Skip to main content
SpringerLink
Log in

z-Commerce: Designing a Data-Minimizing One-Click Checkout Solution

  • Conference paper
  • First Online:
Design Science Research for a New Society: Society 5.0 (DESRIST 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13873))

Abstract

E-commerce has grown rapidly over the past years, with prevailing e-commerce platforms aggregating large amounts of customer data. This practice has several undesirable side effects, such as facilitating profiling that may lead to price discrimination and data feedback loops that can hamper competition. Moreover, data hoarding carries security risks through data breaches and undermines customers’ privacy expectations. On the other hand, convenience aspects and compliance regulation demand the processing and storage of user-related data. To address this tension field, we aim to conceptualize and iteratively refine a data-minimizinig e-commerce platform. Following a design science research approach, we identify design objectives and propose and implement a solution in which stakeholders receive only customer data that is indispensable for their part of the process. Our solution leverages digital identity wallets and general-purpose zero-knowledge proofs (zk-SNARKs). We aim to perform a criteria-based evaluation to assess our artifact’s feasibility and fitness from an interdisciplinary perspective. With our results, we hope to illustrate that combining state-of-the-art cryptographic techniques and an emerging digital identity paradigm allows reaching the user experience of incumbent e-commerce platforms while mitigating the undesirable socio-economic side effects of avoidable data disclosure.

This research was funded in part by the Luxembourg National Research Fund (FNR) through the PABLO project (grant reference 16326754) and by PayPal, grant reference “P17/IS/13342933/PayPal-FNR/Chair in DFS/Gilbert Fridgen” (PEARL). For the purpose of open access, the author has applied a Creative Commons Attribution 4.0 International (CC BY 4.0) license to any Author Accepted Manuscript version arising from this submission.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Alashoor, T., Keil, M., Smith, H.J., McConnell, A.R.: Too tired and in too good of a mood to worry about privacy: explaining the privacy paradox through the lens of effort level in information processing. Inf. Syst. Res. (2022)

    Google Scholar 

  2. Allen, C.: The path to self-sovereign identity (2016). http://www.lifewithalacrity.com/2016/04/the-path-to-self-soverereign-identity.html

  3. Alt, R.: Electronic markets on business model development. Electron. Mark. 30(3), 405–411 (2020)

    Article  Google Scholar 

  4. Alt, R.: Electronic markets on platform transformation. Electron. Mark. 32(2), 401–409 (2022)

    Article  Google Scholar 

  5. Anke, J., Richter, D.: Digitale identitäten. HMD Praxis der Wirtschaftsinformatik (2023)

    Google Scholar 

  6. Babel, M., Sedlmeir, J.: Bringing data minimization to digital wallets at scale with general-purpose zero-knowledge proofs (2023). http://arxiv.org/abs/2301.00823

  7. Baethge, C., Klier, J., Klier, M.: Social commerce - state-of-the-art and future research directions. Electron. Mark. 26(3), 269–290 (2016)

    Article  Google Scholar 

  8. Bella, G., Giustolisi, R., Riccobene, S.: Enforcing privacy in e-commerce by balancing anonymity and trust. Comput. Secur. 30(8), 705–718 (2011)

    Article  Google Scholar 

  9. Ben-Sasson, E., Bentov, I., Horesh, Y., Riabzev, M.: Scalable, transparent, and post-quantum secure computational integrity (2018). https://eprint.iacr.org/2018/046

  10. Ben-Sasson, E., et al.: Zerocash: decentralized anonymous payments from Bitcoin. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 459–474 (2014)

    Google Scholar 

  11. Bergemann, D., Brooks, B., Morris, S.: The limits of price discrimination. Am. Econ. Rev. 105(3), 921–57 (2015)

    Article  Google Scholar 

  12. Braud, A., Fromentoux, G., Radier, B., Le Grand, O.: The road to European digital sovereignty with Gaia-X and IDSA. IEEE Network 35(2), 4–5 (2021)

    Article  Google Scholar 

  13. Busch, C.: eidas 2.0: digital identity service in platform economy (2022). https://cerre.eu/wp-content/uploads/2022/10/CERRE_Digital-Identity_Issue-Paper_FINAL-2.pdf

  14. Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Proceedings of International Conference on the Theory and Applications of Cryptographic Techniques, pp. 93–118 (2001)

    Google Scholar 

  15. Camp, L.J., Osorio, C.A.: Privacy-enhancing technologies for internet commerce (2002). https://papers.ssrn.com/abstract=329282

  16. Chaum, D.: Security without identification: transaction systems to make Big Brother obsolete. Commun. ACM 28(10), 1030–1044 (1985)

    Article  Google Scholar 

  17. Dold, F.: The GNU Taler system: practical and provably secure electronic payments (2019). https://syntheses.univ-rennes1.fr/search-theses/notice.html?id=rennes1-ori-wf-1-12183 &printable=true

  18. European Central Bank: The revised payment services directive (PSD2) (2018). http://www.ecb.europa.eu/paym/intro/mip-online/2018/html/1803_revisedpsd.en.html

  19. European Comission: The digital services act: Ensuring a safe and accountable online environment (2022). https://ec.europa.eu/info/strategy/priorities-2019-2024/europe-fit-digital-age/digital-services-act-ensuring-safe-and-accountable-online-environment_en

  20. Fedorowicz, J., Gogan, J.L., Culnan, M.J.: Barriers to interorganizational information sharing in e-government: a stakeholder analysis. Inf. Soc. 26(5), 315–329 (2010)

    Article  Google Scholar 

  21. Fienberg, S.E.: Privacy and confidentiality in an e-commerce world: data mining, data warehousing, matching and disclosure limitation. Stat. Sci. 21(2), 143–154 (2006)

    Article  MathSciNet  MATH  Google Scholar 

  22. Garrido, G.M., Sedlmeir, J., Uludağ, Ö., Alaoui, I.S., Luckow, A., Matthes, F.: Revealing the landscape of privacy-enhancing technologies in the context of data markets for the IoT: a systematic literature review. J. Netw. Comput. Appl. 207, 103465 (2022)

    Article  Google Scholar 

  23. Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989)

    Article  MathSciNet  MATH  Google Scholar 

  24. Gregor, S., Hevner, A.R.: Positioning and presenting design science research for maximum impact. MIS Q. 37(2), 337–355 (2013)

    Article  Google Scholar 

  25. Gregory, R.W., Henfridsson, O., Kaganer, E., Kyriakou, H.: The role of artificial intelligence and data network effects for creating user value. Acad. Manag. Rev. 46(3), 534–551 (2021)

    Article  Google Scholar 

  26. Gross, J., Sedlmeir, J., Babel, M., Bechtel, A., Schellinger, B.: Designing a central bank digital currency with support for cash-like privacy (2021). https://papers.ssrn.com/abstract=3891121

  27. Groth, J.: On the size of pairing-based non-interactive arguments. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 305–326. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_11

    Chapter  Google Scholar 

  28. Guggenberger, T., Neubauer, L., Stramm, J., Völter, F., Zwede, T.: Accept me as I am or see me go: a qualitative analysis of user acceptance of self-sovereign identity applications. In: Proceedings of the 56th Hawaii International Conference on System Sciences (2023)

    Google Scholar 

  29. Hermes, S., Kaufmann-Ludwig, J., Schreieck, M.: A taxonomy of platform envelopment: revealing patterns and particularities. In: Proceedings of the 26th Americas Conference on Information Systems (2020)

    Google Scholar 

  30. Hevner, A., March, S.T., Park, J., Ram, S., et al.: Design science research in information systems. MIS Q. 28(1), 75–105 (2004)

    Article  Google Scholar 

  31. Jøsang, A., Fabre, J., Hay, B., Dalziel, J., Pope, S.: Trust requirements in identity management. In: Proceedings of the 44th Australasian Workshop on Grid Computing and e-Research, pp. 99–108 (2005)

    Google Scholar 

  32. Jørgensen, K.P., Beck, R.: Universal wallets. Bus. Inf. Syst. Eng. 64(1), 115–125 (2022)

    Article  Google Scholar 

  33. Kaye, J.: The tension between data sharing and the protection of privacy in genomics research. Annu. Rev. Genomics Hum. Genet. 13(1), 415–431 (2012)

    Article  Google Scholar 

  34. Kayes, I., Iamnitchi, A.: Privacy and security in online social networks: a survey. Online Soc. Netw. Media 3–4 (2017)

    Google Scholar 

  35. Keenan, M.: Global e-commerce: stats and trends to watch (2022). http://www.shopify.com/enterprise/global-ecommerce-statistics

  36. Khayretdinova, A., Kubach, M., Sellung, R., Roßnagel, H.: Conducting a usability evaluation of decentralized identity management solutions. In: Friedewald, M., Kreutzer, M., Hansen, M. (eds.) Selbstbestimmung, Privatheit und Datenschutz. D, pp. 389–406. Springer, Wiesbaden (2022). https://doi.org/10.1007/978-3-658-33306-5_19

    Chapter  Google Scholar 

  37. Koutsos, V., Papadopoulos, D., Chatzopoulos, D., Tarkoma, S., Hui, P.: Agora: a privacy-aware data marketplace. IEEE Trans. Dependable Secure Comput. 19(6), 3728–3740 (2022)

    Article  Google Scholar 

  38. Krombholz, K., Hobel, H., Huber, M., Weippl, E.: Advanced social engineering attacks. J. Inf. Secur. Appl. 22, 113–122 (2015)

    Google Scholar 

  39. Kumar, V., Reinartz, W.: Customer privacy concerns and privacy protective responses. In: Customer Relationship Management. STBE, pp. 285–309. Springer, Heidelberg (2018). https://doi.org/10.1007/978-3-662-55381-7_14

    Chapter  Google Scholar 

  40. Lee, C.: An analytical framework for evaluating e-commerce business models and strategies. Internet Res. 11(4), 349–359 (2001)

    Article  Google Scholar 

  41. Maseeh, H.I., Jebarajakirthy, C., Pentecost, R., Arli, D., Weaven, S., Ashaduzzaman, M.: Privacy concerns in e-commerce: a multilevel meta-analysis. Psychol. Mark. 38(10), 1779–1798 (2021)

    Article  Google Scholar 

  42. Mattke, J., Maier, C., Hund, A.: How an enterprise blockchain application in the U.S. pharmaceuticals supply chain is saving lives. MIS Q. Executive 18(4), 246–261 (2019)

    Google Scholar 

  43. Morganti, E., Seidel, S., Blanquart, C., Dablanc, L., Lenz, B.: The impact of e-commerce on final deliveries: alternative parcel delivery services in France and Germany. Transp. Res. Procedia 4, 178–190 (2014)

    Article  Google Scholar 

  44. Niu, C., Zheng, Z., Wu, F., Gao, X., Chen, G.: Achieving data truthfulness and privacy preservation in data markets’. IEEE Trans. Knowl. Data Eng. 31(1), 105–119 (2019)

    Article  Google Scholar 

  45. Peffers, K., Tuunanen, T., Rothenberger, M.A., Chatterjee, S.: A design science research methodology for information systems research. J. Manag. Inf. Syst. 24(3), 45–77 (2007)

    Article  Google Scholar 

  46. Platt, M., Bandara, R.J., Drăgnoiu, A.-E., Krishnamoorthy, S.: Information privacy in decentralized applications. In: Rehman, M.H., Svetinovic, D., Salah, K., Damiani, E. (eds.) Trust Models for Next-Generation Blockchain Ecosystems. EICC, pp. 85–104. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-75107-4_4

    Chapter  Google Scholar 

  47. Qin, Z.: Introduction to E-commerce. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-540-49645-8

    Book  Google Scholar 

  48. Reuters, CNBC: Hackers raid eBay in historic breach, access 145M records (2014). http://www.cnbc.com/2014/05/22/hackers-raid-ebay-in-historic-breach-access-145-mln-records.html

  49. Rogaway, P.: The moral character of cryptographic work (2015). https://eprint.iacr.org/2015/1162

  50. Rosenberg, M., White, J., Garman, C., Miers, I.: zk-creds: flexible anonymous credentials from zkSNARKs and existing identity infrastructure (2022). https://eprint.iacr.org/2022/878

  51. Sartor, S., Sedlmeir, J., Rieger, A., Roth, T.: Love at first sight? A user experience study of self-sovereign identity wallets. In: Proceedings of 30th European Conference on Information Systems (2022)

    Google Scholar 

  52. Schanzenbach, M., Grothoff, C., Wenger, H., Kaul, M.: Decentralized identities for self-sovereign end-users (DISSENS). In: Proceedings of Open Identity Summit, pp. 47–58 (2021)

    Google Scholar 

  53. Schlatt, V., Sedlmeir, J., Feulner, S., Urbach, N.: Designing a framework for digital KYC processes built on blockchain-based self-sovereign identity. Inf. Manag. 59(7), 103553 (2022)

    Article  Google Scholar 

  54. Sedlmeir, J., Huber, J., Barbereau, T., Weigl, L., Roth, T.: Transition pathways towards design principles of self-sovereign identity. In: Proceedings of the 43rd International Conference on Information Systems (2022)

    Google Scholar 

  55. Sedlmeir, J., Lautenschlager, J., Fridgen, G., Urbach, N.: The transparency challenge of blockchain in organizations. Electron. Mark. 32, 1779–1794 (2022)

    Article  Google Scholar 

  56. Stahl, F., Schomm, F., Vossen, G., Vomfell, L.: A classification framework for data marketplaces. Vietnam J. Comput. Sci. 3(3), 137–143 (2016)

    Article  Google Scholar 

  57. Targett, D.: B2B or not B2B? Scenarios for the future of e-commerce. Eur. Bus. J. 13(1) (2001)

    Google Scholar 

  58. Trautman, L.J.: E-commerce, cyber, and electronic payment system risks: lessons from PayPal (2016). https://papers.ssrn.com/abstract=2314119

  59. Ukil, A., Bandyopadhyay, S., Pal, A.: IoT-privacy: to be private or not to be private. In: Proceedings of the Conference on Computer Communications Workshops, pp. 123–124 (2014)

    Google Scholar 

  60. W3C: Engineering privacy for verified credentials (2022). https://w3c-ccg.github.io/data-minimization/#selective-disclosure

  61. Weigl, L., Barbereau, T.J., Rieger, A., Fridgen, G.: The social construction of self-sovereign identity: an extended model of interpretive flexibility. In: Proceedings of the 55th Hawaii International Conference on System Sciences, pp. 2543–2552 (2022)

    Google Scholar 

  62. Wolford, B.: What is GDPR, the EU’s new data protection law? (2018). https://gdpr.eu/what-is-gdpr/

  63. van der Wolk, A., Silva, K.: Insight: a slap on the wrist or show of force - GDPR fines reveal need for EU penalty guidelines (2019). https://news.bloomberglaw.com/privacy-and-data-security/insight-a-slap-on-the-wrist-or-show-of-force-gdpr-fines-reveal-need-for-eu-penalty-guidelines

  64. Wüst, K., Kostiainen, K., Delius, N., Capkun, S.: Platypus: a central bank digital currency with unlinkable transactions and privacy-preserving regulation. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 2947–2960 (2022)

    Google Scholar 

  65. Zhuang, Y., Lederer, A.L.: An instrument for measuring the business benefits of e-commerce retailing. Int. J. Electron. Commer. 7(3), 65–99 (2003)

    Article  Google Scholar 

  66. Zhou, L.: Product advertising recommendation in e-commerce based on deep learning and distributed expression. Electron. Commer. Res. 20(2), 321–342 (2020)

    Article  Google Scholar 

  67. Zuboff, S.: Big other: surveillance capitalism and the prospects of an information civilization. J. Inf. Technol. 30(1), 75–89 (2015)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Interdisciplinary Center for Security, Reliability and Trust, University of Luxembourg, Luxembourg City, Luxembourg

    Egor Ermolaev, Iván Abellán Álvarez, Johannes Sedlmeir & Gilbert Fridgen

Authors
  1. Egor Ermolaev
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Iván Abellán Álvarez
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Johannes Sedlmeir
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Gilbert Fridgen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Egor Ermolaev .

Editor information

Editors and Affiliations

  1. University of the Western Cape, Cape Town, South Africa

    Aurona Gerber

  2. Georgia State University, Atlanta, GA, USA

    Richard Baskerville

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ermolaev, E., Abellán Álvarez, I., Sedlmeir, J., Fridgen, G. (2023). z-Commerce: Designing a Data-Minimizing One-Click Checkout Solution. In: Gerber, A., Baskerville, R. (eds) Design Science Research for a New Society: Society 5.0. DESRIST 2023. Lecture Notes in Computer Science, vol 13873. Springer, Cham. https://doi.org/10.1007/978-3-031-32808-4_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-32808-4_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-32807-7

  • Online ISBN: 978-3-031-32808-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation