Even third parties must earn the trust of users

When The Open Group started investigating the relatively slow take-up of e-commerce, we quickly separated internet-based transactions into two camps.

The first and most familiar is the commercial public site that takes business via credit cards. For the buyer and seller, a business-to-consumer transaction makes use of the existing rules of credit card transactions.

In effect, both parties continue to trust the credit card company to process their part of the transaction correctly.

For the user, there is no difference between using the internet and telephoning an order. And for the vendor, the transaction is treated as any other cardholder-not-present transaction.

In a business-to-business transaction, however, the process becomes more complicated. There are generally more steps involved, with inherent delays between them. The business process itself may not be as well understood (or documented) as the familiar consumer credit card transaction.

When the transaction is underway, both parties will perform some checks. This is normal business practice and helps to build trust by providing assurances.

A third party often executes parts of this process, for example credit checking or company references. After checks have been made, the transaction will be executed under agreed terms and conditions.

Unlike the credit card scenario, the terms and conditions may be negotiated separately for each transaction, depending on the risks and value involved.

This step alone holds up the process. Numerous services can come into play when making a business risk decision. A few of these services have been automated, but many have simply been ignored in the rush to e-business.

E-business vendors insist on trusting new third parties to somehow validate the identity, and possibly the authenticity, of the trading party.

Most trusted third parties in the market today, such as Public Key Infrastructure-based certificate authorities, carry little or no liability, so it's no wonder that business users find it hard to trust them.

The e-business community has to have an understanding of the services that are required, and map them to existing services.

It may be that some services will not be possible over the internet, while others will be natural candidates for online delivery.

The mapping of trust services is one of the early projects identified within The Open Group's Active Loss Prevention initiative.

There is a long way to go before we fully understand all the intricacies of business-to-business requirements for building trust into the relationships we established on the net. But one thing is certain: there's a lot more than just a trusted third party.

Ian Lloyd is director of the Active Loss Prevention Initiative at The Open Group. For information visit www.opengroup.org/alp.