The consumer concerns associated with m-commerce identified in the previous section may apply to more than one area of mobile applications. As Table 2 illustrates, the four m-commerce consumer application areas exhibit similar concerns, with cost, security, and privacy prevailing, as they are present as concerns in all application areas. By addressing these three concerns, businesses would reduce consumer reluctance to accept and adopt this new medium.
Cost, Privacy, Security
Cost, Usability, Privacy, Security
Cost, Usability, Download times, Privacy, Security
Cost, Usability, Security, Privacy
Who will pay for the content? This is a question that will draw a lot of attention and will require the cooperation of network operators and content providers. For the time being, m-consumers are mostly concerned with connectivity and communication costs. Currently, there are three prevailing pricing options for these services (McGinity, 2001):
Flat rate: A nominal charge for unlimited access for a given length of time (e.g., month).
Per minute: Charged for every minute connected to the network.
Per bit: Charged for the total volume of data transferred in a given period of time.
Adopting a flat-rate pricing model at this stage would be the best approach to lure new customers fast, which is necessary to provide the much-needed critical mass to alleviate the development costs and, in particular, the high license fees for network carries engaged in implementing 3G network technology. The basis for this recommendation lies in the following two observations:
First, users are accustomed to flat-rate schemes.
Second, users are in favor of flat-rate schemes because of the model's simplicity and the ability to control expenses.
Once a critical mass is established, different means for pricing may be adopted, and even a combination of models may become available for any particular region, subject to the m-consumer's use of the wireless Web. At that point, pricing based on the data inflow and outflow would be favored by wireless operators, because it would serve as an indirect control on the use of the networks and would help prevent network overload, a situation presently felt by many mobile phone subscribers.
Another dimension to the cost issue is who ends up paying for a wireless interaction in an m-commerce transaction. In North America, both the caller and the receiver of a wireless communication pay their providers for that interaction under current pricing schemes. This scheme represents a significant obstacle to the spread of m-commerce, as consumers will resist having to pay for unsolicited offers received from businesses on their wireless devices. A pricing model, in which the initiator of an m-commerce interaction is responsible for footing the bill, would be a significant boost for consumer involvement in m-commerce activities.
Finally, it is even conceivable that the above models will eventually be replaced by a free, unlimited access, model for the user, subject only to a rental cost for the device, and using m-commerce transaction fees to offset the remaining costs. These fees may be derived from notification services (paid by user), advertising (paid by advertising company), transaction fees on mobile purchasing (paid by merchants, similar to Interac and credit cards), and further means yet to be identified, as the m-commerce market evolves (Simon, 2002).
Wireless technology possesses two main vulnerability areas that are a hacker's main attack points. The first point is known as the "Two-Zone problem" or the "WAP Gap." The WAP architecture requires an intermediate gateway (WAP gateway) that encodes and decodes data from the wired encryption format known as SSL (Secure Socket Layer) to its wireless counterpart WTLS (Wireless Transport Layer Security). This process lasts briefly (milliseconds), but the data is unsecured in the interim, as it needs to be decrypted from WTLS into plain text and then reencrypted into SSL. The inherent risk is loss or exposure of data, if a hacker is able to extract the plain text (Gururajan, 2002).
The second point refers to the data stream that is carried through the air medium and is susceptible to "eavesdropping." The success of the hacker in such an attempt depends in part on the encryption algorithm used. The current standard employed by GSM is the A5 algorithm, which utilizes a 54-bit encryption, which is slightly better than the IEEE 802.11 standard RC4-40 algorithm (also known as WEP, or Wired Equivalent Privacy) that only uses a 40-bit encryption. However, both are still not efficient to desired levels (Pesonen, 1999; Bask, 2001). When comparing this level of encryption to the respective levels of wired encryption at 128-bits, it becomes apparent how low the level of wireless security currently is, especially when one considers that hacking a 128-bit encrypted message is also feasible, albeit being rather difficult. In addition, implementing an effective encryption algorithm is further complicated due to the mobile device limitations that still prevail. Limited battery life, low processing memory, and even pricing methods (i.e., per-minute billing), act against the implementation of a 128-bit encryption algorithm in a wireless setting.
Aside from identifying the most likely points of a hack attack, it is important to address the loss or theft of a mobile device as a security issue, because the data stored in the device could be highly sensitive. To combat this situation, mobile users should be empowered through added features for their mobile devices that would safeguard their privacy. These features may be invisible to the user (e.g., memory protection, file access control), or they may require interaction (e.g., log-in software, biometrics) (Gururajan, 2002; Johnson, 2002).
Finally, although security is not synonymous with privacy, it is a critical element in preserving identifiable information as private. As such, privacy concerns arise consequent of the lower security levels of wireless networks and of the potential for using tracking and profiling technologies to offer m-customers unsolicited location-based services, for example. These issues are explored next in some detail.
Privacy concerns exhibited by m-consumers are similar to those of e-commerce customers. In addition, new privacy concern elements arise consequent of the lower security levels of wireless networks and of the potential for using tracking and profiling technologies to offer m-customers unsolicited location-based services.
The vulnerability of wireless networks creates increased risk for privacy interruptions through potential network security breaches. The ability to snoop in on a user's conversation or even monitor data transmissions generates an uneasiness that the consumer may not be willing to accept. Enhanced security algorithms and hardware improvements can help minimize the risk of such violations.
Positioning services provide additional information companies could use to improve understanding of the mobile user. The ability, however, to know the exact whereabouts of a mobile user may be perceived as threatening by the consumer, as this information could be dangerous if intercepted. Examples of such fears include the following:
Knowing where mobile users are makes it easier for them to become victims of physical attacks.
Knowing that the residents of a home are away makes their residence vulnerable.
Knowing the location of mobile users makes it easier for them to become victims of unsolicited location-based advertising.
The last example, location-based advertising, is one of the most controversial aspects of the ability to track a mobile device and, hence, its user. Companies are using this ability to market their products and services more aggressively. These marketing efforts build on the consumer concern for cost, as they may come at a cost to the mobile user, who may possibly end up paying to read or listen to an incoming advertising message that may be in the form of an e-mail message, SMS, or a phone call.
In effectively addressing the entire range of m-consumer concerns, the active participation of all m-commerce market players is required. The roles and responsibilities for each of these players are examined next.