'''Electronic Commerce Modeling Language''' (ECML) is a protocol which enables the e-commerce merchants to standardize their online payment processes. Through the application of ECML, customers' billing information in their digital wallet can be easily transferred to fill out the checkout forms.<ref name=":023">{{Cite journal|last=Goldstein <tgoldstein@brodia.com>|first=Ted|title=ECML v1.1: Field Specifications for E-Commerce|url=https://tools.ietf.org/html/rfc3106.html|access-date=2020-10-29|website=tools.ietf.org|date=April 2001|language=en}}</ref>

There are various companies that have participated in ECML's alliances, including American Express and Mastercard.<ref name=":023" />

As a standard developed by the alliance, ECML has solved the problem of complex and confusing online manual payments caused by diverse web designs, and further reduces the chance of customer dropout (also called shopping cart abandonment).<ref name=":023" /> On the other hand, ECML deals with sensitive information such as credit card numbers and home addresses—its data security is controversial, and privacy considerations should be taken.<ref name=":13">{{Cite journal|last=Cranor|first=L.F.|date=2003|title=P3P: making privacy policies more useful|url=http://dx.doi.org/10.1109/msecp.2003.1253568|journal=IEEE Security & Privacy|volume=1|issue=6|pages=50–55|doi=10.1109/msecp.2003.1253568|issn=1540-7993|url-access=subscription}}</ref><ref name=":23">{{Cite web|title=Pretty Poor Privacy: An Assessment of P3P and Internet Privacy|url=https://epic.org/reports/prettypoorprivacy.html|access-date=2020-10-31|website=epic.org}}</ref>

== Alliances == The members of ECML Alliance listed in alphabetical order below:<ref name=":023" />

# American Express # AOL # Brodia # Compaq # CyberCash # Discover # FSTC (www.fstc.org) # IBM # Mastercard # Microsoft # Novell # SETco # Sun Microsystems # Trintech # Visa International

== ECML and customer dropout behaviors == Customer dropout is also called shopping cart abandonment—it is a type of behavior which customers display inclination of purchase without completing the final payment. According to a commercial study, there is a rate 25% to 75% that the customer would abandon a transaction before it is completed due to various reasons.<ref name=":122">{{Cite journal|last1=Bell|first1=Lynne|last2=McCloy|first2=Rachel|last3=Butler|first3=Laurie|last4=Vogt|first4=Julia|date=2020-07-03|title=Motivational and Affective Factors Underlying Consumer Dropout and Transactional Success in eCommerce: An Overview|journal=Frontiers in Psychology|volume=11|page=1546|doi=10.3389/fpsyg.2020.01546|issn=1664-1078|pmc=7351522|pmid=32714258|doi-access=free}}</ref> Aside from motivational factors such as customer's fundamental needs and spontaneous purchases, emotional factors such as irritation and disappointment also determine whether a transaction would be successful. Research has shown that payment inconvenience and perceived wasting time are factors that would contribute to customer's irritation.<ref name=":122" />

Electronic Commerce Modeling Language could potentially decrease customer irritation in two ways, and further benefit the industry of electronic commerce as a whole. First of all, it provides a standardized set of information fields which would improve the manual process of online payment. Entering relevant information into the checkout form would become an easier task for customers. Secondly, ECML allows a smooth information transfer between customer's digital wallet and e-commerce checkout form. Information does not have to be manually entered into the system.<ref name=":023" />

== ECML and customer's privacy expectations == The application of ECML requires the online shoppers to disclose their personal information which includes financial, shipping, billing, and preference details.<ref name=":023"/> According to relevant research, customers are able to categorize the level of risks associated with different types of information disclosure.<ref name=":3">{{Cite journal|last1=Milne|first1=George R.|last2=Pettinico|first2=George|last3=Hajjat|first3=Fatima M.|last4=Markos|first4=Ereni|date=2017|title=Information Sensitivity Typology: Mapping the Degree and Type of Risk Consumers Perceive in Personal Data Sharing|url=https://onlinelibrary.wiley.com/doi/abs/10.1111/joca.12111|journal=Journal of Consumer Affairs|language=en|volume=51|issue=1|pages=133–161|doi=10.1111/joca.12111|issn=1745-6606|hdl=10.1111/joca.12111|hdl-access=free|url-access=subscription}}</ref> Among the information that is required to complete an online order, the user's home address is categorized as secure identifiers which is perceived as the most sensitive by customers. Other secure identifiers include DNA profile, medical history, and social security numbers.<ref name=":3" /> Furthermore, other empirical studies has confirmed customers' consistent privacy expectation --- even they have revealed personal information in exchange for services, their expectation of privacy protection is unlikely to change.<ref>{{Cite journal|last=Martin|first=Kirsten E.|date=2019-11-24|title=Breaking the Privacy Paradox: The Value of Privacy and Associated Duty of Firms|url=https://papers.ssrn.com/abstract=3349448|language=en|location=Rochester, NY|ssrn=3349448}}</ref><ref>{{Cite journal|last1=Karwatzki|first1=Sabrina|last2=Dytynko|first2=Olga|last3=Trenz|first3=Manuel|last4=Veit|first4=Daniel|date=2017-04-03|title=Beyond the Personalization–Privacy Paradox: Privacy Valuation, Transparency Features, and Service Personalization|url=https://doi.org/10.1080/07421222.2017.1334467|journal=Journal of Management Information Systems|volume=34|issue=2|pages=369–400|doi=10.1080/07421222.2017.1334467|s2cid=38167192|issn=0742-1222}}</ref> Firms that adopt to ECML should undertake the responsibility and regulate themselves to actively protect the information collected during transactions.<ref>{{Cite journal|last=Radin|first=Tara J.|date=2001|title=The Privacy Paradox: E-Commerce and Personal Information on the Internet|url=https://www.jstor.org/stable/27801264|journal=Business & Professional Ethics Journal|volume=20|issue=3/4|pages=145–170|doi=10.5840/bpej2001203/418|jstor=27801264|issn=0277-2027|url-access=subscription}}</ref>

== Privacy considerations and suggestions == Electronic Commerce Modeling Language is consistent with Platform for Privacy Preferences (P3P),<ref>{{Cite journal|title=RFC 3505 - Electronic Commerce Modeling Language (ECML): Version 2 Requirements|url=https://datatracker.ietf.org/doc/rfc3505/?include_text=1|access-date=2020-10-31|website=datatracker.ietf.org|date = March 2003|last1 = Eastlake 3Rd|first1 = Donald E.}}</ref> a controversial protocol which addresses online privacy concern. Initially, P3P is designed to simplify users' access and understanding on privacy policies posted on the websites. It has employed a multiple choice format to make connections between human readable privacy notices and privacy policies, as well as offering agents conduct policy evaluations.<ref name=":13" /> On the other side, some studies have also argued that P3P has made users' private information more vulnerable.<ref name=":23" /> The platform is accused for its exclusive nature that would disadvantage non-compliant websites with good privacy practices, and its lack of privacy policies' enforcements.<ref name=":23" />

Although the developers of electronic commerce modeling language have not explicitly specified how the information can be safely stored and protected, object security protocols (include XML encryption and XMLDsig), and channel security are all possible ways of privacy protection.<ref name=":03">{{Cite journal|last=Eastlake 3rd <donald.eastlake@motorola.com>|first=Donald E.|title=Electronic Commerce Modeling Language (ECML) Version 2 Specification|url=https://tools.ietf.org/html/rfc4112.html|access-date=2020-11-05|website=tools.ietf.org|date=June 2005|language=en}}</ref>

Since ECML is an application related with sensitive information such as credit card numbers and home addresses. Privacy considerations thus have become crucial. There are several suggestions listed below to protect customer's privacy:<ref name=":023" /><ref name=":03" />

# ECML memory of sensitive information cannot exist. If it is installed on a public terminal, the wallet has to be configurable. # A password should be set up and required each time when the user wants to access the stored information. # Users need to have control of whether the stored sensitive information is released or not.

== Example == <syntaxhighlight lang="html"> <html> <head> <title>eCom Transaction Complete Example</title> </head> <body> <form> <p>Thank you for your order. It will be shipped in several days.</p> <input type="hidden" name="Ecom_Merchant" value="www.merchant.example"> <input type="hidden" name ="Ecom_Processor" value="www.processor.example"> <input type="hidden" name="Ecom_Transaction_ID" value="EF123456"> <input type="hidden" name="Ecom_Transaction_Inquiry" value="http://www.merchant.example/cgi-bin/inquire?ID=EF123456"> <input type="hidden" name="Ecom_Transaction_Amount" value="789.00"> <input type="hidden" name="Ecom_Transaction_Currency" value="USD"> <input type="hidden" name="Ecom_Transaction_Date" value="July 14 2000"> <input type="hidden" name="Ecom_Transaction_Type" value="credit"> <input type="hidden" name="Ecom_Transaction_Signature" value="ig6rh4;;20dfna00s34hj10s--s-45j30-22z92l-frwds-85"> <input type="hidden" name="Ecom_TransactionComplete"> <input type="hidden" name="Ecom_SchemaVersion" value="http://www.ecml.org/version/1.1"> </form> </body> </html> </syntaxhighlight>

== See also == * Platform for Privacy Preferences * Digital wallet * XML * XML Encryption (XML-Enc) * XMLDsig * E-commerce * Consumer privacy

== References == <references />

Category:Modeling languages Category:E-commerce software