At the beginning of the month, it was announced that JD.com (or JingDong), China's e-commerce titan, would be expanding to the UK in 2019, after which it slowly intends to spread across the European continent. Not quite satisfied with merely competing with giants such as Amazon on the retail front, the company is also funding a research program in Cambridge, with a focus on cutting-edge technology like Big Data and Artificial Intelligence. JD is no stranger to innovative technologies, having recently made headlines with its ambitions to make drone-operated deliveries a reality and its newly launched 'AI Catapult', working with blockchain startups to develop and test new businesses and applications.
It's really no surprise that e-commerce is heading this way: statistics show that the area is booming in magnitude, poised to hit $4.5 trillion in online sales by 2021. Correlated with this meteoric rise is the growth of mobile payments, which have more than doubled in the last four years.
China's booming e-commerce market has continued to thrive thanks to the proliferation of mobile buying, a trend which is expected to follow suit in Western Markets. By the end of 2018, it is expected that more than 75% of e-commerce sales in China—over $1 trillion worth—will be transacted via a mobile device. With only 37% of overall UK sales transactions conducted via mobile, there is a phenomenal opportunity for UK retailers to tap into this mobile buying boom.
Another set of statistics to watch out for however, is that of cybercrime: while commerce and payments have begun to leverage the power of computers, so have malicious parties, siphoning confidential customer data to use for fraudulent purposes. Evidently, scaling online retail services comes with the caveat of requiring a revamp of the current state of security in such platforms if such activities are to be minimised.
It seems that much of the issue stems from how data is relayed and subsequently stored. As it stands, the prevalent card-not-present transaction mechanisms allow anyone possessing a card number and CVV to effect a payment. When companies store these in centralised databases, they unwittingly paint a target on their backs: the reward for a hacker (or indeed, anyone within the company) that gains access to these is immense. Worse yet, is that such oversight does not only impact the offending companies, but any user that has used their services over time.
GDPR compliance has led to a renewed understanding of the digital identity, and the importance of keeping it safe (avoiding catastrophic hacks like that of Equifax). The new regulations heavily restrict what information a business can and cannot store on its customers. While it's reassuring that further legislation is being enacted to safeguard the consumer's interests, it's probably time to start considering how to protect those interests from a technological standpoint.
It's not like the tech isn't there yet – cryptography, and by extension, blockchains, will soon usher in an era of trustless identity management and verification. Distributed ledgers are being rolled out globally, set to dissolve intermediary institutions across multiple industries, and putting users back in control of their data. The current e-commerce platforms open up too many attack vectors, which only grow with every new site a consumer enters their data into. With blockchain-based identity/payment systems, a data breach on one of these sites would have little impact on the user: the database is no longer the property of the company, but stored across a network of distributed nodes with only the user holding the key. The energy expenditure required to cripple a well-engineered blockchain (a Sybil attack) makes any such breach not only technically impossible, but probably more costly than the value of the desired data.
Another technology that may lend itself well to such a system is the ever-growing field of biometrics – fingerprint or facial recognition are quickly being integrated across the board, popular with users due to ease of use (no need to commit to memory a 64-digit string of characters and symbols to achieve the same level of security). When it comes to payment, biometric security adds an extra layer of protection that is incredibly difficult to spoof if used correctly.
Retaining ownership and control of that personal information and keeping it well clear of vulnerable business databases seems to be the way forward. Client-side encryption and zero-knowledge proofs will undoubtedly soon become common practice – not only protecting the users, but the businesses who would face harsh penalties as a result of a successful breach.
Data that rightfully belongs to the individual should not open them up to security loopholes through the fault of poorly-configured systems of third parties. In the age of information, it's time to return control to its rightful owners.
About The Author
Alastair Johnson is the founder & CEO of Nuggets. Nuggets is an e-commerce payments and ID platform. It stores your personal and payment data securely in the blockchain, so you never have to share it with anyone – not even Nuggets. www.nuggets.life