[Standards-JIG] Jabber Wallet and E-Commerce

Andrew Brunner abrunner at cybercreek.com
Mon Feb 13 14:02:56 UTC 2006

I think the most important benefit would be that Jabber can offer end user
secure access to typical and common online banking commands.  These commands
would be secure in that the session established would be done over Jabber
and it would directly interface to a JEP[1] enabled server residing inside
the bank's network.

So as far as JEP[1] goes, I believe TLS negotiation during the session
initialization will suffice as currently they use SSL for client logins.  So
for the scope of my idea for the JEP would be to handle the aspects of an
end-user online banking session.

Preliminary ideas regarding the Jabber client and Real-time Online Banking:

I was thinking a set of basic commands to the server would be a start.
After the JEP[1] enabled Server gets a command it's up to that server to
interface with the Bank System to interface with said Jabber server.  This
JEP would only be implemented on a banking system.  i.e. It will only be
utilized by banks who are interested in offering real-time banking to
clients on a desktop or website via Jabber.  Real-time, secure stats on
balances would be a wonder selling aspect to banks.  I would love to use
this feature from my desktop.

Preliminary ideas regarding the Jabber client and Jabber Wallet:

Again, I was thinking this JEP[2] would be for end users.  I'm thinking the
ability to make purchases without having to keep filling in all sorts
information is going to save billions of man hours over the entire Internet.
Just one click.  Pay.  Semantics would need to be ironed out.  I think that
server storage would be great for storing automatic credits to Jabber Wallet
enabled vendors.  Big business would love this as it would dramatically
reduce paperwork.  So we essentially we would need server stores for:
Payment Methods[3],Payment Destinations[4],Payments[5].

Managing of wallet features could be done right now over IQ get/set.  So
this is excitingly easy to implement.

A gateway to enable real-time secure payment information would be a critical
selling point to the industry.  Loss prevention can be minimized due to the
fact that the end-user will NEVER transmit any personal data.  I acknowledge
that this notion and its details will need the support of financial industry
but this technology will be able to solve and save billions in loss
prevention.  Any ideas here?

[1] - JEP XXX Online Banking Extension for Typical End User Online Banking
[2] - JEP XXY Jabber Wallet Extension for online purchases.
[3] - The vital information of payment methods must not be stored (actual
account #s or pins).  So we'll need a gateway protocol to talk with the card
issuer to use some sort of encrypted representation of the card holder.
Doing it this way should solve the issue with Credit Card Fraud over the
Internet because no vital account information would ever be stored or
[4] - Payment destinations could be just JIDs.  like
customer_number at utility.com/home.  The JEP[2] enabled  service will examine
scheduled[5] payments and issue them when they are due.
[5] - Payment Schedule.  Service store for who to send payment, where to
send it, and how much to send at that time.
[6] - Only an Authenticated user can make changes their own Wallet.  Each
JID must have only one wallet.

Andrew Brunner
CyberCreek LLC

Phone: 919.957.7279

More information about the Standards mailing list