Upload
autumn-douthitt
View
218
Download
2
Tags:
Embed Size (px)
Citation preview
Commerce ÉlectroniqueCommerce ÉlectroniqueSéance 5Séance 5
La gestion et l ’utilisation de l ’information sur internet
Jacques Nantel
octobre 2002
La notion de vie privée telle de vue par les consommateurs
SurfingTechnology solutions, consumers can dismantle tracking software.General control maintained.
PurchasingUse cash (not feasible online), technology.General control maintained.
SurfingAble to access privacy statements, opt-in and opt-out options, technology solutions.Consumer owns information.
PurchasingAble to access privacy statements with opt-out option if using credit card, ability to pay cash with opt-in option.Consumer owns information.
SurfingMovements tracked by software.Consumer no longer owns information.
PurchasingUse credit card, no privacy statement.Consumer no longer owns information.
SurfingAble to access privacy statements, no opt-in and opt-out options, no technology solutions.Consumer no longer owns information.
PurchasingHave to use credit card.Privacy statement, no opt-out.Consumer no longer owns information.
Consumer ControlGoodwin, C. (printemps 1991), “ Privacy : Recognition of a Consumer Right ”, Journal of Public Policy and Marketing, Vol. 10, No 1, pp. 149-66.
NO YES
NO
Consumer Knowledge
YES
Group G47 "Terms and Conditions" (Value tabulated = 1)
Pct of Pct ofDichotomy label Name Count Responses Cases
What's Being Collected Q39 838 19.3 56.5How it will be Used Q40 1084 24.9 73.1In Exchange for Access to Site Q41 345 7.9 23.3Discount at Site's Store Q42 361 8.3 24.4Some Value Added Service Q43 459 10.6 31.0Aggregated Only Q45 831 19.1 56.1Would Not Give Q46 130 3.0 8.8Other Q47 302 6.9 20.4 ------- ----- ----- Total responses 4350 100.0 293.5
Nature des informations colligées
• Nombre de clicks
• Click streams
• Temps moyen par page
• Circuits et liens– entre les sites– pour un usager
• Achats
Quelques mécanismes de base
• Identification minimale d ’un usager– Pays– Nature du serveur
• Distinction entre la machine et l ’utilisateur
• Utilisation des «cookies»
• Utilisation des «cookies étendus»
• Notion de passeport électronique
• Combinaison avec d ’autres mécanismes
Nature des modèles de réponse
• Aucun modèle
• Identification pour fins publicitaires
• Identification pour fins de revente de l ’information
• Identification pour fins de configuration du site– «Customization (rules-based systems)– Collaborative filtering– Open Profiling Standards
L’intérêt, pour l’entreprise à utiliser de la donnée privée
• La personnalisation
• Le courriel
• La commercialisation croisée
Ce que viennent changer les systèmes CRM
• Ils composent avec de plus grandes bases de données
• Ils sont plus rapides
• Ils sont souvent plus efficaces
• Ils permettent de coordonner plusieurs vendeurs
• Ils sont efficaces pour démontrer le ROI
• Ils peuvent être plus coûteux
Mesures de performance de l ’action marketing selon la nature du commerce
Sites webavec CRM
Sites web Catalogue Tradition Moyenne
CoûtsD'acquisition 14$ 55$ 14$ 34$ 29$
Revenusrécurrents 55% 42% 40% 34% 40%
Coûts deRétention 6$ 24$ 8$ 16$ 13%
Source: BCG déc. 2001
La commercialisation par courriel
• Spams
• Permission
• Viral
Marketing par personnalisation
• Amazon
• Land’send
Web-based Personalization
• Personalized services
–My Virtual Model
–My Personal Shopper
• Personalized products
–Lands’ End Custom
My Virtual Model
• 13% of landsend.com visitors use it
• 34% higher conversion rate
• 7% higher average order value
Mark UgarDirector, Retail Vertical MSN
Microsoft .NET Passport June 2002
Authentication• What is it?
– Presentation of valid credentials to convince a network that you are allowed to access some set of resources
• Why is it important?– Sites, devices, networks and applications need a
way to provide a secure, customized experience– A secure authentication mechanism is
important to ensure the integrity of the transaction
What is Microsoft .NET Passport?
Internet scale
authentication service
available to any web site
Key features:Key features: Single sign in across Single sign in across
multiple sitesmultiple sites
Enables easy, secure Enables easy, secure commercecommerce
Enables parents to Enables parents to make informed make informed decisions for kids decisions for kids (Kids .NET Passport)(Kids .NET Passport)
User in control, data User in control, data stored is minimalstored is minimal
PUID .NET Passport Unique ID defined by .NET Passport
User profile
•User's e-mail address or phone number
•First and last names
•Demographics data:– Country/region, postal code, and state– Time zone, preferred language,– Accessibility– Occupation– Birth date and gender
Credentials
Standard User's e-mail address (from the user profile)
Password of at least six characters
Secret question and answer
Alternate (optional)
Phone number and 6 digit PIN
Strong (optional)
Four-digit security key
Three secret questions and answers
Wallet Card type, card numbers, name on card and associated expiration dates, billing addresses (first and last names, address, city, state/region/province, postal code, phone, e-mail) and friendly description
Shipping addresses (first and last names, address, city, state/region/province, postal code, phone, e-mail) and associated friendly description
Benefits for Consumers• Single sign-in
– Only one user name and password to remember– Common experience on all participating web sites
• Anytime, anywhere, any device– Personalization associated with user, not device
• Privacy and security– User in control of their information
• Faster & easier online purchasing
Benefits for Partners• Enables deeper relationships with customers
– Single click log-in removes registration barriers– .NET Passport identifies a customer consistently
across multiple Web sites– Authentication for additional services
• Lets partners focus on core competencies– Microsoft manages evolution of new technologies
(mobile devices, smart card, biometrics) – Microsoft supports users (password resets)– Saves money
.NET Passport: Running at .NET Passport: Running at Scale TodayScale Today
165 million accounts165 million accounts Growth – millions per monthGrowth – millions per month 2 billion authentications per month2 billion authentications per month Used for most Microsoft online Used for most Microsoft online
properties & growing number of properties & growing number of third partiesthird parties
.NET Passport Usage Today• Over 270 signed and implementing• 77 total live today• 64 live express purchase• 13 live Single Sign In (SSI)• Some examples:
800.com800.com800Flowers.com800Flowers.comStarbucks.comStarbucks.comExpedia.comExpedia.comOffice DepotOffice Depot
OfficeMaxOfficeMaxMcAfee.comMcAfee.comRadio ShackRadio ShackVictoria’s Secret Victoria’s Secret CatalogCatalogBuy.comBuy.com
Privacy• Critical success factor: trusted data management
– Microsoft will make no secondary use of .NET Passport data– Microsoft will not mine, sell, rent, lease .NET Passport
or .NET My Services data– Easy user management of consent/permissions
• We are legally accountable to honor our privacy guidelines
• Partners contractually agree to privacy standards
• We support Safe Harbor for all customers worldwide
• Microsoft services subject to same conditions as other partners
Security• Secure data centers
– Physical access controls– User information stored on servers that are not
connected to the Internet
• Credential information never shared with partner sites
• .NET Passport data is always encrypted
• Sophisticated intrusion detection
• Multiple security levels
.NET Passport Consent model• User decides what part of their .NET Passport profile they want to share
with Web sites at Sign In:
– Email address
– First and last name
– All other profile information
• Default during registration is that nothing is shared (full affirmative consent). In that case, only the PUID is transferred to participating sites at Sign In and .NET Passport provides a true ‘anonymous’ authentication system (No personal information is shared)
• No partner specific information (e.g. shoe size, favorite music, etc.) is ever shared with .NET Passport
• Selected wallet information is shared only when using the .NET Passport express purchase service
ParticipatingWeb Site
.NET .NET Passport Manager Object(encryption library, authentication
and data access interfaces)
ParticipatingWeb Site
Passport Manager Object(encryption library, authentication
and data access interfaces)
Microsoft .NET PassportDomain Authority
User Registration and AuthenticationWeb Servers and Databases
Microsoft .NET PassportDomain Authority
User Registration and AuthenticationWeb Servers and Databases
Microsoft .NET PassportDomain Authority
User Registration and AuthenticationWeb Servers and Databases
.NET Passport Sign In.NET Passport Sign InBrowser
(SSL, Javascript, Cookies)
ParticipatingWeb Site
.NET Passport Manager Object(encryption library, authentication
and data access interfaces)
(3) AuthenticationRequest
(4) Auth ResponseCookies:In pp.comRedirect URL:Includes site specifict=ticket and p=profileon the query string
(1) InitialPage Request
(2) Redirect forAuthenticationId=site-id, ru=return URL
(5) AuthenticatedPage RequestT=ticket, P=profile
(6) Page includingSet cookie for MSPAuth and MSPProf
•No server-to-server communication at authentication
•Central Configuration Service
•.NET Passport Manager server object resident at SSI Site
•Alternative Interfaces (not shown)
•Digest security packages for non-HTML clients
•XML interfaces for clients
Central Config Service‘Nexus’
Valid Domains, Schema, URLs
Configuration and Database Servers
Registration and Login Servers
The Truth About .NET Passport• Users choose what data is shared with partners• Partners do not share their data with .NET Passport• .NET Passport collects a limited set of user information• .NET Passport does not track what users do on the web• Microsoft will not use .NET Passport information to
market to customers• .NET Passport is not required to use Windows XP• MSN sites play by the same rules as other partner sites
Business Model Guiding Principles
• .NET Passport– End users will not be charged for .NET Passport
authentication functionality– Partners who use the service will be charged a fixed
annual fee plus a utilization charge above a certain threshold
Principales questions
Ad networks
Other third parties
PartnersAffiliates
Subsidiaries
Offline transactions
2
2
3
4
5
1) What kinds of notice should Web sites be required to provide before they collect information? Should limits be imposed on what can be collected and how long it can be kept?
2) Can on- and offline data be merged? What are the notification requirements?
3) Should consumers have a right to opt out or opt in before Web sites channel ad networks’ cookies to their machines?
4) What kind of sharing takes place with a Web sites’ business partners -- which are considered “third parties”?
5) Should Web sites be required to have opt-in or opt-out policies on third-party data sharing?
Web sites
1 6
6) What access should consumers have to their information?
Forrester May 2000