The Transition from eCommerce to mCommerce: Why Security Should be the Enabling Technology

ABSTRACT The transition from e-commerce to m-commerce will introduce additional security threats compared to the status quo; issues that have already been solved for e-commerce re-emerge as security is traded for performance on low-power mobile devices. Nonetheless, as business fundamentally relies on security - the fairness that both parties receive what they were promised - technology protecting intellectual property will most certainly become available. Despite hackers cracking almost every copy protection, online connections will allow implementing secure cryptographic envelopes to protect digital content. It has now been more than one year that the recession or slump caused by a dramatic reduction of market capitalization in the new economy prevails. The public might perceive this as the Armageddon of E-commerce but fails to acknowledge the value already added to our daily lives. As the Economist (2001) writes, "the spectacular bursting of the Internet bubble has led some to question the very importance of the net." Nonetheless, a plethora of business transactions, i.e. exchanging goods and services, are already being conducted using electronic means of communication. The enabling technology in the future will most certainly be security. As the number of transactions increases ex-post controls are being rendered infeasible because checking logs would consume excessive resources. Moreover, the widely anticipated transition from E-commerce to M-commerce additionally leverages the significance of security requiring an unprecedented impetus to satisfy consumer needs. The fundamental concept of commerce is to exchange goods and services in return for payment or in the case of a barter economy in return for other goods or services. This concept obviously only works in the interest of both parties if basic security requirements such as the atomicity of a transaction can be guaranteed. In the non-mobile IT world most of the involved challenges have already been addressed and at least conceptually solved if not yet widely implemented. The different characteristics of non-mobile E-commerce and M-commerce and their unique usage patterns entail various additional security threats mainly caused by the fact of mobility itself (Ghosh and Swaminatha 2001). In addition to the economic slowdown, the transition from E-commerce to M-- commerce weakens security - the aforementioned feature that is widely considered to be the decisive factor in broad acceptance. Currently, mobile devices lack even basic security concepts and when protocols, programming languages and operating systems were designed security was traded for performance. On mobile devices the need to conserve energy obviously limits processing power; as a result state-of-the-art security concepts have not been implemented. For instance, WML script - the mobile version of JavaScript - does not implement the sandbox model, allowing mobile code unlimited access to all local resources (Ghosh and Swaminatha 2001). Moreover, most PDAs (personal digital devices) lack memory protection mechanisms and support only basic access control - if any at all. As the hype about E-commerce has passed its culmination, real consumer benefits will increasingly move into the center of interest. Given the experience that researchers - especially in the natural sciences, mathematics and computer sciences - have with computers, it is not surprising that they were among the first to integrate E-commerce transactions, such as using digital libraries, into their day-to-day lives. Beside supporting business transactions of brick-and-mortar companies, digital content - be it music, stock quotes or any other form of information - is the rationale for using electronic commerce at all. Similar to the advances caused by fundamental inventions like electricity, the real benefits will be gradually introduced; they will first be adopted by large companies and technologically savvy people - often referred to as early-adopters. …