http://mbaignoumaterial.blogspot.

com/

Please send your documents/contribution at kvrajan6@gmail.com .

Send documents in *.pdf or *.doc format only. Your contribution is vital for success of this blog’s
mission. Thanks Rajan VK.

ASSIGNMENT

Course Code : MS - 425

Course Title : Electronic Banking and IT in Banks

Assignment Code : MS-425/SEM - I /2011

Coverage : All Blocks

Note: Answer all the questions and send them to the Coordinator of the Study Centre you are
attached with.

1. What is an electronic billing system? Discuss the various models of Electronic bill
presentment and payment (EBPP) systems.

Solution : Electronic billing is the electronic delivery of invoices (bills) and related information
by a company to its customers. Electronic billing is referred to by a variety of terms,including the
following:

 EBPP — electronic bill presentment & payment (typically focused on business-to-

consumer billing and payment)
 EIPP — electronic invoice presentment and payment (typically focused on business-to-
business billing and payment)
 "e-billing"
 "e-invoicing"
 "electronic invoicing"
 ePayables

1
  eInvoice

While there are current efforts to standardize systems for electronic billing and invoicing, there is
currently a wide variety of options for businesses and consumers. Most fall into one of two
categories:

 CSPs (customer service providers) which allow a business to invoice clients

electronically
 bank aggregators, which allow consumers to pay multiple bills, typically through their
bank

Increasing acceptance of e-billing by consumers and the business community (according

to Kiplinger magazine, 77% of business owners now favor electronic billing),as well as
increased concern for security and the environment, is speeding up the shift to electronic billing
from paper billing.
The EBPP model was created by the Council for Electronic Billing and Payment of the National
Automated Clearing House Association. Certain electronic billing applications also provide the
ability to electronically settle payment for goods or services. Customers of banks and billing
companies can use the internet or the phone to conveniently remit payments as well as access
their billing information. The service is also supported by customer service
representatives (CSRs) contacted directly by the consumer to facilitate payments or receive
general assistance and answer questions. EBPP can produce substantial savings to traditional
print & mail billing and payment remittance, and as an added benefit is a significant reduction in
the use of paper.

Types of EBPP

 Biller-direct - This refers to an approach in which consumers make payments directly to one
biller that issues bills that they receive at the website of the firm that issued the bill. An
example would be of a public utility company offering this payment service to its consumers.
A market has emerged for outsourced billing providers who specialize in electronic billing
processes and technology for companies that need to send bills directly to their customers.
Examples of billing outsourcing specialists are InfoSend, Inc, IPayX - Internet Payment
Exchange, Inc. and Billtrust.
 Bank-aggregator - The approach under this model is to make payment at an aggregator or
consolidator site, usually from a consumer'sbank’s website. This model allows the consumer
to make payments to multiple billers that are pre-registered to receive payments. An example
in the UK is OneVu and Getitkeepit in Ireland.

2
 2. Explain the Data Management System used for online transactions.
Solution : Database Management System (DBMS) is a set of computer programs that
controls the creation, maintenance, and the use of adatabase. It allows organizations to
place control of database development in the hands of database administrators (DBAs)
and other specialists. A DBMS is a system software package that helps the use of
integrated collection of data records and files known as databases. It allows different
user application programs to easily access the same database. DBMSs may use any of a
variety of database models, such as the network model or relational model. In large
systems, a DBMS allows users and other software to store and retrieve data in
a structured way. Instead of having to write computer programs to extract information,
user can ask simple questions in a query language. Thus, many DBMS packages
provide Fourth-generation programming language (4GLs) and other application
development features. It helps to specify the logical organization for a database and
access and use the information within a database. It provides facilities for
controlling data access, enforcing data integrity, managing concurrency, and restoring
the database from backups. A DBMS also provides the ability to logically present
database information to users.
Transaction mechanism
A database transaction mechanism ideally guarantees ACID properties in order to ensure data
integrity despite concurrent user accesses(concurrency control), and faults (fault tolerance). It
also maintains the integrity of the data in the database. The DBMS can maintain the integrity of
the database by not allowing more than one user to update the same record at the same time. The
DBMS can help prevent duplicate records via unique index constraints; for example, no two
customers with the same customer numbers (key fields) can be entered into the database.
See ACID properties for more information (Redundancy avoidance).

3
A database management system provides the ability for many different users to share data and
process resources. As there can be many different users, there are many different database needs.
The question is: How can a single, unified database meet varying requirements of so many users?

A DBMS minimizes these problems by providing three views of the database data: an external
view (or user view), logical view (or conceptual view) and physical (or internal) view. The user’s
view of a database program represents data in a format that is meaningful to a user and to the
software programs that process those data.

One strength of a DBMS is that while there is typically only one conceptual (or logical) and
physical (or internal) view of the data, there can be an endless number of different external
views. This feature allows users to see database information in a more business-related way
rather than from a technical, processing viewpoint. Thus the logical view refers to the way the
user views the data, and the physical view refers to the way the data are physically stored and
processed.

An example of an advanced DBMS is Distributed Data Base Management System (DDBMS), a

collection of data which logically belong to the same system but are spread out over the sites of
the computer network. The two aspects of a distributed database are distribution and logical
correlation:

 Distribution: The fact that the data are not resident at the same site, so that we can
distinguish a distributed database from a single, centralized database.
 Logical Correlation: The fact that the data have some properties which tie them together,
so that we can distinguish a distributed database from a set of local databases or files which
are resident at different sites of a computer network.

4
 3. What is EDI? Describe its operational process?
Solution :
Electronic data interchange (EDI) is the structured transmission of data between organizations by
electronic means. It is used to transfer electronic documents or business data from one computer
system to another computer system, i.e. from one trading partner to another trading partner
without human intervention.

It is more than mere e-mail; for instance, organizations might replace bills of lading and
even cheques with appropriate EDI messages. It also refers specifically to a family of standards.

In 1996, the National Institute of Standards and Technology defined electronic data interchange
as "the computer-to-computer interchange of strictly formatted messages that represent
documents other than monetary instruments. EDI implies a sequence of messages between two
parties, either of whom may serve as originator or recipient. The formatted data representing the
documents may be transmitted from originator to recipient via telecommunications or physically
transported on electronic storage media.". It distinguishes mere electronic communication or data
exchange, specifying that "in EDI, the usual processing of received messages is by computer
only. Human intervention in the processing of a received message is typically intended only for
error conditions, for quality review, and for special situations. For example, the transmission of
binary or textual data is not EDI as defined here unless the data are treated as one or more data

5
elements of an EDI message and are not normally intended for human interpretation as part of
online data processing."
EDI can be formally defined as the transfer of structured data, by agreed message
standards, from one computer system to another without human intervention.

Assumptions
Various assumptions are made in this guide regarding the architecture, platforms and software
used in EDI interfacing. These include:
• The configuration of the EDI component of SAP is consistent across all platforms.
• The functionality of the version of SAP used is identical to the version used for system
development and testing (version 3.1H). This document will have to be updated
whenever upgrades are performed, after any required changes and testing are completed.
• The EDI Subsystem refers to the hardware, Translation software and communications to
an external Value-added Network (VAN).
• The EDI Translation software is assumed to be GENTRAN Director, and is referred to as
“GENTRAN” in this document.
• The EDI subsystem complies with the data exchange interface defined between the
systems.
• The scheduling of the GENTRAN and the SAP EDI component is sufficiently flexible to
ensure that one system has completed file operations before another system attempts to
use this file. This is a consequence of using a limited functionality subsystem with batch
scheduling.
• The EDI process is monitored after every scheduled message transfer to ensure that
system failures are dealt with promptly and correctly.

6
Electronic Data Interchange (EDI) eliminates the need for paper-intensive procedures when
interacting with suppliers or customers, as well as avoiding physical distribution methods such as
postal or courier delivery, duplicate capturing of information by operators and the associated
errors.
The purpose of the SAP/EDI interface is to allow business transaction details (such as purchase
orders, and invoices) to be exchanged electronically with vendors. In order to ensure interaction
with a range of vendors, SAP does not supply the EDI subsystem required to distribute EDI
documents to vendors. Therefore, a mechanism is required to allow business documents (such as
purchase orders) generated in SAP to be transferred to this external EDI subsystem which will
deliver the documents to vendors. Similarly, the EDI subsystem will receive business documents
from vendors, which will then be transferred to the SAP system before they can be processed.
Another factor which should be considered is that the format of the documents generated by SAP
is different to the format required by the EDI subsystem. Therefore the interface has to ensure
that SAP documents (in IDoc format) are converted to an EDI subsystem format (the EDIFACT
format) before delivery to vendors. The opposite conversion occurs when EDI documents are
received by the SAP system.
Since the EDI subsystem is located on a different host to the SAP system, it is necessary to use a
remote access method in order to transfer the EDI documents. The method chosen, for ease of
understanding and usage is the Network File Service (NFS). This permits both systems to access
the same directory structure in order to exchange information.
The interaction between the systems is controlled by using two schedulers running batch jobs,
one for the SAP transfers, and another for EDI subsystem transfers. This allows flexibility, since

7
the frequency of EDI transfers between the systems can be modified, and each component can be
isolated via loose coupling. In addition, the stages of processing are clearly separated for
simplicity.

4. What is Customer Relationship Management (CRM). Explain the CRM implementation

process.
Solution : CRM (customer relationship management) is an information industry term
for methodologies, software, and usually Internet capabilities that help
anenterprise manage customer relationships in an organized way. For example, an
enterprise might build a database about its customers that described relationships in
sufficient detail so that management, salespeople, people providing service, and perhaps

8
 the customer directly could access information, match customer needs with product
plans and offerings, remind customers of service requirements, know what other
products a customer had purchased, and so forth

According to one industry view, CRM consists of:

• Helping an enterprise to enable its marketing departments to identify and target their best
customers, manage marketing campaigns and generate quality leads for the sales team.
• Assisting the organization to improve telesales, account, and sales management by
optimizing information shared by multiple employees, and streamlining existing processes
(for example, taking orders using mobile devices)
• Allowing the formation of individualized relationships with customers, with the aim of
improving customer satisfaction and maximizing profits; identifying the most profitable
customers and providing them the highest level of service.
• Providing employees with the information and processes necessary to know their
customers, understand and identify customer needs and effectively build relationships
between the company, its customer base, and distribution partners.

Many organizations turn to CRM software to help them manage their customer relationships.
CRM technology is offered on-premise, on-demand or through Software as a Service (SaaS)
CRM, depending on the vendor. Recently, mobile CRM and the open source CRM software
model have also become more popular.

CRM implementation differs from organization to organization but there are a few common
steps one needs to follow to ensure a successful implementation. There are many factors that
could influence the success of CRM implementation. Some of them are:

Organization Objectives
Clear cut objectives are essential and they need to be communicated effectively to the entire
organization. Business goals are absolutely essential and need to be clearly defined. Similarly
goals of the CRM implementation and how it supports organization goals should also be
intimated to employees. Let employees know how important CRM success is to the organization.

Solution to Suit Business Objectives

A business needs to look for a CRM solution that fits its needs, not the other way around. This
step is vitally important and spells success. When choosing a CRM solution every business
organization has to ensure that it chooses a CRM solution that fits into the organizations
requirements. It is wrong to try and adjust organization requirements to the chosen CRM
solution. If this is done organization goals will not be achieved and the CRM process will have
disastrous results.

9
Focus on All Business Aspects
In most cases the technology will have less to do with the CRM success. Therefore it is
important to focus as much importance on communication training and other aspects as much as
the technology involved.

It is important to involve management at several levels, focus on communication need and

indulge in adequate training of the concerned employees throughout the organization. If these
items receive a level of focus comparable to the technical system, CRM implementation stands a
better chance of succeeding.

Define the Business Problem

A business needs to clearly define the business problem see what benefits it wants to achieve and
adopt the required measures. It is imminently important to clearly identify the business problem
that the company needs to resolve. An organization needs to absolutely identify the desired
benefits and make sure that the expected returns are generated at every stage. It is important to
break down the entire process into smaller pieces that can be individually handled effectively.

Establishing Proper Metrics

Since companies normally wait for a five year period to see a return on investment. Every
organization has to compulsorily define performance metrics to ensure that it measures the return
on investment adequately.

Business Processes not Technology

In order to succeed at CRM all companies need to understand that it is not about technology
alone but about business processes as well. While CRM changes a company's business processes
technology supports the processes. Most businesses make the mistake of actually assuming that
the CRM is only about technology alone. This hampers business process development.

Implement Change
Most employees tend to stick with their old ways and are reluctant to adapt to changes, It needs
to be understood that the implementation of CRM involves immense changes and employees
need to adapt themselves to it. From the very beginning of the implementation employees will
have to adopt new attitudes to help deliver the customer experience properly to customers.
Organizations need to make sure that their employees are provided with sufficient training to
ensure that they handle this aspect of the customer experience adequately and efficiently.

Using Skilled Managers

Organizations need to make sure that they use the most highly skilled and experienced group of
professionals possible. CRM aspects are complex and what is needed most is a team that has
CRM expertise and business knowledge. The team should be adequately trained and sufficiently
equipped both intellectually and technologically to carry out the CRM implementation
successfully.

10
Choose the Right Methodology
Decide whether to use the classical or modern methodology bearing in mind that ease of usage,
cost effectiveness and efficiency need to be gained. This is an important step in the CRM
implementation as it has a bearing on the entire process.

Choose the Right Vendors

Companies need to know the vendors through looking at them from this perspective alone. This
involves the process of scrutinizing the vendor and seeing whether or not the vendor can fulfill
the requirements of the business. Only if this is possible can the vendor be selected. You may not
find a vendor that basically fulfills every single objective but at least an organization will be
aware of it.

Ease of Usage
The entire objectives of the CRM process are hampered if the CRM choice is difficult to
use. It is highly essential to ensure that the system speaks of ease of usage and the ability to
be easily customizable. Employees implementing CRM and forming a part of the CRM
process range from the mediocre level right to management and to the employee at the very
forefront. It is imperative that the business ensure that the CRM software chosen is easy to
use and implement not only by a few employees but by everyone using the system. This is a
step that needs to be taken at the time of choosing the CRM technology.

5. Explain the following

a) Cryptography
b) Digital Signatures
c) Public Key Infrastructure

11
Solution :
a) Cryptography
Cryptography can be defined as the conversion of data into a scrambled code that can be
deciphered and sent across a public or private network. Cryptography uses two main styles or
forms of encrypting data; symmetrical and asymmetrical. Symmetric encryptions, or algorithms,
use the same key for encryption as they do for decryption. Other names for this type of
encryption are secret-key, shared-key, and private-key. The encryption key can be loosely related
to the decryption key; it does not necessarily need to be an exact copy.

Symmetric cryptography is susceptible to plain text attacks and linear cryptanalysis meaning that
they are hackable and at times simple to decode. With careful planning of the coding and
functions of the cryptographic process these threats can be greatly reduced. Asymmetric
cryptography uses different encryption keys for encryption and decryption. In this case an end
user on a network, public or private, has a pair of keys; one for encryption and one for
decryption. These keys are labeled or known as a public and a private key; in this instance the
private key cannot be derived from the public key.

The asymmetrical cryptography method has been proven to be secure against computationally
limited intruders. The security is a mathematical definition based upon the application of said
encryption. Essentially, asymmetric encryption is as good as its applied use; this is defined by
the method in which the data is encrypted and for what use. The most common form of
asymmetrical encryption is in the application of sending messages where the sender encodes and
the receiving party decodes the message by using a random key generated by the public key of
the sender.

b) Digital Signatures
A digital signature is basically a way to ensure that an electronic document (e-mail,
spreadsheet, text file, etc.) is authentic. Authentic means that you know who created the
document and you know that it has not been altered in any way since that person created it.

12
Digital signatures rely on certain types of encryption to ensure authentication. Encryption is the
process of taking all the data that one computer is sending to another and encoding it into a form
that only the other computer will be able to decode. Authentication is the process of verifying
that information is coming from a trusted source. These two processes work hand in hand for
digital signatures.
There are several ways to authenticate a person or information on a computer:
• Password - The use of a user name and password provide the most common
form of authentication. You enter your name and password when prompted by the
computer. It checks the pair against a secure file to confirm. If either the name or
password do not match, then you are not allowed further access.
• Checksum - Probably one of the oldest methods of ensuring that data is
correct, checksums also provide a form of authentication since an invalid checksum
suggests that the data has been compromised in some fashion. A checksum is
determined in one of two ways. Let's say the checksum of a packet is 1 byte long,
which means it can have a maximum value of 255. If the sum of the other bytes in the
packet is 255 or less, then the checksum contains that exact value. However, if the
sum of the other bytes is more than 255, then the checksum is the remainder of the
total value after it has been divided by 256. Look at this example:
Byte Byte Byte Byte Byte Byte Byte Byte
Total Checksum
1 2 3 4 5 6 7 8
212 232 54 135 244 15 179 80 1151 127
• 1151 divided by 256 equals 4.496 (round to 4)
Multiply 4 X 256 which equals 1024
1151 minus 1024 equals 127
• CRC (Cyclic Redundancy Check) - CRCs are similar in concept to
checksums but they use polynomial division to determine the value of the CRC,
which is usually 16 or 32 bits in length. The good thing about CRC is that it is very
accurate. If a single bit is incorrect, the CRC value will not match up. Both checksum
and CRC are good for preventing random errors in transmission, but provide little
protection from an intentional attack on your data. The encryption techniques below
are much more secure.
• Private key encryption -Private key means that each computer has a secret
key (code) that it can use to encrypt a packet of information before it is sent over the
network to the other computer. Private key requires that you know which computers
will talk to each other and install the key on each one. Private key encryption is
essentially the same as a secret code that the two computers must each know in order
to decode the information. The code would provide the key to decoding the message.
Think of it like this. You create a coded message to send to a friend where each letter
is substituted by the letter that is second from it. So "A" becomes "C" and "B"
becomes "D". You have already told a trusted friend that the code is "Shift by 2".
Your friend gets the message and decodes it. Anyone else who sees the message will
only see nonsense.
• Public key encryption - Public key encryption uses a combination of a
private key and a public key. The private key is known only to your computer while

13
 the public key is given by your computer to any computer that wants to communicate
securely with it. To decode an encrypted message, a computer must use the public key
provided by the originating computer and it's own private key.
The key is based on a hash value. This is a value that is computed from a base input
number using a hashing algorithm. The important thing about a hash value is that it
is nearly impossible to derive the original input number without knowing the data
used to create the hash value. Here's a simple example:
Input number Hashing algorithm Hash value
10667 Input # x 143 1525381

You can see how hard it would be to determine that the value of 1525381 came from
the multiplication of 10667 and 143. But if you knew that the multiplier was 143, then
it would be very easy to calculate the value of 10667. Public key encryption is much
more complex than this example but that is the basic idea. Public keys generally use
complex algorithms and very large hash values for encrypting: 40-bit or even 128-bit
numbers. A 128-bit number has a possible 2128 different combinations. That's as
many combinations as there are water molecules in 2.7 million olympic size
swimming pools. Even the tiniest water droplet you can image has billions and
billions of water molecules in it!
• Digital certificates - To implement public key encryption on a large scale,
such as a secure Web server might need, requires a different approach. This is where
digital certificates come in. A digital certificate is essentially a bit of information that
says the Web server is trusted by an independent source known as a Certificate
Authority. The Certificate Authority acts as the middleman that both computers trust.
It confirms that each computer is in fact who they say they are and then provides the
public keys of each computer to the other.

The Digital Signature Standard (DSS) is based on a type of public key encryption method that
uses the Digital Signature Algorithm (DSA). DSS is the format for digital signatures that has
been endorsed by the US government. The DSA algorithm consists of a private key that only the
originator of the document (signer) knows and a public key. The public key has four parts, which
you can learn more about at this page.

Electronic payment could become the future of currency. Click here to learn how digital
signatures could help secure the future of electronic payment.

……………………………………………………………………………………………………
……………………

c) Public Key Infrastructure

Complex business systems, e-commerce and automated business transactions require robust and
rigorous security measures. Companies using the Internet environment as a platform to conduct

14
business have a better probability of success if they accommodate the needs of security-
conscious clientele. Today’s Internet clientele demand stringent security protocols to protect
their interests, privacy, communication, value exchange, and information assets. This article
demonstrates how public key cryptography supports these risk management requirements and
solves e-commerce security problems in heterogeneous network environments.
Public key cryptography supports security mechanisms such as confidentiality, integrity,
authentication, and non-repudiation. However, to successfully implement these security
mechanisms, you must carefully plan an infrastructure to manage them. A public key
infrastructure (PKI) is a foundation on which other applications, system, and network security
components are built. A PKI is an essential component of an overall security strategy that must
work in concert with other security mechanisms, business practices, and risk management
efforts. PKI is a broad subject matter and is constantly evolving to meet the growing demands of
the business world. This article addresses PKI at a relatively high-level and does not include
details regarding the underlying cryptography. This article is intended to remove the mystery,
fear, and misconceptions of PKI, and offer real world opportunities for its use. Additionally, this
article presents business level reasons for considering a PKI in various environments, and the
business problems a PKI can solve. This article is also intended to help organizations determine
their requirements and necessity for a PKI, and what features they need for their particular
business. This article should be considered as a PKI planning guide.
The omnipresence of the Internet and e-commerce technologies present many opportunities, but
also pose security and integrity issues. For e-commerce to flourish, businesses, customers,
vendors, suppliers, regulatory agencies, and other stakeholders must be assured that trusted
business relationships are maintained.
An illustration presents the point. If a merchant today has a physical presence at a
store, that is, brick and mortar, and customers patronize them for goods and services, the
merchant will typically request and receive payment for these directly from either the customers
or their agent (e.g., their bank via the presentation of a monetary instrument such as a check), at
the time that the goods and services were bargained for and/or provided. The process of
exchanging goods and services for value is almost as universal as the rules by which those
conversions take place. In many cases those rules are codified, in others they reflect accepted
custom.

15
Whether systematic or custom, the processes in use today provide for the establishment of a
trusted business relationship in that the customer and merchant both authenticate one another to
the extent that they are willing to undertake the transaction. If an easily recognized monetary
instrument like cash is used for transactions, there may be very little authentication which must
occur. If a credit card or check is used, then the authentication may include the establishment of
the customer's identity to the merchant. In addition, the authentication may also allow for a
measure of non-repudiation to be set so that the customer does not deny the transaction occurred.
This traditional face-to-face transaction requires only minimal interaction and normally does not
necessitate the use of other security and integrity mechanisms.
However, for e-commerce on the Internet, additional security and integrity mechanisms become
necessary. Merchants are typically not willing to ship goods or perform services until a payment
has been accepted for them. In addition, authentication can allow for a measure of non-
repudiation so the customer cannot deny the transaction occurred. Similarly, consumers need
assurance that they are purchasing from a legitimate enterprise, rather than a hacker’s site whose
sole purpose is to collect credit card numbers.
With the changes in today's business environments and the shift from the traditional face-to-face
business models, mechanisms must be developed to ensure that trusted relationships are
maintained and can flourish.
The implementation of a PKI is intended to provide mechanisms to ensure trusted relationships
are established and maintained. The specific security functions in which a PKI can provide
foundation are confidentiality, integrity, non-repudiation, and authentication.

6. Discuss groupware computing and explain Group Decision Support Systems.

16
Solution : Groupware is software designed to improve the productivity of individuals with
common goals or interests. Groupware relies on computer networking to open communications
channels among people and to share data.

Traditional groupware systems like Lotus Notes were designed for corporate intranets and other
LANs to support collaborative work. They essentially combined the functionality of email,
messaging and conferencing, and document management systems. More recently, groupware
applications like Groove have been designed with similar functionality for the Internet.

A decision support system (DSS) is a computer-based information system that supports

business or organizational decision-makingactivities. DSSs serve the management, operations,
and planning levels of an organization and help to make decisions, which may be rapidly
changing and not easily specified in advance.

DSSs include knowledge-based systems. A properly designed DSS is an interactive software-

based system intended to help decision makers compile useful information from a combination
of raw data, documents, personal knowledge, or business models to identify and solve problems
and make decisions.

Typical information that a decision support application might gather and present are:

 inventories of information assets (including legacy and relational data sources,

cubes, data warehouses, and data marts),
 comparative sales figures between one period and the next,
 projected revenue figures based on product sales assumptions.

17