mCommerce: Ready To Roll

Introduction

Mobile commerce is a hot issue. Analysts tell us that close to 50% of all e-commerce will be mobile and the projections are staggering. Big numbers are needed to sell expensive reports and quite often they represent the future seen through rose-tinted glasses, but cellular telephony has always been an exception. The figures for subscribers, for example, have consistently exceeded forecasts, so why should mcommerce be an exception?

Security: The Primary Concern

Security is the only serious concern. If secure transactions can be made using mobile phones then subscribers - currently over 300 million in the case of GSM and the figure is still heading north - are going to make big-time use of the new services. The reason is simple: convenience. No need to look for small change if you want a Coke from the vending machine. This service has been running in Finland for some time. It's a hit with the kids because daddy pays for their purchases, but Finnish daddies have found out that their offspring are buying lots of Cokes and selling them at a discount to their friends, so in this case one could argue that there was a security issue.

This is a somewhat trivial example, but the benefits of being able to conduct a financial transaction while mobile are considerable. Examples include paying via the telephone bill for purchases like petrol (gas) and services such as parking, but this is only the beginning, the tip of a very large iceberg. As soon as phones and point-of-purchase systems are Bluetooth-enabled, almost everything and anything becomes possible. Throw WAP and the ability to display graphics into the equation and some really interesting apps take shape. For example, a group of friends are having a drink and decide to take in a movie. They browse through the local entertainment service, decide which one they want to see, take a look at the seating plan, select the best free seats and purchase the tickets. The transaction is stored in the mobile, so when they arrive at the cinema there is no need to queue; the purchaser merely points his/her phone at the checkpoint and through they all go!

Security Over Public Networks

There is an obvious security distinction between a short-range, Bluetooth transaction and one made over the public network. The former represents the wireless equivalent of swiping a credit- or bankcard; it is virtually impossible to monitor this type of transaction and the information content is worthless. Information sent over a public resource can be monitored, so the best way of ensuring that the transaction is totally secure is to make this type of content equally worthless. This can be done in various ways; in fact there are so many ways and so many acronyms (PKI, X.509, SSL, WTLS, RSA, etc.) that one can only conclude that a few of them simply must work. This perception is also reinforced by the involvement of credit card companies, banks, and other financial institutions.