COURSE ON E-COMMERCE AND INFORMATION TECHNOLOGY

PRO1ECT TOPIC: E-COMMERCE: ROLE OF TRUST AND SECURITY

UNDER THE GUIDANCE OF: DR. S.B.N. PRAKASH


SUBMITTED BY: SHAISTA NEELU
ID NO: 447
LL.M 2
nd
YEAR

ACKNOWLEDGEMENT

First and Ioremost, I am very much grateIul to Dr. S.B.N. Prakash, who has been
my project guide, Ior considering me capable oI pursuing this project. I am also grateIul to
him Ior giving me proper guidance time to time without which it would not have been
possible Ior me to give shape to this project.
I would also like to express my gratitude towards the Library staIIs oI the National
Law School oI India University Ior their kind assistance.
And last, but not the least, I am thankIul to my classmates cum Iriends Irom the
bottom core oI my heart, Ior their immense encouragement and help whenever so required.


SHAISTA NEELU

CONTENTS

. Introduction
2. E-Commerce and Trust
3. Luhmann`s theory oI Trust
a) Importance oI Trust
b) Familiarity and Trust
4. Role oI Trust in Customer online shopping
5. The role oI Privacy and Security
a) Privacy
b) Security
c) Privacy and Security statements and Third party veriIication
6. Online payment and Security oI E-Commerce
7. Common online electric payment system
a) Internet Bank Card payment system
b) E-Cash Internet payment system
c) E-Purse Internet payment system
d) E-Cheque Internet payment system
8. Present approaches Ior Security in E-Commerce:
a) Cryptographic techniques
b) Paradigm oI leaving and interacting
c) Language based techniques Ior Security
d) Compiler based Security mechanisms
e) Key management Ior sector and Iile based storage systems
I) Privacy and data sanitization
9. Conclusion

INTRODUCTION:

In the emerging global economy, E-commerce has increasingly become a strong catalyst Ior
economic development. Based on the observation oI the E-commerce management practices
in India it is Ielt that there is a need to increase trust by providing additional layer oI security
in order to make E-commerce more acceptable. A major Iactor inIluencing the successIul
proliIeration oI E-commerce, identiIied by major corporations, the Federal Administration
and the Better Business Bureau, is people`s trust in Internet vendors (i.e. in companies that
sell their goods through the World Wide Web interIace). In the words oI the Better Business
Bureau, there is a necessity oI 'promoting trust and conIidence on the Internet. In Iact, the
Better Business Bureau claims that a major reason people do not buy online is their concern
regarding online payments security, reliability oI companies, and the lack oI a privacy policy.
Trust, in general, is an important Iactor in many social and economic interactions involving
uncertainty and dependency. Trust has also been shown to be an important aspect oI Web-
surIers` decision to download soItware Irom the Web. Trust-building requires extensive
ongoing two-way interactions to build trust, a prerequisite typically missing Irom interactions
on the Web.

E-COMMERCE AND TRUST:

Inter-organisational systems that provide services to multiple organisations by linking many
buyers and sellers, create an electronic market. By creating electronic marketplaces and
linking suppliers, buyers, and sellers, the Internet and other networking technologies are
Iuelling the growth oI electronic commerce (e-commerce), deIined as the process oI buying
and selling goods electronically by consumers and Irom company to company through
computerised business transactions. E-commerce is an integrated part oI e-business
(electronic business). E-business is deIined as the application oI Internet technologies to
business processes. For example, a company might just have a Web site to ensure an online
presence, without the intention to sell goods or services. This online presence would be
considered as a type oI promotional marketing tool, belonging to the concept oI e-business,
but not to the concept oI e-commerce. E-commerce sales are sales oI goods and services
where an order is placed by the buyer, price and terms oI sale are negotiated over an Internet,
Extranet, Electronic Data Interchange (EDI) network, electronic mail, or other online system.
To the consumer or the general public, probably the only visible part oI E-commerce is in
catalogue browsing and order placement via the Internet. India's share oI online commerce is
projected to grow Irom .3 percent oI Asia-PaciIic in 2006 to 3.3 percent by 20. India is
the second most populous country and the largest democracy in the world. Now India has
improved its position to the 43
rd
rank in the World oI E-commerce activities. According to
Industry expert, Darpan Munjal, CTO (E-Commerce) the largest Iactor Ior relatively slow
adoption oI E-commerce can be attributed to the security mechanism which Iailed to generate
suIIicient Trust. The success is with those who are able to win customer's trust and oIIer a
clear value proposition to the customer with a strong promise around quality execution.
Consumers and retailers both desire a totally saIe, simple and complete online shopping. A
recent survey by VeriSign, a provider oI Internet security services, has revealed that at least
76 oI Web users in India are exposed to online Iraud and particularly phishing attacks as
they are unable to identiIy the diIIerent Iorms oI phishing currently happening online. Trust is
a social and psychological phenomenon that is widely acknowledged as contributing to many
Iorms oI exchange, including e-commerce exchanges.

Dr. A.S. Khandelwal, 'Enhancing Trust Beliefs in E-Commerce through Whitelist Website Security
paradigm, Indian Journal oI Computer Science and Engineering, p

There are several deIinitions oI electronic commerce (e-commerce) that exist in the trade
press and in the academic literature. For some, e-commerce includes all consumer-oriented
storeIronts, business-to-business applications as well as behind-the-scenes business Iunctions
like electronic payment systems and order management. DiIIerent categorizations oI
electronic commerce exist, including business-to-consumer, business-to-business, and
government-to-constituents. Business-to-consumer (B2C) e-commerce is deIined as business
transactions conducted between corporations and individual consumers. This is oIten
represented as corporations` Web sites used to sell goods and services directly to consumers.
Business-to-business (B2B). E-commerce is deIined as transactions conducted electronically
between organizations. Government-to-constituents (G2C) e-commerce deIines the electronic
relationship between the governments and various constituents including businesses,
individuals, employees and other government agencies.
2

France Belanger, Janine S. Hiller and Wanda J. Smith, Trustworthiness in Electronic Commerce. The Role of
Privacy, Security and Site Attributes`, Journal oI Strategic inIormation Systems, 2002, p 2

LUHMANN`S THEORY OF TRUST:

Familiarity, according to this theory, is a prerequisite oI trust because it creates a Iramework
and understanding oI the environment and the trusted party within which the expectations oI
trust can be explicated. As suggested by Luhmann, the eIIect oI trust was stronger on
important decisions (Ior example, purchasing a book using a credit card) than on less im-
portant ones (Ior example, just inquiring about a book). Luhmann talks about two things:
, Import,nce of Trust: Interacting with other individuals, who are inevitably
independent and not Iully predictable, combined with an inborn need to understand the
actions oI others, presents people with an overwhelming complexity. The impossibility
oI controlling the actions oI others or even just Iully understanding their motivation
makes this complexity so staggering that it can actually inhibit intentions to perIorm
many behaviors. Since people need, nonetheless, to interact on a continuous basis under
such unpredictable circumstances, they apply a variety oI methods Ior reducing this
crushing complexity. Without these complexity reduction methods people could not
interact with others on more than a onetime and uncommitted manner, and probably
would not wish to, either. Trust is one oI the most eIIective oI these complexity
reduction methods (but not the only one), and is thus a Iocal aspect in many interactions
with other people. This is especially the case in interactions that are not Iully governed
by rules and regulations, themselves complexity reduction methods.
Trust, in a broad sense, is the conIidence a person has in his or her Iavorable
expectations oI what other people will do, based, in many cases, on previous inter-
actions. Although another party's (person or persons) previous behavior cannot
guaranty that that party will behave as one expects, previous interactions in which that
party behaved as expected increase trust, which is the belieI that the other will behave
as one anticipates.
3

Trust, oI course, does not really enable people to control or even anticipate without
error the behavior oI others, but it does make it possible Ior people to create a com-
prehensible organization oI their interactions with others. Consequently, according to
Luhmann, trust is a prerequisite oI behavior and is no less than a 'basic Iact oI social

David GeIen, E-Commerce. The Role of Familiarity and Trust`, February 200, p

liIe. Trust is, thereIore, by its very nature, complex, multidimensional and context-
dependent. The early psychology and sociology studies on trust deIined it as a set oI
belieIs that other people would IulIill their expected Iavorable commitments. Trust is
the expectation that other individuals or companies will behave ethically, dependably
and will IulIill their expected commitments under conditions oI vulnerability and
interdependence. Trust has a substantial eIIect on business relationships in general. It
reduces the need Ior extensive negotiations, detail-resolution, comprehensive
legislation and enIorced regulation and tight organizational control. Trust encourages
long-term orientation, increases the acceptance oI interdependence, and creates
commitment. Trust also reduces perceived risk. Trust determines the nature oI the
social and business order as well as the quality oI business relationships. Accordingly,
trust in business 'is the salient Iactor in determining the eIIectiveness oI many
relations.
4

- F,mili,rity ,nd Trust: Another way people subjectively reduce uncertainty and
simpliIy their relationships with others is Iamiliarity. Familiarity is an understanding,
oIten based on previous interactions, experiences, and learning oI what, why, where and
when others do what they do. As such, Iamiliarity and trust are distinctly diIIerent.
Familiarity deals with an understanding oI the current actions oI other people or oI
objects, while trust deals with belieIs about the Iuture actions oI other people. Though
Iamiliarity and trust are distinctly diIIerent, they are related. Without Iamiliarity with
the context, trust cannot be adequately anchored to speciIic Iavorable behaviors and
thus cannot be as strongly conIerred. Familiarity is, thereIore, 'the precondition Ior
trust. Another reason that Iamiliarity can build trust is that Iamiliarity not only
provides a Iramework Ior Iuture expectations, but also lets people create concrete ideas
oI what to expect based on previous interactions. Since in many cases prior experience
is the basis oI trust, Iamiliarity can both create trust, when the experience was Iavorable,
or ruin trust, when not. Since behavior in accordance with Iavorable expectations builds
trust, the more Iamiliar people are with such a vendor, the more their Iavorable
expectations are likely to have been conIirmed, and, accordingly, the more they should
be inclined to trust the vendor.
5

bid

bid

ROLE OF TRUST IN CUSTOMER ONLINE SHOPPING:

Online shopping, diIIerent Irom traditional shopping behavior, is characterized with
uncertainty, anonymity, and lack oI control and potential opportunism. ThereIore, trust is an
important Iactor to Iacilitate online transactions. Trust also has a signiIicant inIluence on
attitude towards online purchase. In the traditional brick-and-mortar store, one could inspect
the goods or services and evaluate the vendor beIore making the purchase. Online shopping,
diIIerent Irom traditional shopping, has a unique Ieature oI uncertainty, anonymity, and lack
oI control and potential opportunism. For example, on-line consumers are required to share
personal detail (such as mailing address, telephone number), Iinancial inIormation (such as
credit card numbers), and suIIer Irom the risk oI products or services not matching the
description on the website, and the risk oI damage during the delivery process, etc. There
seems little assurance that customers will receive the products or services comparable to the
ones they ordered according to the description and image on the computer screen. Customers
also do not know how the retailer will deal with the personal inIormation collected during the
shopping process. ThereIore, trust is an important Iactor in the buyer-seller relationships in
electronic commerce. Trust is also one oI the most Irequently cited reasons Ior consumers not
willing to purchase online and plays a critical role in Iacilitating online transactions.
Recently, there have been a number oI empirical researches investigating the role oI trust in
the speciIic context oI e-commerce. Trust has diIIerent deIinition in the various social science
literatures such as sociology, social psychology, and organizational behavior. Trust, in a
social psychological sense, is the belieI that other people will react in predictable ways. In
brieI, trust is a belieI that one can rely upon a promise made by another. In the context oI e-
commerce, trust belieIs include the online consumers` belieIs and expectancies about trust-
related characteristics oI the online seller. The online consumers desire the online sellers to
be willing and able to act oI the consumers` interests, to be honest in transactions (not
divulging personal inIormation to other vendors), and to be capable oI delivering the ordered
goods as promised.
6

Tzy-Wen Tang, The Role of Trust in Customer Online Shopping Behaviour. Perspective of Technology
Acceptance Model`, p 3

THE ROLE OF PRIVECY AND SECURITY:

The promotion and optimum use oI security, privacy and trustworthiness are important
elements Ior supporting the growth oI business-to-consumer e-commerce.
, Priv,cy: It is the willingness oI consumers to share inIormation over the Internet that
allows purchases to be concluded. However, it is clear that consumer concern with
privacy oI inIormation is having an impact on the consumer Internet market. For
example, a Business Week/Harris poll oI 999 consumers in 998 revealed that privacy
was the biggest obstacle preventing them Irom using Websites, above the issues oI
cost, ease oI use, and unsolicited marketing. Fears oI privacy violations were also
documented in 200 by an American Demographics survey, which listed children's
privacy breaches as the most Ieared, Iollowed by misuse oI private inIormation,
Iinancial theIt, and identity theIt. Privacy issues on the Internet include 'spam', usage
tracking and data collection, choice, and the sharing oI inIormation with third parties.
Consumers' reassurance that the inIormation shared will be subjected to personally
delineated limits is the essence oI privacy on the Internet. Consumer's concern that
once the inIormation is Ireely submitted to a Web site, there is diminished or
nonexistent control oI the Iurther sharing oI that inIormation with third parties.
- Security: A security threat has been deIined as a 'circumstance, condition, or event
with the potential to cause economic hardship to data or network resources in the Iorm
oI destruction, disclosure, modiIication oI data, denial oI service, and/or Iraud, waste,
and abuse. Security, then, is the protection against these threats. Threats can be made
either through network and data transaction attacks, or through unauthorized access
by means oI Ialse or deIective authentication. . Security in B2C electronic commerce
is reIlected in the technologies used to protect and secure consumer data. Security
concerns oI consumers may be addressed by many oI the same technology protections
as those oI businesses, such as encryption and authentication.
c Priv,cy ,nd Security st,tements ,nd Third p,rty Verific,tion: Privacy and
security commitments in B2C e-commerce are reIlected in the actions oI the Web
merchant. For consumers, the primary, visible access to privacy and security on Web
merchants' sites is through statements that describe in more or less understandable
terms the privacy and security policies oI the Web merchant, Irom inIormation
collected to data sharing policies, and security Ieatures such as encryption and

password protections. In a 200 study, Harris reported that when consumers notice
privacy seals they consider them important, and are more willing to provide personal
inIormation to the site because oI the third party veriIication. Recently, a survey
conducted Ior Privacy and American Business Iound that 9 oI consumers would
Ieel more comIortable using sites participating in a third party veriIication program.
7

Supra Note No. 2, pp. 3,4

ONLINE PAYMENT AND SECURITY OF E-COMMERCE:

Online electronic payments are not tantamount to electronic payments. In the emergence oI e-
commerce, credit cards have long been represented by electronic means oI payment, credit
cards in shopping malls. Many hotels and other places and items could swipe oI the card,
POS terminals Regulations, ATM cash Iorms oI payment. And online electronic payments,
online payments also known as electronic currency, broadly speaking, reIer to a transaction in
the online exchange oI Iunds; It is a network-based electronic Iinancial, a business card
transactions Ior all types oI electronic tools and media, the electronic computer and
communications technologies as a means Electronic data (binary data) stored in the bank's
computer system and through the computer network system in the Iorm oI the Ilow oI
electronic inIormation transIer and payment.
COMMON ONLINE ELECTRIC PAYMENT SYSTEM:

In online shopping online electronic payment Iunction is the key issue to ensure the
consumers are Iast and convenient, we have to ensure the saIety and secrecy oI the parties to
a transaction, which requires a complete electronic trading systems. Currently, several online
electronic payment systems used Ior:
, Internet B,nk C,rd P,yment System:
Including online credit card, smart card (IC card) payment systems are established in
accordance with the standards set shopping and payment system. Internet users in speciIic
ways: sending banks coast and password encryption sent to the bank Ior payment. And the
payment process Ior customers, merchants and veriIy the legitimacy oI a request Ior payment.
At present, domestic banks had set up such a bank cards Ior online payments. Merchants
Bank`s 'Smart Card, is saIe, convenient Ieatures, is an ideal tool Ior online payments, online
shopping is currently in line to pay the principal means oI achieving.
- E-C,sh (Electronic-c,sh Internet P,yment System:
E-cash is a Iorm oI data, the currency in circulation, there is electronic cash currency; it can
be converted to cash a series oI encrypted numerical sequence number, and then use these
sequences to show the value oI all sizes. Its characteristic is as Iollows: an agreement

between the banks and businesses and authorization, identity veriIication by e-cash to
complete it, electronic cash can be kept, admission, and transIer to smaller transactions.
E-cash and e-payment systems also have the advantage oI cash, mainly as Iollows:
Anonymity;
Not shadowing;
Savings on transaction costs;
Savings on transmission costs;
Poor risk;
Pay Ilexibility;
Prevent Iorgery and repeatability.
c E-purse Internet P,yment System:
Users use e-purse shopping, the Iirst in a personal bank account and users into a certain
amount; then the corresponding electronic wallet service system Iree soItware to download
and install an electronic purse; then download the corresponding website to apply online and
access the cardholder 'electronic saIety certiIicate. Users shopping, the only direct hits
'electronic wallet icon and Iollowing the importation oI their coast. corresponding
inIormation such as passwords by e-purse will pay to complete the Iollow-up work. E-purse
is sporadic small payment transactions. always used in conjunction with bank cards to help
users complete the entire shopping process.
d E-Cheque Internet P,yment System:
Electronic cheque transIer payments Irom paper cheque to the merits oI using digital
transmission to transIer money Irom one account to another account. These electronic cheque
payments in businesses and banks linked to the online password transmission. Most common
use encryption keys handwritten signature or personal identiIication numbers instead oI
signatures. Thus ensuring the saIety oI this Iorm oI payment. Electronic cheque system at
present is an exclusive network system, the international Iinancial institutions, through their
own private networks, equipment, soItware and a complete set oI user identiIication, the
standard messaging, data validation and other standardized data transmission agreement
completed, thus ensuring saIety.
8

Yang Jing, Online Payment and Security of E-Commerce`, Proceedings oI the 2009 International
Symposium on Web InIormation Systems and Applications (WISA'09), pp. 2,3

PRESENT APPROACHES FOR SECURITY IN E-COMMERCE:

, Cryptogr,phic techniques: Cryptography has been playing an important role to
ensure the security and reliability oI modern computer systems. Since high speed and
broad bandwidth have been becoming the keywords Ior modern computer systems,
new cryptographic methods and tools must Iollow up in order to adapt to these new
and emerging technologies. Theoretical and practical advances in the Iields oI
cryptography and coding are a key Iactor in the growth oI data communications, data
networks and distributed computing. The mathematical theory and practice oI
cryptography and coding is popular in providing security mechanism. There is a need
to Iocus on other aspects oI inIormation systems and network security, including
applications in the scope oI the knowledge society in general and inIormation systems
development in particular, especially in the context oI e-business, internet and global
enterprises.
- P,r,digm of le,ving ,nd inter,cting: Ambient assisted living concept is envisioned
through a new paradigm oI interaction inspired by constant provision to inIormation
and computational resources. This provision is enabled through invisible devices that
oIIer distributed computing power and spontaneous connectivity. A nomad traversing
residential, working, and advertising environments seamlessly and constantly is
served by small mobile devices like portables, handheld, embedded or wearable
computers. This paradigm oI leaving and interacting introduces new security, trust
and privacy risks thus support in conIidence development.
c L,ngu,ge -,sed techniques for security: Few techniques have been implemented
using programming language and program analysis techniques to improve the security
oI soItware systems. It explores and evaluates new, speculative ideas on the
evaluations oI new or known techniques in practical settings Ior solving emerging
threats and important problems. It covers veriIication oI security properties in
soItware, automated introduction and/or veriIication oI security enIorcement
mechanisms, Program analysis techniques Ior discovering security vulnerabilities.
d Compiler -,sed security mech,nisms: This technique helps to detect host-based
intrusion detection and in-line reIerence monitors It also enIorces security policies Ior
inIormation Ilow and access control.
e Key m,n,gement for sector ,nd file -,sed stor,ge systems: Stored inIormation
critical to individuals, corporations and governments must be protected, but the

continually changing uses oI storage and the exposure oI storage media to adverse
conditions make meeting that challenge increasingly diIIicult. Example uses include
employment oI large shared storage systems Ior cost reduction and, Ior convenience,
wide use oI transiently-connected storage devices oIIering signiIicant capacities and
maniIested in many Iorms, oIten embedded in mobile devices. Protecting intellectual
property, personal records, health records, and military secrets when media or devices
are lost, stolen, or captured is critical to inIormation owners. To remain or become
viable, activities that rely on storage technology require a comprehensive systems
approach to storage security. Key Management Ior Sector and File based Storage
Systems techniques such as Cryptographic Algorithms Ior Storage, Cryptanalysis oI
Systems and Protocols, Unintended Data Recovery provides solutions in this scenario.
f Priv,cy ,nd d,t, s,nitiz,tion: Privacy and Data Sanitization method Ialls within the
scope oI collaborative security. Any useIul collaboration takes place at some point in
sharing data. UnIortunately, data sharing is one oI the greatest hurdles getting in the
way oI otherwise beneIicial collaborations. Data regarding one's security stance is
particularly sensitive, oIten indicating one's own security weaknesses. This data could
include computer or network logs oI security incidents, architecture documents, or
sensitive organizational inIormation. Even when the data may not compromise the
data owner's security stance, sharing may violate a customer's privacy. Data
sanitization techniques such as anonymization and other mechanisms such as privacy-
preserving data mining and statistical data mining try to address this tension between
the need to share inIormation and protect sensitive inIormation and user privacy.
9

Supra Note No. , pp. 3,4

CONCLUSION:

The growth oI business to consumer electronic commerce seems to be non-stoppable. Yet,
online consumer spending only accounts Ior about .7 oI overall retail revenues. For the
Iuture growth oI B2C electronic commerce, barriers such as security and privacy concerns
must be torn down. The approach today should be the balance between the three elements oI
trustworthiness, privacy and security in B2C e-commerce. Since today`s E-Commerce has
become inseparable component in the liIe oI people, so trust play very important role Ior
trading in diIIerent types oI E-Commerce, B2B, B2C and vice versa by customer and trader
with peace oI mind. Trust plays crucial role in Iorming business connections, inter-
organizational connections that help to identiIy situational, constructional, Iormalization and
procedural Iactors leading to perceived beneIits, risks and organization system in E-
Commerce. Business is done with many communication technologies today, walk-in-retail,
mail-order phone, mail-order Iax, etc. The Web and the Internet are just one another
communication medium with its own beneIits and disadvantages. The cost Ior a business to
have a worldwide presence is the lowest in history with the World Wide Web. Budgets oI the
980`s would have listed at least $00,000 per month in expenses to have a business handling
international customers 24 hours a day, 7 days a week. Today those same budgets are closer
to $5,000 per month and some even much lower. Yet the quality oI service that the customer
oI these businesses is expecting continues to climb. The most obvious approach is to use
technological solutions to directly address the risks involved in on-line shopping. This entails
improved payment services, such as Secure Electronic Transactions (SET) or technological
approaches to privacy like the PlatIorm Ior Privacy PreIerences Project (P3P). As mentioned
beIore, these solutions will only be eIIective iI the technological solutions are at least in their
basics understood by e-shoppers. A Iurther reduction oI risks will be achieved when legal and
regulatory Irameworks addressing the transaction itselI, e-shoppers` privacy and statutory
rights have been established.
The risks that can be directly mitigated by interIace design are e-shoppers` own errors
and Iaulty transmission. Through good interaction design, the e-shopper can be assured that
she does not accidentally commit herselI to an order and that all data is received correctly.
Examples include status indicators, system Ieedback, displaying data already entered,
and continuously displaying the products to be ordered during the process.

BIBLIOGRAPHY

1. Dr. A.S. Kh,ndelw,l, ~Enhancing 1rust Beliefs in E-Commerce through Whitelist
Website Security paradigm, Indi,n 1ourn,l of Computer Science ,nd
Engineering.
2. Fr,nce Bel,nger, 1,nine S. Hiller ,nd W,nd, 1. Smith, 1rustworthiness in
Electronic Commerce: 1he Role of Privacy, Security and Site Attributes", 1ourn,l
of Str,tegic inform,tion Systems, 2002
3. D,vid Gefen, E-Commerce: 1he Role of Familiarity and 1rust", Fe-ru,ry 2010
4. Tzy-Wen T,ng, 1he Role of 1rust in Customer Online Shopping Behaviour:
Perspective of 1echnology Acceptance Model"
5. Y,ng 1ing, Online Payment and Security of E-Commerce", Proceedings of the
2009 Intern,tion,l Symposium on We- Inform,tion Systems ,nd Applic,tions
(WISA'09