.. to coordinate the standardization activities in the field of Information and Communications Technologies

• About
  • Introduction
  • Terms of Reference
  • Members
  • Policies and standardization
  • ICT standardization
  • Case studies
• |
• Activities
  • Members' activities
  • eHealth and Standardization
  • RFID and Standardization
  • Smart House
  • eEurope
  • Design for All
  • Converging Technologies
  • Consumer Requirements 2003
• |
• Working Groups
  • DATSCG − Design for All
  • EESSI − Electronic signature (closed in 2004)
  • ICTSF − ICT Standards (closed in 2005)
  • ITSSG − Intelligent Transport
  • NISSG − Network and Information Security
  • SHSSG − Smart House
• |
• Documentation
  • Get access rights (members only)
  • ftp−server ICTSB
  • ftp−server DATSCG
  • ftp−server EESSI
  • ftp−server ICTSFG
  • ftp−server ITSSG
  • ftp−server NISSG
  • ftp−server Portal
  • ftp−server SHSSG
  • E−mail archives ICTSB
  • E−mail archives DATSCG
  • E−mail archives EESSI
  • E−mail archives ICT Study
  • E−mail archives ICTSFG
  • E−mail archives ITSSG
  • E−mail archives NISSG
  • E−mail archives Portal
  • E−mail archives SHSSG
• |
• Meetings
  • Open meetings
  • ICTSB meetings
  • DATSCG meetings
  • EESSI meetings
  • ICTSFG meetings
  • ITSSG meetings
  • NISSG meetings
  • SHSSG meetings
• |
• Glossaries
  • CEN Glossary of Terms
  • CENELEC List of Acronyms
  • ETSI Terms and Abbreviations
  • ETSI editHelp Abbreviations

Consumer Requirements in ICT standardization - 2003
(Electronic) Commerce: Security of financial transactions (via the Internet)

Disclaimer: The "interim ICTSB response" is a collection of opinions which does not necessarily represent a consensus view of the ICTSB

Generic Consumer Requirements in ICT standardization extracted from the ANEC report	Interim ICTSB response
1. Liability: Under all these systems consumers need to know the extent of the card issuer's liability for Internet transactions. (In the UK, there is consumer legal protection when using credit cards, but its applicability to Internet and international transactions is unclear).	Not for standardization
2. Costs: Transaction costs (credit card charges) should be clear to the user and should not restrict small-cost purchases. There should be no cost penalties using the payment methods for transactions via the Internet compared with purchases by other communications systems.	Not for standardization
3. Ease of use: The use of cards or e-cash transactions over the Internet should be easy and it should be evident to the consumer what is going on. A standardised sequence and terminology should be employed.
4. Contracts: The contract between the consumer and the retailer should have similar scope to other mail order transactions. This is a legislative issue rather than a standards issue. However, on any Internet retailer web site the contract should be available in a standardized format (e.g. standard indicators or positions or links) and be accessible, easily understood, easily readable (e.g. standard font size) and available in an appropriate number of international languages.	Not for standardization
5. Security: Transactions on the Internet, using cards, should be no less secure than other card transactions. However, digital technology is capable of providing better security and this should be utilised. There is a perception by many consumers that the system is not financially secure, so it would make sense to address this issue.
6. Trust Marks: Marks and labels are means of creating consumer confidence. A number of initiatives have been introduced in order to identify 'trusted' web retailers. A typical example being Which Web Trader, which is used in several European countries (www.which.net/webtrader). In the UK, this system has proved to be very popular with both consumers and retailers. However, if a trust mark system is to be used universally then standards need to be adopted for the trust mark systems themselves. Unfortunately, ANEC has to express its strong concerns regarding the results of the CEN/ISSS Workshop on e-Trust and the draft agreement as submitted in late 2002. The set of regulatory and self-regulatory requirements as elaborated by the Workshop ignores basic legal requirements of European legislation as far as consumers are concerned. Hence, ANEC is not in the position to endorse the document as it is and calls upon CEN/ISSS to redraft the document taking into account the ANEC comments, which are based on the joint e-confidence project of BEUC and UNICE in order to address consumers' needs. This project was launched by the European Commission seeking to promote a high level of consumer protection and to encourage the sale of goods and services on the Internet. Trustmarkschemes wishing to participate in the e-confidence initiative must comply with a set of requirements (BEUC/X/179/2000).
7. Web retailers should operate a 'customer account' system whereby if a consumer returns for a subsequent purchase then their credit card details are held on a (optional) secure file in such a way that they do not have to be sent over the Internet a second time.
8. Encryption: Various sophisticated encryption systems have been proposed, for instance RSA/SET two-key system, Trusted Third Party (TTP) or digital signatures. These are likely to become de-facto standards. Official standards bodies need to adopt these systems so that consumers feel confident about them. In order to be adopted, the systems need to be demonstrably secure.
9. If an insecure transmission link is being used, appropriate warnings should be displayed.
10. Liability: Consumers should not be liable for losses resulting from fraud.