مرکاتور احتیاطی در تجارت الکترونیک: بروز رسانی

Conway and Koehler presented a new type of software agent that converted merchant interfaces into middleware that enabled a user to bring to bear powerful decision support tools in eCommerce transactions. They called them Interface Agents. These agents operated directly through the human interface and were largely indistinguishable from a human user. They illustrated their ideas with an agent that could play optimal Blackjack at the then emerging online casinos. They discussed possible merchant countermeasures. In this paper we look back at this setting and see what evolved and how such agents have fared. We reassess their proposed countermeasures and update them based on the ever evolving cat-and-mouse game between such agents and merchants.

Based on research started in 1997, Conway and Koehler [9] (CK forthwith) presented a new type of software agent that converted merchant interfaces into middleware that enabled a user to bring to bear powerful decision support tools in eCommerce transactions. They called them Interface Agents (see Fig. 1). These agents operated directly through the human interface and were largely indistinguishable from a human user.At the time, considerable academic research attention was directed at consumer issues in online commerce like privacy, trust, vendor viability, product quality, etc. “As a result, CK raised a related but seldom considered concern in eCommerce. They stated “Consumers can do things in an on-line environment that are simply not possible otherwise. In an on-line environment, consumers have computing resources not normally available in face-to-face transactions.” They termed this situation “Caveat mercator” — seller beware. Their proposed Interface Agent made this clear. As a pre-cursor to their proposed agent, CK noted that an early software agent, BargainFinder, led to merchants blocking its usage. These tools enable an agent to discover hard-to-see opportunities — or opportunities never exploited when the tools could not be used or not used effectively. These may not be anticipated by merchants nor easily thwarted.” Conway and Koehler [9] In fact, soon after BargainFinder was blocked, Jango (http://www.jango.com/) side-stepped the merchant blocking ability. Intelligent software agents continue to evolve [15] and [25]. Since the CK study, online merchants have had to contend with ever more creative technologies and users. Often such users' goals are fraud related rather than just smart usage of computers in business decisions and transactions. For example, Goldsmith and Wu [12] noted recently that eBay had earlier relied on self-policing with a feedback forum to control fraud but by 2005 had a staff of 800 full-time security professionals. The architecture of a typical Interface Agent is shown in Fig. 2 and builds on previous agent architectures [6]. Briefly, sensors observe the human interface — consisting of icons, buttons, lists, images, etc. — to capture the state of an application. For example, screen scraping and optical character recognition methods capture graphical text; window messaging techniques capture text from lists and structural information such as titles; and pattern recognition methods help decipher images or fanciful text displays. Actuators would perform actions like button clicking, keyboard inputs to text-fields, mouse movements, and the like. These are indistinguishable from human actions but are issued using programmatic methods controlled by the Interface Agent. The assessment component decided on how to navigate the interface, fill-in information or call up a decision support system (DSS) component to make decisions. It also monitored responses to check for consistency, merchant “cheating” or mistakes.Li and Sun [24] extend the idea of an Interface Agent “to provide a causal connection between the application interfaces and the knowledge model of the Interface Agent.” They term these Reflective Intelligent Interface Agents. Others have offered related ideas. For example Vahidov and Kersten [29] promote an architecture, called decision stations, that merge an active DSS with agent technology. Vahidov and Fazlollahi [28] look at yet another approach. CK illustrated their ideas with an agent that could play optimal Blackjack at one of the then emerging online casinos. Briefly, some casino games can be beaten by an astute player employing optimal (or at least near-optimal) game play. Under the then prevailing rules, Blackjack is one such game. “Playing blackjack optimally is not easy for a human being. One must track the state of the remaining cards and vary their playing and betting strategy. Optimal play depends only on the state of the deck, the dealer's exposed card, one's hand and the rules of play. Optimal bets depend on the current state of a blackjack deck, the rules of play and the current bank size of the bettor. The sheer number of states possible prohibits one from knowing optimal betting in a traditional casino setting where such information must be memorized. Optimal play beyond that for a full deck is virtually impossible to know with certainty. Both optimal betting and optimal play are approximated by professional blackjack players in real casinos ….” Conway and Koehler [9] “However, in on-line casino gambling, one can employ computer-assisted play and betting with impunity and play optimally.” Conway and Koehler [9] Using an Interface Agent having a DSS that could determine optimal play given the current Blackjack game state, they tested their agent to play at Island Casino (an online casino that has since seen been absorbed by a competitor) which used a browser-based java applet to deliver the game interface. CK reported the results of roughly 85 hours of play (28,910 hands) by their Interface Agent. Each hand of play “… includes interpreting the screen (determining the original cards dealt, the new cards dealt during the hand's play, the outcome, any status messages, etc.) deciding how much to bet, deciding how to optimally play the hand (both with the original hand and any subsequent decisions as the hand was played-out), all the back and forth communication to the casino, etc.” Conway and Koehler [9] The net result was profitable as predicted. Furthermore, the monitoring component detected no significant deviations from expected outcomes. That is, it appeared the casino was offering a fair game. In the long run, no merchant (the casino in their study) could survive if a significant portion of its consumer base used an Interface Agent to attain unanticipated transactional advantages. CK documented changes made by Island Casino to thwart professional play during the course of their research (about a 9 month period). They also discussed possible merchant countermeasures. In Section 2 we review the merchant countermeasures recommended by CK and look back over the almost 10 years since their research to see what happened to provide a backdrop to suggest a new slate of possible merchant countermeasures in Section 3. In the intervening years several Interface Agents emerged. Two were proprietary and not available for general use. One, LS, played at a large number of different online casinos and games. A second one, called PRO, played in online games of skill. These systems and WinHoldEm (http://www.winholdem.net/) developed by Ray E. Bornert II to play Texas Hold'Em, are documented in the Appendix. The experiences with these are used as anecdotal information in the remainder of the paper. Although these agents were used in online casino games and in online games of skill, they are not the only enterprises vulnerable to Interface Agent use. In Section 4 we discuss other examples and general characteristics of vulnerable businesses. Finally in Section 5 we provide a summary and several conclusions.

Interface Agents are software agents that assist in making eCommerce decisions based on information intended solely for human consumption, and attempt to participate with behavior indistinguishable from human users. This paper presents an update to the state of Interface Agents first presented ten years ago by the same authors, and provides a history of internet merchant attempts to prevent and detect such agents. Many of the issues identified in the earlier research were indeed addressed during the ten year period, and several other merchant responses are discussed here. We provide further suggestions for merchants who are involved in transactional business where decision support systems can lead to negative merchant outcomes. As any eCommerce site must use an interface for its intended audience, we provide tactical suggestions for merchants to discourage Interface Agents, including suggestions on dynamically altering the display in an attempt to confuse an agent, creating navigational obstacles, understanding the agent architecture, exploiting rare event where agents are likely not as well trained, and finally monitoring agent behavior. More important though are the business model implications. Certain business models which prevent decision support systems made available by informative contacts (collaboration, collusion) or the advantage of advanced mathematics or computational assistance may simply not be profitable in an internet setting, where such support is impossible to prevent. We end with a final observation. An assumption made by CK was that Interface Agents can be detrimental for eCommerce. This need not always be true. In many settings that the PRO and WinHoldEm agents played, the sites took a percentage of each fee or wager (a rake). Since they get the same fee from a software agent as a real human, they may not have an incentive to restrict software agents except to the extent that human players may eventually avoid their site to avoid playing against the superior software agents or, in a more general view, provide the additional revenue to merchants to make up for the higher opportunities enjoyed by Interface Agents. This moral hazard should be explored further. Much effort in the past several years has gone into the integration of people, processes, and technology. The application-to-application integration is known as enterprise application integration (EAI) [20]. It was made possible by the standardization of web service protocols. People-to-people integration is known as workflow, and workflow has also received significant attention [32]. Finally, business process management systems are emerging which enable communication between people and applications in any combination [20]. In all cases, the communication is designed to enable easy communication between pairings. We consider the problem of designing application-to-people applications that are explicitly not application-to-application.In most cases, the design goal is not perfect prevention, but rather system design to be more difficult for an agent to exploit than a competing site with otherwise similar business rules over a typical transaction's time period of interest. Our experience and contribution applies to agents who interact with either text or graphically displayed information. While the agents we describe have been successful in defeating the merchant designs, we anticipate continuing cat-and-mouse tactics will continue to evolve with each side having some degree of success. Design issues with communication in the format of streaming media are not addressed in this research.