################################################ # # # ## ## ###### ####### ## ## ## ## ## # # ## ## ## ## ## ### ## ## ## ## # # ## ## ## ## #### ## ## ## ## # # ## ## ###### ###### ## ## ## ## ### # # ## ## ## ## ## #### ## ## ## # # ## ## ## ## ## ## ### ## ## ## # # ####### ###### ####### ## ## ## ## ## # # # ################################################ The following paper was originally published in the Proceedings of the First USENIX Workshop on Electronic Commerce New York, New York, July 1995 For more information about USENIX Association contact: 1. Phone: 510 528-8649 2. FAX: 510 548-5738 3. Email: office@usenix.org 4. WWW URL: https://www.usenix.org Internet Information Commerce: The First Virtual (TM) Approach Darren New Senior Design Engineer First Virtual Holdings Incorporated More info at https://www.fv.com or info@fv.com Talk Outline I. The Problem: Doing Business on the Internet II. Is Encryption the Solution? III. Why Information Commerce is Special IV. The First Virtual Information Commerce Model V. How It Works VI. What It Costs VII. The Protocols VIII. The Corporation IX. The Future X. What We Have Learned I. The Problem: Doing Business on the Internet The Internet is BIG. Really, really BIG. Growing too fast to put numbers on my slides. Unrestricted commercial use, enormous visibility. We wanted to sell jokes on the net. (Really!) Until October 15, 1994, no workable payment infrastructure Traditional Approaches to Internet Commerce -- Focus on goods and services -- Some require encryption -- Some require a closed system First Virtual focuses on information commerce -- "Information" means "delivered via the net" -- No encryption required -- Permits rapid introduction of commerce -- Consistent with today's Internet First Virtual's Goals Focus on Information Commerce Allow anyone to buy or sell Never keep financial information on the Internet Security, but cryptography optional No special software Work with today's Web, FTP, and E-Mail High degree of privacy Very low cost ($0.29 + 2%, INCLUSIVE) Permit microtransactions (sub-penny level) Available today! (a working system, not a statement of direction) II. Is Encryption the Solution? Not completely. There are serious problems. -- Legal: Export & patent restrictions. (Do you like lawsuits & trials?) (Do you want customers in France?) -- Interoperation: There are NO standards. (Do you want to do business TODAY?) (Do you want to limit your customer base to browser X? To only the WWW?) -- Usability: Harder than setting your VCR clock. (Do you want Joe Sixpack as a customer?) (Do you want to be liable for mismanaged crypto keys? Deleted wallet files?) III. Why Information Commerce is Special Information has unique properties For Buyers -- Can't evaluate without obtaining For Sellers -- Never need returned goods -- Near-zero cost of inventory and distribution -- Relatively low out-of-pocket expenses What should a commerce mechanism guarantee? Credit cards guarantee, for physical goods: -- Merchant gets paid, OR gets back goods -- Statistically, usually gets paid. Information merchants NEVER need returns. -- The statistical guarantee is everything! Commerce and Inventory Commerce evolved for goods or services. -- Information was bundled (e.g., in a book) Inventory was costly: -- Shipping, handling, trucking, warehousing, etc. -- Returned goods, damaged merchandise, etc. The cost of producing information (e.g., royalties) is small, compared to the cost of inventory Information Networks Change the Rules Electronic information can be -- duplicated cheaply (virtually free) -- distributred cheaply (virtually free) Of course, Internet access does cost real money -- Each subscriber pays for their own "pipe" The dominant cost is now information creation/synthesis, NOT the cost of inventory! IV. The First Virtual Information Commerce Model We Introduced a New Paradigm: Duplicate, Download, and Decide to Pay Consistent with the Internet culture: -- Information is still freely available! -- If you don't like what you get, you don't pay. -- But if you abuse the system you get no more! Allows anyone to be a seller or buyer, -- No need to qualify as a Visa/MC merchant. -- An unprecedented opportunity for small entrepreneurs. Works with existing financial institutions -- Keeps sensitive information off the Internet -- Use bankcards/checking accounts for settlement Benefits to Sellers Accounting, billing, and collection are simplified -- First Virtual serves as the "back office" The entire Internet is enabled as the market -- 30 million potential customers today! "Shareware" is the proof of concept -- Some folks have earned a lot of income. -- Ease of payment has proven crucial. (Consider the first shareware millionaire!) The FV paradigm is vastly superior to shareware. -- With FV, payment is automatic. -- With FV, abusers lose privileges. -- With FV, it takes action to refuse to pay. -- FV works well for text, music, images, & software. Benefits to Buyers Examine information before deciding to pay for it E-mail confirmation of buyer acceptance detects fraud Bankcard and checking information is not sent or stored on the Internet No cryptography is needed! No new software is needed! For privacy, cryptography can be layered on optionally later. V. How It Works Account Application via Internet -- Sensitive information via phone/post Transactions via Web/FTP/Email -- Payment confirmation via email Anyone can be a seller -- Those without servers can use our InfoHaus (TM), an information "automat" Settlement via direct bank deposit -- Payment lags for untrusted sellers The Account Application Process Buyer fills out application form via Telnet, Web, Email, etc. Includes all non-sensitive information: -- Name -- Email address -- Address, phone, etc. -- Account-ID choice -- Optional settings If complete, FV sends "almost ready" message, including 12- digit application-id To activate your account as a BUYER: -- Call 1-800-*** with app-id and CC# -- $2 charge on credit card -- Credit card used for future purchases To activate your account as a SELLER: -- Send a $10 check to PO Box **** -- Bank account credited for future sales Notification by email when account is ready to use for buying, selling, or both. The Transaction Process Seller receives order via Web, FTP, E-Mail, etc. Seller may validate account in real-time or via e-mail If seller honors order -- Information sent to buyer -- Transaction record sent to First Virtual First Virtual sends "transfer token" to buyer via e-mail Buyer replies with 1 word: -- Yes: payment is authorized. -- No: payment is declined. -- Fraud: cancel account. Seller bears risk of non-payment, but buyers who say "no" too often get invalidated The First Virtual InfoHaus The World's First Public Access Information Mall Anyone can be a seller! -- Each seller has a seller description + info-items -- Each info-item has a free part and a paid part -- 7x24 high-bandwidth availability -- Topic/keyword and date-based searching -- Full text search soon What can be sold? -- One-shot items for sale -- Periodicals (magazines) -- Boxed sets -- Web forms that generate charges, send email Seller access methods -- Telnet/FTP interface -- MIME email interface Buyer access methods -- WWW -- FTP -- Email The InfoHaus: An Automat for Cyberspace! All operations automated -- Seller does not need own computer -- FV does backups, collection, etc Reasonable charges for use -- Monthly storage fees -- Transaction fees for completed sales (+ normal FV charges) Accounting summaries generated (soon) -- How many browsed -- Who bought, who refused A Third party business? -- The InfoHaus has NO privileged position -- Separate business unit -- Competition with FV possible The Settlement Process When buyer accumulates more than $N of charges: -- A single bankcard transaction is originated -- Buyer gets a detailed summary via e-mail First Virtual ages funds for 90 days (for untrusted sellers), and then regularly: -- Direct-Deposits money into seller's account -- Notifies seller in detail via e-mail The 90 day period will eventually be reduced for some sellers Chargebacks are STRONGLY discouraged. VI. What It Costs Account setup -- For buyers: $2.00 -- For sellers: $10.00 Transaction fees -- For buyers: None -- For sellers: $0.29 + 2% (Visa/MC/bank charges INCLUDED) -- Microtransactions permitted (seller accumulation required) Seller settlement charge -- $1.00 per settlement InfoHaus Charges -- $1.50/month/meg -- 8% of sucessful sales (+ normal FV charges, as above) VII. The First Virtual Protocols The First Virtual System Architecture -- Client/server protocols based on TCP/IP standards -- Client sends a "transaction" to FV server (Finer granularity than "fund transfer") -- Server gives response, may take additional actions Data Structures -- All transactions/responses are structured MIME data -- Heavy use of multipart/mixed, multipart/alternative -- One new specialized MIME type Client Interfaces -- All access may be done via email (SMTP) -- Optional access through interactive protocol (SMXP) -- Specialized uses of finger, telnet, DNS, etc. Connection Protocols: Mail and SMXP Mail is simplest: To: sgcs@card.com Content-type: application/green-commerce; transaction=transfer-request SMXP is almost as easy New protocol (port 440), modeled on POP protocol Basic function: interactive exchange of MIME objects. Client passes one MIME object to server. -- Server gives back "+ERR" or "+OK" -- Sometimes, server also gives back another MIME object. The application/green-commerce MIME Type One mandatory Content-type parameter: -- "Transaction" tells what kind of action Simple data structure: -- Modelled on RFC 822 -- "Attribute: Value" syntax -- RFC 822 parsers are instantly reusable A Simple Example To: sgcs@card.com Content-type: application/green-commerce; transaction=transfer-request BUYER: Joe Is a cool dude SELLER: CrazyRDIM AMOUNT: 19.99 CURRENCY: USD US Dollars TRANSFER-ID: SECURITY-REQUIREMENTS: None DESCRIPTION: Purchase of used stock quotes We gave you lots of useful stock quotes and tips that may have helped you in your investments, and it isn't our fault if a grand jury is interested in you! Account Setup Transactions APPLICATION-REQUEST: -- User requests application: APPLICATION-RESULT: -- Server sends back form NEWACCT-REQUEST: -- User send back answers NEWACCT-RESULT: -- Server sends back result: May send more than one (pending, accepted) Sensitive information entered by phone/post Fund transfer (purchase) TRANSFER-REQUEST: -- Someone requests payment TRANSFER-QUERY: -- Server asks buyer for confirmation via email TRANSFER-RESPONSE: -- User says yes/no/fraud -- Special hack: SERVER-ID in Subject. TRANSFER-RESULT: -- Server tells initiator of result. Other Transactions Account status inquiries & histories INQUIRY-REQUEST, INQUIRY-RESULT HISTORY-REQUEST (accountholder only) Server capability inquiries CAPABILITIES-REQUEST, CAPABILITIES-RESULT Tracking the money flow: PAYIN-NOTIFICATION PAYOUT-NOTIFICATION PAYIN-CHARGEBACK-NOTIFICATION PAYOUT-CHARGEBACK-NOTIFICATION PAYIN-FAILURE-NOTIFICATION COLLECTION-FAILURE-NOTIFICATION Changing account information: INITCHG-REQUEST, INITCHG-RESULT, CHGACCT-REQUEST, CHGACCT-QUERY, CHGACCT-RESPONSE, CHGACCT-RESULT (Changes to sensitive information via phone) (Changes to email address routed through old address for confirmation) Miscellany For testing: test.card.com For mail to accountholders: accountid@relay.card.com (Normalize account id to alphanumerics) For quick inquiry-request: finger account-id@card.com For brain-damaged gateways: localpart%domain@email.challenged.card.com VIII. The Corporation Founders: Lee Stein, President and CEO Einar Stefferud, Chief Visionary Nathaniel Borenstein, Chief Scientist Marshall T. Rose, Principal Technical Leaders: Carlyn Lowery, Operations Management Darren New, InfoHaus Development Strategic Partners: EDS First USA NDMC Lloyd Internetworking NCD/Z-Code (several others in process) First Virtual's and the Internet Culture We wanted to preserve the Internet's spirit while enabling commerce. -- Specifications published openly (on ftp.fv.com today) (soon-to-be Informational RFC's) -- Approach leverages existing infrastructure -- Freely-available software -- International usability -- Commercial support available -- System operational prior to public announcement (NO VAPORWARE!) -- System operated on a cost-recovery basis IX. The Future We're not standing still! -- Second payment system under development -- Additional technologies in planning stages -- More major merchants coming soon -- Watch for our own information products soon! -- Our goal: to be the leaders in intellectual property commerce. It Works Today! Here's How to Start: General information: -- info@fv.com -- https://www.fv.com Account Application: -- apply@card.com -- telnet telnet.card.com For sellers: To use the InfoHaus: infohaus-guide@fv.com Technical specs: URL ftp://ftp.fv.com/pub/docs/* Format is easy enough to type by hand! Free code: Patch kits for WU ftpd CGI scripts for Web servers Shell programs and C API for programmers URL ftp://ftp.fv.com/pub/code/* Commercial support: Lloyd Internetworking For buyers: No new software needed. Browse the InfoHaus: https://www.infohaus.com X. What We've Learned From the first 8 months of Internet Commerce What we've learned so far basically comes in four categories -- Technical Stuff -- Political Realities -- Customer Service Requirements -- The Nature of the Market Technical Stuff: Bottlenecks can lurk anywhere -- We designed our system for huge volumes -- Off-the-shelf stuff (e.g. web servers) caused unexpected bottlenecks Exponential growth has to start somewhere -- 15% a week is amazing once it gets going -- It can take a couple of months to get going Programmers are users too -- Tools for commerce-enabling merchants must be extremely usable -- The people who want to use these mechanisms are not all rocket scientists (or even computer scientists) More Technical Stuff Internet mail is a mess -- There are zillions of out-of-spec implementations -- We knew & designed for that fact -- It was still worse than we expected (and not really improving) -- Mail-based services must be pro-active and robust -- Other protocols (HTTP, etc) are just as bad Without automation you're dead -- A one-time event in May 1995 is a 1000-time event in May 1996 -- Every anomaly must be automated -- Users both cause and discover anomalies Political Realities There are powerful vested interests -- Build a better mousetrap, and some may deny it -- Technological excellence is only step one. Underlying dynamic: collision between 2 worlds: -- The Internet & The Financial World We focused on Internet sensitivities -- Openness (buyers & sellers) -- Evolution -- Compatibility with Infrastructure & Culture We almost missed some financial world sensitivities -- Openness (processors & banks) -- Alliances with current players Customer Service Requirements -- Customers get confused. -- Plan on ramping up. -- Need explicit mechanism for ramping up (crisis response) -- Need followup tracking & quality control. -- Instructions can't be too clear or they won't be read. -- Customer problems drive automation improvements. Bottom line: under control, but with more supporting software & effort than we anticipated The Nature of the Market Why would anyone want to do commerce on the net? Some early answers: -- Internet-related information -- Software & financial services -- Erotica FV's answer so far: -- Nobody really knows yet -- This is the hard part. It's also where the real money is. Advice to entrepreneurs: -- Use any payment system that works (so far just FV, but expect to use several) -- Focus on figuring out what people will pay you for. Any payment mechanism that works will suffice. -- Let people know what you're selling. Few will just stumble in.