1. Field of the Invention
The present invention is directed to methods, computer-based systems, and computer program products for maintaining a consumer's privacy and security during commerce transactions.
2. Discussion of the Background
Internet e-commerce has, by the year 2000, grown into a $40 B per year industry in the United States alone. The size of the industry is bounded only by the population and their propensity for shopping. However, as with any new concept, impediments arise that hinder the acceptance of the idea. For e-commerce the major impediment to widespread acceptance has been privacy and security. Privacy and security are also growing concerns for all commerce, including the established brick-and-mortar retailers as well as the established mail order retailers.
The Internet is a great tool for browsing for information on products from competing vendors, for finding vendors that the shopper did not know even existed, and for finding the best deal. However, in order to place a purchase online, the shopper has to divulge an assortment of private and personal information, for example, their name, address, credit card number and expiration, billing address, contact info, shipping address, etc.
Early services, such as Microsoft Passport, made strides in protecting the information in-transit between the consumer and merchant in an e-commerce transaction, but do not address all of the privacy concerns regarding the information that is ultimately provided to the merchant. In other words, the merchant ultimately receives the information, albeit via a secure transaction, and the protection of that information by the merchant, as well as others, is also a concern of consumers. Other early electronic ‘wallets’ function in a similar fashion, providing a secure transmission of private information to a merchant. Privacy concerns, however, are further-reaching than merely the secure transmission of private information. Consumers are concerned not only with the security of the transmission of information, but also with their privacy as related to the disclosed information after the transaction has been completed. Furthermore, consumers are concerned with the security of information stored by merchants after the transaction has been completed.
In order for e-commerce to realize its potential, consumers must be convinced that they can enter into e-commerce transactions without compromising their privacy or security. As discussed above, consumers of brick-and-mortar retailers and mail order retailers would also like this privacy and security. Attempts to provide security and privacy have, to date, been inadequate. These attempts include services that require the setup of special cash accounts or the purchase of special cards (similar to pre-pay phone cards) for the purchase of goods online. By their nature, these services do not protect the identity of the recipient, as the merchant must be told to whom the purchased product must be shipped. Furthermore, these approaches do not afford the convenience or protection of conventional credit card purchases.
Other attempts have been made to address the privacy concerns of on-line consumers. For example, U.S. Pat. No. 6,006,200 discloses an approach whereby a private shipment number is used as key for decoding an address by a shipping company. This approach is notably flawed for applications to privacy. For example, the ship number that is used for each shipping address is static, and therefore, susceptible to ‘data mining’ for this string (effectively a database ‘key’). If the ship number can be associated with an identity, then this identity can be traced wherever the ship number was used, breaking any privacy protection for the consumer. Other approaches are similarly flawed. In the e-commerce domain, providing an individual with a unique identification code does not conceal that individual's identity, in fact, it facilitates the determination of an individual's identity. Any unique number associated with an individual, or an individual's address, or other attribute of an individual, is analogous to, for example, a social security number or a driver's license number, providing a key through which information concerning that individual may be determined. Accordingly, these unique identifier-based approaches do not comfort potential e-commerce consumers concerned with privacy.
The challenge, then, as presently recognized, is to develop an approach that will provide anonymity and privacy for e-commerce consumers, as well as consumers in general. It would be advantageous if the approach were able to conceal the identity of customers on a per-transaction basis, so that information mining techniques were unable to gather information concerning an individual by mining transactions with common attributes.