Perils and pitfalls of practical cybercommerce

U NLIKE many would-be players in the field of Internet commerce , First Virtual chose to announce its payment system only after it was fully operational. In its first year of operation, the company has experienced exponential growth, and it has gained substantial experience with and insight into the nature of Internet commerce. In this article, the First Virtual team discusses the lessons we have learned from a year's experience with the actual operation of an Internet commerce system and what we see as prospects for the future. First Virtual Holdings was formed in early 1994 to facilitate Internet commerce. The first product offering from First Virtual was an Internet payment system, which was developed quietly and publicly announced as a fully operational open Internet service on October 15, 1994. First Virtual's system differs in many ways from all other proposed approaches to Internet commerce , most notably in the fact that it does not rely on encryption or any other form of cryptography to ensure the safety of its commercial transactions. Instead, safety is ensured by enforcement of a dichotomy between nonsensitive information (which may travel over the Internet) and sensitive information (which never does), and by a buyer feedback mechanism built atop existing protocols. In a nutshell, First Virtual's payment system is built on top of preexisting Internet protocols, notably the SMTP/RFC822/MIME (email), telnet, finger, ftp, and http protocols. Because those protocols are insecure in the sense they carry no strong proofs of identity, it is necessary to design a payment system in such a way as to provide much stronger guarantees. While others have focused on achieving this goal using cryptography , First Virtual designed a higher-level protocol based on email callbacks. In the First Virtual system, a buyer and seller may use any procedure or protocol to meet and transact business. While this often occurs when a buyer browses a seller's Web page, it also frequently happens by email, ftp, or Internet Relay Chat, or even off-net entirely. Moreover, it could easily happen in the future via pro-The first year in the life of First Virtual Holdings-a pioneering Internet-based service company-was conducted with little fanfare, yet filled with memorable challenges and experiences. Here, we get an inside take on the problems, successes, and valuable lessons learned from conducting business on the net.