disappointment also determine whether a transaction would be successful. Research has shown that payment inconvenience and perceived wasting time are factors that would contribute to customer's irritation.[4]

Electronic Commerce Modeling Language could potentially decrease customer irritation in two ways, and further benefit the industry of electronic commerce as a whole. First of all, it provides a standardized set of information fields which would improve the manual process of online payment. Entering relevant information into the checkout form would become an easier task for customers. Secondly, ECML allows a smooth information transfer between customer's digital wallet and e-commerce checkout form. Information does not have to be manually entered into the system.[1]

ECML and customer's privacy expectations

The application of ECML requires the online shoppers to disclose their personal information which includes financial, shipping, billing, and preference details.[1] According to relevant research, customers are able to categorize the level of risks associated with different types of information disclosure.[5] Among the information that is required to complete an online order, the user's home address is categorized as secure identifiers which is perceived as the most sensitive by customers. Other secure identifiers include DNA profile, medical history, and social security numbers.[5] Furthermore, other empirical studies has confirmed customers' consistent privacy expectation --- even they have revealed personal information in exchange for services, their expectation of privacy protection is unlikely to change.[6][7] Firms that adopt to ECML should undertake the responsibility and regulate themselves to actively protect the information collected during transactions.[8]

Privacy considerations and suggestions

Electronic Commerce Modeling Language is consistent with Platform for Privacy Preferences (P3P),[9] a controversial protocol which addresses online privacy concern. Initially, P3P is designed to simplify users' access and understanding on privacy policies posted on the websites. It has employed a multiple choice format to make connections between human readable privacy notices and privacy policies, as well as offering agents conduct policy evaluations.[2] On the other side, some studies have also argued that P3P has made users' private information more vulnerable.[3] The platform is accused for its exclusive nature that would disadvantage non-compliant websites with good privacy practices, and its lack of privacy policies' enforcements.[3]

Although the developers of electronic commerce modeling language have not explicitly specified how the information can be safely stored and protected, object security protocols (include XML encryption and XMLDsig), and channel security are all possible ways of privacy protection.[10]

Since ECML is an application related with sensitive information such as credit card numbers and home addresses. Privacy considerations thus have become crucial. There are several suggestions listed below to protect customer's privacy:[1][10]

  1. ECML memory of sensitive information cannot exist. If it is installed on a public terminal, the wallet has to be configurable.
  2. A password should be set up and required each time when the user wants to access the stored information.
  3. Users need to have control of whether the stored sensitive information is released or not.

Example

<html>
<head>
  <title>eCom Transaction Complete Example</title>
</head>
<body>
  <form>
   <p>Thank you for your order.  It will be shipped in several days.</p>
   <input type="hidden" name="Ecom_Merchant" value="www.merchant.example">
   <input type="hidden" name ="Ecom_Processor"
          value="www.processor.example">
   <input type="hidden" name="Ecom_Transaction_ID" value="EF123456">
   <input type="hidden" name="Ecom_Transaction_Inquiry"
          value="http://www.merchant.example/cgi-bin/inquire?ID=EF123456">
   <input type="hidden" name="Ecom_Transaction_Amount" value="789.00">
   <input type="hidden" name="Ecom_Transaction_Currency" value="USD">
   <input type="hidden" name="Ecom_Transaction_Date" value="July 14 2000">
   <input type="hidden" name="Ecom_Transaction_Type" value="credit">
   <input type="hidden" name="Ecom_Transaction_Signature"
          value="ig6rh4;;20dfna00s34hj10s--s-45j30-22z92l-frwds-85">
   <input type="hidden" name="Ecom_TransactionComplete">
   <input type="hidden" name="Ecom_SchemaVersion"
          value="http://www.ecml.org/version/1.1">
  </form>
</body>
</html>

See also

References

  1. ^ a b c d e f g Goldstein <tgoldstein@brodia.com>, Ted (April 2001). "ECML v1.1: Field Specifications for E-Commerce". tools.ietf.org. Retrieved 2020-10-29.
  2. ^ a b Cranor, L.F. (2003). "P3P: making privacy policies more useful". IEEE Security & Privacy. 1 (6): 50–55. doi:10.1109/msecp.2003.1253568. ISSN 1540-7993.
  3. ^ a b c "Pretty Poor Privacy: An Assessment of P3P and Internet Privacy". epic.org. Retrieved 2020-10-31.
  4. ^ a b Bell, Lynne; McCloy, Rachel; Butler, Laurie; Vogt, Julia (2020-07-03). "Motivational and Affective Factors Underlying Consumer Dropout and Transactional Success in eCommerce: An Overview". Frontiers in Psychology. 11: 1546. doi:10.3389/fpsyg.2020.01546. ISSN 1664-1078. PMC 7351522. PMID 32714258.
  5. ^ a b Milne, George R.; Pettinico, George; Hajjat, Fatima M.; Markos, Ereni (2017). "Information Sensitivity Typology: Mapping the Degree and Type of Risk Consumers Perceive in Personal Data Sharing". Journal of Consumer Affairs. 51 (1): 133–161. doi:10.1111/joca.12111. hdl:10.1111/joca.12111. ISSN 1745-6606.
  6. ^ Martin, Kirsten E. (2019-11-24). "Breaking the Privacy Paradox: The Value of Privacy and Associated Duty of Firms". Rochester, NY. SSRN 3349448. {{cite journal}}: Cite journal requires |journal= (help)
  7. ^ Karwatzki, Sabrina; Dytynko, Olga; Trenz, Manuel; Veit, Daniel (2017-04-03). "Beyond the Personalization–Privacy Paradox: Privacy Valuation, Transparency Features, and Service Personalization". Journal of Management Information Systems. 34 (2): 369–400. doi:10.1080/07421222.2017.1334467. ISSN 0742-1222. S2CID 38167192.
  8. ^ Radin, Tara J. (2001). "The Privacy Paradox: E-Commerce and Personal Information on the Internet". Business & Professional Ethics Journal. 20 (3/4): 145–170. doi:10.5840/bpej2001203/418. ISSN 0277-2027. JSTOR 27801264.
  9. ^ Eastlake 3Rd, Donald E. (March 2003). "RFC 3505 - Electronic Commerce Modeling Language (ECML): Version 2 Requirements". datatracker.ietf.org. Retrieved 2020-10-31.{{cite journal}}: CS1 maint: numeric names: authors list (link)
  10. ^ a b Eastlake 3rd <donald.eastlake@motorola.com>, Donald E. (June 2005). "Electronic Commerce Modeling Language (ECML) Version 2 Specification". tools.ietf.org. Retrieved 2020-11-05.{{cite journal}}: CS1 maint: numeric names: authors list (link)