The Rise of Online Shopping: What About the Rise of Privacy Issues?

May 27,

The Rise of Online Shopping: What About the Rise of Privacy Issues?

When cities, municipalities and states declared quarantine, only the grocery shops were left open. Luckily today, we can find almost everything online! As a consequence, lockdown pushed much more people towards online shopping, resulting in e-commerce in full swing all around the globe. However, the rapid digitalisation of services is raising many questions connected with internet privacy and security of customers who leave more information about themselves online day after day.

Online shopping records unprecedented growth. What will become the “new ordinary”?

According to CCinsight March and April of 2020 have been one the most impressive months for e-commerce so far, with the growth of year-over-year e-commerce hitting at the 70-100% rate. Previously, this kind of increase occurred only during the holiday season.

Stay-at-home orders caused a massive increase in online shopping activities, but now we are slowly returning back to normal. What will that mean for our shopping habits? According to Forbes, it is very likely that online grocery, apparel, and entertainment shopping will replace store and mall visits permanently, or at least until a vaccine is available. The curve of e-commerce activities will probably flatten during the time when the pandemic will be revoked and certain measures won’t be in place anymore, but the new habits are probably here to stay, especially because more and more brands now heavily prioritize e-commerce.

Do consumers care about their data online?

In general, consumers care about their privacy online, however only seldom are informed about data management, and there are even fewer who take actions to protect their data. For example, 2019 Tealium Consumer Data Privacy Report surveyed 1,000 consumers in the USA about their relationships with brands and personal data privacy. They discovered that almost all (97%) consumers are somewhat or very concerned about protecting their data. Still, most consumers (62%) generally don’t read online terms or privacy policies, and nearly 70% of respondents had not heard of GDPR (General Data Protection Regulation) or CCPA (California Consumer Privacy Act). 

Similar data also apply to the European Union, where GDPR was enacted on the 25th of May 2018. Various surveys conducted in 2019 show that 67% of Europeans have heard of the GDPR, and 57% of Europeans know that there is a public authority in their country responsible for protecting their rights about personal data. Good news is that individuals are lately increasingly contacting data protection authorities about GDPR and lodge complaints about the respect of their rights. Despite the better awareness, the total number of queries and complaints from all data protection authorities remains rather small, comprising 144,376 cases from May 2018 through 2019 altogether.

All in all, the situation in the USA and the European Union is not that different as even though people are aware that their data privacy is essential, they don’t do much to preserve it in practice. This fact has probably not changed during the occurrence of covid19, however, it will be interesting to monitor the newest data for 2020.

Is e-commerce secure and what can be done to improve it?

If we take into the consideration that databases are vulnerable and often attacked by hackers,  the consumers should be proactive in demanding the protection of their data and privacy. One of the possible solutions to achieve that is certainly through a secure digital identity. 

For that, we at Netis, have developed Self-Sovereign Identity backed with blockchain technology, that ensures the following:

AceId is a secure authentication protocol that combines the following concepts: self-sovereign identity (SSI), data access management controlled and recorded via blockchain, end-to-end encryption and verification. These elements guarantee each user has complete control over who they share their data with, and for how long.

Since the blockchain is generally public, anyone can get information about the existence of the link. However, it is impossible to see what kind of data is stored on a given address. The data can be seen and read-only with a user’s private key used for their decryption.

Users’ data is stored locally on one’s device, and remotely on the AceSpace storage, where all the content is encrypted, making sure no one can read or change them.

How can e-commerce handle customers’ data in a secure, private and user-friendly manner?

As many businesses, online stores are also aware of the importance of the data they receive from customers, so the idea of allowing users to own and share personal data themselves is rather new to them. But, as we have written and pointed out many times before, it is precisely putting customers first that will play a key role in the near future. It is true that with secure digital identity the process of retrieving user data changes, but at the same time it enables businesses to build credibility and trust by promoting secure online practices. That way, you will also easily get additional data that can help you with segmentation, as customers will trust you more and will know for sure that their data is secure, anonymized and encrypted. What is more, you will be able to easily reward their loyalty with discounts, prizes or other benefits, without invading privacy. This is one excellent example of how the use of blockchain SSI initiates the development of different business models that will upgrade your service and attract more potential customers.

How does it work?

User onboarding is simple; first-time users need only to input their information into the application. After that, the process of filling the form is no longer required and that saves time and effort. When the user wants to log in to an online store, he or she simply scans a QR code which displays on the website. After the scanning, the user decides which piece of information one wants to share with a particular service.  After that, the user confirms the choice by pressing “Authorise” and with that action logs to a specific online shop or any other service. Using AceID certainly gives your business numerous benefits and can make users’ online shopping experience safer, fairer and simpler. Give it a try and contact us at [email protected] for more.

Digital identity: Why is it becoming a necessity and what kind of services will it enable?

May 8,

Digital identity: Why is it becoming a necessity and what kind of services will it enable?

In just a few weeks, COVID-19 showed us where we all lack digitized services and what we can do to make them more widespread, secure, efficient and user-friendly.

When users introduce themselves to businesses online, they most often do so with a combination of a username and password that becomes their identifier. It works in the same way as if you had written your information to a directory. Each organization establishes its own directory that represents their customer base and over which they have overall control.

This is also the reason why users need to register for each new service; with each of the next steps requiring them to disclose more to the business. In doing so, the latter gradually gain insight into their lifestyle and purchasing habits, whereas the rapid technological development and globalization allow them to thoroughly analyse them through their age, gender, location, interests etc.  This kind of segmentation is also a prerequisite for businesses to be able to reach their customers with more personalized messages and offers.

Do passwords and usernames guarantee us security?

Entering the same personal information at each new registration soon becomes tiring for users. An even bigger problem is the security of such information, as the combination of username and password should not be duplicated or stored on computers with Internet access, which in practice means that users have dozens of combinations at the same time, which they tend to quickly forget.

Some digital services therefore offer users the option of logging in with the same identifier, or in other words a combination of a username and password that they otherwise use to access the most popular platforms, such as Facebook, Twitter or Google. This seems like an ideal and easy solution, but it’s important to note that this provider an access to the personal information that these platforms have.

In many countries, some services, especially those of a more sensitive nature (e-taxes, e-education, online banking, etc.), are also accessible with the help of personal digital certificates, certificates or through a dedicated application. From a security point of view, such solutions are actually safer, but far more expensive for providers. The user experience also suffers, as installing them is usually more complicated and limited to just some personal devices, and it also increases the number of steps required for a particular task through validation and codes via sms or email.

Who am I when I am online?

“The common denominator of digital services today, therefore, is that they are all “rental relationships” where users are dependent on the conditions set by providers; and in doing so, they often unaware give away valuable personal information,” explains Tomislav Mučič, CEO of Netis, where under the AceBlock brand they develop innovative solutions for secure online communication and personal data management based on blockchain technology. “Digital identity of a user, alone and outside of a particular web service, does not exist at all, since it is merely a collection of different information held by companies about it.”

As Mučič continues, the problem arises because many of our personal information is available to different providers on the web, but users don’t have any control over them. “This poses a major security risk, as hacking into a central system can instantly hurt thousands, even millions, of individuals who have trusted the company.” Remember the high-profile scandals, including Cambridge Analytics, the Marriott chain of hotels, or Capital One, and the whole list is, of course, much longer.

Such cases also occur in Slovenia, when for example medical records of patients of a certain hospital appeared online. “Therefore, today’s way is neither “practical” nor sustainable.” From the provider’s point of view, this means that they must retain and manage an extremely large amount of personal data, which is expensive; and at the same time, they must check the data of the individuals repeatedly with an external service which can ensure that the data is authentic. This usually means that processes are complicated and time-consuming for the user.

Digital identity: Not an added value, but a necessity for more efficient digital services

We live in a time when the term identity is becoming extremely broad. In the real world, we express it in physical form and with certain ubiquitous statements, such as a passport, ID or driver’s license. But we are also entering relationships on the Internet where we need confirmation of who we are, except that we do not yet have a proper equivalent here.

According to Mučič, the crucial transition that we urgently need and which will enable a significantly greater number of efficient, secure and trusted digital services is the appropriate digital identity (SSI – Self-Sovereign Identity). SSI is based on the concept that digital identity becomes a right for every individual. Because it is portable, it allows one online privacy and free movement between different web providers or services from one point. In his view, this is possible only in the way that the individual becomes the owner of the data and autonomously decides which provider or for what purposes and for how long he will share his data with.

SSI-based solutions are also being addressed by giants such as Microsoft and IBM; and many legal bodies which are involved in the standardization of digital identity at EU and national level. “Initiatives are growing in all corners of the globe to equate digital identity with physical identity, thereby simplifying and securing procedures for logging into online systems,” says Mučič, and continues that a safe, verifiable and thus trustworthy entry point is essential, because in addition to being used for commercial purposes, it can also build the necessary infrastructure for digitizing public services, health and education, “which is of particular importance in this moment of time, when our habits are radically changing. “

Collect once, use repeatedly

By keeping all personal information in one place, digital identity eliminates the efforts to collect personal information that has already been collected elsewhere. Of course, this begs the question: Is the solution which is proposing data is no longer owned by an organization profitable at all? “The answer is an absolute yes,” says Mučič who is convinced that the solution is extremely interesting for companies that are today legally responsible for personal data. “By establishing a kind of independent identity system that can be trusted by everyone – companies, organizations, governments and public institutions -companies can actually increase their operational capacity without having to manage the data.”

Therefore, even in the case of SSIs, companies can still access all the data they need for segmentation, however in this case the data is made available to the users themselves. Mučič is also certain that SSI will in the future stimulate the development of many innovative business models, since companies will be able to offer some benefit or added value (such as a lower bill, coupon, discount) to an individual in return for analyzing their data, thereby building loyalty, with less effort required to give the user a more targeted and personalized offer.

The first pilot projects are already underway

“SSI is still a concept in these moments that cannot be realized without practical application. In addition to standardization at the global level, we also need a large enough pool of companies and services that can be managed in this way, “adds Mučič. At his company Netis SSI solutions based on blockchain technology are already being developed through pilot projects with business partners from the energy and healthcare sectors; but as he puts it, they can be applied to a number of others: “A secure identity is a prerequisite for a world where we also need to be digitally connected if we are to survive. In my opinion, straightforward networking between companies, especially from different industries, will be crucial now and after covid-19 crisis.” With one identity – which is technologically backed by different safeguards than existing ones – several complementary services can also be integrated into the joint offering. For example, in the case of tourism, these could mean a union of caterers, accommodation providers, recreational activities, tour guides and local festivals. The user would receive offers, benefits, coupons and tips from all of the above, and make payments through a single, completely secure mobile app, depending on their preferences and location. “This would offer him a unique, personalized experience and an exceptional user experience and make him use the service longer,” Mučič further explains.

The article was originally published in Slovene newspaper Finance in a segment IKT Informator and is available here.