Ecommerce Unit-I E-Commerce: Electronic commerce is a modern business methodology that addresses the needs of organizations, merchants and

consumers to cut cost while improving the quality of goods and services and increasing the speed of service delivery E-Commerce is associated with buying and selling of information, product and services via computer network through information superhighway (i-way) The broad goal of E-commerce is: Reducing cost of transaction Lower product cycle time Fast customer response Improved Service quality E-Commerce: Key element of E-commerce is information processing. All steps of commerce except production , distribution are forms of information gathering , processing , manipulation which computer network can well manage. This information processing activity is in the form of various categories of business transaction these categories of business transaction which e-commerce handles are: E-Commerce Transaction between a company and the consumer over public network for the purpose of home shopping or home banking using encryption for security of electronic cash, credit and debit tokens. Transaction with trading partners using EDI Transaction for information gathering such as market research using bar code scanner, processing information for decision making , problem solving through analysis, and supply chain management Transaction for information distribution with prospective customer including interactive advertisement , sales and marketing Electronic Commerce Framework E-commerce applications are built using existing technology. Communication network, communication software , pyramid of computers forms a information superhighway. Using the technology building blocks inter-organizational and consumeroriented applications are developed

E_COMMERCE

-1-

Building blocks are: Common Business Services, for facilitating and buying and selling process Messaging and information distribution, as means of sending and receiving information Multimedia content and network publishing for creating a product and a means to communicate about it The information superhighway the very foundation for providing the highway system along with e-commerce travels Electronic Commerce Framework The pillars supporting E-commerce applications are: Public policy, to govern such issues as universal access, privacy and information pricing Technical standards to dictate the nature of information publishing , user interface and transport in the interest of compatibility across the entire network Electronic Commerce Framework Information Superhighway: As regular commerce needs interstate highway for carrying goods point to point. E-Commerce needs i-way. The information highway is needed whether you are organization purchasing from supplier or a consumer ordering a product. I-way is a mesh of interconnected data highway which may form telephone wires, cable TV, wireless communication, Satellite This I-way either transport information or multimedia content. There will be thousands of transaction and business operations performed on i-way it should be built with the best technology that matches the future business needs Multimedia Content and Network Publishing Infrastructure: Building various highway itself is not enough, we need vehicles , routing issues must be decided, transportation cost must be paid. On I-way the type of vehicle is decided by information and multimedia content. The information which may travel on a i-way may be movie with includes audio + video or Digital Games which includes music+video + software or it may be Electronic books which includes text + graphics + music + photograph +video These content are stored in electronic document. These document are digitized, compressed and stored in computerized library, or multimedia
E_COMMERCE -2-

servers which are linked to transport network / i-way through which the client will access it Messaging and Information Distribution Infrastructure: How vehicles move the goods from one point to another through diesel engines or gasoline motors In i-way messing software fulfills this role in different forms like e-mail, EDI or point to point file transfer Common business Service Infrastructure: There are different key components of the e-business to be ensured like how can be customer assured of safe delivery , how can customer pay for i-way etc. The common business service addresses these issues. Encryption and authentication methods have been developed to ensure security of content on i-way. Various electronic payment systems are developed to handle complex transaction with high reliability 1st Pillar : Public policy legal and privacy issues: In case of vehicle traffic over interstate highway public policy issue concern pollution, consumer protection from fraud, environmental impact , taxation etc. In case of i-way the public policy deals with regulation to protect consumer from fraud, protecting their privacy , policy to control information traffic , detecting information piracy etc. Various solutions are evolving that the reason more and more people are entering electronic marketplace 2nd Pillar: Technical Standards for electronic documents, multimedia and network protocols If track standard for railways have been different for different state than goods have to be moved from one train to another train frequently , similar problem will arise if the standards are not established for information and multimedia data transmission on the i-way. Due to common standard acceptance information can be accessed on any type of device of consumer choice starting from PC , Mobile, Television etc. For E.g. Without adoption of video standard, video conferencing will never become a reality.

E_COMMERCE

-3-

Electronic Commerce and Media Convergence Convergence is joining. Many companies have polled together resources and talents with other companies to make electronic market place a reality. The e-commerce has been linked with the idea of convergence of industries which are information centric. Integrating their content, storage networks, business applications and consumer devices Convergence in this scenario is the combining of television, publishing, telecommunication and computers for the purpose of facilitating new form of information based commerce. Convergence is categorized into: Multimedia Convergence: Applies to combination of text, voice, data , image graphics and full motion video Cross Media Convergence: Refers to combination of industries like entertainment, publication, communication media based on multimedia content (Watching movie while searching for books) Some Technological advancement in convergence area: Convergence of content: Converting all types of information into books, business document, videos, movies music into digital information. Once converted this information can be searched, compressed encrypted , sorted etc. 2. Convergence of Transmission : The information we compress and store so that it can easily travel over phone line. Various new switching techniques and technology are available to make data travel to home. Various communication equipments are invented which can transmitt voice, data , image and video without rewriting the content. 3. Convergence of information access device. The devices used for accessing information are advanced till computers and television. Other devices are video monitor, fax machine , telephone etc.

Convergence success depends upon following market conditions: 1. Widespread availability of high performance technologies, storage and display devices, communication system and OS.
E_COMMERCE -4-

2. Organization think twice for new technologies implementation their decision depends upon forthcoming demand from customer for their goods and services 3. Aggressive regulatory action introduces competition in the market . The regulation regarding local and long distance communication, cable equipments etc. The Anatomy of E-Commerce Applications In this section we will examine components or elements of electronic commerce application in detail: Diagram from pg 24 Multimedia Content for E-Commerce Applications Multimedia content is digital data in different format that is text video, audio and graphics. Diagram from pg 25

Multimedia systems are much more than conventional database system which are numeric processing oriented. But 90% of processing of business operation is traditional database oriented. The external information like manuals, email, sales broachers are part of such information. The goal of multimedia is to increase the utility of all form of information that is images, audio and video. Latest trends is multimedia is involved in each and every business part. Traditionally the publishing industry means only text data. But now when you see electronics books its no longer only text but includes photographs, voice , video clips and animation and many more things. Access to multimedia content depends on the hardware capabilities also. The hardware components are advanced and relatively software applications also to produce the high quality multimedia content. The success of e-commerce applications depends upon variety of innovativeness of multimedia content and packaging. Multimedia Storage Servers and Electronic Commerce Applications:

E_COMMERCE

-5-

Electronic commerce requires high end servers to store and distribute large amount of digital data These servers on request should handle different type of data and distribute it with high security and reliability Due to technological advancements mass storage devices are available. The content which are needed frequently are stored in relatively expensive chips and content which are less requested are stored in less expensive media such as magnetic tape. Client-Server Architecture in E-Commerce All E-commerce application follow client server model . Client are devices plus software which does request and server are computers which respond with the information. Traditionally mainframes were used with dump terminals which were slow to cope up with new data types like audio, video etc. The client server model allow the client to interact with server through request reply format called as message passing. The server manages application tasks, handles storage and processing, security and allow to add more client as needed for serving more customer Client devices handle the user interface. image Internal Processes of Multimedia Servers: The internal process involves storage, processing, retrieval and management of data which can be text, audio, video , pictures etc. Multimedia Server refers to hardware and software that converts raw data into useful information and provides it when user request it. The server does following activity: 1. Handles thousands of user simultaneously 2. Manage transaction of user ( Purchase, information request, billing ) 3. Deliver information needed to consumer While doing this work there are various challenges , data is not only text oriented in table format and processing large amount data and delivering it faster is complex when multiple users are requesting it.
E_COMMERCE -6-

Video Servers and Electronic Commerce Video Servers usage in Electronic commerce will be in video conferencing, geographical information system that require storage, navigation maps, corporate multimedia servers and shopping kiosks. The video servers are used by consumer for on-demand video, TV guides, interactive yellow pages etc. The video servers were developed has a outcome of partnership between technology and media companies to provide interactive TV. Video server is important link between (entertainment / media) to transport providers cable / wirless etc Important difference between client server and video server is they are designed to distribute the information to hundreds of consumers through public network like cable. Diagram from pg 30

To provide this feature the a powerful server parallel architecture can be used, or can provide customizable software can be added which provides this functionality and scalability. Information Delivery/Transport and E-commerce applications: Transport providers are basically telecommunications, cable and wireless industries and networks such as internet. E-commerce application have boundless transport routes starting from telephone, air, satellite transmission. The emerging trends of transport are public network such as Internet, and wireless telecommunication. The features of each transport providers are: Currently 65% of e-commerce is done through computer network but the days will come when these transactions happen on telephone and television
E_COMMERCE -7-

1. Telecom-based: These providers include long-distance and local

telephone service providers. In 1991 the video transmission started on telephone wires. The technology used here called Asymmetric Digital Subscriber Line (ADSL) had a drawback of low quality pictures. With some research's the quality of picture is improved now 2. Cable Based: These providers use coaxial cable and viewing depends upon public preference. The main strategy cable companies are using is network neutral which does digital compression and alternative delivery system can be used wireless and satellite. 3. Computer network-based: Low bandwidth as compare to telecom and cable and having dial-up link. For E.g. America online which is transport provider and content provider. 4. Wireless: Typically radio-based, cellular, satellite and light based. In 1990 the recording breaking growth has happened in cellular , paging and mobile radio these growth is continuing beyond 2000. Consumer Access Devices There are various devices television, personal computer, telephone, digital assistance etc available for accessing e-commerce applications. The device which user opt to use depends on his choice and popularity. TV as it exist in all home can become more comfortable than PC. Access Devices Computer with audio video capability Telephonic Devices Consumer Electroincs Personal digital assistance Personal/desktop , laptop and notebook Video Phone Television + set up box + Game system Pen-based computing , voice driven computing

As there are various access devices some issues remain uncertain, which operating system will be used in these devices, what kind of User Interfaces are provided etc. On-line browsing is not easy user has to deal with menu and lot of typing work. Home shopping where user has to make a decision of purchase
E_COMMERCE -8-

within 4 clicks of remote. Video-on-demand provides list of 500 films without clips where it is difficult to make a choice of a movie. Hypertext Versus Hypermedia Hypertext is a approach to information management in which data is stored in the form of: Documents ( nodes) Links ( Pointers Node represent text, graphics , animation , audio and video images and it represent one idea or concept. Nodes are connected to other links through links or pointers called as anchor. Links are bidirectional so that it facilitate backward or forward movement. Links are either referential or cross referencing or hierarchical ( parent child relationship) Hypertext Versus Hypermedia Hypermedia is more of hypertext++. Hypermedia contains links not only to other pieces of text but also to other forms of media such as movie, audio sound, images. Hypermedia contains hypertext and multimedia. Examples of hypermedia: You are reading a text in French, you select a phrase hear the phrase as spoken in native language You are customer by selecting appropriate customer service representative you are able to video conferencing with him. Hypertext Versus Hypermedia Benefits of Hypermedia documents: These documents are more flexible than conventional documents. You can select a topic of interest and read much on it selecting various options These document are more convenient. Hypermedia documents offer sound , video sequence, animation, even computer program that execute when the links are selected. Hypermedia provides dynamic organization. The cross reference structures of conventional documents are fixed as the time of design, hypermedia

E_COMMERCE

-9-

links and nodes change dynamically. Based on user choice new nodes can be inked and new relationship can be shown. Technology Behind the Web Information providers run programs on servers from which the browsers clients can obtain information. Web servers are composed of two major parts: the hypertext transfer protocol for transmitting documents between servers and clients and hyper text markup language (HTML) format for documents. The link between HTML file and HTTP servers is provided by URL. Technology Behind the Web URL ( Uniform Resource Locator ) The document which browser display are hypertext and contains pointers. When user click on pointer the transparent way the pointer represent the next text. This pointer is implemented using URL. URL are strings that provide the address of documents, images on the web. URL Pattern will be: 1. First part of URL describes the type of resource 2. Second part of URL describes the server name which is housing that document 3. Third part gives the full filename of the resource FTP: ftp://server.address/completefilename telnet://server.address:port Different protocol use different URL syntax but all of them have certain things in common such as / as separator etc. URLs are center to web architecture. This can access any object anywhere on the internet. 2. HTTP HTTP protocol is a simple request and response protocol that is currently used over Internet. HTTP is a protocol for transferring information efficiently between the requesting client and server. The data transferred may be plain text, image or video. When user sends a request the object are retrieved rapidly from the widely far server.
E_COMMERCE - 10

HTTP can retrieve documents in various formats. To achieve this the client sends the list of the formats that it can handle and the server replies with the data in any of these formats. HTTP request from the client starts with object request method and the URL of the object. The most often methods used for request GET and POST Get method is defined for front-end update and post method for attached of new document or for submission of filled-in-form. When objects are transferred on the network the information about the object meta data is included the HTTP headers. This is done to open the doors for hypermedia information access across the network, the browser acceptable format can be sent by adding this feature. 3. HTTPD Servers Organizations should know how to publish information through WWW ( called httpd servers) Installing and maintaining the web server requires to consider security and administrative issues. There are number of web servers available now choosing out of it is difficult task. Following things must be considered by organization while choosing the web server: Technology behind the web What platform and operating system is right choice What kind of traffic loads are anticipated on web server , heavy or light What kind of security features are needed How flexible and robust the server needs to be 4. Format/ Content negotiation and HTTP This is the ability of serve client of varying sophistication other document types that offer best representation of information that the client is capable of accepting. HTTP standard does format negotiation with the client. Client browser sends the list of formats it can represent with this information the server can decide the varied amount of information which can be send to the client. There is mass formats of documents available jpg,doc,pdf,gif etc
E_COMMERCE - 11

Certain data formats require special software to view the content of the document. But still on the network such documents can be transmitted. 5. HTML At the heart of the web is simple page description language called as hyper text markup language HTML enable creating web pages containing ascii text, headings, graphics, hyperlinks etc. Technology behind the web There are three ways to produce HTML documents: Writing them your self Using HTML templates and modify it Learning through example ( view source) HTML is growing very fast. The specification is currently supported is DTD ( document type definition ) 2 where the form templates can be created

Unit-2 ELECTRONIC COMMERE AND WWW INTRODUCTION Electronic commerce are modern business methods to address the needs of firms, consumers, management to cut costs while improving the quality of goods and speed of service
E_COMMERCE - 12

 In short e-commerce is convergence of business application and computing technology Electronic Commerce Applications are varied: (Fig pg 230 1. Exchange of business information through EDI 2. E-mail and Fax 3. Electronic Bulletin Boards 4. Electronic Fund Transfer etc. Electronic Commerce is used to describe a new on line approach to performing traditional functions such as payment and funds transfer, order entry , processing , invoicing , inventory , cargo, advertising, marketing , customer support Organizations will gain a competitive edge other other business, improve their productivity and will be able to deliver quality products by opting e-commerce. They get prompted further because: 1. Organization would have already invested in automating their internal process so some aspect of technical infrastructure is already available 2. Prices of computer hardware and network is falling down. But before making a decision of investment clear idea of electronic commerce technology should be known ARCHITECTURAL FRAMEWORK FOR ELECTRONIC COMMERCE This architecture integrates diverse resources already in place in form of data and software in better e-commerce applications The architecture is divided into six layers of functionality. Electronic commerce applications use several new technology when these technologies are integrated they provide powerful solutions Fig 6.2 for pg 232
E_COMMERCE - 13

APPLICATIONS SERVICES There are 3 different type of electronic commerce applications I] Consumer to Business Transactions( Market Place Transaction) In this e-commerce world consumers learn about products differently, buy them differently through electronic cash , payments systems and get that delivered differently. In this the worlds like quality, content , product , distribution have different meaning. Firms should learn a new way of doing business. Fig from pg 233 II] Business to Business Transactions ( Market Link Transaction) Here business, government and other organizations depend on computer-tocomputer communication as fast and economical , dependable way of communication and transaction. These transaction include EDI , mails for purchasing goods and services, submitting request of proposal online, receiving proposal online etc. The current manual process of printing, mailing and rekeying is costly and error prone so even the small business are looking for electronic commerce as solution. III] Intra-organizational Transactions ( Market Driven Transactions) Company can become market driven when through the organization information is spread about customers and competitors. Continuous monitoring of customer , improving customer satisfaction by before and after sales service improvement is possible through intra organization updated information availability. There are 3 major components in market driven transactions:
E_COMMERCE - 14

1. Customer orientation through products ( Designing as per customer demand) 2. Customized Service to customer 3. Cross functional coordination (There needs to be cross functional coordination to ensure that individuals in separate functions or departments are acting consistently in their treatment of the customer. ) INFORMATION BROKERAGE AND MANAGEMENT The term information brokerage is used to represent an intermediary who provides services between customer and organization/ information providers.

Information Brokers Functions: 1. Information brokers, are becoming necessary in dealing with voluminous data available on the network. User cannot perform search on volume of data so information brokers or software agents are popularly used for searching 2. Information brokers address issue of adding value to information that is retrieved. Adding value is the information retrieved is used in other transaction further. 3. Brokerage function supports for data management and traditional transaction services . Brokerages may provide tools update database, query generator , transaction generator. Software Agent: Software Agents are used to implement information brokerages. Software agents are mobile programs that have been called healthy viruses, digital butlers and intelligent agents. Software agent is a piece of software that acts for a user or other program in a relationship of agency. Agents are not invoked for a task, but activate themselves. In capacity of information brokerage agents are capable of information resource gathering , performing transactions.

E_COMMERCE -

- 15

For eg. Software agent can go to on-line store and order a bouquet of roses for you. If the shop does not offer a required bouquet it can consult on-line yellow page and search one for you with prior instruction. INTERFACE AND SUPPORT SERVICES Interfaces for e-commerce applications are: 1. Interactive Catalogs: Are customer interface to ecommerceapplications such as home shopping GUI. This includes a feature like sophisticated graphics video , pictures etc 2. Directory Services : These services operate behind the scenes and attempt to organize large amount of data to facilitate electronic commerce. Directory services make data available on any server on a network as if it is a local file. When we perform searches for online travel ticket booking for availability the directory services are used in the server to provide updated information. Interactive catalogs deal with people, directory services interact with software applications. Shape of catalogs or directory services will depend upon users desires and functional requirement respectively

SECURE MESSAGING AND STRUCTURED DOCUMENT INTERCHANGE SERVICES Messaging services offer solutions for communicating unstructured data letters, memos , reports as well as formatted data such as purchase order, invoice etc. The unstructured messaging examples are email , fax etc. The structured messaging example is EDI. E-Commerce supports two type of messaging: 1. Synchronous (Immediate Transfer of data) 2. Asynchronous ( Delayed Transfer of Data , store and forward) -- Messaging does not require processing nor particular protocol -- Messaging is suited for both client server and peer to peer network -- Disadvantage of messaging is the type of applications which are complex and new and there is no interoperability between different messaging vendors.
E_COMMERCE - 16

-- Security, privacy , should be maintained with encryption and authentication methods is a challenge. MIDDLEWARE SERVICES Users demanded interaction between dissimilar systems, networks for sharing resources and applications that could be accessed by multiple programs. The solution to above thing was middleware which acted like mediator between diverse software programs and enabled them to talk to each other. Middleware services focus on three elements: 1. Transparency User should be unaware that they are accessing multiple system. Users need not spend their time trying to understand where something is. Nor the programmer have to code into their applications the exact locations of resources over the network. Application will send a request to the middleware which then satisfies the request any way it can using remote resources or applications. 2. Transaction Security and Management Security and management of transaction is essential for all ecommerce models. Security includes two broad terms 1. Authroization 2. Authentication . For transaction processing on e-commerce application middleware provides all transaction features ACID properties ( Atomicity, consistency, isolation and durability) 3. Distributed Object Management and Services Object oriented programming is fundamental of network based programming. Integrating various working objects in different platform is a goal.

Electronic commerce application a natural object is a document itself. Today the documents are integrated not only text but contain graphics, pictures , video etc forming a compound document architectures. The document may include part of word , presentation and excel and the tool bar will change when we scroll to the document. These type of integrated applications are in future to come.
E_COMMERCE - 17

The document oriented computing is every where it provides the capability of reuse and customization. To do this certain middleware are working like CORBA , OLE and Open Doc WORLD WIDE WEB AS ARCHITECTURE

ECOMMERCE UNIT3 Client Server Network Security To reduce security threats various protection methods have been used at file level, operating system level, access control level. The protection levels developed are: Trust Based Security Security through obscurity Password Schemes Biometric System Client Server Network Security Trust Based Security Trust Everyone and nothing extra effort is put for security purpose. The user is trusted and no access restriction is provided and it is assumed here that no user will perform expensive breach such as deleting files, backing data etc. These solution does not work now as huge amount of threat exist now and the security on Internet which is public network not a network of limited user. Security through Obscurity This was a concept used in Mainframe era. The STO says that any network can be secured as long as nobody outside its management group is allowed to find out anything about its operational details and users are provided information on a need to know basis.
E_COMMERCE - 18

The username and passwords are hidden binary files or scripts with the assumption that nobody will ever find them. This method is successful in a small group of people. And this method is successful in standalone system like IBM MVS, CMS etc. but its usefulness is very low in UNIX environment where users are free to move around the file system. Any one having programming techniques and immense computing power, and knowledge of how system works can make STO very less effective Password Schemes One Straight forward security solution is password scheme. When common words or proper names are selected as password this system if prone to threat The simplest method used by most hackers is dictionary comparisonComparing a list of encrypted user passwords against a dictionary of encrypted common words. To beat this dictionary comparison expert often recommend using a minimum eight character length mixed case password containing non alphanumeric character and changing of password in 60 to 90 days. Client Server Network Security In case of remote log-in session the password pass in un encrypted format. Having distinct password for distinct devices and login is problem as user has to remember those which will lead to writing them down and sharing them. To avoid all these threats related to password several methods are introduced One-time password: Some device generate visually displayed number that can be used as one time password Smart Cards- Can generate a token which computer can understand. This token may be from a hand held smart card can generate a token that is included with clock time and initial information of persona PIN Randomized token Challenge response system Client Server Network Security
E_COMMERCE - 19

Biometric System Biometric system is the most secure level of authorization, involve some unique aspect of persons body. Biometric system include fingerprint , palm prints, retinal patterns, or voice recognition Biometric systems are expensive and best suited for physical access rather than network or workstation access. Some biometric system takes 10 to 30 seconds to verify an access request. This system for network or workstation security will be cosly one. Emerging Client Server Security Threats The major threat emerging in e-commerce is mobile code nothing but software agent. Mobile code is an executable program that has the ability to move from machine to machine and also invoke itself without external influence To overcome this threat organization are installing firewalls that filter incoming data packets. These threats can be divided into two types Threat to local computing from mobile software Access control and threat to servers Emerging Client Server Security Threats Software Agent and Malicious Code Threat The major threat to security is from running client software. Client program interpret data downloaded from servers on the Internet. In absence of checks on imported data the chance exists that behind this data some programs are running on the system. Client threat mostly arise from malicious data or code. Malicious code refers to virus , worms, Trojan horses , logic bombs etc. Client must scan be malicious data and executable program that are transferred from the server to the client. Emerging Client Server Security Threats Threat to Servers:
E_COMMERCE - 20

Threat to servers consists of unauthorized modification of server data, unauthorized modification of incoming packets, and misuse of bugs in server software 1. Hackers have potential access to large number of system as a result computer are which are not configured properly and have programs with security holes are prone to threat 2. Hackers can use popular unix programs like rsh, r user to discover account names and then try guess password through dictionary or more sophisticated way of password identification. 3. Hackers can use electronic (eavesdropping) technique to trap username and unencrypted password sent over network. 4. Hackers can spoof, or configure a system to as another system, thus gaining unauthorized access to resource or information. Emerging Client Server Security Threats Many network programs such as Telnet, FTP sends password unencrypted. Through Eavesdropping backers and even crackers can obtain sensitive information. Encryption can prevent eavesdroppers from obtaining information on network. Servers can also be attacked with denial of service. In this case server resource is damaged or destroyed so that it cannot be used. The two most common denial of service attacks are Service overloading Message Flooding

Emerging Client Server Security Threats Service Overloading One case easily overload WWW server by writing a small loop that sends request continually for particular file, . Server tries to respond to request in good faith and this runs indefinitely. Overloading a service . Infinite loop Service attack can be reduced by restricting access to critical account, resources and files and protecting them from unauthorized user access. Emerging Client Server Security Threats Message Overloading

E_COMMERCE -

- 21

This occurs when someone sends a very large file to message box every few minutes. The message box grows in size and occupy all the space on disk causing disk crash. The message overloading is prevented by providing separate area of each program and make provision of graceful failure. Emerging Client Server Security Threats Other threats like packet replay or modification are harder to guard against. Packet replay refer to recording and retransmission of message packets on the network. Packet replay can be done by hackers to steal protected data and detecting the packet replay is difficult but this can be prevented by methods like time-stamping , and sequence counting. Packet modification is where the hackers tamper the information. To counter some of these threats discussed here the Firewall technique is introduced for the servers. Firewalls and Network Security The most popular network protection scheme is a firewall. Firewall is a method of placing a device or a computer or a router between the network and the Internet to control and monitor all traffic between the outside world and local network. Firewall system is usually located at the gateway point such as site connection to Internet. Firewall provides the protection device from some forms of danger Firewalls and Network Security Firewall come in several types and offer different type of security : Screening packets or application with pass in or out Filter network traffic Restriction of access to certain application Blocking access to applications etc. Basically firewall either control incoming traffic or permit outgoing traffic based on condition. Figure from pg 200

E_COMMERCE -

- 22

Firewall in Practice: Firewall ranges from simple traffic logging systems that record all network traffic for auditing purpose to more complex method of IP Packet Screening router, Hardened Firewall Hosts and proxy application gateway. The simplest firewall is packet filtering gateway or screening router. These filters restrict packet transfer to designated address, can restrict on type of services provided. ( Router with restriction on access) More complex firewall is application gateway which is most secured too. They essentially use PCs or UNIX boxes that sit between the Internet and a company internal network to provide proxy services. (PC which implement security mechanism) . User wants to download a file from external environment the request goes to proxy which then connects to machine outside the gateway. Screening routers and application gateway firewalls are frequently used in combination when security concerns are very high. In case of heavy traffic hardened firewall machines are set up in between Internet and companys private network 1. IP Packet Screening Routers This is static routing service placed between router and the Internal Network. Traffic routing service may be implemented within router or through application level proxy services. The firewall router filters incoming packets to permit or deny IP packets based on server screening rules: Known source IP Address Incoming packet Protocol (TCP/UDP)
E_COMMERCE - 23

Figure from [pg 201]

Configured routers can bring many security holes, they have several disadvantages 1. Screening rules are difficult to put seeing diverse need of user 2. Screening routers are inflexible and can not be easily extended other the functionality for which they are preprogrammed for 3. Screening router is circumvented (beat through cleverness )by a hacker the rest of network is open to attack Proxy Application Gateways: Proxy application gateway is a special server that typically runs on firewall machine. The primary use of application gateway is provide security. Instead of talking directly to external servers each client request would be routed to proxy on the firewall. Figure 5.4 An application proxy makes firewall a safe pass for the user of an organization without creating potential security holes through which hackers can get into corporate network. Proxy waits for the request from the client which is inside the firewall, forward the request to the remote server outside the firewall, reads the response and then returns it to the client. Proxy gateway has several advantages: 1. This allows the browser programmers to ignore the complex networking code necessary to support every firewall protocol and concentrate on client issues. HTTP between the client and proxy, no protocol functionality is lost since FTP,Gopher and other web
E_COMMERCE - 24

protocols may well be converted into HTTP methods. User do not have any special modification for FTP , Gopher server access . 2. Proxy can manage server functionality . Proxy can maintain audit trails, , byte count, success rate etc. Proxy acts like intermediary . Security related setting can be done within proxy: 1. Proxy Limiting dangerous subsets of HTTP Protocol ( Restricting from using some HTTPs methods) 2. Enforcing client and server access to designated hosts ( acceptable web site list ) 3. Implementing access control for network service that is lost when the proxy is installed( Storing security policy enforced by the firewall user wise authentication and resource access details ) 4. Checking various protocols for well formed command 5. Filtering of dangerous URLs and Malformed commands 3. Hardened Firewall Hosts A hardened firewall host is a striped-down machine that has been configured for increased security. This type of firewall requires inside or outside users to connected to the trusted application. These firewalls are meant for protection from unauthorized access. Steps for creating hardened firewall: 1. Remove all user account except those necessary for operation of the firewall, the logic being that if user cannot log in to the firewall host they cannot they can know the security measures 2. Remove all crucial files, executables network server programmes and client programmes. 3. Extending traffic logging and monitoring to check remote access 4. Disabling IP forwarding(process forwarding packets from one network to other) to prevent the firewall from forwarding unauthorized packets between internet and enterprise network. Advantages : 1. Concentration of security : logging is located on firewall system as opposed to being distributed on many hosts 2. Information hiding: Firewall can hide name of internal system or email address

E_COMMERCE -

- 25

3. Centralized and simplified network service management: Services such as FTP , e-mail are located on firewall system as compare to many system in the network. Security Policies and firewall management: The firewall method of protection spans between ease of use and high level security . The administrator who implement and maintain firewall must address to following management issues: 1. Is the firewall deny all services except those integral to the mission of connecting to the Internet, or is the firewall in place to provide metered and audited method of regulating the access in nonthreatening manner? The decision is political and financial . 2. What is the level of monitoring, redundancy and control? After answering above question the list if made for what should monitored permitted and denied. For e.g. Control can be on time bases 7:00 a.m. to 7:00 p.m. 3. Financial concern about the cost of firewall. Firewall cost ranged from $0 - $200,000. The evaluating should be done not only based on the cost of firewall but also on maintenance charges. 4. Firewall policies must be realistic reflections of the level of security in the entire network. For example site with top secret data should be isolated form rest of corporate network. Firewalls cannot give protection against viruses. Firewall cannot protect against data driven attacks. Firewall provides more than mere security it acts like corporate ambassador to other users of Internet. Many companies use this system as place to store public information about corporate products and services file to download etc.

Data and Messaging Security Data and Message security on Internet has become high profile problem due to increasing number of organization starting e-commerce on the global network. Historically computer security was maintained through username and password but with the remote access, wireless technology, commercial transaction , mobile computer , hackers tools this technique no longer sufficient.
E_COMMERCE - 26

Any sensitive information like credit card numbers , or other financial details can be easily hacked by hackers by using various tools. Transaction security issues can be divided into two types: 1. Data Security 2. Message Security Data Security One major threat to data security is unauthorized network monitoring and also called as Packet Sniffing. It is computer software or computer hardware that can intercept and log traffic passing over a digital network or part of a network.[1] As data streams flow across the network, the sniffer captures each packet and, if needed, decodes and analyzes its content . Sniffer program watches for certain kind of network traffic and typically first part of login sessions that have user name and password to login to remote machines. The fact that someone can extract meaningful information from network is nothing new but the problem increases this knowledge is longer limited to few people. Network monitoring will increase the number of system intruders . Users who's accounts and passwords are collected they are not aware that their session begin monitoring and subsequent intrusion will happen

Message Security : Threat to message security falls into three levels: 1. Message Confidentiality: 2. Message and System Integrity 3. Message Sender Authentication/ Identification Message Confidentiality:
E_COMMERCE - 27

Message confidentiality means to make it impossible to access or release secret information to unauthorized users. The environment should be such that it must protect all message traffic. Once the message is delivered to the destination the message must be deleted from public environment. Provision also should be made to delete undelivered messages as per the necessity and need. Message and System Integrity: Business transactions require that their contents remain unmodified during transport. Receiver must have same content as sender has sent it. Message confidentiality checks passive monitoring of data and integrity checks or unauthorized modification of data. Error detection code, encryption, sequence numbers are methods used for information integrity. Message Sender Authentication For e-commerce it is important that client authenticates himself to server and server authenticate to the client. Authentication is a mechanism which verifies the identity of an entity using certain encrypted information transferred from the sender to the receiver. Client and server must compare the origination address of transaction and messages and it is valid one. Whenever a message enters public network it must bear some unambiguous identification of the system from which it came. There is a race among various vendors in the e-commerce today to provide an authentication method that is easy to use, secure, reliable and scalable. Encryption as basis of data and message security: Sensitive information to travel on public network must be protected by encrypting it.
E_COMMERCE - 28

Encryption is converting the information in any form (text,video,graphics) into representation unreadable without decryption. A wishes to send Purchase Order to B in such a way only B can read it. A encrypts the PO with an encryption key and sends the encrypted PO to B. B decrypts the cipher text with the encryption key to read the data. Even C a hacker gets access to this data without the key he cannot decrypt it can know the information. Broadly two types of encryption methods: 1. Secrete Key Cryptography 2. Public Key cryptography Secret Key Cryptography: Secrete key cryptography involves the use of shared key by both receiver and sender. Shared key techniques suffer from a problem of key distribution, since shared keys must be secretly distributed to both the parties. A will encrypt the message by using a encryption key decided before by both the parties, B on receiving will use a same key to decrypt the message. The generation , transmission , storage of keys is called key management, all cryptosystems must deal with key management issues. This secret key method is good from one to one document interchange. But for the organization which deals with thousands of clients it is impractical to assume that key mangement will be error less.

Data Encryption Standard (DES) A widely used implementation of secret key cryptography is Data Encryption Standard. This DES is introduced in 1975 by IBM, the National Security Agency (NSA) and National Bureau of Standards (NBS) and most widely used cryptosystem in the world. DES is a secrete key symmetric cryptosystem. When used for communication both sender and receiver must know the same secret key which is used for both encryption and decryption of the message.
E_COMMERCE - 29

DES operates on 64 bit blocks and with 56 bit secret key. Instead of defining just one encryption algorithm DES defines a whole family of them. Different algorithm is generated with each secrete key. You need to tell your secrete key to receiver. The key size is as large as 256 A new technique for improving the security in DES is triple encryption. Each message block using three different keys in succession. If you use DES three times on the same message with different secret key it virtually impossible to break it using existing algorithm. Public Key Cryptography: This is more powerful form of cryptography . This technique involves a pair of keys, a private key and public key associated with each user. Information encrypted by the public key can be decrypted only using the corresponding private key. The private key is kept secret and public key is distributed. Since only the receiver of the message is aware of private key decrypting the message will be difficult and message integrity and confidentiality will be maintained. Public keys can be maintained in some central repository and used to decode and encode a data. The process goes as follows: 1. Each party receives a pair of keys ( One public key and another one private key) 2. When A wishes to send a message to B, A looks for Bs public key in repository 3. A then uses this public key of B to encrypt the message and mail it to B 4. B uses the secret private key to decrypt the message and read it 5. Any one like C unlike he has a access to Bs private key it is impossible to decrypt the message sent by A Advantage of public key cryptography is that no one can figure out the private key from public key. Hence the key management problem is mostly confined to management of private keys. Private keys are never transmitted or shared.

E_COMMERCE -

- 30

Public key cryptography can be used for sender authentication known as digital signature as follows: 1. A puts his private key and the document together and performs a computation on the composite (key + document) to generate a unique number called digital signature 2. The result unique number called fingerprint is attached to the original document and further encrypted with As private key 3. Then the message is sent to B 4. Then user B decrypts the document using As public key 5. To authenticate that the message is coming from A only and not from C, B does some further computation involving original document, purported signature and As public key and if result generate a same unique number then it is genuine otherwise message is altered and message is discarded Several implementation of public key cryptography are popular one of them is RSA implementation: RSA system uses a matched pair of encryption and decryption keys, each performing a one way transformation of data. In cryptography, RSA (which stands for Rivest, Shamir and Adleman who first publicly described it) is an algorithm for public-key cryptography. [1] It is the first algorithm known to be suitable for signing as well as encryption, and was one of the first great advances in public key cryptography. RSA is widely used in electronic commerce protocols, and is believed to be secure given sufficiently long keys and the use of up-to-date implementations. RSA is important because it enables digital signatures, which can be used to authenticate electronic document. Here is how digital signature works: 1. X wants to send a data to Y 2. X runs a program that uses a hash algorithm to generate a digital fingerprint ( Finger print is a pattern of bits which uniquely identifies the data) 3. The fingerprint is encrypted with X s private key. This is Xs digital signature 4. This digital signature and data gets travelled along with the data
E_COMMERCE - 31

5. Y Decrypts the signature with Xs public key 6. Runs the same hash program on the document and fingerprint is generated again 7. If this generated fingerprint matched with the one which X has sent that it is valid data else not Mixing RSA and DES RSA provides two important functions which DES does not provide 1. Secure key exchange without prior exchange of keys 2. Digital Signature RSA and DES can be used in combined. ( This method is called digital envelope) 1. First he message can be encrypted with DES key 2. Before begin sent over an insecure communication channel, the DES key is encrypted with RSA 3. Together DES encrypted message and RSA encrypted DES key are sent DES is preferred for large messages due to its greater speed. In multiuser environment where the DES key agreement ( two parties meeting) have taken place DES alone is sufficient. RSA is useful for multiuser system and also where digital signature is needed. Digital Public key Certificate The most difficult aspect of creating an effective multiparty transaction system is distribution of pubic keys. The primary concern here is authenticity. An outsider could easily create public and private key pair and distribute the public key claiming its belonging to someone else. For instance A in England is doing business with B in Canada and wants encrypt information so that only B can read it, A must first get public key of B from a key directory . That is were the problem lies . There is nothing that says that public key information is valid and not forgery put there by C in the name of B.
E_COMMERCE - 32

One of the solution to this problem is public key certificate. The public key certificate is data structure digitally signed by certification authority, that binds public key value to identity of the entity holding the corresponding private key. A certificate is a copy of a public key and identifier (number) digitally signed by the trusted party. The problem in this technique is searching the trusted third party . Public key user should have a public key of certificate authority that signed the certificate to get the identification number else it will create a problem. Thus chain of multiple certificate gets created. Data and Message Security Clipper Chip Clipper is an encryption chip developed as part of Capstone Project announced by White house. Clipper was designed to bring balance between concerns of Federal Law Enforcing agencies with those of private citizens and industry. Clipper technology uses escrowed keys. The idea behind this technology is communication would be encrypted with secure algorithm but the keys would be kept by one or more third party ( escrow agencies) and made available to law enforcement agencies when authorized by court issued warrants. Data and Message Security Skipjack, designed by NSA is the encryption algorithm contained in the clipper chip. It uses 80 bit key to encrypt and decrypt 64 bit block of data. Skipjack algorithm is considered to be secure . One limitation of it is this can not be implemented in software but only in a hardware that is in a chip provided by government authorized chip manufacturers. Data and Message Security Digital Signature Authentication of parties in the e-business transaction is done by using digital signature. Signature are recent development, the need for which has arisen due to growth in electronic commerce transactions.
E_COMMERCE - 33

With digital signature the recipient can verify that the document indeed is originated by the sender who signed on this document and that document is not be altered since then. Digital signature consist of two aspects 1. Method of signing: The method which is used for signing is such that forgery is impossible 2. Method of verification: You can verify the signature and know the sender identity Moreover the signature cannot be repudiated that is signer of the document cannot later disown it by claiming it was forged. Data and Message Security DSS ( Digital Signature Standard) specifies the digital signature algorithm and was developed as part of Capstone Project of US Government. DSS has been controversial in the computer industry and main issues for these are: The underlying cryptography used was new so too little scrutiny is done the user to be confident of its strength , Verifying the signature with DSS was too slow Implementing the second authentication standard will cause hardship to computer hardware and software dealers who have already standardized RSA. In DSS signature generation is faster than signature verification. In RSA signature verification is faster than generation. Many people in cryptography think that verification should be faster Most serious problem in DSS was security. DSS originally had 512 bit key but after it was changed of 1024 bit key. Researchers tell that there is existence of trapdoor primes in the DSS which will enable key to be broken. RSA and DES have withstood over more than fifteen years of vigorous examination. DSS is recently developed and may turn out to be a strong cryptosystem with time test. Challenge Response Systems For client server system the user authentication is becoming day by day important. In e-commerce transaction the network is taking a form of
E_COMMERCE - 34

client server interaction so that effective way of authenticating the user is needed. For instance if the client access a server for information the server must make sure that client is bon fide user. To do this server can choose from several challenge response authentication methods: Smart Cards Third party authentication Challenge Response Systems Token or Smart Card Authentication Whereas memorized password had been sufficient in the past to authenticate user ( where it can observed by sharp eye person) , smart cards are used for enhanced security. Smart card computes a password or encryption key and furnishes it directly to the computer for log in procedure. When user wants to access the computer he logs on with stagnant password which then quickly issues eight character password. Type eight digit character password on the card , this card is like pocket held calculator Finally card give one time password that is acceptable To defend against the loss or theft of the card, card requires the user identification number too. Challenge Response Systems Handheld password generators (HPGs) are having a algorithm initialized with seed. This algorithm maintains data unique to the user and is synchronized with the algorithm running on the host.

E_COMMERCE -

- 35

HPG works on challenge response system. Where every log in attempt the host generates a password which is given to handled device which provides the password to be used for that session. Once this password is entered HPG algorithm checks whether the password given matches with the one which is calculated by it. Challenge Response Systems Third party Authentication: In third party authentication system the password or encryption key never travels over the network. Rather an authentication server maintains a file of facts about the registered users. At the log on time the server demands the entry of randomly chosen facts. Authentication server uses this input to generate a token. This server sends an encrypted message containing a token which can be decoded with user key. This message containing the token allows user to log on to the network server. Kerberos is popular third party authentication protocol. Challenge Response Systems Kerberos is an encryption based system that uses secret key encryption designed to authenticate the user and network connection. It is developed by MIT project Athena. Kerberos is preventing unauthorized access and does it so well that now it is standard for effective security and authentication. Kerberos assumption is distributed environment is made up of unsecured workstations, moderately secure server and highly secured key management machines. Kerberos provides a mean of verifying the identities of requester on an unprotected network. Kerberos performs authentication by using conventional cryptography (secret key) Challenge Response Systems Authentication process is as follows:
E_COMMERCE - 36

Client A sends a request to Kerberos authentication server (KAS) requesting credentials for a given server B KAS responds with the following information encrypted in A key. Ticket for the server. Ticket contains B key Temporary encryption key ( session key) A tend transmits the clients identify and a copy of session key both encrypted in B key to B The session key is used to authenticate the client and server for future transaction. Challenge Response Systems To verify the identities of the parties in the transaction , client transmits the ticket to the server. Since the ticket is sent on the network where it can be hacked, additional information is sent to prove that the message was originating by the party to whom the ticket is issued. This information is encrypted using session key and includes timestamp. As session key encryption is done it proves that it is valid party. Encrypted document and electronic mail: Email users who desire confidentiality and sender authenticate using encryption . Some users are using following two methods for Email encryption for secured transmission. 1. Pretty Good Privacy 2. Privacy Enhanced Mail ( PEM) Internet email is obviously far less secure than the postal system. Where the snooping can be done in the header area and can be known through which all paths this message has been passed by. Email software is increasingly incorporating specific options that simly encryption and decryption. 1. Each file must be encrypted even before it can be examined. 2. If the file itself proves to contain embedded , compressed and encrypted files those too must be expanded and decrypted. Two popular mail encryption techniques in detail:
E_COMMERCE - 37

Privacy Enhanced Mail Standard: This EM standard is created but not yet officially adopted by Internet Activities Board. EM includes encryption, authentication and key management and allow use of both public key and secret key cryptosystem. PEM uses DES algorithm for encryption and RSA algorithm for sender authentication and key management. PEM also provides support for non repudiation and identify the identity of the message originator. Although PEM is not yet widespread, a number of vendors are offering versions of it in their email servers. Pretty Good Privacy (PGP) PGP is implementation of public key cryptography based on RSA. Its a free software package that is used to encrypt the mail. PGP provides secure encryption of documents and data files that even advanced computers cannot crack. PGP uses public key encryption scheme and MD5 ( Message Digest Version 5). It also uses a hash function to form a digital signature that assures to the receiver that incoming message is authenticate person has sent it. 1. The transaction sequence begins when the sender types an email and when MD5 is used to generate a digital signature of the email. 2. The digital signature is then encrypted with RSA using senders private key and result is attached to email 3. The receiver uses senders public key to decrypt and recover the digital signature 4. The receiver then generates a new digital signature for email received and compares it with the decrypted digital signature A combination of MD5 and RSA provides an effective digital signature scheme.

E_COMMERCE -

- 38

PGP provides confidentiality by encrypting messages to be transmitted or to be stored locally. Convention algorithm IDEA ( International data encryption algorithm) is used. Relatively new but IDEA is considered to be much stronger than widely used DES . The process goes as follows: 1. When sender generates the message the system provides random 128 bit number as session key for that message only. 2. The message is encrypted using IDEA with the session key 3. Session key is encrypted with RSA using receivers public key and attached with the message 4. Receiver use RSA with his private key to decrypt and recover session key 5. Session key then decrypt the message IDEA is much faster than RSA and reduces message encryption time as only the key is encrypted using RSA> Both confidentiality and authentication can be used at same time: 1. First signature is generated using a plain message 2. Plain text and signature is encrypted using IDEA , and the session key is encrypted using RSA public key of the receiver 3. Then it is decrypted at the receiver end and signature matching will be performed PGP is widely used and has a rapid growth on the Internet

Unit-4 Consumer oriented electronic commerce

E_COMMERCE - 39

Introduction The convergence of money, commerce , computing and network is laying its foundation in the global consumer marketplace. Consumer oriented e-commerce is still its in early stage. The consumer applications like on-line stores and electronic shopping malls are there but access is still difficult. These application are not still user-friendly. User has to spend lot of time and money in searches for stores and on-line information still. The early consumer application have provided a information about product where not able to accept the order online and where not having a capability of accepting electronic payment. As security was a major problem in sending a payment related information the applications were not having these capabilities. As technologies have not grown to that extend even the traditional business processes such as negotiation, payment, order processing , after sales services are done through traditional ways. The fundamental issues that were to be addressed to make the consumer oriented e-commerce popular: 1. Establish a standard business processes for buying and selling product and services in electronic commerce 2. Development of easy to use implementation of mercantile protocol for order taking , on-line payment and service delivery 3. Development of privacy methods that allow two parties that have no reason to trust one another to carry a secure commercial transaction. Consumer Oriented Applications The wide range of applications that are emerged into consumer marketplace are classified into: 1. Entertainment: Movies on demand, Video catalogs, multiuser games 2. Financial Services: Home banking , financial services 3. Information Education and Training : Interactive education, video conferencing , on-line databases.
E_COMMERCE - 40

4. Essential Services : Home shopping, electronic catalogs, Remote

diagnostics (Remote Diagnostics refers to ability to diagnose a given symptom, issue or problem from a distance), Telemedicine (Telemedicine is a rapidly developing application of clinical medicine where medical information is transferred through interactive audiovisual media for the purpose of consulting, and sometimes remote medical procedures or examinations. Whenever the physical transformation of information is concerned the digital transaction are always winner and cost is less, the transaction can be performed in faster way improving the productivity. But the investment has to be done in the technology. Let us examine few consumer based e-application Personal Finance and Home Banking Management : Still the concepts like direct deposit of payroll, on-line bill payment and telephone transfer are not wide spread in 1980s . The ratio is 30:1 Now due to growth in the technology devices like mobile, PCs television and PDA ( Personal digital assistant) customer doing electronic banking is growing as they can save time. Home banking services are categorized into 1. Basic 2. Intermediate 3. Advanced Basic Services Basic services are related to personal finance such as checking and saving account statement report , round the clock banking with automated teller machine, funds transfer, bill payment, status of payment, stop payment request etc. Banks introduced ATMs in 1970. ATM can be used by wider range of people for transaction form non traditional places and wider varieties of
E_COMMERCE - 41

activities can be performed such as withdraw, deposit, loan application, balance enquiry etc. With ATM network the following consequences emerged: 1. Customer loyalty became a thing of past as he started looking at technology and service oriented banks 2. There brand name was swept away by the power of marketplace transaction 3. Banks linked and branded their network for added customer convenience which further loss of loyalty. ATM network is similar to internet where banks are the routers and ATM machines being heterogeneous computer on the network. There is larger increase in ATM usage and consequent decrease in teller machine. The future of home baking is now lies in PCs which is fast becoming household item. Figure from pg 271 ( Structure of ATM network)

2.Intermediate Services : These services include array of home financial management services, household budgeting, updating stock values, tax return preparation etc. Features of Electronic Marketplace: 1. Critical mass of buyers and sellers
E_COMMERCE - 42

There should a trick to get mass corporate and consumers to use electronic medium of doing transaction. Electronic marketplace should be the first place customer go to find product and service 2. Opportunity for independent evaluations and for customer dialogue and discussion Not only buying and selling product , customer should be able to compare the product and prices. 3. Negotiation and bargaining Negotiation should be allowed in marketplace. Buyer and seller should be able to discuss on money, terms and conditions , delivery dates and various other criteria 4. New Product and Services Consumer should be able to request the product and services which is currently not offered and can expect that someone will turn up with proposed offering

5. Seamless Interface All the pieces of electronic commerce should be joined together to make them work seamlessly 6. Recourse for disgruntled buyers A viable marketplace must have a recognized mechanism for resolving dispute among buyer and sellers.

Mercantile Process Models Mercantile processes define interaction models between consumers and merchants for on-line commerce.
E_COMMERCE - 43

This is necessary because to buy and sell goods a buyer , seller and other parties must interact in ways that represent some standard business processes. The establishment of a common mercantile process is expected to increase convenience for consumers who wont have to figure out a new business process for every single vendor.

Mercantile Models from the Consumer Perspective The on-line consumer expects quality , convenience, value , low price and control. To meet these expectations and understand the behavior of the online shopper, there is need for a business process model that provides standard product and service purchasing process. The business process model from a consumer perspective consist of seven activities that can be grouped into three phases 1. Pre purchase Phase 2. Purchase Consummation 3. Post purchase Interaction Pre Purchase Preparation Phase This phase includes search and discovery for a set of products in the larger information space which meets customer need. From the consumer perspective, any major purchase can be assumed to involve some amount of prepurchase activity, the extent of which this searching is done varies across individuals, products and purchase situations. Purchase deliberation is defined as the elapsed time between a consumer first thinking about buying and actual purchase itself. Information search forms a major part of that time along with comparison and alternative prices negotiation.
E_COMMERCE - 44

Pre Purchase Preparation Phase The pre purchase deliberation process can be understood better by knowing the answer of the following questions: 1. How much time are buyers allocating and spending on their purchasing decision with respect to products 2. What factors account for the difference in consumer decision time 3. What technology can be used or designed to reduce decision time 4. What is right shopping environment that keep's customer happy and waiting to return

In general consumers can be categorized into three types: 1. Impulsive buyers : Who Purchases the product quickly 2. Patient buyers : Who purchase product after making some comparison 3. Analytical buyers: Who will do large amount of research before making a decision

Types of purchasing 1. Specially planned Purchases : Need was known before the buyer bought exact that item 2. Generally planned purchases: Need was recognized but the buyer decided in-store on the actual manufacturer of the item which satisfy his requirement 3. Reminder Purchases: This buyer is influenced by advertisement on web site of other product where he is reminded of these products 4. Entirely unplanned purchases: The need was not recognized entering the store. Pre Purchase Preparation Phase
E_COMMERCE - 45

One of he important part of pre-purchase deliberation is Search: Information search is defined as the degree of care, perception and effort directed towards obtaining data or information related to the decision problem. In the context of e-commerce information search can be classified into two categories 1. Organizational Search 2. Consumer Search Purchasing department inside organization search for information about specific purchase of equipment. The overall duration of searching time can be length of time between the first initiation of information gathering activities and the time when all of the information considered necessary to make a decision has been collected. Certain factors may disincentives( come in way) to search : 1. Organizational buyers commonly have strong vertical vendor relationship based on prior purchases of previous versions of particular product. 2. The rate of information change in the marketplace imposes additional demand on firms search process. Information received today may not valuable tomorrow as technology and product features are improving quickly.

Firms may respond to high paced information change by constraining search process time Consumer motivation can be viewed in terms of two questions: 1. Why is the consumer shopping 2. What was in it for the consumer
E_COMMERCE - 46

Pre Purchase Preparation Phase: Consumer Search The answer to these questions result into two distinct dimension 1. Utilitarian Values: Shopping activity done to achieve a goal of buying 2. Hedonic Values : Done this activity because you love to do it. In the term of electronic commerce the utilitarian behavior is more found. Hedonic aspect of shopping much less experience on electronic field. In hedonic shopping purchase of product is incidental . Hedonic buyers hunt for bargain and when they find a one with cheap bargain that fact alone is excitement for them. Consumer search depends upon buyers present buying situation and the shopping experience will affect the searching process Pre Purchase Preparation Phase: Information Broker and Brokerages To facilitate better consumer and organizational search, intermediaries called information brokers and brokerages are coming into existence. Information brokerages are needed for three reasons 1. Comparison shopping 2. Reduce search costs 3. Integration There are availability of on-line database search services which are available at high price. Consumers and organization save money by putting their own effort in searching. But in case of non expert consumers their search task is given to professional searchers, who get the job done faster and better. Some search engines require certain special kind of software installed . Like America Online requires AOL software installed. But these information brokerage provide lots of information but this information has to utilized for users benefit and should not claimed of their own. Purchase Consummation
E_COMMERCE - 47

After identifying the product to be purchased , the buyer and seller must interact in some way to actually carry out the mercantile transaction. A mercantile transaction is defined as the exchange of information between the buyer and seller followed by the necessary payment. Single Mercantile Model will have the following steps: 1. Buyers contact vendor to purchase product and service. This dialog can be interaction through email, off-line or on telephone 2. Vendor states price 3. Buyer and Vendor may or may not engage in negotiation 4. If satisfied buyer authorizes payment to the vendor with an encrypted transaction containing digital signature for the agreed price 5. Vendor contacts his or her billing service to very encrypted authorization 6. Billing service decrypt the authorization and checks buyers account balance or credit card balance 7. Billing service gives the vendor green light to deliver the product and message giving transaction details 8. On notification of adequate fund to cover financial transaction vendor delivers the goods to buyer. In case of information purchase provides key to unlock a file 9. On receiving a good buyer signs and delivers receipt. Vendor then tells billing service to complete the transaction 10.At the end billing cycle, buyer receives a list of transaction through the bank , ( credit card statement) Customer can complain against overbilling etc. Figure from pg 297 Customer typically have two choices: 1. Pay before receiving goods or services : The quality of goods or service is observed later so buyer has to struggle to get money back if the product is of low quality 2. Receive goods and services before paying : Buyer can check the quality of product and service and deny the payment for poor quality product, or can even stop the payment through bank.
E_COMMERCE - 48

Let us examine the mercantile model with respect to 2 different payment ways used: 1. Electronic Cash 2. Credit Cards Purchase Consummation Mercantile process using Digital Cash: A bank provides electronic currency which is simply a series of bits that issuing bank verifies and this currency info is kept secrete by cryptographic techniques. After the purchasing is done buyer can send this e-cash to seller. Seller will verify its authenticity by sending it to the issuing bank for verification. The proper security mechanism should be used to store e-cash. E-cash issuing bank will make money charging a buyer or seller with the transaction fee. Following are the mercantile steps for the use of digital cash: Buyer obtain anonymous e-cash from issuing bank Buyer contact seller to purchase product Seller States the price Buyer send e-cash to seller Seller contact his bank or billing service to verify the validity of ecash 6. Bank gives okay signal 7. Seller delivers the product to buyer 8. Seller then tells bank to mark the e-cash as used currency Purchase Consummation Mercantile process using Credit Cards: Two major steps with respect of credit card transaction is : 1. Electronic authorization 2. Settlement Mercantile Transaction Using Credit Cards
E_COMMERCE - 49

1. 2. 3. 4. 5.

In retail transaction a third party process (TPP) captures the information at the point of sale, transmits the information to the credit card issuer for authorization, communicates the response to the merchant, electronically stores the information for settlement and reporting The credit card number is checked against the database and the transaction is approved or denied. Mercantile Transaction Using Credit Cards The step by step account of retail transaction through credit card is as follows: 1. A customer present a credit card for payment at retail location. The card reader , PC based point of sale device scans the information from the card magnetic strip 2. The point of sale software direct the transaction information to the network access point. 3. Once in the network, the system verifies the source of the transaction and routes it appropriate authorization source where the card holders account record is reviewed. An authorization code is then sent back to the point of sales device. Alternative routing paths are used if primary routing path is not available. Transaction information is captured both in the network system and in point of sale device 4. Periodically the retail location initiates a close-out transaction that bundles completed transaction information. 5. The system gathers all completed batches and process data in preparation of statement. The settlement report is prepared and submitted to appropriate bank for sanction and settlement of dues. Mercantile Transaction Using Credit Cards After the transaction is complete, a set of activities related to account settlement start. In case of credit or debit card the buyers account is deducted with the amount of transaction and he is intimated about it. In case of VISA or Master Card the transaction details are transmitted to settlement institution selected by the client. These electronic transaction cost:

E_COMMERCE -

- 50

1. In the first form merchants are charged a flat fee per transaction for authorization and data capture services. The merchant discount rate is a difference between the amount charged by the cardholder and the amount of settlement institution pays to the merchant. 2. The other form may be merchant pay a bundle price for authorization , data capture and settlement. On the surface now cash seems to be preferable to electronic payment. But a more careful examination reveals retailers are using electronic payment methods more the reason for this is: 1. Account cost , equipment cost are much more than the cost for accepting debit or credit cards. 2. Consumer appear to spend more when using cards than spending cash Post Purchase Interaction As long as there is a payment for service and product, there will be refund, disputes and other customer services issue which are needed to be considered. Returns and claims are important part of purchasing process. Many companies design their mercantile process only outbound to the customer which will create messes and extremely dissatisfied customer. Customer Service Challenges are: 1. Inventory Issues: To serve customer properly a company should inform to customer right away when an item ordered is sold out not after several days later 2. Database access and compatibility issue: Customer should be instantly access through computer on the information superhighway with compatible software the inventory and database of the vendor 3. Customer service issues: Customer will have questions about product quality, color , size , shipment, delivery dates the order entry operator should be available to resolve such problem Mercantile Model with Merchant Perspective The order delivery cycle from merchants perspective will be looked in two angles one standardization and the cost of operation. If the service standards are met their will be minimum expenses on the delivery of product.
E_COMMERCE - 51

While delivering the product the companies have following points to look for 1. Companies ability to take a position of low cost provider 2. Benchmark services 3. Responsiveness and continuous improvement To understand the order delivery cycle which includes eight steps of how the merchant fulfills the customer order is explained in the following diagram. 1. Order Planning and Order Generation Business process begin long before an actual order is placed by the customer. People who are close to customer either in the sales force or in marketing group at the company develop a sales forecast. Similarly inventory and manufacturing department prepare plan for manufacturing , inventory etc. These activities come under order planning. Order planning leads to order generation. Orders are generated in a number of ways. In e-commerce environment, direct advertisement, email to customer , creating WWW pages. 2. Cost Estimation and Pricing Pricing is a bridge between customer needs and companies capabilities. Pricing at the individual order level depends upon understanding the value of the customer evaluating the cost for each filled order. Although order pricing is difficult job it requires meticulous thinking and deliberate execution to gain more profits. Often battle happens between engineers who estimates, accountants who tabulate cost and management which oversees pricing the actual quotes of prices by sales force. 3. Order Receipt and Entry After acceptable price quote, the customer enters the order . There are customer service representatives on the other side which handle the order and will be constant touch with the customer. These customer service
E_COMMERCE - 52

representatives are either long term employees, experienced staff or totally fresher. 4. Order Selection and Prioritization Customer Service representatives often responsible for accepting multiple order based on choosing criteria. There are certain order which they can deny. In particular the desirable orders are one which fit the companies capabilities and give high profit. The order selected should form a convergence of great customer demand and high customer satisfaction , which in turn result in customer retention. Companies can make gains by the way they handle order prioritization, that is how they decide which order to execute faster. The top executives who form corporate strategy make this decision of ranking the order. 5. Order Scheduling During the order scheduling the prioritized order get slotted into an actual production. This task is difficult because different functional department like sales, marketing, customer service operation, production , inventory have conflicting goals. For eg production people minimize equipment changeover, while marketing and customer service representative argue for special service to special customer Communication between the functions should exist, the customer representative should be involved in production scheduling 6. Order Fulfillment and Delivery During order fulfillment and delivery the actual provision of the product or service is made. Different parts of an order may be created in different manufacturing units and merged at yet another site, order may be manufactured in one location and warehouse in second, In service operation it means sending individuals or expert to customer site.

E_COMMERCE -

- 53

Proper coordination is required as this task is complex and related to delivery schedule. 7. Order Billing and Accounting Payment Management After the order is fulfilled and delivered the account staff will handle a job of billing and getting the settlement of bill quickly. Often the customer dont understand the bill they receive or they believe it contains inaccuracy. The bill may not be accurate but it is not convenient to them to understand. 8. Post Sales Services This phase plays important role with respect to customer value, and customer retaining. Post sales services include installation of product, repair and maintenance, customer training, equipment upgrading, and disposal. The post sales services effort are related to customer satisfaction and companies profitability. The post sales services people should be linked to product development, quality assurance and marketing.

UNIT-5 Inter organizational Commerce and EDI Introduction EDI is defined as the inter-process communication of business information in a standardized format. Traditionally companies use to transfer document like purchase order, bills , challans with other companies through postal system. Today computer has
E_COMMERCE - 54

simplified and enhanced the communication between two countries of different continents within different time zones. Using EDI trading partners establish computer-to-computer links that enable them to exchange information electronically. As paper work is avoided completely and all documents exist in electronic formats alone. EDI also helps in reducing order fulfillment time. Customer demand can be easily communicated across all parties and billing , placing of order is done electronically The primary benefit of EDI to business is a considerable reduction in transaction costs, by improving the speed and efficiency of full filling orders. EDI Definitions EDI developed in 1960 to increase the speed of document transfer to shipments and transportation. Slowly the EDI is getting recognized and will become a standard by which organization will communicate formally with each other in the e-commerce market. Electronic commerce and EDI is not same, other way round electronic commerce includes EDI inside it and is much more than that. EDI techniques are aimed at improving interchange of information between trading partners , suppliers and customers too. Technically EDI is well known example of structured document interchange which enable data in the form of document exchanged between software application that are working together to process a business transaction. EDI decided the standard or format of the document the transmission is handled by e-mail or point to point connection. EDI Definitions
E_COMMERCE - 55

 EDI is the transmission, in a standard syntax, of unambiguous information of business or strategic significance between computers of independent organization EDI is the interchange of standard formatted data between computer application systems of trading partners with minimal manual intervention EDI is the electronic transfer, from computer to computer of commercial and administrative data using an agreed standard to structure an EDI message EDI is electronic transfer from one computer to another computer process able data using an agreed standard to structure the data. EDI Layered Architecture EDI Architecture specifies four layers: 1. Semantic Layer ( Application Layer) 2. Standards Translation Layer Packing Layer ( Transport Layer) Physical infrastructure layer EDI Layered Architecture EDI Semantic layer describes the business application that is driving EDI. For a procurement application this translates into requests for quotes, price quotes, purchase order, acknowledgements, and invoice. This layer is specific to the country and the software that organization uses. The user interface and content visible in this layer on the screen is customized to local environment of that organization as their applications are designed. EDI Layered Architecture The information at the EDI semantic layer must be translated from company specific form to more generic or universal form so that it can be sent to various trading partners who will have variety of software applications at their end. Organization should adopt universal EDI standard that provides the acceptable fields of business forms. This standards are laid down by ANSI 12 and EDIFACT ( developed by United Nations Economic Commission for Europe) There are two EDI document standard ANSI 12 and EDIFACT

E_COMMERCE -

- 56

 To facilitate the transfer of files between two trading partners requires that the computer application of both sender and receiver use compatible format for EDI document exchange. When the trading partner sends a document the EDI translation software converts the organization format into standard mutually agreed on by the processing system. At the receiver side the EDI format is changed to receiver organization format. EDI Layered Architecture EDI Transport layer corresponds closely with the no electronic activity of sending a business form from one company A to B. EDI transport carrier of choice is becoming email. Here EDI documents are exchanged rapidly over electronic networks using the existing email programs and infrastructure EDI document interchange is much more complex than a simple email sending message. EDI document are more structured and typically manipulated or processed more than email message by a software What really differentiates EDI from messaging is its more emphasis on the automation of business transaction. EDI messages have certain legal status EDI Layered Architecture Electronic Data Interchange Electronic Mail (EDI) There is typically no human The data are not necessarily involvement in the processing structured to be software of information, as the interface understandable. A human to has software to software software interface is involved at orientation. The data are the minimum of one end structured. The interchange is composed by The message is composed by one software for interpretation human and interpreted by by another software. Reply is human. Reply is composed by also composed by software human. EDI in Action
E_COMMERCE - 57

 The idea behind EDI is to take a data from business application, translates them into standard electronic format and transmit it. Hence the output of one application becomes input to another though the computer-to computer exchange of information. This result in elimination of delay and paper work EDI is largely used in purchase function, by manufacturing section to transmit large designs etc, large firms to send on-line price catalogs to customers. Etc. EDI in Action Steps of Purchase without EDI Implementation: 1. Buyer wants to send a purchase order to seller 2. Relevant data must be extracted from internal database and to be recorded on hard copy 3. This hard copy is then forwarded to the seller after passing through several intermediate steps 4. Sellers receives the information in the form of letter which is to be entered into the internal information system by data entry operator This process generates a considerable amount of overhead in labor, cost, and time delay. And the method also has risk of errors caused by incorrect data entries. EDI in Action Steps of purchase using EDI Implementation: 1. Buyer computer sends purchase order to sellers computer 2. Seller computer sends purchase order confirmation to buyers computer 3. Seller computer sends booking request to transport companies computer 4. Transport company computer sends booking confirmation to seller computer 5. Seller computer sends advance ship notice to buyer computer 6. Transport companys computer sends status to sellers computer 7. Buyer computer sends receipt advice to sellers computer 8. Sellers computer sends invoice to buyer computer 9. Buyers computer sends payment to seller computer

E_COMMERCE -

- 58

EDI is fast , inexpensive and safe method of sending invoices, purchase orders, customs documents, shipping notices and other frequently used business documents. Tangible benefits of EDI The automatic transfer of information from computer to computer reduces the need of rekey information and as such reduces costly error to zero EDI transactions produces acknowledgements of receipt of data Reduced paper based systems. EDI can impact the effort and expenses a company devotes to maintain records, paper related supplies , storage system and maintenance of such storage system. Electronic transaction take over most of the function of paper work. Improved problem resolution and customer service. EDI can be minimize the time companies spend to identify and resolve inter buiness problem. Many such problem come from data entry EDI eliminates many of them. EDI can improve customer service by enabling the quick transfer of document. Expanded customer/supplier base EDI Applications in Business Although EDI was developed to improve transportation and trade, it has spread everywhere. An study of EDI usage in various industries provides insight into the business problems that EDI is attempting to solve. There are four scenarios in which EDI implementation will be explained. 1. 2. 3. 4. International or Cross border trade Electronic fund transfer (EFT) Health Care and Insurance Claim Processing Manufacturing and retail procurement.

Companies have applied a number of EDI based solutions to improve business process- for both strategic and competitive advantages.

E_COMMERCE -

- 59

In some cases EDI transformed operational aspect of companies business , increased quality and cost reduction significantly changed industry standards. International Trade and EDI EDI has always been very closely linked with international trade. Over the last few decades significant progress has been made towards the more open and dynamic trade relationships. Recent years have bough the General Agreement on Tariffs and Trade (GATT) Many countries and particular developing countries have made significant effort to liberalize and adjust their trade policies. And it is widely held view the efficiency of trade can be accomplished only by using EDI as primary global transaction medium Role of EDI in International Trade: 1. EDI attempts to facilitate smooth flow of information 2. EDI replaces paper, which has been mainstay for carrying trade related information. The paper based communication is inefficient and costly because of labor involved , error rate and delay 3. EDI saves vast amount of time and resource spent on transferring and checking the information from one paper document to another where again error are frequent. 4. A typical international trade transaction may involve 30 different parties, 60 original document and 360 document copies which have to checked, verified and reentered 5. EDI is expected to reduce the entry barriers for small traders. Because EDI can provide efficient procedure and services and information network which help them to venture into international business EDI Benefits for International Trade Includes: 1. Reduced Transaction expenditure 2. Quicker movement of imported and exported goods 3. Improved customer service through track and trace programs that quickly identify to the many participants in a trade deal customer, companies, banks , insurers, customs, transport agencies etc to know where things are located 4. Faster customer clearance and reduced opportunities for corruption The components of International Trade:
E_COMMERCE - 60

Figure from pg 359

International trade is structured around many freight forwarders who act as middlemen for shippers and consumers FF is highly specialized industry in which the provider handles large freight shipments and customs clearance for customers. FF provides wide trade of services such as cargo booking, air cargo documentation, customs brokers , import customs documentation handling etc. Various international trade agencies like shippers, airlines, forwarders and customs in various countries are supported by EDI and computer network. EDI facilitates transmission of commercial documents and associated freight information from foreign exporter to both importer and his custom broker. Importers computer software would automatically receive the data. Similarly custom broker receives the data and strip out all not required data and prepares ABI ( Automated broker interface) which is transmitted to customs for clearance. No faxing, rekeying or manual data input is required. International Trade and EDI Custom and International Trade Custom plays very important role in international trade. Every international trade transaction involves at least two customs clearances, export and import.

Customs faces following challenges: 1. A large volume of goods is begin traded in global economy
E_COMMERCE - 61

2. More rapid means of transport have emerged that addresses the need of business 3. Scope of customs activities has been broadened by including intellectual property right, toxic wastes and endangered species 4. The demand for more accurate statistics and projection Response of customs can enhance with the greater use of EDI as authorities know the importance of it. Many counties now offer traders the option of submitting their customs documentation in electronic format rather than on paper. International Trade and EDI The Logistics of Transport Time critical deliveries often save more amount of money. With growing trend towards purchasing just in time, delays in delivery imply lost business. Transportation unit provides variety of services like inventory, distribution management, material requirement planning, protective cargo packing, insured warehousing, foreign trade zone operation, marine insurance, air and ocean freight forwarding and customs brokerages. With all these changes and competition , it is no wonder that EDI is critical Trade Point Global Network In industrialized countries EDI is used 7.5%. And for developing countries the number is too far lower, and even poor communication make EDI implementation not practical. To help reduce this gap UNCTAD came up with idea of worldwide network of trade points. These trade point attempt to bring together under one roof all the services needed by exporters such as government bodies, customs authorities, chamber of commerce, banks, insurers and freight forwarders. The trade point consist of the following services: 1. A trade facilitation center, where participants in foreign trade transaction are grouped together under single physical or virtual network

E_COMMERCE -

- 62

2. A source of trade related information that provides actual and potential traders with data about business and market opportunities , potential clients and suppliers and trade regulations and requirements 3. A gateway to global networking , whereby all the trade points will be inter connected and equipped with computing and telecommunication tools to link up with other global networks. EDI APPLICATIONS IN BUSINESS: Financial EDI Financial EDI comprises of electronic transmission of payment and remittance information between a payer and payee and their respective banks. Financial EDI allows businesses to replace the labor intensive activities associated with issuing, mailing transmission and processing of payment instruction. Traditional methods of payments where used for business to business payment. There is lot of paper work and delays in processing payments. And if the payer and payee banks are different countries with different regulatory environments the payment process and paper processing will be much more complex and tough to handle. Financial EDI Types of Financial EDI : Traditionally business to business payment is accomplished using 1. Checks 2. EFT 3. Automated clearing houses (ACH) for domestic and international fund transfer.

E_COMMERCE -

- 63

1.Bank Checks: Businesses use check to make payment for two main reason1. They are familiar and readily accepted form of payment despite some uncertainty about receiving final payment 2. Business benefit from the float created by the delays in the check collection process. Business find float valuable because they can continue to use or invest funds for several days after they have issued check Financial EDI Float is created when a delay occurs between the initiation of payment and the availability of the fund to the recipient. Delays occur because checks are delivered through the mail, require human handling and must be transported among banks in the collection chain. There are expenses incurred in collecting checks and delay recipient access to the funds. 2.Electronic Fund Transfer: EFT is a transfer between banks where funds flow directly from the payers bank to payees bank. These are similar to on-line transaction but these transactions are carried out on private networks. Funds transfer is a small portion of the total number of non cash payments. Businesses use this method when timelines and certaintyof payment is important. 3.Advanced Clearinghouse (ACH) Transfer: ACH transfer are used to process high volumes of relatively small dollar payment of settlement in one or two business days.

E_COMMERCE -

- 64

ACH provides following services: 1. Preauthorized Credits 2. Direct Deposit of payrolls 3. Preauthorized debits ( Repetitive bill payment) Two types of ACH transfer are used 1. Credit Transfer 2. Debit Transfer Credit transfers are similar to large dollar funds transfer where funds flow directly from the payers bank to payees bank. . Funds received by the payee bank are generally provisional until the morning of the business day following the settlement Debit transfer payees bank initiates the transfer and receives funds immediately from the payers. Transaction may be revoked if funds are sufficient. How financial EDI payments are made: Cooperates uses various implementation of financial EDI. Two approaches sued are 1. Payment instruction and Remittance data should flow together 2. Payment instructions should flow through the banking system while remittance data are transmitted over direct data communication link on VAN ( Value Added Network) Financial EDI A Value-added Network (VAN) is a hosted service offering that acts as an intermediary between business partners sharing standards based or proprietary data via shared Business Processes. The offered service is referred to as "Value-added Network Service". Payment and Remittance Information Flowing Together: Figure 9.5

E_COMMERCE -

- 65

The purchasing company X which is the payer transmits remittance data to instruct it bank X to pay its supplier. Bank X creates an ACH credit transfer instruction, indicated the specified payment data and attaches the appropriate electronic remittance data. Bank X transmits the payment instruction with the remittance data to an ACH operator. After receiving the payment instructions and remittance information ,the ACH operator edits the payment instructions, extracts accounting data from them and transmits the payment instruction and remittance data to the seller bank Y . Bank Y then transmits a payment advice and the remittance data to the selling company Y which the payee. Payment and Remittance Information Flowing Separately: Figure 9.6

Payer transmits payment instructions to its bank X and remittance information to the payee through a VAN. The payment instruction are processing through the banking system and settled as described in above case but remittance data are not attached. Financial EDI Financial EDI Standards: Some standards exist just for sending remittance information and other just for transferring funds. To permit businesses to automate payment processing fully , the baking industry has combined electronic payment formats with EDI formats to remittance data. Following are the most commonly used formats in the industry: BAI ( Bank Administration Institute )standards for sending and receiving invoice and remittance information no funds transfer

E_COMMERCE -

- 66

820 and 823 the American National Standards Institute laid down standard for payment order and remittance advice CCD Cash Concentration and Disbursement format offer electronic fund transfer CTP Corporate trade payment format used remittance information CCD+ allows companies to transmit funds and remittance advice in same transaction CTX Corporate Trade Exchange to allow move payment and data together. EDI Fact used for international financial EDI projects. Health Care and Insurance EDI EDI is rapidly becoming a permanent fixture in both insurance and health care industries as medical providers, patients, and payers( insurance company) increasingly process claims via electronic network. Electronic claim processing is quick and reduces the administrative cost of health care. Rather than just processing payment claims EDI helps doctors to communicate with other physicians, hospitals and other units. Transaction in this field includes claims submission or billing, payment and payment posting, eligibility verification , primary care member enrollment etc. EDI could reduce labor intensive activities of providers and payers involved with submitted adjudicating and processing paying claims. Claim processing using EDI Using EDI software service providers prepare the necessary forms and submits claims via telecommunication lines to value added network service provider.

E_COMMERCE -

- 67

Company then edits sorts and distributes properly formatted forms to the appropriate payer organization . Claims submission also receives acceptance/rejection report they may contain payer initiated messages regarding claim status and request for additional information. The advantages of EDI based process 1. Claims are received in standard data format which increase quality and eliminates the extra data entry of the claims offices and mail room mess 2. EDI based claims is estimated at two to four working days 3. Administrative cost reductions Manufacturing/Retail Procurement Using EDI Manufacturing and retail procurement are heavy users of EDI. Just in Time and EDI Companies using JIT and EDI no longer stock thousands of large parts in advance of their use. How many parts are needed for each days based on production schedule and electronically transmits orders and schedules to suppliers every day . Parts are delivered to the plant just in time for production activity. Quick Response and EDI Organizations are practicing Quick Response system. For the Consumer QR means better service and availability of wider range of products. For the retailer and suppliers QR means survival in the competitive marketplace. Much of the focus of QR is an reduction of lead times using event driven EDI Inventories falling below a specified level immediately trigger a chain of event including automatic ordering from one company application directly into the other application. In QR , EDI documents include purchase orders, shipping notices, invoices, inventory position, catalogs and order status.

E_COMMERCE -

- 68

Point of sales system is a starting point in the EDI chain which automatically replenish system that constantly monitor inventory level and trigger EDI transaction. Business Information , Product Design and Procurement Business information is defined in the broad sense as all information required by enterprises for efficient planning, execution and monitoring of product manufacturing and marketing. Now only the raw data also statistics of data. The utility of this business information is to obtain detailed insight into specific market requirement before full scale production, identification. Finding foreign vendors and knowing import and export rules, packaging requirement etc. Figure 9.7 shows the Business information used in product design

A whole new concept of competitive intelligence focuses on importance of business information

EDI: Legal Security and Privacy Issues Since EDI is dealing with trade between countries and corporations issues of legal admissibility and computer security are more.

E_COMMERCE -

- 69

Legal Status of EDI Messages: There are not concrete rules that exist that indicate how electronic messages may be considered binding in business. The proper framework is essential if EDI is to become widespread. Contract law identifies 3 types of communication: 1. Instantaneous Telephone or Spoken communication 2. Delayed (USPS ) - Mail Rule 3. Delayed ( non USPS ) Telegram, Mail Gram electronic messaging . Couriers fall into this category Messaging system also combines features of both instant and delayed communications. For EDI however the court haven't decided who is liable if an EDI network fails to transmit a document or transmits a document to the wrong party. EDI: Legal Security and Privacy Issues Digital Signature and EDI : As means to give legal authentication to EDI documents Various community is exploring various technical uses of digital signature by which message might be time-stamped so that the recipient can claim access of particular message. Document signed with digital signature must be legally binding. US federal government purchase order will be signed by the digital signature standard (DSS) this implies that government will support the legal authority of digital signature in the court. But still the digital signature is not tested in the court of law. But digital technically digital signature should have greater legal authority than handwritten signature. For e.g. ten page contract is signed by hand on the tenth page on can not be sure that first nine pages have not been altered EDI and Electronic Commerce Type of EDI are: 1. Traditional EDI Old EDI New EDI 2. Open EDI
- 70

E_COMMERCE -

Traditional EDI Traditional EDI replaces the paper forms with almost strict one to one mapping between parts of paper form to fields of electronic forms called transaction set. Traditional EDI Covers two basic business areas: 1. Trade data interchange include transaction such as purchase order, invoices and acknowledgements 2. EFT is automatic transfer of funds among banks and other organizations. Traditional EDI is further divided into old and new EDI based on the EDI standard they are using. OLD EDI Old EDI refer to current practice of automating the exchange of information pertaining to the business activity. information that is generated by business processes of one computer is transferred electronically to other and vice verse. For e.g. low inventory will generate automatically generate order and transfer it to sales order processing system of supplier. Sales order then automatically processed , dispatch advice and bill will be electronically come back the purchaser. Old EDI is also used to refer to current EDI standard ( X12, EDIFACT) Thousands of people around the world are attempting to define generic document interchange that allow every company to choose its own unique version of preparing their structures . . This makes EDI implementation expensive and very narrowly specialized. General applications cannot handle unique structures of document. New EDI:

E_COMMERCE -

- 71

With old EDO standardization is set in X12 or EDIFACT. With new EDI structure of the interchanges is determined the programmer who writes the application programmes, not by the length standards process. This help removing EDI work of electronic commerce by removing long standardization process. The goal of new EDI is to produce standardization at the document processing level in the context of business work flow rather than at the document interchange level. There are set of stands for business practices for two organization. There are standard like Document Type Definitions (DTD), HTML etc. The document are exchanged with tagging. This will achieve 1. Shift the focus of the EDI standardization process away from the low level interchange structure and onto more high level business work flows 2. Allow customization of information by enabling application program to use interchange structures that best suit their local environments. NEW EDI: To make EDI work we have to address a standard bridge between languages of business application ( VB / Java) and the programming languages used for expressing the interchange standards. (XML, HTML etc) Another aspect of new EDI is interactive query response . Interactive EDI is aimed at starting and completing the business process using an open channel of communication between customer and supplier for the period of business transaction. For instance a customer purchasing system opens with an inquiry to the supplier , supplier sales order processing system provides availability, customer system purchases and supplier system closes the confirmation. Open EDI OPEN EDI Open edi trading partners do not follow EDI standard for data exchange and do not setup a project or application for the same. OPEN EDI business
E_COMMERCE - 72

procedure enable electronic commerce to occur between organization where the interaction is only for short duration or one time purchases. Trading for short term relationship using simple legal codes. To implement open EDI the ISO has developed OPEN EDI reference model which consist of two views 1. Business Operational View : This view support business data in business transaction and associated data interchange Business conventions and business rules in business transactions 2. Functional Service View : This view addresses the framework for services that meet the needs of open EDI it focuses on IT aspect , interfaces, protocol , security mechanism etc.

Electronic Payment Systems Electronic payment systems are central point to online business process. Through electronic payment systems customer can make payments for goods are services purchased online. Payment and settlement process is bottleneck in the electronic commerce environment. Traditional methods of making payments like cash, cheque, drafts etc will be slow for processing the transaction. New methods of payments are needed to meet the emerging demands of ecommerce. These new payment instruments must be secure, should have low processing cost and these methods should be accepted as global currency. These payment instruments should including following points 1. A form and characteristics for payment instrument 2. Procedure for financial risk management - Fraud, Mistake etc 3. Step-by-step procedure for arrangement of electronic payment for business process Types of Electronic Payment Systems Electronic payment systems are used in banking, retail, health care , online markets, and even government.
E_COMMERCE - 73

IN 1040 research into electronic payment systems for consumer started. The first application credit cards appeared after. In early 1970 the emerging trends in electronic payment technologies were named as electronic funds transfer (EFT) EFT is defined as Any transfer of funds through an electronic terminal, telephone or computer or magnetic tape so as to order, instruct or authorize financial institution to debit or credit an account EFT utilizes computer and telecommunication both to supply and transfer money or financial assets. Types of EFT: 1. Digital Token-Based Electronic Payment System 2. Smart Card for Electronic payment System 3. Credit Card based electronic payment systems Digital Token-based Electronic Payment Systems: Among the new forms of electronic payment systems developed one was Electronic Token. Electronic token are designed as electronic forms of various payment backed by a bank or financial institution. Simply stated electronic tokens are similar to cash backed by banks. Electronic tokens are of three types 1. Cash or real time: Transaction is settled with the exchange of electronic currency. (e-cash) 2. Debit or Prepaid Users pay in advance for the privilege of getting information. Example of prepaid currency is smart cards or electronic purse. 3. Credit or Post paid The server authenticates the customers and verifies with the bank that funds are adequate before purchase. Examples are credit or debit cards and electronic checks.

These online payment methods has to be studied with the following view points
E_COMMERCE - 74

1. The nature of the transaction for which the instrument is designed 2. The means of settlement used 3. Approach to security , anonymity and authentication 4. The question of risk Electronic Payment System Digital Token Based Electronic Payment System Entirely new forms of financial instruments are developed called as electronic tokens in the form of electronic cash and electronic checks. 1. Electronic Cash E-cash focuses on replacing cash as the principal payment vehicle in consumer oriented electronic payments Even if after 30 years of usage of e-cash its popularity is not as such as cash. It lacks certain features which the cash has such as e-cash is not negotiable meaning it can not be given or traded to some one else. E-cash is not barears instrument like cash, cash is legal tender, still ecash need to be proved in court of law. E-cash owns the identification number, as cards and e-cash are not legal lender merchant can refuse to accept them. Properties of E-cash:
1. E-cash must have monetary values: E-cash must be backed by

cash or currency . When one bank issues e-cash another accepts it their must be some reconciliation process running behind without problem. It should not be returned because of insufficient funds 2. E-cash must be interoperable: The e-cash must be replaceable with paper cash goods, services etc. Clearinghouses are used to handle the exchanges. 3. E-cash must be storable and retrievable: Remote storage and retrieval from a telephone or personal communications device
E_COMMERCE - 75

would allow the user to transfer the e-cash easily from home , office anywhere. 4. E-cash should not be easy to copy or tamper : When the e-cash is transferred it should not be easy to tamper or copy it. The technology should prevent and detect duplication and double spending. Electronic Cash in Action: Electronic cash is based on cryptographic system called digital signatures. This method uses two keys one for encoding and other for decoding The concept of public and private key is used Bank will encrypt the e-cash data with private key to be decoded by customer by using public key Before e-cash is used the customer should buy currency from the currency server Purchasing from currency server involves two steps: 1. Establishment of an account 2. Maintaining enough money in the account to back the purchase Consumer uses the e-cash software on the computer to generate a random number, which serves as the note. This is given in exchange of money debited from the customer account. Bank uses private key to digitally sign the note for the amount requested and transmits the note back to the customer.

E_COMMERCE -

- 76

 Buy digitally signing it bank is committing itself to back the note with its face value E-cash provides anonymity with allows freedom of usage. Bank will not be aware of how the currency is going to be used. Once tokens are purchased the e-cash software on the customers PC stores the digital money, the user can spend the digital currency at any shop accepting the e-cash. There are two types of transactions with respect to electronic payments 1. Bilateral: In case of bilateral transaction the customer pays the e-cash to the merchant, merchants verifies the e-cash with public key of banks and if satisfied with the currency he stores it in his computer and deposits it later to the bank for clearing. 2. Trilateral: When notes are sent to the merchant, merchant immediately submit them to the bank for verification and the amount is deposited into merchants account immediately this way of transaction is better to uncover double spending. As when the e-cash details are sent to the bank, the issuing bank verifies the spending of the currency before and there is no duplication this ensures security and single spending. Figure from pg 320

E_COMMERCE -

- 77

 Another problem of e-cash is its inability to easily divide into smaller amount. Business Issues and Electronic Cash Electronic cash fulfills two main functions 1. Medium of exchange: To settle the payment of transactions. 2. Store of value: As a store of value there are many issues related to e-cash. E-cash need to convert into legal tender on demand. It should be backed by real currency. There is lot of currency fluctuations in international market. The payment made in one country to another country merchant the currency fluctuation rate may change in hours. E-cash in early forms was used in single denomination and exchanged at market rates. Operational Risk and Electronic Cash 1. The time over which a given electronic money is valid 2. How much can be stored on and transferred by electronic money 3. The number of exchanges that can take place before money need to be redeposit with a bank or financial institution 4. Number of transactions that can be made during given certain period Limits can be set for expiry of electronic cash. Customers have to use e-cash before expiration date. Where electronic cash will be time stamped. On the value also maximum upper limit can be put. The system can be setup to have small amount multiple transaction or fixed amount of large transaction. Even transactions can be restricted to the class of services and goods. The payment can be withheld until the delivery of the product. Legal Issues and Electronic Cash 1. Untraceable cash transaction today occupy place in underground economy. For large transaction government can entrust the role to
E_COMMERCE - 78

bank and enforce various laws related to disbursement of cash this can be easily managed through e-cash 2. E-cash should support the impact on taxation too 3. Serious regulatory policies should be formed which ensures regulatory scheme, persona privacy and speed of execution and ease of use. Electronic Checks : Electronic checks are another form of making payments. The customers who want to make payment on credit or other form rather than e-cash this method is used for making payment. Figure from 324

1. 2. 3. 4. 5.

Buyers must register with the third party account server The bank account or credit card is needed to back the cheque The registration procedure may vary Buyers sends a check to the seller for certain amount When the cheque is deposited the amount is transferred to sellers account to buyers account by third party 6. There will be digital signature on the cheque to verify the authenticity of the issuer Electronic checks have the following advantages:
E_COMMERCE - 79

1. They work in the same way as traditional checks thus simplify the customer training 2. Electronic checks are well suited for clearing micro payment as it uses conventional cryptography 3. Electronic checks create float and availability of float. ( till payment done cash remains with the issuer) 4. Finical risk is managed by accounting servers. Servers manage even if buyer and seller belong to different region, countries. Smart Card and Electronic Payment Systems Smart cards are credit and debit cards and other card products enhanced with microprocessor capable of holding more information than the traditional magnetic tape. This chip can store great amount of data. This chips are more used to make payments against goods and services. Smart cards are of two types 1. Relationship based smart credit cards 2. and electronic purses Relationship based smart cards Traditional credit cards are fast changing into smart cards as consumer demand more and more financial services , products which are user friendly , convenient and reliable. Relationship based smart cards provide new services apart from normal card features such as merger of multiple financial accounts, value-added marketing programs, and other information stored on their cards. Relationship based smart card offer following additional services: 1. Access to multiple accounts , investment, stored e-cash on one electronic device 2. A variety of functions , such as cash access, bill payment, balance inquiry or funds transfer for selected accounts
E_COMMERCE - 80

3. Multiple access options at multiple locations using multiple devices such as TV, PC , ATM etc Electronic Purses Despite of popularity of smart cards in form of relationship based they are credit based where the payment happens at later. So there was a need felt to have something equal to cash where payment happens at the time of transaction is done so electronic purses where introduced. Electronic purses are wallet sized smart cards embedded with programmable microchips that store sums of money for people to use instead of cash for everything. An electronic purse works in the following manner. After the purse is loaded with money at ATM or through the use of devices it can be used to pay for anything. When the balance at electronic purse is over the purse can be recharged with more money. The benefit of smart card depends upon the use of devices use to read smart cards. In addition to reading the writing devices are also necessary. Business Issues and Smart Cards 1. For merchant smart card are better to handle rather than hard cash where there is problem of theft, fraud etc 2. 4% of cost is involved in handling cash 3. Widely used technique of making payments now is smart cards Credit Card Based Electronic Payment System

There is complexity associated with e-cash and e-cheques to avoid that credit cards are better alternative where payments can be done letter. The buyer transfer the credit card details to the merchant in settlement of payment. The credit card payment can be broken into 3 categories:
E_COMMERCE - 81

1. Payment using plain credit card details: the easiest method is to send credit card details without encryption but this may create security and authentication issues. 2. Payment using encrypted credit card details: One secured way is to encrypt the credit card details but the cost of transaction will go up due to cost of encryption mechanism 3. Payment using third party verification: One solution is to introduce third party which approves the payment for accumulated amount for company to company.

Encryption of Credit Cards To make the credit card transaction truly secure following sequence of steps must occur: 1. A customer presents his credit card information to merchants 2. The merchant validates the customer identify as the owner of the credit card account 3. The merchant relays the credit card charge information and signature to its bank 4. The bank passes information to customers bank for authorization and approval 5. The customer bank sends charge authentication and authorization to the merchant. Figure from pg 333

E_COMMERCE -

- 82

In this method each consumer and each vendor generates a public key and a secret key. The pubic key is sent to the credit card company and put on the public key server. The secret key is reencrypted with a password and unencrypted version is erased. To steal a credit a card a thief would have to et access to both the consumers encrypted secrete key and password. Customer need to create a system for this encryption and use PGP or PGM for security purpose. With these implementation fraud become expensive. Credit card usage for small amount of purchase on Internet will increase processing load on servers and is not manageable for not viable unless significant amount of automation is done. Third party Processors and Credit Cards In this method consumers register with the third party on Internet to verify micro transactions. But involving the third party different banks for various transaction will be create bottlenecks and delay in he processing of transactions. Following are six steps to process the payment using third party: 1. The consumer acquires and OTPP account number by filling out a registration form. This will give him traditional financial instrument called as credit card 2. To purchase online the consumer request item and ask merchant to bill against the credit card by giving account information 3. Merchant contact OTTP payment server with customers account number 4. OTTP payment server verifies the customer number and checks for sufficient fund 5. OTTP payment server sends electronic message to buyer for confirmation and customer sends response 6. Once the server gets response the merchant is confirmed for payment Figure from pg 336

E_COMMERCE -

- 83

Business Pros and Cons of Credit Card Payment 1. Third party collect the charges both to the consumer and merchant of 1 to 4 percent for each transaction done through credit card 2. Making payment through credit card is easy and convenient then cheque and cash many times. One disadvantage is , credit card companies do not keep any spending data of customer with them 3. Record keeping with credit card is most valuable feature than a mistake in billing for different services and billing policies are different. 4. Complexity of credit card processing takes place in verification phase, lapse of time will cause a problem as authorization takes place in real time. 5. Encryption and transaction speed must be balance. The process of credit card processing must be simple, accessible and fast.

E_COMMERCE -

- 84

Risk and Electronic Payment System There are three major risk described: 1. Fraud or Mistake 2. Privacy Issues 3. Credit risk Preventing mistakes might require improvement in the legal framework. Dealing with privacy and fraud issues requires improvement in the security framework. Credit risk handling requires devising procedure to moderate credit and reduce float in the market. Risks from Mistakes and Disputes: Consumer Protection All the data related to payment must be maintained in electronic medium . No data need ever be discarded. This record gives permanent storage, accessibility and traceability and payment system database, data transferred to payment maker and bank or monetary authorities. This record keeping is done for the risk management. But this beats the purpose of anonymity that the traceability of the purchases can be done any time. Managing Information Privacy Electronic payment system should ensure privacy, every time purchase is done credit card information goes into server and database can be accessed to get all the details of transaction so customer privacy should be maintained to the highest level. User must be assured that knowledge of the transaction will be confidential and limited only to the parties involved in the transaction. The intruders also should not be able to get into network to steal the data.

E_COMMERCE -

- 85

Managing Credit Risk Credit risk is a major concern for settlement of transaction. The digital central bank should develop policies to deals with such credit risk.

E_COMMERCE -

- 86