UNIT I

INTRODUCTION

Meaning of E-Commerce
The term "electronic commerce" has evolved from its meagre notion of electronic
shopping to mean all aspects of business and market processes enabled by the Internet
and the World Wide Web technologies.
Electronic Commerce as Online Selling
Narrowly defined electronic commerce means doing business online or selling and
buying products and services through Web storefronts. Products being traded may be
physical products such as used cars or services (e.g. arranging trips, online medical
consultation, and remote education). Increasingly, they include digital products such as
news, audio and video database, software and all types of knowledge-based products. It
appears then electronic commerce is similar to catalogue shopping or home shopping on
cable TV.
Electronic Commerce as a Market
Electronic commerce is not limited to buying and selling products online. For example,
a neighbourhood store can open a Web store and find the world in its doorstep. But,
along with customers, it will also find its suppliers, accountants, payment services,
government agencies and competitors online. This online or digital partner's demand
changes in the way doing business from production to consumption, and they will affect
companies who might think they are not part of electronic commerce. Along with online
selling, electronic commerce will lead to significant changes in the way products are
customised, distributed and exchanged and the way consumer's search and bargain for
products and services and consume them.
In short, the electronic commerce revolution is in its effects on processes. Processoriented definition of electronic commerce offers a broader view of what electronic
commerce is. Within-business processes (e.g. manufacturing, inventory, corporate
financial management, operation), and business-to-business processes (e.g. supplychain management, bidding) are affected by the same technology and network. Even
government functions, education, social and political processes undergo changes.
Internet and other computer network technologies
Computers and networks are nothing new. They have existed and business applications
such as LAN and EDI are well established long before the World Wide Web took over.
Then, why is there the sudden talk of the Digital Age and the advance of electronic
commerce? Two things make the Internet quite different from any other existing

communications media. Unlike broadcasting media, the Internet (1) allows two-way
communications and (2) is built around open standards. A two-way communication
means targeting audience and the possibility of feedback. Broadcasting sends out
messages to "no one in particular" and without knowing quite who has got the message.
(What do Nielson and a horde of market research firms do for their living?) An open
standard (e.g. TCP/IP) means interoperability and the advantage of a large market and
the possibility of integrating one product or process with another.
Both of these characteristics are being challenged. (1) To the WebTV generation, the
digital future looks like another version of the passive one-way broadcasting. The "new
media" sums up how publishers and media companies view the digital medium. Peoples
are so accustomed to "receiving random messages" that they often forget the fact that
broadcasting was a 20th century phenomenon. Even "interactive television" envisioned
by todays media is a way of providing a more lively entertainment, offering more
information "related to existing contents" (e.g. detailed information about characters,
plots, and commercials shown on TV). Multi-channel, digital TV broadcasting may very
well be a model for future entertainment, but it needs to be remembered that it is only
one application of the digital communications network. (2) The commercialisation of
the Internet is forcing businesses to differentiate their products from others by making
products incompatible. Unlike the public Internet where standards were open, firms
attempt to capture and dominate the market with their proprietary products. In such an
environment, TCP/IP would have had a very slim chance of becoming a standard and
opening up the digital, networked economy. Whether markets driven by private
interests can bring about a better result (e.g., more efficient, technologically superior,
etc.) is still a concern left for arguments.
Perhaps telephone networks are quite similar to the Internet (and indeed most Internet
traffic goes through telephone networks). But unlike telephones, the Internet's user
interface (computer) is much more sophisticated and flexible. Because of its beginning
as a public research network, the Internet has no pricing regime of telephone
companies. The world-wide connection, then, may be considered to have been an
accent. When usage-based, long-distance charges are implemented, the Internet may
look quite similar to the telephone network.
Intranet and Extranet
Intranets and extranets have become a vogue. Intranets arid extranets share the
common protocol (TCP/IP) and Web technologies with the Internet. Intranet is a closed,
business-wide network, but it uses open standards such as TCP/IP instead of
proprietary protocols traditionally used for LANs (local area networks, usually hardwired) and WANs (wide area networks, usually LANs connected by cable, telephone and
wireless networks). Extranet is a private WAN running on public protocols. That is, an
extranet is a virtual private network among private parties based on open network and
protocols. To assure security and privacy, an extranet relies on secured channel using
tunnelling protocols and digital ID. In a way, extranet is a private street built on public
land (although costs may be borne by private parties).

Electronic marketplace
Electronic markets ordinarily refer to online trading and auction, for example, online
stock trading markets, online auction for computers and other goods. The electronic
marketplace refers to the emerging market economy where producers, intermediaries
and consumers interact electronically or digitally in some way. The electronic
marketplace is a virtual representative of physical markets. The economic activities
undertaken by this electronic marketplace collectively represent the digital economy.
Electronic commerce, broadly defined, is concerned with the electronic marketplace.
The electronic marketplace resembles physical markets in many aspects. As in physical
markets, components of the digital economy include:

players (market agents such as firms, suppliers, brokers, shops and consumers)
products (goods and services) and
processes (supply, production, marketing, competition, distribution,
consumption, etc.)

The difference is that, in the electronic marketplace, at least some of these components
are electronic, digital, virtual or online (whichever term may prefer). For example, a
digital player is someone with an e-mail or a Web page. Purely "physical" sellers may be
selling a digital product, e.g. digital CD-ROM. One that sells physical products at a
physical store may offer product information online (thereby allowing consumers to
"search online), while production, ordering, payment and delivery are done
conventionally. Currently, the emphasis is on the core of the electronic marketplace
where everything (i.e. all value chains or business activities) is online. But, if any aspect
of the business or consumption dwells upon the digital process, Businessmen are
already part of the electronic marketplace. That is, almost all of them are already players
in the electronic marketplace.
E-Commerce Concepts
Every now and then, a technology or idea comes along that is so profound, so powerful,
so universal that its impact changes everything.... Network computing (read e-business)
will transform every institution in the world. It will create winners and losers. It will
change the way we do business, the way we teach our children, communicate and
interact as individuals. Says Lou Gerstner, Chairman, IBM - At the heart of this
revolution is the explosion of the Internet connecting millions of computers and people
all over the world together in one giant, virtual handshake. The Internet is
fundamentally a new economy that will displace and rebuild the existing economy. The
Web allows businesses to save time on product design order and delivery, tracking sales
and getting customer feedback. As companies adopt this technique some jobs such as
travel agents, stockbrokers and retails could become scarce.
Electronic Business or e-business, simply put, is the integration of the Web with
Information Technology (IT). Apart from more prevalent applications such as e-mail,

news, entertainment etc., the Internet is revolutionising the business world, e-business
is more than e-commerce, just as commerce is a subset of business.
E-commerce is the final act, so to say, of the goods of services being fulfilled for the
agreed consideration. This cycle is dominated by transactions between a company and
consumers at large. Most companies in India today have static Web sites, which are
meant to offer information but not for online shopping. India's best known and perhaps
the first electronic shopping mall is the Rediff.com site where we can place orders for
books, music etc. Culturally, this is a very big first step as people start feeling
comfortable with shopping online and actually start enjoying the convenience. Cyber
laws bills are to be approved soon. There are also plans to build a high-speed network
backbone capable of servicing millions of users expected to go to the Net in India.
Every company in India, large or small, must give this revolution a hard look and decide
how to proactively act... This is not a straitjacket approach and every company must
choose its priorities and move with rapidity. Not only is the world shrinking, but time as
well. A web year is just 3 months sufficient to provide significant changes and progress.
One typical approach companies take is to begin several activities (on the e-business
journey) in parallel and integrate them as they go along. For instance, while they are
busy setting up a Website and upgrading it from static one to one that allows. Net
transactions, an Intranet is set up in parallel and gradually more and more automated
processes are brought on to it. The next step would be to link the two so that an ecommerce transaction is treated like any other physical transaction and sets of signals in
corresponding processes such as sales order processing, billing, production planning,
shipping etc. as the case may be. This is a sort of culmination of the big journey and a
company reaching this stage would enjoy tremendous operational efficiency as well as
competitive advantage e-business is not a fad. It is not in the distant future. It is right
here and becoming bigger every day and starting us right in the face.
Trade among nations is one the threshold of a fundamental transformation as a result of
advances in information and telecommunications technology. The ability of the Internet
to bring together distant parts of the world in a global electronic market place and
information exchange offers far reaching benefits to developing and industrialised
economies alike.
Today, there are an estimated 148 million Internet users, with double-digit growth rates
in many emerging economies. There are some 37-million Internet hosts world-wide,
facilitating a dramatic increase in the volume of trade and economic information
available online. Connectivity has significantly improved in many parts of the
developing world, for example, nearly every capital city of Africa enjoys some level of
Internet penetration across, regions, which can have profound implications on an
individual country ability to participate in the global electronic market place.
The overall level of electronic commerce, or business transaction conducted via the
Internet and private commercial networks, was estimated at US$ 8 to 9 billion in 1997.
Researchers have forecasted that this figure could rise to as much as US$ 400 billion by
2002, as businesses and consumers throughout the world expand their online

commercial activities. The dramatic growth in electronic commerce is being driven by

the marketing and cost reduction benefit that many businesses are realizing through
this new medium.
What is E-Commerce?
The major buzzword in business today is E-commerce. Till recently the Internet was
primarily used as a means of accessing and disseminating information. As businesses
became more complex and global, a need was felt for a bigger faster and convenient
access to consumers (and other businesses) spread across the world. That is how and
when, the tech-gurus leveraging the power and reach of the Internet brought forth the
concept of E-commerce. It is the use of electronic information technologies to conduct
business transactions among buyers, sellers and other trading partners.
E-commerce combines business and electronic infrastructures, allowing traditional
business transactions to be conducted electronically. It enables the online buying and
selling of goods and services via the communication capabilities of private and public
computer networks including the Internet. The whole electronic commerce business is
predicated on the fact that people will find it convenient and there will be a fast, flexible
and secure transaction. E-commerce considered having the following attributes:
1. Direct electronic interaction between two computer applications (application-toapplication) or between a person using a computer (typically a web browser) and
another application (typically a web server)
2. The interaction involves the completion of a specific transaction or part of a
transaction.
3. The transaction crosses enterprise boundaries, either between two businesses
(B2B) or between a business and a consumer (B2C).
We can look at electronic commerce in two ways: as a buyer/seller transaction and a
producer/consumer type transaction.
Buyer/Seller Transaction
Transactions are exchanges that occur when one economic entity sells a product or
service to another entity. When buyer/seller transactions occur in the electronic market
place information is accessed, absorbed, arranged and sold in different ways. To manage
these transactions E-commerce incorporates transaction management, which organises,
routes, processes, and tracks transactions. Ecommerce also involves payment
mechanisms for customers to make electronic payments and funds transfers.

Producer/Consumer Transaction
We can also view E-commerce as a production process that converts digital inputs into a
value-added output through a set of intermediaries. For example in Online trading,
value can be added by providing meaningful information like trend analysis; sector wise
company information etc., instead of giving the raw data (stock quotes). This will give
more refined information, which can lead to a better decision making for the customer.

There has been a paradigm shift in the way technology is viewed in business world
today. The traditional view of Information Technology as an operational tool is
changing. Today, technology is seen as a major driver of corporate strategy and business
re-engineering. This is aiding the growth of E-commerce. Companies are seeing Ecommerce as a technology supported strategic action.
Forces Aiding E-Commerce
Various forces are fuelling the growth and interest in E-commerce. They are as follows:
1. Economic Forces

Companies the world over, are under relentless pressure to cut costs and stay
competitive. They are looking for economic efficiencies and hence are attracted towards
E-commerce which offers many efficiencies such as low cost technological
infrastructure, low cost of global information sharing, low cost of customer service, low
cost and accurate electronic relationship with suppliers, time compressions etc.
The economic forces motivating the shift to E-commerce are both internal as well as
external. External integration connects the vast network of suppliers, customers and
other entities into a single large community with the ability to communicate across any
platform. The classic example in the automobile industry where just In Time (JIT)
manufacturing methods which forced companies like Ford, General motors to rely on
Electronic Data Interchange (EDI) to interact with their suppliers underlines the
importance of external integration.
Internal integration is equally important as external integration. It connects all internal
functions in the organisation and helps the flow of information in a seamless manner. It
also ensures that critical data is stored digitally, that permits instantaneous retrieval and
electronic transmission.
2. Marketing and Customer Interaction Forces
Companies want to employ E-commerce to provide marketing channels, to target microsegments or target audiences and to improve post-sales customer satisfaction by
creating new channels of customer service and support. In an era where products
clutter, companies want to supply their target customers with product and service
information in greater detail than that provided in a television or print advertisement.
The purchasing climate and the products are also changing quickly. In order to be
competitive, companies will have to rely on technology to develop low cost customer
prospecting methods, establish close relationships with customers and develop
customer loyalty. Traditional concepts of differentiation will not hold in this new
business environment. It is also an era where brand equity (the premium attached to a
brand) is evaporating. So companies are realizing the need for investing in E-commerce,
which promises to provide them the above-mentioned business methods.
3. Technology and Digital Convergence
The advent of Digital technology has made it possible to convert characters, sound,
pictures and video into a single bit of stream that can be manipulated, stored, and
transmitted quickly, efficiently in large volume with out any loss in quality. This has
forced the previously disparate industries like publishing, entertainment,
communication and computing to work in close cooperation. The emergence of digital
technology and multimedia has resulted in "digital convergence". Convergence has two
dimensions - convergence of content and convergence of transmission technology.
4. Convergence of Content

Regardless of its original form, convergence of content ensures that digitized

information can be processed, searched, enhanced, converted, encrypted, compressed,
replicated and transmitted at a very low cost. This has profound implications for
content-based industries like newspapers, magazines and books, (the meteoric rise of
AMAZON.COM, a virtual bookstore has forced many traditional brick and mortar
bookstores like BARNES and NOBLE to set up digital bookshops).
Convergence of content has also given rise to a new set of information publishing and
browsing tools. This is the main idea behind the emergence of the browser industry and
explains the sudden rise of Netscape Communications. Content convergence also helps
companies to use networked databases and electronic publishing to improve individual
and corporate decision-making and information processing.
5. Convergence of Transmission
Convergence transmission compresses and stores digitized information so that it can be
transmitted over the existing transmission systems (telephone lines, wireless, cable
system etc). Convergence of transmission is the convergence of communication
equipment that provides the pipeline to transmit voice, data, image, and video over the
same line, which was still a few years ago, an elusive dream! However the emergence of
new technologies like Asynchronous Transfer Mode (ATM) has made this possible.
Convergence of transmission is also facilitated partly by the blurring of lines among
information access devices-telephones, television, computers etc.
Transmission convergence makes it easier to connect computers, high-speed peripherals
and consumer electronic devices. This has paved the way for a huge multimedia
applications market. It also gives an easier access to networks and helps in the creation
of a new low cost delivery channels and also new customer segments.
Why E-Commerce
Business scenarios have engaged phenomenally in this decade where traditional
business practices and procedures have been incredibly transformed by virtue of the
invasion of electronic commerce.
The Internet is being applied very creatively for almost any type of business and comes
with many an in-built service and thus enables your products and services to reach out
to the remotest of places on account of sheer reach. But while the best amongst us are
still growing and re-learning the fundamentals, e-business still remains a quantum leap
and seems only Utopian till it really starts giving to those dividends that we had in mind
when we embraced it.
Corporate, both Indian and international, have unleashed an imposing range of ebusiness products and services to the end user and which guarantee state-of-the-art
technologies and solutions that would ultimately catapult business ideas to dizzy heights
within an amazingly low turnaround item. And this is just the beginning...

Notwithstanding the "initial thrust cost" to institutionalize an e-business, the long-term

benefits which accrue to the business is recouped many times over. Also worth your
while is the thought, that there, is room for a number of players. Only the most creative
and ingenious of the lot will surge ahead in the era of electronic commerce. It is in this
very context that soon, we should be witnessing a mixed blitz of threats and
opportunities for corporate India.
The trillions of dollars of revenue estimates thrown up business analysts may not be
totally unfounded. Manufacturing, sales, distribution, receivables, vendor management,
purchase and every other aspect of the operating cycle is being taken care of
electronically. Quantum achievements have been recorded by companies who do
customer relationship management on the Net. All these and the rest are indicators in
the direction that e-business is culturally and technologically transforming your
business and is making the latter ship-shape to face the new millennium.
Traditional ways of doing business may not however change dramatically in some cases
as some edifices may show signs of resistance to change. India is a good reference in
question. On a very candid note, Internet and e-business being at its nascent stage here
would take time to register into our minds and should remain like a square peg in round
hole until the revolution sweeps the ground off our feet.
World-wide customers have evolved and are more demanding, they are more informed,
and they review their loyalties every time they go online.
Web-enabled applications are automating business processes and shifting the priorities
of companies large and small. Now business owners can focus on customer service and
use Web technology to serve the customers - and make business more competitive. This
can be made more efficient and more convenient by shifting customer service processes
to the Web, which makes it easier for people to do business.
Web-based customer service not only makes customers happier, it makes business
partners also happier. When customers have an alternative to the phone, they become
more self-reliant, saving them time and company money.
To server your customers better using the web, one will need a foundation built on
scalable, reliable and secure products along with the expertise it put it all together.
There are 10 compelling reasons for an immediate switchover to e-commerce:
1. Easy Initiation
The starting point for most business is to develop a website that contains basic
information about the company including a description about the nature of business,
the product line and how to reach the sales staff. The first step in the development of a
website is designing the page, which on the low-end can be done completely in-house in
no time. There are any numbers of free web-publishing programs available on the
Internet through which creating a webpage is as easy as using a word-processing

program. If there is a necessity, one can outsource for designing the page at a moderate
cost with high options. The second step is to post the page, which can be done by many
online services and Internet service providers.
2. Fast and cheap
The globalization of trade has created the necessity to introduce a product in the worldwide market. Introducing a product through Internet or e-mail not only saves times and
shopping cost but allows a customer to preview the product in full colour and in
multiple formats before ordering for the product online. There are no headaches. If a
business organisation sends out printed materials such as brochures, sales packets,
price quotations, catalogues, product updates, technical specifications, new product
information, etc to its prospective customers, dealers or distributors, it has the onerous
responsibility of updating them. This is costly and time consuming.
3. Quick feedback
Product information can be placed online through tracking software to determine what
new products customers seek. Also, a feedback on these products can be obtained from
the customers through e-mail sent via Internet. Because of the two-way communication,
businesses can get vital product information for suitable alternations in their marketing
strategies for the web.
4. Refined customer service
In a competitive economy it is a Herculean task to have sales representatives available
round the clock at a moderate cost. A business with a strong presence on the Web can
use the site as a customer-service kiosk and cut down its sales workforce to a
considerable extent. Customers can access information whenever they want. The first
promise of Web-based customer service is self-service. With the entire range of products
displayed online, the customer has a chance to review not only the product that was the
source of his initial interest but other products as well.
5. Global audience
There are approximately 119 million web users as of today. According to a forecast, the
number of Web browsers is likely to double or triple in the next millennium. This makes
it important to large and niche businesses to begin establishing their presence on the
web.
6. Matching the competition
According to a survey of small businesses that have gone online, one in three have owing
to exports. Because of the natural equilibrium that exits on the Internet, the impact of a
large company and a small one on the market can be similar the difference will be in the
commitment of each organisation. An exporter may be small, but owing to this natural
equilibrium on the Net, he can create a virtual brand office in the target - market.

7. Internet as a strategic tool

Internet facilitated e-commerce will bring opportunities for businesses like never before.
The moment the webpage is up, one can target potential buyers in a specific market,
either region-wise or customer-wise. This is equivalent to taking out banner
advertisements in local publications. Through the Internet is always changing and
evolving there are sites in the local content that can given a hyperlink to domestic
websites.
8. Internet cheaper than a phone call
Sending a mail or making a phone call may be difficult from some parts of the world.
But a webpage can be accessed no matter where one is located. Though the Internet
access is not universal, service providers are cropping up all over the world. The cost of
making a long distance phones call in some places for extended duration can be
prohibitively high. Since the Net is becoming highly competitive, access charges are
bound to come down. Email has already become the cheapest way to communication,
costing less than even a phone call.
9. Business to business link
By using Electronic Data Interchange (EDI) suppliers can be linked to producers and
producers to sellers. This makes it possible for a company to obtain a complete picture
of supply and demand and save time and money by shortening the ordering cycle. In
fact a growing number of medium and large size organisations want their suppliers and
distributors want to be EDI capable including government agencies.
10. Global competition
With more and more businesses entering the Web exports market every day, exporters
are facing the problem of making their product fit enough for global competition. A
buyer can get the details of various suppliers through the Web and choose the one that
can supply a quality product at a lesser price.
E-Commerce Characteristics
Business environment no longer an extension of the past, but a whole new set of
situations we must learn to live with and master. Some of these situations come from
rapid changes in technology: rapid market situation rapid competition, rapid
segmentation of the market and rapid changes in the external environment that creates
deeper global repercussions.
To have a profitable firm today and in the future, "rapid" must be an operative word:
rapid innovation, rapid turnarounds, rapid other fulfillment, rapid adoption of
technology. It is going to go on being an unpredictable market, where the business
executives will have harder time than the consumers. Business executives must

formulate strategies and take action on changes that no one yet fully understands in all
their ramifications.
Rapid action is not that difficult to take with the right tools. That is what electronic
commerce is the critical action tool for competitive business strategies in international
trade.
Electronic commerce electronically links businesses with their trading partners to help
realise business objectives, improve customer satisfaction, and increase productivity. It
is broader and more descriptive term for EDI.
It is now well recognised that cross border business must be done electronically if
people and goods were to move freely across borders.
Electronic commerce can be defined more broadly as inter-organisational electronic
systems that facilitate many kinds of communications involved in commercial
transaction including customers, suppliers, business partners, government
organisations and financial institutions.
It is clear that:

Electronic commerce primarily addresses inter organisational and trading

community activities
Electronic commerce supports internal operations, processes and systems within
the enterprise
Electronic commerce creates value by productively, "closing the loop"
electronically with a growing and changing population of participants in the
commercial.

Hence it is realistic to conclude that Electronic Commerce:

is a business strategy
uses technology to achieve business goals
improves external business relationships
is an evolution in the way companies interact
provides information to facilitate delivery of goods and services
supports change initiatives and reinforces business process re-engineering.

A pro-active approach to implementing electronic commerce would mean improved

bottom line (due to increased volume of business and sales as well as reduction in costs
due to more efficient use of personnel); drastic reduction in transaction time and costs
and improved quality of information on goods in the logistic chain; strategic advantage
(through time savings, reduction in errors and consequent litigation, more time for
quality support) links with suppliers contributing to the creating of strategic alliances;
and most important of all, strengthened customer relations through quality and
quantity of timely information.

Indian firms are sometimes disadvantaged in comparison with multinational firms, in

international trade. They face barriers that the larger multinational firms can easily
cross.
A list of some important barriers would include;
1.
2.
3.
4.

language and culture

large physical distance
access to business information
differing business and administrative practices.

The smaller Indian firms can now hope to surmount these barriers and be an integral
part of the global linkages through the harnessing the full potential of electronic
commerce to facilitate international trade.
If introduced in a planned manner, electronic commerce technologies can significantly
reduce many of the barriers to trade identified earlier for the businesses. Since traders
will be using transactions that are internationally accepted and in a transparent manner,
the possibilities for misinterpretation that arise through culture and language is
diminished. Similarly, as business and administrative processes get harmonized, the
need to keep track of hundreds of practices is no longer a consideration. Finally, with
EDI, data gets transferred at near the speed of light. Therefore, physical distance do not
matter much, business facilitation based on electronic commerce offers the best hope for
the Indian firms into the next century.
Preparedness for E-Business
An enterprise should consider and take care of following before plunging into e-business.
Manufacturing: Are manufacturing processes agile' and capable enough to respond to
demands and allow for mass customization?
Capacity: Do you have the equipment and facilities necessary to be available to your
customers and business partners via the Internet? In particular, if you become
successful will you have the techniques and equipment to handle a potential overload?
Distribution: Do you have distribution channels and partners in place to service
customers anywhere?
Organisation: Do you have the people, organisation, and skills in place to operate the
system effectively?
Supply-chain: Is your supply-chain strong and competent enough to delivery in quickmanufacturing environment?

Manageability: Do you have strong and integrated IT back-end to provide information

and forecast future needs?
Marketing: How will you bring customers to your site? A failure to plan and budget for a
means to attract customers - even existing customers - to an internet business site is one
of the key reasons that may e-business efforts fail.
Privacy and security: Do you have a privacy policy? Is your internal data secured, and
can you ensure secure transaction to your customers?
Legal compliance: Can you comply with national and international laws governing ecommerce? Are you liable for collecting taxes on merchandise sold online?
No repudiation: Are you capturing enough information over your Web site in a form
that you can take to court to enforce an agreement.
Emerging Role of E-commerce
Today, India has the world's second largest pool of English speaking scientific
manpower. Aided by the Internet, this pool has become the source of exports worth as
much as $4 billion annually. Starting with simple data entry services, we now supply
sophisticated back office services including electronic publishing, website design and
management, medical records management, hotel and airline reservations, mailing list,
management, technical online support, indexing and abstracting services, and technical
transcription.
Given the large difference in the wages of skilled workers between developed and
developing countries, the potential gain from increased movement of natural persons
between them is large. To take advantage of this fact India has long sought a relaxation
of restrictions on the entry of temporary workers in developed countries. The beauty of
the Internet is that, for many services, it opens up developed country markets for skilled
labour without requiring the movement of natural persons.
The most significant development in Information technology in recent times has been
the explosive growth of the Internet. Starting as a project promoted by the US
Department of defense for maintaining reliable communication in the event of a nuclear
attack on the United States, the Internet today has evolved into a new medium for
commerce.
It has led to an era of electronic commerce or e-commerce. This has two dimensions.
One is that of the Internet emerging as a medium for promoting commerce involving
goods and services by bringing the business ad the consumers 1 together, or for that
matter all the stake-holders in commerce closer to each other. We can talk about the
Internet establishing linkages between business and business, business and
government, business and customer and customers and government.

In fact the three Cs are seen as increasingly important for promoting electronic
commerce. These are computer, connectivity and cost. The time has come for an
aggressively promotional attitude to make computers, connectivity and the e-commerce,
affordable. This is imperative if India wants to take full benefit of the emerging era of
electronic commerce.
Cyberspace is an economic area where the market can function untrammelled. However,
there is need for a regulatory framework that reduces individual risk and encourages
entrepreneurship in e-commerce. The first requirement is a legal framework, which
recognizes electronic signatures, protects consumers from hackers, acknowledges
electronic cash and tackles various forms of the panoply of electronic crime. The second
is for the government to touch e-commerce only lightly for taxes and revenue. It needs
to treat e-commerce differently, in part to encourage companies to get into the new
medium of exchange and in part to break its tradition of oppressive taxation of Indian
business. The flip side of this is to give free trade status to e-commerce across borders.
The United Nations has proposed making electronic trade tariff free and there are plans
to put this on the agenda of coming WTO millennium round.
Nearly 20 years ago a technology evolved in the information technology area called the
Electronic Data Interchange (EDI). The basic principle of EDI was to help speed up
transactions involving processing of forms especially between business enterprises and
the regulating agencies of the government. The port of Singapore, for instance, was able
to bring down the time taken in the port transaction form three days to 15 minutes by
using Electronic Data Interchange.
In future, EDI will become inevitable and crucial instrument for exporters. Singapore
charges extra money for non-EDI transactions, i.e. transactions by paper documents, as
it involves more human involvement and hence more cost. Even USA, India's largest
export destination, is going paperless. In the future there is a possibility that some
shipping lines will not touch non-EDI ports. Moreover, EC members are planning to
levy up to a 50% processing charge for non-EDI documentation and Singapore may stop
trading with non-EDI countries. Giant multinationals such as General Motors do not
allow non-EDI companies to become their suppliers.
Electronic Data Interchange mechanism is a sure step towards curtailing the processing
times for documents and the number itself. The mechanism replaces traditional
methods of data transmission such as mail, phone, or in person delivery with electronic
transmission. EDI is an inter-organisational exchange of business, and it is a pair of
standards that define a method for conducting business transactions between
computerized companies, corporations, governments and institutions. EDI has
developed out of the need of business enterprises to communicate efficiently with each
other, taking advantage of modern information technology. Traditional business
communication occurs in two forms: unstructured (e.g., messages, memos, and letters)
and structured (e.g. purchase orders, dispatch advice, invoice payments) EDI covers the
exchange of structured messages, while email deals with unstructured types of
communication.

The use of EDI eliminates problems like delays associated with the handling, filing and
transfer of paper documents, time consumed for re-entering data, etc. Quite seemingly,
all these benefits result in faster and more cost-effective operations.
Indian Scenario
One of the prerequisites to be able to do e-business is a sound strategy for alleging IT
with business goals. IT Infrastructure, manufacturing processes and distribution
capabilities are some of the basic needs to become an e-business. And herein lies the
problem. Concepts such as zero-defect products, agile manufacturing, cost-based
competition, on-demand delivery and customer focus have largely been alien to India
Inc. From the start, Indian companies have not been IT savvy, and rarely were
computers employed beyond the confines of the accounts departments.
IT applications have entered almost all the companies but mostly in an uncoordinated
way without long-term integration plans or automation strategies. Individual
departments introduced computers and purchased or developed software to support
their own department operations. This fragmented approach divided a company into
small and almost autonomous enterprises... the net result of which was that the
enterprise consisted of many islands of automation.
The departments that are computerized to the greatest extent are finance and accounts,
stores, and purchasing / vendor development reflecting a "transaction processing"
mentality. Design / engineering, production planning and control (PPC) , production,
quality assurance and quality control (AQ / QC), are in the second tier while marketing,
distribution, human resource management (HEM) and projects brought up the rear.
Impact of E-Commerce
One, internet and e-commerce is the latest buzz in today's world of business. Businesses
that do not re-engineer themselves to exploit the emerging Internet computing
technology will be wiped out or simply left behind. Internet is the most democratic of all
technologies ever developed. With relatively little expenditure companies can ride the
Internet bandwagon and enjoy the advantages, which their more resourceful
competitors can boast of. Neither is internet technology zealously guarded nor difficult
to access.
Two, the spread of Internet and e-commerce will dismantle the physical boundaries of
the market. With virtually zero advertisement and promotion cost, a company can now
reach any market it wishes, as long as its target market is linked to the Internet world. In
respect of any industries, like media and entertainment, you could now reach a market,
which you could not dream of a year ago. The increase in reach its becoming evident
even for the manufacturing sector.
Three, e-commerce will make most existing infrastructure of existing companies
redundant. What is counted as one's strength today could well be its liability tomorrow
if adequate reinvention and re-engineering do not take place with the help of Internet.

Singapore boasts of huge shopping complexes, which are thronged by shoppers from all
over the world. With the Internet revolution likely to change the way people shop in
future, won't all these shopping complexes become redundant? Businesses all over the
world, surely, have to think their future expansion plans afresh.
Four, Internet is developing too fast for governments all over the world. So the
government cannot hope to get into the Internet business and stall its smooth
expansion. Globally, there is consensus that there should be no government regulation
over the Internet. Users and Internet service providers can themselves introduce a
mutually acceptable certification system to provide security and accountability to the
system.
The emergence of Internet and e-commerce is like discovering oil. Just as economic
activity took a new turn after the discovery of oil, Internet and e-commerce will open up
a new world of opportunities for businesses across the world.
A visit to a public sector bank, insurance company or even a book shop should tell you
how unprepared Indian industry is as far as Internet and e-commerce is concerned.
Today, Harley Davidson of the US (it was known for manufacturing high-powered
motorcycles) sells more accessories of its various motorcycle models through the
Internet, than the number of motorcycles through its various showrooms. There are
many entertainment companies, which actually offer their musical shows live through
the Internet. There are many theatre companies, which will allow you to buy a ticket
after taking you round the theatre and letting you choose a seat of your liking - through
the Internet.
And in India, many banks do not even have facility of updating their account holder's
passbooks through computerized printing, let alone Internet banking. There are
insurance companies that are not even present on the world-wide web. The industrial
revolution passed India by. Today, the world is on the verge of the Internet revolution.
Electronic Commerce between Businesses
Internet commerce is growing fastest among businesses. It is used for coordination
between the purchasing operations of a company and its suppliers; the logistics planners
in a company and the transportation companies that warehouse and move its products;
the sales organisation and the wholesalers or retailers that sell its products; and the
customer service and maintenance operations and the company's final customers.
In the 1970s and 1980s businesses extended there computing power beyond the
company's walls, sending and receiving purchase orders, invoices and shipping
notifications electronically via EDI (Electronic Data Interchange). EDI is a standard for
compiling and transmitting information between computers, often over private
communications networks called value added networks (VANs). The cost of installation
and maintenance of VANs put electronic communication out of the reach of many small
and medium-sized businesses. For the most part, these businesses relied on the fax and
telephone for their business communications. Even larger companies that used EDI

often did not realise the full potential savings because many of their business partners
did not use it. The Internet makes electronic commerce affordable to even the smallest
home office. Companies of all sizes can now communicate with each other electronically,
through the public Internet, networks for company-use only (intranets) or for use by a
company and its business partners (Extranets), and private value-added networks.
Companies are quickly moving to utilize the expanded opportunities created by the
Internet. For instance, Cisco systems, Dell computers and Boeing's spare parts business
report almost immediate benefits after putting their ordering and customer service
operations on the Internet. They are so convinced of its benefit to their own companies
and their customers that they believe most of their business will involve the Internet in
the next three to five years.
Although still in an embryonic stage, analysts predict businesses will trade as much as
$300 billion annually over the Internet in the next five years. Some believe the volume
of Internet commerce will be much higher. Growth of business-to-business electronic
commerce is being driven by lower purchasing costs, reductions in inventories, lower
cycle times, more efficient and effective customer services, lower sales and marketing
costs and new sales opportunities.
1. Lower Purchasing Costs
Buying materials or services for a corporation can be a complex, multi-step process.
First, purchasers have to find suppliers who make the product and determine whether
they meet volume, delivery, and quality and price requirements. Once a potential
supplier has been chosen, detailed drawings and information are transmitted to the
supplier so that the product is built to exact customer specifications. Assuming the
product sample has been approved and the supplier's manufacturing lines are ready for
production, the buyer, then transmits a purchase order (PO) for a specific quantity of
goods. The buyer, meanwhile, receives notification from the supplier that the PO was
received and confirmation that the order can be met. When the product ships from the
supplier, the buyer again receives notification, along with an invoice for goods delivered.
The buyer's accounting department matches the invoice with the PO and pays the
invoice. When changes to the normal order happen - a frequent occurrence in most
companies - the process can be much more complicated. Companies lower procurement
costs by consolidating purchases and developing relationships with key suppliers to
benefit from volume discounts and tighter integration in the manufacturing process.
They also cast a wide net for lower-cost sources of supply. Large companies have been
using EDI over private networks to reduce labour, printing and mailing costs in the
procurement process. Automating routine procurement means the procurement staff
has more time to focus on negotiating better prices and building supplier relationships.
Analysts estimate that businesses already trade over $ 150 billion in goods and services
using EDI over VANS. Companies using EDI commonly save 5-10 per cent in
procurement costs. The Internet has the potential to further reduce procurement casts.
Large companies benefit from lower transmission costs versus private networks. The
Internet also opens the door to doing business electronically with new suppliers and
with small and medium-sized suppliers who formerly communicated only via fax or

hone. Small companies also benefit. The Internet reduces processing costs and opens up
new sales opportunities from potential buyers that post requests for bids on the
Internet. Procurement via the Internet is new enough that projecting economy-wide
savings or other benefits is difficult. Specific company examples suggest that its
potential is large and growing.
For instance, General Electric's lighting division reports significant gains in
responsiveness, improved service, and reduced labour and material costs as a result of
shifting purchasing company has to hold to account for delays and errors, and the less
quickly it can react to changes in demand. Having huge inventory does not ensure better
customer services, either. Shelves weighed down with size -10 running shoes do no help
the customer who wears a size 8. When a customer enters a furniture showroom looking
for an armchair with green and white stripes and is told it's on back-order for 12 weeks,
he may drive across town to a competitor rather than wait. Managing inventory properly
results in better service for the customer and lower operating costs for the company.
Increasing the frequency of inventory "turns" (the number of times inventory in existing
warehouse or store space is sold or used for production each year) reduces inventoryrelated interest, handling and storage costs. Reducing inventory levels also means that
existing manufacturing capacity is more efficiently utilised. More efficient production
can reduce or eliminate the need for additional investments in plant equipment. IBM's
personal systems group provides an illustration of how the Internet and private
networks are helping companies keep stocks of inventory smaller, yet more targeted on
likely consumer needs.
Each month, the group marketing departments report information on how many PCs
they think will be sold. The production planning departments identify manufacturing
and materials capacity in each factory. Armed with inputs from across the company on
demand and supply, production schedules are assigned to each factory. The
procurement staff uses the same information to negotiate with suppliers. As new
information comes in each week, the process is repeated and the production schedule
fine-tuned. Electronic communication between factories, marketing and purchasing
departments have made this quick response possible. Problems are communicated as
they arise and the appropriate adjustments are made. If demand suddenly rises or it one
factory cannot meet its production schedule, IBM aware of it in time to increase
production at another factory. The Personal System Group has been phasing in this
Advanced Planning System (APS) since 1996 and already reports significant results.
During the first year of APS, inventory turns increased 40 per cent over the previous
year, and sales volumes increased by 30 per cent. The group anticipates another 50
percent increase in turns and a 20 percent increase in sales volume in 1997. By better
utilizing its existing manufacturing capacity, IBM has avoided having to make additional
investments to meet the increased volume requirements. The lower investment and
operating costs due to improved inventory turns have resulted in savings of $500
million. IBM is not alone in its efforts to use networks to improve communication
between the marketing and sales arm of a business and its production units.
Manufacturers, wholesalers and retailers are working together to form standards and
guidelines for setter forecasting and restocking called Collaborative Planning forecasting
Replenishment (CPFR). These standards will allow companies to collaborate in

determining future demand for products and to share information about the availability
of products in stock. With CPFR, a retailer and its supplier electronically post their
latest sets of forecasts for a list of products and to share information about the
availability of products in stock. With CPFR, a retailer and its supplier electronically
post their latest sets of forecasts for a list of products. A server tied to the Internet
compares the forecasts and flags differences in those that exceed a normal safety margin
- say 5 per cent. Differences are then reconciled by planners at both the retailer and the
supplier. To keep that process from becoming too cumbersome, software companies are
working to develop programs that automatically handle exception messages based on
rules that apply to that business. The accounting and consulting firm Ernest and Young
believes that CPFR could yield an inventory reduction of $250 billion to $350 billion
across the economy. By reducing inventory levels, businesses will realise substantial
savings in materials handling, warehousing, and general administrative costs.
2. Lower Cycle Times
Cycle time is the total time it takes to build a product. There are certain fixed costs
associated with building any product that do not vary with the amount of production,
but rather are time dependent. These "fixed" costs include depreciation of equipment,
most utility and building costs, and most managerial and supervisory time. If the time to
build a product can be reduced to seven days instead of ten, then the fixed costs per
product are lower since less time was needed. Electronic commerce allows "cycle times"
to be shortened, allowing more to be produced for the same or lower costs. In the 1980s,
the lower cycle's times realized by Japanese companies presented American companies
with a serious competitive challenge. The responded by breaking down organisational
barriers that had grown up between design, manufacturing and sales division and
improving communications with external manufacturing and sales division and
improving communications with external partners. Establishing electronic links with
their large suppliers and customers enabled companies to transmit and receive purchase
orders, invoices and shipping notifications with much shorter lead times than previous.
Some also began to share product specifications and drawings over value-added
networks to speed product design and development.
The Internet will permit even further reductions by broadening the network of
businesses connected electronically and by facilitating collaboration on projects across
work teams and geographical locations. Few industries faced a greater challenge to
reduce cycle times than the automotive industry in the early 1980s. While Japanese auto
makers could take a car from concept to mass production in approximately three years,
American companies typically took four to six years.
First, a full-scale clay model was built to see how the vehicle would look in real life.
Incorporating changes to the model could take months. Once approved, single or
multiple-prototype vehicles were built by hand to see whether parts fit together correctly
and whether car could be build economically. Engineers worked with the prototype
builders to refine the engineering specifications. Once the prototype was ready, the
engineers would design the individual components and the tooling needed to make the
components. Then, purchasing agents would work with suppliers to produce prototype

tooling and parts for assembly of pilot or pre-production vehicles. If everything went
smoothly, the manufacturing - engineering team would then assemble the vehicle to
discover any assembly problems. Finally, after additional modifications, the vehicles
were mass-produced.
Today, all parties involved in designing a new platform or vehicle - designers, engineers,
suppliers, and manufacturing and assembly personnel - work as part of a team,
contributing to the process from beginning to end. As a result of computerization, steps
that used to take weeks or months can now be done in a matter of days. Sharing
information electronically allows the different members of the group to work on projects
together, rather than having to wait for each member to finish his step before the next
one can be taken. Through the use of computer aided design (CAD), computer aided
manufacturing (CAM) and computer aided engineering (CAE), the whole team can share
computer files and use 3-D modelling techniques to design the vehicle and see how parts
fit without building prototypes by hand. Changes to the components can be made
without building sample tooling and parts.
When the final design is agreed on CAM data is loaded into machines that build the
tooling and prototype parts. The same techniques are being used to reconfigure and
retool assembly plants. Working as a team and sharing information electronically has
cut the time it takes to develop and build a new vehicle to about 30 months.
Automotive companies now want to shorten the design cycle to less than 24 months by
setting up platform teams in different parts of the world and linking them electronically.
By using global communication links, engineers in Detroit can assign a problem to
engineers on their team in India. With the time zone difference, the engineers in the Far
East can work on the problem and get an answer back to the Detroit counterparts by the
next business day, Cycle times are also being shortened for production. Before the use of
EDI, automotive companies communicated production requirements and schedules to
their suppliers by phone, fax or mail. This meant time-consuming manual data entry,
photocopying and information hand-offs from one supplier to another. It could take
several weeks to get the manufacturing schedule and requirement to all component
factories and vendors. To minimize the impact of delays and errors caused by
miscommunication, the plant kept a large inventory of part on-hand.
Today, automobile manufacturers and their large suppliers communicated production
and scheduling requirements via EDI. The assembly plant electronically sends the
supplier an 8 to 12 week forecast or builds plan. Daily production requirements detailing
the number of parts needed at each plant at specific scheduled times are also
communicated electronically. When the parts are ready and loaded in the trailer, the
supplier notifies the assembly plant that the parts are on their way. The plant schedules
its lines to coincide with the arrival of the trailers. By changing its assembly process to
take advantage of the more accurate and timely information they receive electronically,
most North American assembly locations turn inventory 130 times per year, up from 7
to 10 times per year in the past.

In January 1994, Chrysler, Ford, GM, Johnson Controls and 12 of their suppliers began
working together as part of the Manufacturer Assembly Pilot (MAP) to further improve
material flow within a pilot four-tier seat assembly supply chain. At the project outset, it
took four to six weeks for material release information to reach the bottom of the supply
chain. Along the way, information was distorted and truncated. The resulting late,
inaccurate and entrusted information cost millions of dollars in the form of "just-incase" inventories, premium freight, unplanned set-ups and changeovers and their
inefficiencies.
By electronically connecting the MAP participants, production schedules reached the
bottom of the supply chain in less that two weeks. On-time shipments improved 6
percent. Error rates were reduced by 72 percent. Up to eight hours we week per
customer was saved in labour costs. Connecting all levels of suppliers through the entire
industry via EDI could save nearly $1.1 billion annually - a cost savings of $71 or more
per car - and decrease information lead-time to just one day between each tier of the
supply chain.
The automotive industry is now investing in a new venture, the Automotive Network
Exchange (ANX), a managed ''virtual private network" that runs over the Internet and
links manufacturers and suppliers world-wide. ANX will electronically link those
suppliers who still communicate to the automotive manufacturers by fax, phone and
mail. And, it will replace the thousands of direct dial connections with a single network,
considerably lowering the transmission costs borne by the manufacturers and the
supplies. Scheduled to be fully implemented by 2000, the network will electronically
route product shipment schedules, CAD files for product designs, purchase orders,
payments and other business information. Participating automobile manufacturers
believe that ANX has the potential to reduce the product development and
manufacturing cycles even further, as well as improve many other key business
processes. The results achieved by the auto industry through EDI can be, and are being,
replicated in many other industries. Because of its low cost and ease of use, the Internet
will help accelerate the pace at which businesses communicate with each other
electronically and the benefits they can realise.
3. More efficient and effective customer service
Companies are beginning to use the Internet for customer service. Having product
descriptions, technical support and order status information online not only saves
money by freeing up a company's won customer service staff to handle more
complicated questions and manage customer relations, it can also lead to more satisfied
customers. Companies have long gathered and stored information about customers and
products in databases that only certain authorized employees can access. Innovative
businesses are finding ways to tap the potential of that information, making it available
to those who need it most whether it's a customer service representative answering a
phone call or a customer looking for account information or technical support online.
Few things are more frustrating to a customer than uncertainty about when an
important purchase will arrive. Too often, phone calls to a supplier result in a series of

transfers from one department to another and an eventual promise to check on the
status of the order and to call the customer back. This pattern consumes time and
money for the customer and the seller. Delivery companies are helping their business
partners solve this problem via the Internet. A customer can go to the company's Web
site, enter his order number, and find out that the product is already on a truck and is
expected to arrive the next morning. This information can be retrieved from the
company's Web site in less than a minute. In addition to improved customer
satisfaction, companies using the Internet for customer service report savings from
putting order tracking, software downloads and technical support information online.
For instance, Cisco reports that its customer service productivity has increased by 200
to 300 per cent, resulting in savings of $125 million in customer service costs. Dell
estimates that it saves several million dollars a year by having basic customer service
and technical support functions available on the Internet.
4. Lower sales and marketing costs
An individual sales person can support as many customer accounts as he can physically
visit or contact by telephone. Therefore, as the number of accounts increases, so does
the size of the sales force. Even direct marketing companies increase staffing as
telephone order volume increases. By contrast, a web business can add new customers
with little or no additional cost. Because its sales function is housed in a computer
server rather than store locations or sales people, its reach is bounded only by the
capacity of the servers to respond to inquiries and orders. The Internet can also make
traditional sales organisations, layered distribution channels, catalogue sales and
advertising more efficient. With automated ordering capabilities, sales representatives
no longer have to prepare time-consuming manual orders. Instead, they can spend time
building and maintaining customer relationships. Electronic catalogues present far
more information and options that their paper counterparts. Direct marketing online
can shorten repurchase cycles and increase and ability to sell additional items.
Some recent business examples suggest the potential of the Internet as an efficient sales
tool. Boeing's spare parts business debuted its PART page on the Internet in November
1996, allowing its airline customers around the world to check parts availability and
pricing, order parts, and track the status of their orders. Less than a year later, about 50
percent of Boeing's customers use the Internet for 9 percent of all parts orders, and a
much larger percentage of customer-service enquiries. The Boeing spare parts business
processes about 20 per cent more shipments per month in 1997 than it did in 1996 with
the same number of data entry people. And, because customers can satisfy many service
requests online, as many as 600 phone calls to customer service representatives are
avoided each day.
Cisco builds virtually all its products (routers, switches and other network
interconnect devices) to order, so there are very few off-the -shelf products. Before the
company establishment Internet sales capability, ordering a product could be
complicated. Generally, an engineer at the customer site knew what type of product was
needed and what should be configured. The engineer communicated this information
this procurement department who then created the purchase order and sent it to Cisco
via fax, phone or email. A Cisco customer service administrator entered the order into

Cisco's system. If the order went through clean", its booked and its production
scheduled within 24 hours. Nearly one out of four orders didn't get a "clean" bill of
health, however. Instead, when Cisco's system tried to validate the order, it discovers an
error in how the product was configured. The "dirty" order would be rejected, the
customer contacted and the procurement cycle would begin again. In July 1996, Cisco
ruled out its Web-based ordering and configuring system. Today, that same engineer
can sit down at a PC, configure the product on-line, know immediately if there are any
errors, and route the order to the procurement department. Because the customer's
pricing structure is already programmed into the Cisco site, the authorized purchaser
can complete the order with few keystrokes. And, rather than calling Cisco to find out
the status of the order, invoice or account information, a customer with the paper
authorization can access the information directly on the Web site. With the online
pricing and configuration tools, about 98 percent of the orders go through the system
the first time, saving time both at Cisco and the customer's site. Lead times have
dropped two to three days, and customer's productivity has increased an average of 20
percent per order.
5. New sales opportunities
The Internet operates around the clock and around the world As a result businesses on
the Web can reach new markets they could not reach effectively with an m-person sales
force or advertising campaigns.
For instance, a plastic commodity specialist at a large manufacturer can site down at his
PC, click on a Web browser and search for suppliers spelling industrial plastics online. A
small supplier with a limited sales force can now reach that buyer getting its first
introduction online. Similarly, a vendor's sales force may not be able to reach millions of
home offices and small offices around the country. By having an online presence and
creating customised services for the small business market that vendor may develops a
new, lucrative market, both within the US and globally' Companies using the Internet to
sell products find that they attract new customers For example, eighty percent of the
consumers and half of the small businesses that purchased from Dell's Web site had
never purchased form Dell before. One out of four say that if not for the Web site, they
would not have made the purchase. And their average purchase value is higher than
Dell's typical customer. WW Grainger' the leading distributor of MRO supplies in North
America, describes similar results. The company launched its Web business in the
spring of 1995. Today, more than 30 per cent of the company's online sales are to new
customers of incremental sales to existing customers. Because the virtual store is open
seven days a week, 24 hours a day, customers who wouldn't otherwise be able to order
from a Grainger store are now able to do so. In fact, more than 50 percent of all orders
are placed 5 PM and before 7 AM when the local store is closed.
The future
Businesses that use the Internet to buy, sell, distribute and maintain products and
services are realizing significant cost savings and increased sales opportunities. And, the
benefits only increase as the network of businesses conducting electronic commerce

grows. Investments are already taking place to realise the $300 billion in business-tobusiness Internet commerce analyses predict by 2002. Three of the companies
discussed - Cisco, Dell and General Electric - were responsible for about $3 billion in
Internet commerce in 1997. If their current projections provide accurate, these three
companies alone with conduct more than $17 billion in Internet commerce within three
to five years. The experiences of these and other companies are quickly spreading
through the rest of World industry through conferences and consulting firms who assist
companies to design and implement Internet based business solutions.
Even at $300 billion, Internet commerce will only represent 3 percent of total GDP of
US. This means that the greater efficiencies companies are experiencing from electronic
commerce are likely to continue to diffuse through the U.S. economy for decades to
come.
Traditional vs. Electronic Business
The impact of E-commerce on traditional retailing systems based on the business
models discussed in this section. A key impact is dis-intermediation of traditional
distribution channels and electronic re-intermediation.
- Dis-intermediation and Re-intermediation
By using the Internet, manufacturers can sell directly to customers and provide
customer support online. In this sense, the traditional intermediaries are eliminated. Let
us call this phenomenon dis-intermediation. However, new electronic intermediaries emails and product selection agents - are emerging instead. Occurrence of a new breed
of electronic intermediaries is called re-intermediation.
In response to this change, traditional intermediaries like department stores are joining
the bandwagon of the new opportunity but still keeping their traditional way of doing
business. However, the traditional distribution business can never be the same again,
because it has to provide something that the electronic intermediaries cannot provide.
On the other hand, some manufacturers like auto makes still need to cooperate with
dealers in a different way. These phenomena are another evolution toward reintermediation and re-intermediation.
Now let us elaborate the notion of dis-intermediation and re-intermediation further.
Dis-intermediation is new term that refers to the removal of organisations or business
process layers responsible for certain intermediary steps in given value chain. In the
traditional distribution channel, there are intermediating layers, such as wholesaler,
distributor, and retailer, between the manufacturer and consumer as depicted in the
following figure. In Japan, there sometimes exist 10 layers, which add a 500 percent
mark up. Owing to the presence of the Internet as a marketing and product selection
vehicle, customers are beginning to question the value offered by the distribution
channel, when they can theoretically obtain the same products directly from the
manufacturer. If manufacturers are able to connect directly with consumers and shorten

the traditional distribution chain they used to depend on, it is theoretically possible to
get rid of the inefficiencies of the current structure.

A logical alternative to dis-intermediation is re-intermediation, which actually points to

the shifting or transfer of the intermediary function, rather than the complete
elimination of it. In the EC era, the intermediaries such as e-mails, directory and search
engine services, and comparison-shopping agents can create the role of reintermediation. These new intermediaries replace the role of traditional intermediary
layers. Another re-intermediation can emerge by differentiating the service of
traditional intermediaries from on-line intermediation. This can be realized, for
instance by offering entertainment during shopping and by upgrading the shopping as
pleasant as hobby. In summary, customers have more choices of alternative
intermediaries.
- Impact on Manufacturer's Distribution Strategy
In addition to dis-intermediation and re-intermediation, an interesting emergence of
manufacturer's distribution strategies is the following:
a. Manufacturer's monopolistic Internet-based distribution: Levi's does not allow
anyone else to sell Levi's product on the Internet. This is possible because Levi's has

such a name value and customers like to have a single contact point in cyberspace. (In
late 1999, Levi's changed its policy).
b. Coexistence with the dealers: This is the case in car distribution. Automakers need to
keep the traditional dealers as test-drive servers even though they sell on the Internet.
c. Regionally mixed strategy: In a certain region a particular company may sell on the
Internet, while in another region it sells through the traditional retailer. For instance,
Nike sells on the Internet but only in the United States. Nike provides physical retailing
stores abroad. The policy depends upon the maturity of Internet-based customer
groups.
d. Mass customization for make-to-order: Manufacturers have to be adaptive to the
customised orders of ultimate consumers. This means the manufacturer should be ready
for mass customization.
e. Powerful suppliers: According to Fortune, August 16, 1999, Home Depot sent a letter
to its major suppliers (e.g.www.whirlpool.com), reminding them that Home Depot has
the right not to carry their products they will sell online, directly to customers.
- Managerial Issues
a. The combination of the criteria of business models of electronic marketing can
construct various business models depending upon the initial position of each individual
company.
b. A new opportunity is available to pure direct marketing manufacturers and pure
cyber-retailers. New business models have diminished the role of traditional
intermediaries. From an electronic intermediary's point of view, its management should
decide whether to commit to being a generalized directory service or retail specialised
items.
c. However, the emergence of pure cyber-marketing companies has irritated traditional
distributors. Traditional manufacturers have had to decide whether they want to
transform to a full commitment to direct marketing, restructuring the current
manufacturing and distribution system; or regard the electronic storefront merely as an
additional channel of distribution. A similar strategic question applies to traditional
retailers.
d. A critical question to traditional manufacturers and retailers is how to transform their
business posture incorporating the benefits of electronic marketing with existing
distribution channels to satisfy customers most effectively at the minimum operating
cost. Management also has to investigate starting a completely new business to cultivate
the future opportunity of E-commerce.
E-Commerce Industry Framework

Traditionally market ties were created through the exchange of goods, services land
money. But E-commerce is changing all that. It is influencing the way the market is
structured by adding another element - information. It has enabled the creation of new
market opportunities, which enables new players to step in, thereby creating a new set
of market dynamics. A general framework of the E-commerce market will be helpful in
better understanding this emerging market.
1.
2.
3.
4.
5.
6.
7.

E-Commerce Applications
Supply chain management
Online shopping
Procurement and purchasing
Online publishing
Online banking
Information products and services

Consumer Internet e-Commerce uses a single set of technologies. The infrastructure for
an e-shop selling books is essentially the same as is used for the online sale of airline
tickets. The important differences between e-commerce applications are how they fit

into the consumers market, how they are supported by the supply chain and their
potential to alter the role of players in that supply chain. These essential components of
the business structure are shown in figure 1.5.

Figure 1.5: e-Vendor Business Links

Consumer Internet e-Commerce facilities, an e-shop, may be set up by:

A new entrant to an existing market

An existing player in the market using the Internet to develop a new sales
channel

New entrants to the market have the potential to threaten the market position of
existing players but they have to build up expertise to support their operations. Existing
players in a market may respond to the new entrant by sharpening up their conventional
retail act or by setting up a competing online channel, the latter course of action adds to
the threat to their investment in the conventional distribution channel.
The e-commerce applications also need an effective supply infrastructure; the online
purchaser is not going to be impressed by lines that are out-of-stock or goods that take
forever to arrive. An existing retailer has supply chain arrangements that have been built
up and tuned over time. The new entrant to the market has to match this efficiency by
quickly setting up similar arrangements or developing an alternative infrastructure that
better meets the needs of its way of conducting business.
A number of contrasting sectors are examined in this section. These sectors exemplify
the range of consumer e-Commerce services that are available. The chosen sectors are:
1.
2.
3.
4.
5.
6.

Bookshops;
Grocery Suppliers;
Software Suppliers and Support;
Electronic Newspapers;
Banking;
Share Dealing;

1. Internet Bookshops

One of the first applications of e-Commerce on the net was the Internet Books shop. The
story is that Jeff Bezos, when he decided to set up an online business, san down to work
out what he could sell online and decided it was books - the result was amazon.com.
Books, as an item of merchandise, have four significant advantages for the online
retailer:
1. They can, in most cases, be adequately described online. They are not like cloths
that the customer might wish to try on or bananas where the customer could
want to check the size-and ripeness.
2. They are moderately priced - expensive enough to make the transaction
worthwhile but not so expensive that the transaction exacerbates customer fears
about online payments.
3. Many customers are prepared to wait for the goods to arrive (and there is often a
similar wait for books ordered through a conventional bookshop).
4. Delivery is manageable. Postal / small packet services can be used at reasonable
prices and the customer does not have to be at home to receive the goods; they
can be posted through the customer's letter box.
The start-up and subsequent success (in terms of growth and sales volume) of Amazon
came as something of a shock to convention booksellers. The shock was in terms of loss
of sales but also the discount pricing of Amazon that threatened existing pricing
structures within the book trade. The reaction of other players in the book trade has
been threefold:
Defensive reaction by large traditional players that setup their own e-Bookstores; Barns
and Noble in the US is one such example (and in setting up an online alternative, the
existing player adds to the threat to their investment in conventional trade outlets).
Competitive reaction by new operators in the field who have copied Amazon's initiative;
bol.com is one such example in Europe and the UK. Some new entrants have been
aggressive in their advertising and pricing, displacing Amazon adverts on some portals
and pushing them to increasing their discounts.
Enhancements of conventional bookshop offerings; many multiple book retailers have
made considerable investments in their conventional bookshops converting them into,
what could be termed, book emporiums. Apparently the conventional book retailers
don't intend to let the online vendors have it all their own way.
The advent of retail e-Commerce customer interfaces has not altered the supply chain
arrangements of the book trade. Bookshops have two main sources of supply:
1. Book wholesalers (and it is Amazon's relationship with^ a large wholesaler in
Seattle that, arguably, made their operation possible). Wholesalers tend to deal
more with 'popular' books than with specialist or academic requirements.
2. Direct supply from the publisher, either from a sales representative or using
direct ordering (direct ordering is typically via EDI, e.g. TeleOrdering in the UK).

The book trade supply chain is summarized in figure 1.6.

In competitive terms the Internet bookshop has the advantage that it does not have to
maintain expensive retail premises and the staff that go with such an operation. A
warehouse operation where the customer does the data entry is cheaper to operate
although the IT infrastructure is an additional expense. The major disadvantage for the
online bookshop is that the customer does not collect the product and delivery has to be
paid for. The exact balance of the equation is not clear. The online retailers do discount
but the high headline discounts are concentrated on a few best-sellers and many books
are sold at the publishers recommended price. Also the online retailer, seemingly, need
to pay for promotion to a greater degree than their conventional competitors. The online
only retailers, at the time writing, are all making substantial losses.
The large online bookstores need a sophisticated web site, both to attract and retain the
attention of their customers and to ensure the efficiency of their backroom operations.
The facilities of the online bookshop may include:

A large database of books: The details available for display include a picture of
the cover, description of the book, price and possibly customer reviews;
A search engine for author, title, subject, etc;
Details of stock and hence an accurate picture of delivery times (this is, for
example, provided by Blackwells which also has a wholesale function and thus
has access to this data);
Software to record the readers interest and to suggest other titles that might also
appeal;
Integration into the supply chain, e.g. facilities to send EDI orders to the
publisher (again this is a feature of the design on the Blackwell's online
bookstore).

The system has to be up-to-date, robust and comprehensive.

Noteworthy Sites
Large online bookshops include:
Amazon - www.amazon.com, www.amazon.co.uk
Barnes and Noble - www.barnsandnoble.com
Bertelsmann AG - www.bol.com
Blackwell - www.bookshop.blackwell.co.uk
Chapters - www.chapters.ca
There are also a large number of sites for bookshops dealing with specialist interests;
these sites are much smaller and tend to have fewer features than the major online
bookstores.
2. Grocery Supplies
Going to the supermarket for many people is just a chore, often the time they can go is
the time everyone else can go. The car park is crowded, the aisles are jammed, the
queues at the checkout, reloaded into bags, loaded into the car, taken into the house and
loaded yet again into the refrigerator and the cupboards. How much easier if one could
call up the home page of the friendly local supermarket, a few clicks of the mouse and
the weekly shop is done. The online supermarket works much like any other shop. The
customer logs and selects the groceries that are required. The staffs pick the goods, pack
and dispatch them. That said, the logistics are a bit different from other online stores:
Selecting Goods: The typical food supermarket carries a product range of several
thousand items and a customer may well select (say) 60 of them on a weekly shopping
trip. This is a task that can take some time and the online supermarket tries to help with
facilities such as an online shopping list.
Delivering Goods: Groceries are both bulky and perishable, and leaving them outside
the back door is not necessarily appropriate. Common practice for home delivery is to
arrange a delivery slot with the customer, delivery within a specified two hour period
and to make a small charge for delivery.
In the UK most of the large supermarkets have started online shopping services. There
is strong competition between UK supermarkets and possibly the rollout of online
shopping is more do with a need not to be seen to be falling behind than a great
enthusiasm for the new channel. In the UK, the first food retailer with a (modern) home
delivery service was Iceland, a frozen food chain that also does general groceries. The
Iceland home delivery service docs have a web connection but the main method of

access is telephone ordering and a sizeable number of the customers are senior citizens
who have a problem getting to the shop but are readily available at home to receive
deliveries.
In the US, one of the pioneers of online groceries has been Peapod, a software company;
they have set-up the online facility and have found other organisations to stock and
deliver the groceries. Amazon has also recently joined in with their Homestore brand
offering its services in selected locations.
The logistics of the online grocery business are very different from the e-bookstore. A
warehouse in Seattle can do nation-wide (or even world-wide) delivery of books but
would not be appropriate for general grocery supplies. The home delivery grocery
business requires local depots and it needs the same supply chain infrastructure,
coordinated by EDI, which the supermarkets have in place. The organisations that have
the infrastructure to enter this business are the existing food supermarkets; the only
part of their facility that is not entirely appropriate is the retail store which is a much
more lavish facility than would be required in a purpose built, home delivery depot.
The supply chain of the home delivery grocery operation is diagrammatically very
similar to the bookshops; a vital difference is that supply has to be from a local depot
rather than a central warehouse. The supply chain is shown in Figure 1.7.

It is noted that there are a number of online suppliers of specialist food products. These
operators work with a limited product range of specialist products at premium prices.
These operators can work from a central warehouse and use the postal / packet delivery
system. Selling chocolates or wine online is a very different operation from general
groceries.

Noteworthy Sites
Peapod - www.peapod.com
Homestore - www.homestore.com
Sainsbury - www.sainsbury.co.uk
Tesco - www.tesco.net
13. Software Supplies and Support
Software supplies are both a business to business market and a business to consumer
market. It is also a consumer market and as it contrasts with the other trade sectors
discussed in this section. The Internet as a channel for software sales, including
computer games, has two distinct advantages:
1. The customers are presumably computer literate and will be able to operate the
medium.
2. The product is electronic and can be delivered via the net.
The supply chain for software delivered over the net is therefore very simple. It is a
straight transaction between the customer and the supplier without the need for any
agent or retailer. The supply chain is shown at figure 1.8.

4. Electronic Newspapers
The web, it is suggested, provides a new channel for news distribution that overcomes
the shortcomings of both the printed newspaper and of broadcast news on radio and
television. The web can give news coverage that is as up-to-date as broadcast news but
has the in-depth coverage available from a serious newspaper. Further than that, the
browser could be set to select the news of interest to the reader and to leave out the rest.
That is the potential but it has not yet happened, possibly it never will. The simplistic
assessment given above perhaps misses out on a more complex way that news is

'consumed'. Radio and television news is often consumed while people are doing other
things, eating their breakfast or driving a car; they happen in the background.
Newspapers are read on the train or in the park and then may be shared with someone
else. The newspaper gives the reader the chance to be selective (and that selection
process is to do with moods and time in a way it would be difficult for any software to
emulate). There are a number of online newspapers available and most of them are web
versions of existing newspapers. The Washington Post is the one that has, to date,
received the most favourable coverage. Currently access, with a couple of exceptions, is
free.
The online newspapers, it seems, are often used to look up something that has been
missed in a previous issue or to look at the job advertisements, rather than being read as
a newspaper. Online magazines attract some readership but they have had a hard time
attracting subscriptions - there is the ethos that the net should be free and there is also a
concern that the magazine might not be as good as it pretends to be or that it may not
last the period of the subscription. There is, however, a threat to the conventional
newspaper from the web. A large part of the revenue that pays for newspapers comes
not from the cover price that the reader pays but from the money received from
advertisers. The web has the potential to advertise jobs, houses and used cars at a
fraction of the price of a newspaper -should the advertising of these items shift to the
web then it might not be possible to buy or daily or local newspaper, at least not at a
price that the public is prepared to pay.
The supply chain of the online newspaper is also much simpler than that of the paper
version. No need for a midnight deadline before the papers are loaded on to lorries,
delivered to wholesalers in each major town, re-packed for delivery to news agents and
then possibly to the door by a paper boy. The supply chain of online newspaper is direct
from the company to the readers screen.

5. Internet Banking
There are times when the bank customers want to know their bank balance or make an
urgent payment and a visit to a branch is not convenient; Internet banking (and
telephone banking) can solve these problems. The use of the telephone or the Internet
also have advantage for the bank; it reduces the cost of processing each transaction (by a
factor of between 10 and 100 depending on which report you read) and has the potential

to enable the bank to reduce the overhead of the branch network. Online banking allows
the customer to check their balance or pay a bill at any time of the day or night. The
services offered by online banks typically include:

Online balances and statements giving up-to-the -minute information. The

statement can be used to check that any specific debit or credit has gone through;
Credit transfers so that bills can be paid online. Included, is the facility to set up a
transaction now for the bill to be paid at a later date;
Maintenance of standing orders and direct debits.

The major service that is not provided is cash in and cash out; for this service the
account holder has to leave home and visit an automatic teller machine (ATM) or a bank
branch (assuming it has not been closed down). A problem is that doing your own
banking allows you to make your mistakes and there are reports of customers sending
money to the wrong account or just out into cyberspace. Banks also make mistake but
when they do it is comforting to have someone other than oneself to blame. For online
banking, security is obviously an issue. At the Bank of Scotland logging on reportedly
involves a customer number, three passwords and eight different pages before the
balance could be accessed; and the service needs special software downloaded onto the
PC. It is, of course, right that security is taken seriously but it does not necessarily make
for an easy to use, or a fun, service. The supply chain of the bank, using e-banking,
reduces usage of the branch network (although a branch or ATM machine will still be
required). The supply chain of the online bank is shown at Figure 1.10.

6. Online Share Dealing

The use of the Internet is taking off among private investors in stocks and shares. The
Internet can make available to the private investor the up-to-the-minute information
that, until recently, had only been available to those working in financial institutions.
The use of online brokerage services automates the process of buying and selling and
hence allows a reduction of commission charges. Also the commodity being traded is
intangible; the ownership of stocks and shares can be recorded electronically so there is
no requirement for physical delivery. Internet share trading sites are been setup by stock
broking organisations and by new entrants to the market (the latter need clearance from
the regulatory authorities before they can operate). The Internet is also being used for

information sites and chat lines, some provide information free and some require a
subscription.
Current developments are, essentially, converting off-line practices to an online
equivalent. The private investor who may have received a stockbroker's report through
the post and looked up share prices in the morning paper can access the information
online (with the current market price being available). The investor who might have
made calculations about trends and valuations by hand can download the information
from the web into a spreadsheet or a personal finance program that runs on their PC.
That same private investor who used to ring up a stockbroker to buy or sell (a process
that might take some time when the market was busy) can issue that same instruction
online for immediate execution. The investor is able to deal at a price viewed
immediately, whereas using more traditional dealing services an investor will often have
to wait in a telephone queuing system to get through to the dealing desk and when
trading may have to wait for the price of the trade to be confirmed. The number of sites
and the usage of them is mushrooming. Figures for 1999 show 7 million online traders
in the US and a rapid growth in the UK since the first traditional British stock broking
firms, a number of the banks and few large US companies that have set up in the UK.
In the US the availability of online shares dealing services has created the phenomena of
day trading. The day trader's aim is to make a profit from volatile shares that are bought
in the morning and sold in the afternoon. Day traders are often just ordinary members
of the public who have given up their jobs to spend the day glued to a screen watching
the price movements of a few selected stocks. Some day traders make money but many
do not; the unsuccessful day trader losses all their savings and often a great deal more as
many take out loans or trade on credit.
The supply chain for share dealing is unchanged; the use of the net just speeds up the
whole process (and that can be vital in some share dealing). The supply chain from the
broker to investor is shown in Fig 1.11.

Internet share dealing seems like a sector set to grow and grow. Why trade through a
broker when you can get better information and a better service by trading online. For
many years the people in the trade have had up-to-the-minute information on share
prices that has not been available to the general public. Now members of the-general
public can compete on equal terms. The problem with online trading is that it increases
the temptation to indulge in short-term speculation rather than long-term investment.
It is a risky business for the individual and of doubtful benefit to the overall economy

that the financial markets are supposedly-designed to service. That said, if the financial
institutions can and do speculate, often in a thoroughly irresponsible manner, why
should the ordinary punter not have a chance to join in if they wish to?
Digital Goods and Services
Electronic commerce can support most of the processes involved in the purchasing of
physical goods and services. Digital goods and services are those that can be delivered
using the information infrastructure. Hence, for digital goods and services, the market
space provides a context sufficient for the entire procurement process.
Digital goods and services include:

documents, including articles and books;

data, including statistics;
reference information, including dictionaries and encyclopaedias;
news;
weather forecasts;
projected sound, such as speeches and musical performances;
projected video and video-with-sound, including television, videoconferencing and video-clips; and
interactive voice, such as telephone conversations and teleconferencing;
interactive video and video-with-sound, such as video-conferencing;
images, including structured graphics such as diagrams and musical scores, and
photographs;
entertainment, infotainment, edutainment and education via multi-media;
bookings and tickets for live events;
software, quite generally;
commerce in insurance;
commerce in money, including foreign currencies;
commerce in securities, and financial derivatives such as stock-based, interestrate-based and index-based options; and
commerce in commodities, and commodities derivatives such as futures.

QUESTIONS
1. Describe the advantages of E-commerce?
2. Explain various E-Commerce Concepts.
3. Narrate Electronic Commerce as Online Selling.
4. Explain applications of Intranet and Extranet in businesses.
5. Explain the differences between traditional and E-Business models.
6. Why do companies adopt EC models?
7. Explain various forces aiding E-Commerce.
8. Discuss in detail emerging role of E-commerce in business growth.
9. Describe E-Commerce Applications.
10. Explain the importance of E-Commerce Applications.
11. Write a detailed note on the status of electronic commerce in India.

12. Distinguish Electronic Commerce from traditional Business.

13. Explain the nature and characteristics of digital goods and services.

- End of Chapter -

Unit II
NETWORK INFRASTRUCTURE

The information superhighway has many transport systems and does not function as a
single monolithic entity. The architecture is a mixture of several high speed network
transport systems like land based telephones, air based wireless, modern based PCs and
satellite based communications etc. For example an e-mail sent from Bangalore to
California may travel across different interconnected transport networks before it
reaches California.
The players in this industry segments can be called as "information transport
providers". These include telecommunication companies that provide telephone lines
(DOT), cable companies that provide coaxial cables, satellite networks, wireless
networks, private networks like Compuserve, and public networks like the Internet.
The industry segment also includes hardware and software tools that provide interface
between the various network options and the customer premises equipment (CPE). The
category of CPE includes TV set top boxes, computer based communication and
networking hardware (hubs, routers etc). Routers are devices that connect the Local
Area Networks (LAN) inside various organisations with the Wide Area Networks (WAN)
of various network providers. The last 5 years has seen a tremendous growth in the
router business. Today this is a multi billion dollar industry dominated by Bay networks,
3COM, Cisco etc.
Multimedia Content and Network Publishing Infrastructure
The development of World Wide Web (WWW) has thrown open the gates of Internet to
the common user, which was previously used in universities and defense labs. The web
allows network publishing. It provides a mean to create product information (content)
and to publish it in a network server. A whole new set of software for the web like
HTML, Java has been created. The web has also triggered the growth of a new industry
that creates tools called browsers to access and publish information. Major players in
the browser industry are Netscape communications (Netscape communicator) and
Microsoft (Internet Explorer). The web has also created a new industry that develops
multimedia applications in which most entertainment providers are jumping.

Messaging and Information Distribution Infrastructure

Once content has been created and stored on a server, messaging distribution methods
carry that content across the network. The messaging vehicle is called "middleware
software" that sits between the web servers and the end user applications and makes the
peculiarities of the environment. It also includes translators that interprets and
transforms data formats.
Messaging vehicles provide ways for communicating unstructured as well as structured
data. Unstructured messaging vehicles are Fax, E-mail etc. The success story of Hotmail
stems from the fact that offering free messaging services will be | attractive and helps to
develop a loyal customer base. But the free message market is cluttered today with every
one offering such services. Providing value addition will be the only differentiator.
Structured documents messaging consist of the automated interchange of standardised
and approved messages between computer applications via telephone lines (ex-EDI).
Purchase orders, shipping notices and invoices are example of structured document
messaging.
For the purpose of E-commerce the existing messaging mechanisms must be extended
to incorporate reliable, unalterable message delivery that is not subject to repudiation,
to be able to acknowledge and give proof of delivery when required. The challenge in the
development of messaging software is to make it work across a variety of
communication devices (PCs, set-top boxes etc), interfaces (characters, graphics) and
networks (satellite, cable, fibre optics, wireless and twisted pair).
Business Services Infrastructure
Doing business online had received attention for its potential as well as for such
shortcomings as inadequate directories, inadequate online payment instruments and
inadequate security. The business services infrastructure attempts to address these
shortcomings. The infrastructure includes the different methods for facilitating online
buying and selling processes.
In order to enable online payment and ensure its safe delivery, the payment services
infrastructure needs to develop strong encryption and authentication methods. The
development of catalogs, financial services and shopping mechanisms over the last two
years has greatly simplified online business. But the development of secure transactions
and secure online payment instruments (such as digital cash, electronic checks) will still
be a concern and this provides a market opportunity for many players.
Other Key Issues
Public Policy
Public policy related to E-commerce encompasses such issues as universal access,
privacy and information pricing. Information traffic policy issues deal with the cost of

accessing information, regulation to protect consumers from fraud and to protect their
right to privacy and the policing of global information traffic to detect information
piracy. But the issues themselves, let alone solutions are just now evolving and will
become increasingly important as more people enter the electronic market place.
Technical Standards
Technical standards dictate the specifics of information publishing tools, user interfaces,
and transport. Standards are essential to ensure compatibility across the network. Many
organisations like the W3 consortium are working to establish the relevant technical
standards.
Case Study: Microsoft
Microsoft is an excellent case study of a company that understands the importance of
the various aspects of the E-commerce framework. All the acquisitions and partnerships
undertaken by Microsoft are keeping in this view. Microsoft began the efforts by
establishing a key link to the Internet. When Microsoft decided to build the Microsoft
Network (MSN), it bought at 20% stake in UUNET technologies, an Internet access
provider. This gave Microsoft access to a telecommunication infrastructure that reaches
several million consumers. It also made Microsoft independent of any access provider.
Microsoft then launched an intensive effort to build an attractive content base.
Microsoft decided to attract content away from other providers like America online
(AOL), CompuServe instead of building its own content. It developed a business model
that allows each content provider (magazines, newspapers, TV networks) to set fees and
to retain 70% of the revenues and a 5% commission on goods sold on MSN. With this
business model, it was able to garner support from content providers seeking more
lucrative contracts. In terms of network servers, Microsoft has developed a web server
called Internet Information System (IIS) that comes with Windows NT 4.0 operating
systems.
Microsoft is active in messaging and information distribution, and is involved with
various consortia and standards organisations that are developing standards for such
distribution. It has also undertaken the route of M&A. It recently acquired Hotmail, a
popular free e-mail provider and is considering many more.
In the area of business service, Microsoft made a pre-emptive strike by trying to acquire
Intuit, the maker of the popular personal finance software, Quicken. Even though its
attempt failed, Microsoft has built its own software called Microsoft is working with
various application vendors, because it believes that applications will proliferate, when
the E-commerce market expands. For instance Wall-Mart and Microsoft have made a
deal to provide online shopping services. Microsoft also realizes that in the near future,
the challenge lies not in technology but using it sell ideas and services to the customer.
Intermediaries and E-Commerce

Intermediaries are economic agents that stand between the parties of a transaction
namely buyers and sellers and perform functions to the fulfillment of the transaction. As
an example we can consider firms in the financial service sector like banks, insurance
companies, brokers, agents, mediators etc. The following table lists a variety of online
intermediaries in E-commerce.

Many opportunities exist for online intermediaries who process and add value to
information along the transactional chain. Information based products range from the
simple order taking to the highly sophisticated customised manufacturing. In a simple
case, customers can order flowers through the online intermediaries that divert the
order to the regular boutique shops, (www.flowers.com). In more complex cases,
intermediaries create software that allows customers to view and choose cars by
computer, (www.autotown.com). This will then provide valuable data to the
manufacturers and inventory systems that control the production and distribution of the
car.
In online retailing, intermediaries are doing well by packaging and selling information.
The online catalogue business is one of the most efficient and successful intermediationbased industries, for example, CUC International. Since such catalogue companies carry
no physical stores, inventories and labour they are able to offer customer lower prices
than those provided by the traditional retailers. Other online intermediaries like brokers
(priceline), auctioneers (ebay), stock traders (e*trade) etc are also doing well.
Types of E-Commerce
There are three distinct types of E-commerce applications:
Inter-organisational (Business-to-Business (B2B))
Intra-organisational (Within Business)

Business-to-Consumer (B2C)
Business-to-Business E-commerce
From the inter-organisational perspective E-commerce facilities the following business
applications:
1. Supplier Management
Electronic applications help companies to tightly integrate with the suppliers and
facilitate business partnerships by reducing the Purchase Ordering costs (Pos) and cycle
times.
2. Inventory Management
Electronic applications shorten the order-ship-bill cycle. If all the business partners are
electronically linked, then information can be instantaneously transmitted. Business can
also track their documents to ensure they are received there by improving auditing
capabilities. Electronic applications will also help in reducing inventory costs, reducing
out-of-stock occurrences.
3. Distribution Management
Electronic applications facilitate the transmission of shipping documents such as bills of
lading, purchase orders, advanced shipment notices etc. and also can enable better
resources management by ensuring the documents themselves to contain more data.
4. Channel Management
Electronic applications quickly disseminate information about changing operational
conditions to trading partners. Technical, product, and pricing information that once
required repeated phone calls and labour hour could now be posted in electronic
bulletin boards. By electronically linking production related information with
distributor and reseller networks, companies can eliminate countless labour hours and
ensure accurate information sharing.
5. Payment Management
Electronic applications link companies with suppliers and distributors so that payments
can be sent and received electronically. Electronic payment reduces clerical error,
increases the speed at which the companies compute their invoices and lower
transaction costs.
Intra-Organisational E-commerce
The purpose of intra-organisational applications is to help a company maintain the
relationships that are critical to delivering superior customer value by paying close

attention to integrating various functions in the organisation. In this perspective some

of the applications offered by E-commerce are,
1. Workgroup Communications
These applications enable managers to communicate with their employees using e-mail,
video conferencing and bulletin boards. The goal is to use technology for knowledge
sharing, which will result in better-informed employees.
2. Electronic Publishing
These applications improve the flow of information between the production and sales
force, and between the companies and the customers. By better integrating the sales
forces with other parts of the organisation, companies can have greater access to market
intelligence and competitor information, which can be funnelled into a better strategy.
Within intra-organisational commerce the largest area of growth has been in the area of
"corporate Intranets". Intranets are primarily set up to publish and access corporate
information.
Business-to-Consumer (B2C) E-commerce
In electronically facilitated business-to-consumer transactions, customers learn about
products through electronic publishing, buy products through electronic payments and
have information related products delivered to them directly over the network. Some of
the B2C electronic applications are:
1. Social Interaction
Electronic applications enable consumers to communicate with each other through email, news groups and video conferencing.
2. Personal Finance Management
Electronic applications help consumers manage their finance and investment decisions
through the use of online banking tools (ICCI bank's INFINITY a online banking tool
was created for the purpose of NRIs to conduct financial transactions with the bank
from their home).
3. Purchasing products and Information
Electronic applications help consumers to order products (both physical and
information related) and services from their home and pay through electronic
payments. It also helps them in finding information about existing and new products /
services. It provides the consumers with convenient shopping methods from online
catalogue ordering to phone banking. It also officers lower prices to the consumers'
since many intermediaries are eliminated.

4. Global Information Distribution Networks

The Global Information Infrastructure (GII), still in the early stages of its development,
is already transforming our world. Over the next decade, advances on the GII will affect
almost every aspect of daily life -- education, health care, and work and leisure activities.
Disparate populations, once separated by distance and time, will experience these
changes as part of a global community.
No single force embodies our electronic transformation more than the evolving medium
known as the Internet. Once a tool reserved for scientific and academic exchange, the
Internet has emerged as an appliance of every day life, accessible from almost every
point on the planet. Students across the world are discovering vast treasure troves of
data via the World Wide Web. Doctors are utilizing tele-medicine to administer off-site
diagnoses to patients in need. Citizens of many nations are finding additional outlets for
personal and political expression. The Internet is being used to reinvent government
and reshape our lives and our communities in the process. As the Internet empowers
citizens and democratizes societies, it is also changing classic business and economic
paradigms. New models of commercial interaction are developing as businesses and
consumers participate in the electronic market place and reap the resultant benefits.
Entrepreneurs are able to start new businesses more easily, with smaller up-front
investment requirements, by accessing the Internet's worldwide network of customers.
Internet technology is having a profound effect on the global trade in services. World
trade involving computer software, entertainment products (motion pictures, videos,
games, sound recordings), information services (databases, online newspapers),
technical information, product licenses, Financial services, and professional services
(businesses and technical consulting, accounting, architectural design, legal advice,
travel services, etc.) has grown rapidly in the past decade, now accounting for well over
$40 billion of U.S. exports alone.
An increasing share of these transactions occurs online. The GII has the potential to
revolutionize commerce in these and other areas by dramatically lowering transaction
costs and facilitating new types of commercial transactions.
The Internet will also revolutionize retail and direct marketing. Consumers will be able
to shop in their homes for a wide variety of products from manufacturers and retailers
all over the world. They will be able to view these products on their computers or
televisions, access information about the products, visualize the way the products may
fit together (constructing a room of furniture on their screen, for example), and order
and pay for their choice, all from their living rooms.
Commerce on the Internet could total tens of billions of dollars by the turn of the
century. For this potential to be realized fully, governments must adopt a nonregulatory, market-oriented approach to electronic commerce, one that facilitates the
emergence of a transparent and predictable legal environment to support global
business and commerce. Official decision makers must respect the unique nature of the

medium and recognise that widespread competition and increased consumer choice
should be the defining features of the new digital marketplace.
Many businesses and consumers are still wary of conducting extensive business over the
Internet because of the lack of a predictable legal environment governing transactions.
This is particularly true for international commercial activity where concerns about
enforcement of contracts, liability, intellectual property protection, privacy, security and
other matters have caused businesses and consumers to be cautious.
As use of the Internet expands, many companies and Internet users are concerned that
seme governments will impose extensive regulations on the Internet and electronic
commerce. Potential areas of problematic regulation include taxes and duties,
restrictions on the type of information transmitted, control over standards development,
licensing requirements and rate regulation of service providers. Indeed, signs of these
types of commerce-inhibiting actions already are appearing in many nations. Preempting these harmful actions before they take root is a strong motivation for the
strategy outlined in this section.
Governments can have a profound effect on the growth of commerce on the Internet. By
their actions, they can facilitate electronic trade or inhibit it. Knowing when to act and
at least as important when not to act, will be crucial to the development of electronic
commerce. This report articulates the Administration's vision for the emergence of the
GII as a vibrant global marketplace by suggesting a set of principles, presenting a series
of policies, and establishing a road map for international discussions and agreements to
facilitate the growth of commerce on the Internet.
The Government Policy Regarding Global E-commerce
The government policy on global EC includes the following five principles:
1. The private sector should lead
Though government played a role in financing the initial development of the Internet,
its expansion has been driven primarily by the private sector. For electronic commerce
to flourish, the private sector must continue to lead. Innovation, expanded services,
broader participation, and lower prices will arise in a-market-driven area, not in an
environment that operates as a regulated industry.
Accordingly, governments should encourage industry self-regulation wherever
appropriate and support the efforts of private sector organizations to develop
mechanisms to facilitate the successful operation of the Internet. Even where collective
agreements or standards are necessary, private entities should, where possible, take the
lead in organizing them. Where government action or intergovernmental agreements
are necessary, on taxation for example, private sector participation should be a formal
part of the policy making process.
2. Governments should avoid undue restrictions on electronic commerce

Parties should be able to enter into legitimate agreements to buy and sell products and
services across the Internet with minimal government involvement or intervention.
Unnecessary regulation of commercial activities will distort development of the
electronic marketplace by decreasing the supply and raising the cost of products and
services for consumers the world over. Business models must evolve rapidly to keep
place with the break-neck speed of change in the technology; government attempts to
regulate are likely to be outmoded by the time they are finally enacted, especially to the
extent such regulations are technology-specific.
Accordingly, governments should refrain from imposing new and unnecessary
regulations, bureaucratic procedures, or taxes and tariffs on commercial activities that
take place via the Internet.
3. Where governmental involvement is needed, its aim should be to
support and enforce a predictable, minimalist, consistent and simple legal
environment for commerce
In some areas, government agreements may prove necessary to facilitate electronic
commerce and protect consumers. In these cases, governments should establish a
predictable and simple legal environment based on a decentralized, contractual model
of law rather than one based on top-down regulation. This may involve states as well as
national governments. Where government intervention is necessary to facilitate
electronic commerce, its goal should be to ensure competition, protect intellectual
property and privacy, prevent fraud, faster transparency, support commercial
transactions, and facilitate dispute resolution.
4. Governments should recognize the unique qualities of the Internet.
The genius and explosive success of the Internet can be attributed in part to its
decentralized nature and to its tradition of bottom-up governance. These same
characteristics pose significant logistical and technological challenges to existing
regulatory models, and governments should tailor their policies accordingly.
Electronic commerce faces significant challenges where it intersects with existing
regulatory schemes. We should not assume, for example, that the regulatory frameworks
established over the past sixty years for telecommunications, radio and television fit the
Internet. Regulation should be imposed only as a necessary means to achieve an
important goal on which there is a broad consensus. Existing laws and regulations that
may hinder electronic commerce should be reviewed and revised or eliminated to reflect
the needs of the new electronic age.
5. Electronic Commerce over the Internet should be facilitated on a global
basis.
The Internet is emerging as a global marketplace. The legal framework ; supporting
commercial transactions on the Internet should be governed by consistent principles

across state, national, and international borders that lead to predictable results
regardless of the jurisdiction in which a particular buyer or seller resides.
E-Commerce Infrastructure
The requirement of E-Commerce Infrastructure is Performance. It should be fast and
reliable. The bandwidth server capacity should be as per the company's requirement. It
should be Scalable. It should have Redundant Connection to the internet; it should
contain Farm of web-servers with mirrored content for load-balancing. It should also
have Farm of databases Load balancing for firewalls and web/database servers for
flexible management. The infrastructure services, resources and protocols should be
monitored. There must be a centralized security management for Maintainability. It
should have Self repairing procedures and Emergency procedures. Intrusion detection
must be done. The website must have Global presence so that users can be redirected
based on site load and network proximity of clients. There must be few centers in
various countries. Cashing techniques should be adopted to improve performance and
response time.
Virtual LAN
Virtual LAN (VLAN) is a collection of workstations grouped by logic instead of
geography. VLAN technology solves the problem of broadcast floods m switching
network by segmenting it into smaller domains. Routers interconnect VLANs and filter
out unnecessary broadcasts between them. Inter V-LAN communication can be
controlled by access lists and traffic filters. There are 3 types of VLANs
1. Segment or port-based (Layer 1 VLAN). It consists of group of LAN segments
2. Medium Access Control (MAC) - based (Layer 2 VLAN). It consists of group of
MAC addresses.
3. Protocol and subnet-based (layer 3 VLAN). It consists of protocol and sub
networks.
Firewalls
A firewall is a system designed to prevent unauthorized access to, or from, an secure
network. It is a hardware and software connecting 2 networks. It mediates all traffic
between the internal and external nets. Firewall should be at the entry point of the
networked system it protects. Firewall is simple, reliable, configurable, manageable and
self healing system. Firewall must be positioned to control all incoming and outgoing
traffic. Firewall types are Packet Filtering, Circuit Level Gateway, Application Level,
Gateway, Stateful Inspection Gateways.
Firewall components are Proxies, VPN, NAT. Firewall also allows to enforce company's
written security policy, to Log events and act as a locked door between internal and
external network. Firewall consists of choke and gate. Choke - forces all communication
between the inside and outside network to take place through the gate. Gate enforces
security, authentication and sanitizing of data. Firewall Policy must support without

internal client modifications: telnet, FTP, e-mail (SMTP out POP3 in), HTTP, HTTPS,
NNTP, IRC, RealAudio, Firewall should prevent ping and trace-route from outside. VPN
tunneling should not be allowed through a firewall. Secure remote administration
should be allowed. Firewall must prevent IP spoofing attempts. The firewall needs
logging and reporting mechanisms
Security Policy
Security Policy is a set of rules that collectively determines an organization's security
posture. Example of a Simple Security Policy is like allowing anyone to get to Web server
and FTP server or allowing internal hosts to go anywhere and deny everything else.
Security Policy is translated into a collection of individual rules. The inspection engine
inspects packets by accessing its rule base. If packets do not pass inspection, they are
rejected or dropped, according to the base rule. Security Policy Workflow is to decide on
what kind of services / sessions are allowed and what type of user's permissions and
authentication methods. And also define the Objects used in the security policy. List of
rules representing the security policy must be crested. Individual rules should be
defined. Rules for firewall should be installed and monitored. Security Rules should look
into where the communication is coming from, where the communication is going to,
what kind of communication it is, what to do with the communication and during what
time can this action take place and should log the alert.
Disk Storage
The different types of storage are DAS (Direct Attached Storage), BAS (Bus Attached
Storage), NAS (Network Attached Storage) and SAN (Storage Area Network). DAS is
typically less expensive than other servers. The File System data transfer protocols are
NFS, CIFS. It is good for small and mid-size networks. Storage is connected directly to
the LAN via a LAN interface. SAN shares large amount of data. It is used in data
intensive applications with High bandwidth, low latency. It has guaranteed reliability
and availability. It connects storage devices into a storage pool. It is based of Fibre
Channel Technology (ANSI X3T11) it can connect up to 126 devices; up to 10 km. It
needs FC host bus adapters, hubs, switches and SCSI to FC bridges.
Infrastructure cost
Estimating the cost of e-business infrastructure is a key step toward a quantitative
analysis of ROI (Return of Investment) and SLAs (Service Level Agreements). The Cost
model includes Development cost like software, modifications and Capital equipment
like servers, disks, LANs, routers, switches, firewalls Network cost: which includes
Internet connection and Operational costs like 24x7 personnel, facilities, network
operations and maintenance, heating, air conditioning, building rent.
ONLINE BANKING
Online banking is one of the fastest growing online service industries, either as an
extension of services from traditional bank or as a purely online entity. Banks such as

Wells Fargo and Bank of America offer online banking and services such as e-wallets.
Internet only banks offer convenience and lower rates to their customers. However
customers still like to know where physical branch is located. The hybrid bank model is
most successful.
Electronic Checks
E-checks enable consumers to pay on credit over public networks. E-checks are very
similar to traditional checks. It has the Name of payer, Name of payer's financial
institution, Payer's account number, Name of the payee, Amount to be paid. E-check is
treated as the request to the sender's bank to transfer money. E-check is digitally signed
and endorsed by the payer and payee. Signature cannot be forged. To use e-check you
must register with a third - party account server, which enables you to purchase goods
and services. To purchase an item you send a check (digitally signed) with appropriate
amount to the merchant (via email, Web, etc). The merchant digitally signs the check to
endorse it. The merchant deposits the check; the check is cleared, the amount is
transferred from your account to the merchant's account. The standard used in E-Check
is IOTP - Internet Open Trading Protocol. The Internet Open Trading Protocol provides
a data exchange format for trading purposes while integrating existing pure payment
protocols seamlessly. This motivates the multiple layered system architecture which
consists of at least some generic IOTP application core and multiple specific payment
modules. It might be improper to refer to IOTP as a payment protocol, since it attempts
to capture the entire online shopping cycle.
Financial EDI
Financial Electronic Data Interchange (FEDI) is defined for the purpose of payment and
refers to the co-existence Electronic Data Interchange (EDI) and Electronic Funds
Transfer (EFT). EDI is a universal data format of business documents to facilitate the
exchange of digital documents between applications, usually residing in different
enterprises. Two standards in EDI are United Nations EDIFACT (elsewhere outside of
North America). American National Standards Institute ANSI X.12 (US & Canada).
These standards define the structure of hundreds of business document and their
associated business rules. In Financial EDI Development of standards is coordinated by
ANSI. A group of standards, called X.12, covers invoicing, order placing, payment,
shipping. X.12 is implemented as one system. X.12 is not design to support international
trade. It is focused on activities in the USA. Global (international) cross industry trade is
using UN/ EDIFACT: EDI for Administration, Commerce and Transport. Both X. 12 and
EDIFACT are hierarchical in structure. There are 2 major systems for conducting fund
transfers. The first is Wire transfers (SWIFT), designed for moving large dollar amounts
in single payment. The next is Automated Clearing House (ACH), designed as an
alternative to checks; checks replaced by electronic notification.
Electronic Funds Transfer

Electronic Funds Transfer (EFT) refers to ACH which is a data format used between
financial institutions and the Federal Reserve to initiate debits and credits. Financial
Institutions use the ACH standard to digitally transfer funds between each other.
Electronic Bill Presentment and Payment
EBPP consists of bill creation and presentment, bill distribution, delivery, payment and
tracking. The procedures involved are, Bill consolidation where many billers send bills
to one consolidator and consumer connects with one place to pay all bills. The next is
B2C billing most EBPP systems are focused on B2C market. Here email notification is
made for new bills. Clients can setup their default payment profiles. In B2B billing
payments typically involve significant amount of money. Electronic Invoice Presentment
and Payment is also done. This is a Process by which companies present invoices and
make payments to one another through the Internet.
QUESTIONS
1) Explain Network Infrastructure.
2) Comment on the Business Services Infrastructure available in India?
3) Explain Intermediaries in E-Commerce.
4) Explain the various types of E-Commerce.
5) Briefly explain the terms 'multimedia content' and 'network publishing
infrastructure'.
6) Discuss in detail the Global Information Distribution Networks.
7) Discuss the government policy regarding Global E-commerce.

- End of Chapter UNIT III

PUBLIC POLICY ISSUES

This section covers Legal, Ethical, and Other Public Policy Issues to EC. The opening
vignettes illustrate two legal issues related to EC. The first one deals with the validity of
contracts related to software purchase and distribution. This issue is especially
important since software is a digitized product and its sales online are growing rapidly.
In addition to contract validity, this vignette is related to the issue of intellectual

property and software piracy. The second vignette deals with the issue of unethical
distribution of software, which is related to intellectual property and software piracy.
Electronic commerce is so new that the legal, ethical, and other public policy issues that
are necessary for EC's existence are still evolving. The second vignette illustrates a legal
loophole that was fixed only after the incident occurred. Yet, such issues are extremely
important to the success of EC as they encompass one of the major pillars that support
EC applications. As a matter of fact, most of the surveys that attempt to find the
inhibitors of EC consistently place legal and related public policy issues at the top of the
list.
Legal and Ethical Issues: An Overview
The implementation of EC involves many legal issues. These can be classified in several
ways. We have segregated the EC-related legal issues in this chapter to include:
1. Privacy
This issue is becoming the most important issue for consumers. And indeed, privacy
statements can be found today in most large EC-related Web sites. Compliance with the
Privacy Act of 1974 and its extensions are not simple, since the line between legal
definitions and ethics is not always clear.
2. Intellectual property
Protecting intellectual property on the Web is very difficult since it is easy and
inexpensive to copy and disseminate digitized information. Furthermore, it is very
difficult to monitor who is using intellectual property and how. Copyright, trademarks,
and other intellectual property issues are defined by federal legislation.
3. Free speech
The Internet provides the largest opportunity for free speech that has ever existed. Yet,
this freedom may offend some people and may collide with the Indecency Act. Again,
the line is not always clear between what is illegal and what is unethical.
4. Taxation
At the present time, it is illegal to impose new sales taxes on Internet business. A
possible collision between federal and state legislation is possible, as well as between tax
laws of different countries.
5. Consumer protection
Many legal issues that deal with consumer protection, ranging from misrepresentation
to different kinds of fraud, are related to electronic trade.

6. Other legal issues

Several other EC legal issues exist, including topics such as validity of contracts,
jurisdiction over trades, encryption policies, and Internet gambling.
Legal issues versus ethics
In theory, one can distinguish between legal issues and ethical issues. If you do
something that is not legal, you are breaking the law. If you do something unethical, you
may not be breaking the law. Obviously, many illegal acts are unethical as well. The
problem is that, in information technology (IT), it is not always clear with several topics
that under most circumstances are both illegal and unethical. Before we explore these
issues, let us examine the meaning of ethics.
ETHICAL ISSUES
Ethics is a branch of philosophy that deals with what is considered to be right and
wrong. Over the years, philosophers have proposed many ethical guidelines, yet what is
unethical is not necessarily illegal. Thus, in many instances, an individual faced with an
ethical decision is not considering whether or not to break the law. In today's complex
environment, the definitions of right and wrong are not always clear. Consider the
following scenarios:
- A company developed profiles of potential customers from information collected with
cookies and questionnaires and sold the list to advertisers. Some of the profiles were
inaccurate; consequently, people received numerous pieces of inappropriate e-mail.
- Management allowed employees to use the Web for limited personal uses then
monitored usage without employee's knowledge.
- The president of a software development company marketed online a tax advice
program, knowing it had bugs. As a result, some users filed incorrect tax returns and
were penalised by the IRS.
Whether these actions are considered unethical depends on the organisation, country,
and the specific circumstances surrounding the scenarios.
The spread of EC has created many new ethical situations. For example, the issue of a
company monitoring e-mail is very controversial (47 percent of the readers of
information week believe companies have the right to do so, 53 percent disagree).
Obviously, there are major differences among companies and individuals with respect to
what is right and wrong.
There are also differences regarding ethics among different countries. What is unethical
in one culture may be perfectly acceptable in another. Many Western countries, for
example, have a much higher concern for individuals and their rights to privacy than
some Asian countries. In Asia, more emphasis is, in general, placed on the benefits to

society rather than on the rights of individuals. Some countries, like Sweden and
Canada, have very strict privacy laws; others have none. For example, in 1997, Italy,
Belgium, Spain, Portugal, and Greece had minimal legislation protecting and individuals
right to control personal data in governmental or commercial databases. This obstructs
the flow of information among countries in the European community. To overcome this
problem, in 1998, the European Community Commission issued guidelines to all its
member countries regarding the rights of individuals to access information about them
and to correct errors. Many companies and professional organisations develop their own
codes of ethics, a collection of principles intended as a guide for its members.
The diversity of EC applications and the increased use of technology have created new
ethical issues, as illustrated thought this text. An attempt to organise IT ethical issues
into a framework was undertaken by Mason (1986) and Mason et al. (1995), who
categorised ethical issues into privacy, accuracy, property, and accessibility.
Privacy - collection, storage, and dissemination of information about individuals.
Accuracy - authenticity, fidelity, and accuracy of information collected and processed.
Property - ownership and value of information and intellectual property.
Accessibility - right to access information and payment of fees to access it.
Mason et al. (1995) also developed a model for ethical reasoning that shows the process
that leads to ethical judgement when an individual is faced with an ethical issue.
Legal and ethical issues are important for the success of EC, Two organisations that are
active in this area are the Organisation for Economic Cooperative and Development
(www.oecd.org) and CommerceNet (www.commerce.net).
Issues in EC
This section covers nine areas where international agreements are needed to preserve
the Internet as a non-regulatory medium, one in which competition and consumer
choice will shape the marketplace. Although there are significant areas of overlap, these
items can be divided into three main subgroups: financial issues, legal issues, and
market access issues.
Financial Issues
Customs and taxation
Electronic payments
Legal Issues
Uniform Commercial Code for electronic commerce

 Intellectual property protection

Privacy
Security
Market Access Issues
Telecommunications infrastructure and information technology
Content
Technical standards
I. FINANCIAL ISSUES
1. Customs and Taxation
For over 50 years, nations have negotiated tariff reductions because they have
recognized that the economies and citizens of all nations benefit from free trade. Given
this recognition, and because the Internet is truly a global medium, it makes little sense
to introduce tariffs on goods and services delivered over the Internet.
Further, the Internet lacks the clear and fixed geographic lines of transit that historically
have characterized the physical trade of goods. Thus, while it remains possible to
administer tariffs for products ordered over the Internet but ultimately delivered via
surface or air transport, the structure of the Internet makes it difficult to do so when the
product or service is delivered electronically.
Nevertheless, many nations are looking for new sources of revenue, and may seek to levy
tariffs on global electronic commerce.
Therefore, the United States will advocate in the World Trade Organization (WTO) and
other appropriate international forums that the Internet be declared a tariff-free
environment whenever it is used to deliver products or services. This principle should be
established quickly before nations impose tariffs and before vested interests form to
protect those tariffs.
In addition, the government believes that no new taxes should be imposed on Internet
commerce. The taxation of commerce conducted over the Internet should be consistent
with the established principles of international taxation, should avoid inconsistent
national tax jurisdictions and double taxation, and should be simple to administer and
easy to understand.
Any taxation of Internet sales should follow these principles:

 It should neither distort nor hinder commerce. No tax system should discriminate
among types of commerce, nor should it create incentives that will change the nature or
location of transactions.
The system should be simple and transparent. It should be capable of capturing the
overwhelming majority of appropriate revenues, be easy to implement, and minimize
burdensome record keeping and costs for all parties.
The system should be able to accommodate tax systems used by the United States and
our international partners today.
Wherever feasible, we should look to existing taxation concepts and principles to
achieve these goals. Any such taxation system will have to accomplish these goals in the
context of the Internet's special characteristics -- the potential anonymity of buyer and
seller, the capacity for multiple small transactions, and the difficulty of associating
online activities with physically defined locations.
To achieve global consensus on this approach, the United States, through the Treasury
Department, is participating in discussions on the taxation of electronic commerce
through the Organization for Economic Cooperation and Development (OECD), the
primary forum for cooperation in international taxation.
The Administration is also concerned about possible moves by state and local tax
authorities to target electronic commerce and Internet access. The uncertainties
associated with such taxes and the inconsistencies among them could stifle the
development of Internet commerce.
The Administration believes that the same broad principles applicable to international
taxation, such as not hindering the growth of electronic commerce and neutrality
between conventional and electronic commerce, should be applied to sub federal
taxation. No new taxes should be applied to electronic commerce, and states should
coordinate their allocation of income derived from electronic commerce. Of course,
implementation of these principles may differ at the sub federal level where indirect
taxation plays a larger role.
Before any further action is taken, states and local governments should cooperate to
develop a uniform, simple approach to the taxation of electronic commerce, based on
existing principles of taxation where feasible.
2. Electronic Payment Systems
New technology has made it possible to pay for goods and services over the Internet.
Some of the methods would link existing electronic banking and payment systems,
including credit and debit card networks, with new retail interfaces via the Internet.
Electronic money, based on stored-value, smart card, or other technologies, is also
under development. Substantial private sector investment and competition is spurring

an intense period of innovation that should benefit consumers and businesses wishing
to engage in global electronic commerce.
At this early stage in the development of electronic payment systems, the commercial
and technological environment is changing rapidly. It would be hard to develop policy
that is both timely and appropriate. For these reasons, inflexible and highly prescriptive
regulations and rules are inappropriate and potentially harmful. Rather, in the near
term, case-by-case monitoring of electronic payment experiments is preferred.
From a longer term perspective, however, the marketplace and industry self-regulation
alone may not fully address all issues. For example, government action may be
necessary to ensure the safety and soundness of electronic payment systems, to protect
consumers, or to respond to important law enforcement objectives.
The United States, through the Department of the Treasury, is working with other
governments in international forums to study the global implications of emerging
electronic payment systems. A number of organizations are already working on
important aspects of -electronic banking and payments. Their analyses will contribute to
a better understanding of how electronic payment systems will affect global commerce
and banking.
The Economic Communiqu issued at the Lyon Summit by the G-7 Heads of State called
for a cooperative study of the implications of new, sophisticated retail electronic
payment systems. In response, the G-10 deputies formed a Working Party, with
representation from finance ministries and central banks (in consultation with law
enforcement authorities). The Working Party is chaired by a representative from the
U.S. Treasury Department, and tasked to produce a report that identifies common
policy objectives among the G-10 countries and analyzes the national approaches to
electronic commerce taken to date.
As electronic payment systems develop, governments should work closely with the
private sector to inform policy development, and ensure that governmental activities
flexibly accommodate the needs of the emerging marketplace.
II. LEGAL ISSUES
1. 'Uniform Commercial Code for Electronic Commerce
In general, parties should be able to do business with each other on the Internet under
whatever terms and conditions they agree upon.
Private enterprise and free markets have typically flourished, however, where there are
predictable and widely accepted legal environments supporting commercial
transactions. To encourage electronic commerce, the U.S. government should support
the development of both a domestic and global uniform commercial legal framework
that recognizes, facilitates, and enforces electronic transactions worldwide. Fully
informed buyers and sellers could voluntarily agree to form a contract subject to this

uniform legal framework, just as parties currently choose the body of law that will be
used to interpret their contract.
Participants in the marketplace should define and articulate most of the rules that will
govern electronic commerce. To enable private entities to perform this task and to fulfill
their roles adequately, governments should encourage the development of simple and
predictable domestic and international rules and norms that will serve as the legal
foundation for commercial activities in cyberspace.
In the United States, every state government has adopted the Uniform Commercial Code
(UCC), a codification of substantial portions of commercial law. The National
Conference of Commissioners of Uniform State Law (NCCUSL) and the American Law
Institute, domestic sponsors of the UCC, already are working to adapt the UCC to
cyberspace. Private sector organizations, including the American Bar Association (ABA)
along with other interest groups, are participants in this process. Work is also ongoing
on a proposed electronic contracting and records act for transactions not covered by the
UCC. The Administration supports the prompt consideration of these proposals, and the
adoption of uniform legislation by all states. Of course, any such legislation will be
designed to accommodate ongoing and possible future global initiatives.
Internationally, the United Nations Commission on International Trade Law
(UNCITRAL) has completed work on a model law that supports the commercial use of
international contracts in electronic commerce. This model law establishes rules and
norms that validate and recognize contracts formed through electronic means, sets
default rules for contract formation and governance of electronic contract performance,
defines the characteristics of a valid electronic writing and an original document,
provides for the acceptability of electronic signatures for legal and commercial purposes,
and supports the admission of computer evidence in courts and arbitration proceedings.
The United States Government supports the adoption of principles along these lines by
all nations as a start to defining an international set of uniform commercial principles
for electronic commerce. We urge UNCITRAL, other appropriate international bodies,
bar associations, and other private sector groups to continue their work in this area.
The following principles should, to the extent possible, guide the drafting of rules
governing global electronic commerce:
Parties should be free to order the contractual relationship between them as they see
fit;
Rules should be technology-neutral (i.e., the rules should neither require nor assume a
particular technology) and forward looking (i.e., the rules should not hinder the use or
development of technologies in the future);
Existing rules should be modified and new rules should be adopted only as necessary
or substantially desirable to support the use of electronic technologies; and

 The process should involve the high-tech commercial sector as well as businesses that
have not yet moved online.
With these principles in mind, UNCITRAL, UNIDROIT, and the International Chamber
of Commerce (ICC), and others should develop additional model provisions and
uniform fundamental principles designed to eliminate administrative and regulatory
barriers and to facilitate electronic commerce by:
encouraging governmental recognition, acceptance and facilitation of electronic
communications (i.e., contracts, notarized documents, etc.
encouraging consistent international rules to support the acceptance of electronic
signatures and other authentication procedures; and
promoting the development of adequate, efficient, and effective alternate dispute
resolution mechanisms for global commercial transactions.
The expansion of global electronic commerce also depends upon the participants, ability
to achieve a reasonable degree of certainty regarding their exposure to liability for any
damage or injury that might result from their actions. Inconsistent local tort laws,
coupled with uncertainties regarding jurisdiction, could substantially increase litigation
and create unnecessary costs that ultimately will be borne by consumers. The U.S.
should work closely with other nations to clarify applicable jurisdictional rules and to
generally favor and enforce contract provisions that allow parties to select substantive
rules governing liability.
Finally, the development of global electronic commerce provides an opportunity to
create legal rules that allow business and consumers to take advantage of new
technology to streamline and automate functions now accomplished manually. For
example, consideration should be given to establishing electronic registries.
The Departments of Commerce and State will continue to organize U.S. participation in
these areas with a goal of achieving substantive international agreement on model law
within the next two years. NCCUSL and the American Law Institute, working with the
American Bar Association and other interested groups, are urged to continue their work
to develop complementary domestic and international efforts.
2. Intellectual Property Protection
Commerce on the Internet often will involve the sale and licensing of intellectual
property. To promote this commerce, sellers must know that their intellectual property
will not be stolen and buyers must know that they are obtaining authentic products.
International agreements that establish clear and effective copyright, patent, and
trademark protection are therefore necessary to prevent piracy and fraud. While
technology, such as encryption, can help combat piracy, an adequate and effective legal
framework also is necessary to deter fraud and the theft of intellectual property, and to

provide effective legal recourse when these crimes occur. Increased public education
about intellectual property in the information age will also contribute to the successful
implementation and growth of the GII
Copyrights
There are several treaties that establish international norms for the protection of
copyrights, most notably the Berne Convention for the Protection of Literary and
Artistic Works. These treaties link nearly all major trading nations and provide them
with a means of protecting, under their own laws, each other's copyrighted works and
sound recordings.
In December 1996, the World Intellectual Property Organization (WIPO) updated the
Berne Convention and provided new protection for performers and producers of sound
recordings by adopting two new treaties. The two treaties -- the WIPO Copyright Treaty
and the WIPO Performances and Phonograms Treaty -- will greatly facilitate the
commercial applications of online digital communications over the GII.
Both treaties include provisions relating to technological protection, copyright
management information, and the right of communication to the public, all of which are
indispensable for an efficient exercise of rights in the digital environment. The U.S.
Government recognizes private sector efforts to develop international and domestic
standards in these areas. The Administration understands the sensitivities associated
with copyright management information and technological protection measures, and is
working to tailor implementing legislation accordingly.
Both treaties also contain provisions that permit nations to provide for exceptions to
rights in certain cases that do not conflict with a normal exploitation of the work and do
not unreasonably prejudice the legitimate interests of the author (e.g., "fair use"). These
provisions permit members to carry forward and appropriately extend into the digital
environment limitations and exceptions in their national laws which have been
considered acceptable under the Berne Convention. These provisions permit members
to devise new exceptions and limitations that are appropriate in the digital network
environment, but neither reduce nor extend the scope of applicability of the limitations
and exceptions permitted by the Berne Convention.
The Administration is drafting legislation to implement the new WIPO treaties, and
looks forward to working with the Senate on their ratification.
The two new WIPO treaties do not address issues of online service provider liability,
leaving them to be determined by domestic legislation. The Administration looks
forward to working with Congress as these issues are addressed and supports efforts to
achieve an equitable and balanced solution that is agreeable to interested parties and
consistent with international copyright obligations.
The adoption of the two new WIPO treaties represents the attainment of one of the
Administration's significant intellectual property objectives. The U.S. Government will

continue to work for appropriate copyright protection for works disseminated

electronically. The Administrations copyright-related objectives will include:
encouraging countries to fully and immediately implement the obligations contained
in the Agreement on Trade-Related Aspects of Intellectual Property (TRIPS);
seeking immediate U.S. ratification and deposit of the instruments of accession to the
two new WIPO treaties and implementation of the obligations in these treaties in a
balanced and appropriate way as soon as possible;
encouraging other countries to join the two new WIPO treaties and to implement fully
the treaty obligations as soon as possible; and
ensuring that U.S. trading partners establish laws and regulations that provide
adequate and effective protection for copyrighted works, including motion pictures,
computer software, and sound recordings, disseminated via the GII, and that these laws
and regulations are fully implemented and actively enforced.
The United States will pursue these international objectives through bilateral
discussions and multilateral discussions at WIPO and other appropriate forums and will
encourage private sector participation in these discussions.
Sui Generis Protection of Databases
The December 1996 WIPO Conference in Geneva did not take up a proposed treaty to
protect the non-original elements of databases. Instead, the Conference called for a
meeting, subsequently held, to discuss preliminary steps to study proposals to establish
sui generis database protection.
Based on the brief discussion of sui generis database protection that took place before
and during the Diplomatic Conference, it is clear that more discussion of the need for
and the nature of such protection is necessary domestically and internationally.
The Administration will seek additional input from, among others, the scientific, library,
and academic communities and the commercial sector, in order to develop U.S. policy
with respect to sui generis database protection.
Patents
Development of the GII will both depend upon and stimulate innovation in many fields
of technology, including computer software, computer hardware, and
telecommunications. An effectively functioning patent system that encourages and
protects patentable innovations in these fields is important for the overall success of
commerce over the Internet. Consistent with this objective, the U.S. Patent and
Trademark Office (PTO) will (1) significantly enhance its collaboration with the private
sector to assemble a larger, more complete collection of prior art (both patent and nonpatent publications), and provide its patent examiners better access to prior art in Gil-

related technologies; (2) train its patent examiners in GII related technologies to raise
and maintain their level of technical expertise; and (3) support legislative proposals for
early publication of pending patent applications, particularly in areas involving fast
moving technology.
To create a reliable environment for electronic commerce, patent agreements should:
prohibit member countries from authorizing parties to exploit patented inventions
related to the Gil without the patent owner's authority (i.e., disapproval of compulsory
licensing of Gil-related technology except to remedy a practice determined after judicial
or administrative process to be anti-competitive);
require member countries to provide adequate and effective protection for patentable
subject matter important to the development and success of the GII; and
establish international standards for determining the validity of a patent claim.
The United States will pursue these objectives internationally. Officials of the European,
Japanese, and United States Patent Officers meet, for example, each year to foster
cooperation on patent-related issues. The United States will recommend at the next
meeting that a special committee be established within the next year to make
recommendations on Gil-related patent issues.
In a separate venue, one hundred countries and international intergovernmental
organizations participate as members of WIPO's permanent committee on industrial
property information (PCIPI). The United States will attempt to establish a working
group of this organization to address GH-related patent issues.
Trademark and Domain Names
Trademark rights are national in scope and conflicts may arise where the same or
similar trademarks for similar goods or services are owned by different parties in
different countries. Countries may also apply different standards for determining
infringement.
Conflicts have arisen on the Gil where third parties have registered Internet domain
names that are the same as, or similar to, registered or common law trademarks. An
Internet domain name functions as a source identifier on the Internet. Ordinarily,
source identifiers, like addresses, are not protected intellectual property (i.e., a
trademark) per se. The use of domain names as source identifiers has burgeoned,
however, and courts have begun to attribute intellectual property rights to them, while
recognizing that misuse of a domain name could significantly infringe, dilute, and
weaken valuable trademark rights.
To date, conflicts between trademark rights and domain names have been resolved
through negotiations and/or litigation. It may be possible to create a contractually based
self-regulatory regime that deals with potential conflicts between domain name usage

and trademark laws on a global basis without the need to litigate. This could create a
more stable business environment on the Internet. Accordingly, the United States will
support efforts already underway to create domestic and international forums for
discussion of Internet-related trademark issues. The Administration also plans to seek
public input on the resolution of trademark disputes in the context of domain names.
Governance of the domain name system (DNS) raises other important issues unrelated
to intellectual property. The Administration supports private efforts to address Internet
governance issues including those related to domain names and has formed an
interagency working group under the leadership of the Department of Commerce to
study DNS issues. The working group will review various DNS proposals, consulting
with interested private sector, consumer, professional, congressional and state
government and international groups. The group will consider, in light of public input,
(1) what contribution government might make, if any, to the development of a global
competitive, market-based system to register Internet domain names, and (2) how best
to foster bottom-up governance of the Internet.
3. Privacy
Americans treasure privacy, linking it to our concept of personal freedom and wellbeing. Unfortunately, the GIIs great promise - that it facilitates the collection, re-use,
and instantaneous transmission of information - can, if not managed carefully, diminish
personal privacy. It is essential, therefore, to assure personal privacy in the networked
environment if people are to feel comfortable doing business.
At the same time, fundamental and cherished principles like the First Amendment,
which is an important hallmark of American democracy, protect the free flow of
information. Commerce on the GII will thrive only if the privacy rights of individuals are
balanced with the benefits associated with the free flow of information.
In June of 1995, the Privacy Working Group of the United States government
Information Infrastructure Task Force (IITF) issued a report entitled, PRIVACY AND
THE NATIONAL INFORMATION INFRASTRUCTURE: Principles for Providing and
Using Personal Information. The report recommends a set of principles (the "Privacy
Principles") to govern the collection, processing, storage, and re-use of personal data in
the information age.
These Privacy Principles, which build on the Organization for Economic Cooperation
and Development's GUIDELINES GOVERNING THE PROTECTION OF PRIVACY AND
TRANSBORDER DATA FLOW OF PERSONAL DATA and incorporate principles of fair
information practices, rest on the fundamental precepts of awareness and choice:
Data-gatherers should inform consumers what information they are collecting, and
how they intend to use such data; and
Data-gatherers should provide consumers with a meaningful way to limit use and reuse of personal information.

Disclosure by data-gatherers is designed to stimulate market resolution of privacy

concerns by empowering individuals to obtain relevant knowledge about why
information is being collected, what the information will be used for, what steps will be
taken to protect that information, the consequences of providing or withholding
information, and any rights of redress that they may have. Such disclosure will enable
consumers to make better judgments about the levels of privacy available and their
willingness to participate.
In addition, the Privacy Principles identify three values to govern the way in which
personal information is acquired, disclosed and used online -- information privacy,
information integrity, and information quality. First, an individual's reasonable
expectation of privacy regarding access to and use of, his or her personal information
should be assured. Second, personal information should not be improperly altered or
destroyed. And, third, personal information should be accurate, timely, complete, and
relevant for the purposes for which it is provided and used.
Under these principles, consumers are entitled to redress if they are harmed by
improper use or disclosure of personal information or if decisions are based on
inaccurate, outdated, incomplete, or irrelevant personal information.
In April, 1997, the Information Policy Committee of the IITF issued a draft paper
entitled Options for Promoting Privacy on the National Information Infrastructure. The
paper surveys information practices in the United States and solicits public comment on
the best way to implement the Privacy Principles. The IITF goal is to find a way to
balance the competing values of personal privacy and the free flow of information in a
digital democratic society.
Meanwhile, other federal agencies have studied privacy issues in the context of specific
industry sectors. In October 1995, for example, the National Telecommunications and
Information Administration (NTIA) issued a report entitled Privacy and the Nil:
Safeguarding Telecommunications-Related Personal Information. It explores the
application of the Privacy Principles in the context of telecommunications and online
services and advocates a voluntary framework based on notice and consent. On January
6, 1997, the FTC issued a staff report entitled Public Workshop on Consumer Privacy on
the Global Information Infrastructure. The report, which focuses on the direct
marketing and advertising industries, concludes that notice, choice, security, and access
are recognized as necessary elements of fair information practices online. In June of
1997, the FTC held four days of hearings on technology tools and industry selfregulation regimes designed to enhance personal privacy on the Internet.
The Administration supports private sector efforts now underway to implement
meaningful, consumer-friendly, self-regulatory privacy regimes. These include
mechanisms for facilitating awareness and the exercise of choice online, evaluating
private sector adoption of and adherence to fair information practices, and dispute
resolution.

The Administration also anticipates that technology will offer solutions to many privacy
concerns in the online environment, including the appropriate use of anonymity. If
privacy concerns are not addressed by industry through self-regulation and technology,
the Administration will face increasing pressure to play a more direct role in
safeguarding consumer choice regarding privacy online.
The Administration is particularly concerned about the use of information gathered
from children, who may lack the cognitive ability to recognize and appreciate privacy
concerns. Parents should be able to choose whether or not personally identifiable
information is collected from or about their children. We urge industry, consumer, and
child-advocacy groups working together to use a mix of technology, self-regulation, and
education to provide solutions to the particular dangers arising in this area and to
facilitate parental choice. This problem warrants prompt attention. Otherwise,
government action may be required.
Privacy concerns are being raised in many countries around the world, and some
countries have enacted laws, implemented industry self-regulation, or instituted
administrative solutions designed to safeguard their citizens' privacy. Disparate policies
could emerge that might disrupt trans-border data flows. For example, the European
Union (EU) has adopted a Directive that prohibits the transfer of personal data to
countries that, in its view, do not extend adequate privacy protection to EU citizens.
To ensure that differing privacy policies around the world do not impede the flow of
data on the Internet, the United States will engage its key trading partners in
discussions to build support for industry-developed solutions to privacy problems and
for market driven mechanisms to assure customer satisfaction about how private data is
handled.
The United States will continue policy discussions with the EU nations and the
European' Commission to increase understanding about the U.S. approach to privacy
and to assure that the criteria they use for evaluating adequacy are sufficiently flexible to
accommodate our approach. These discussions are led by the Department of Commerce,
through NTIA, and the State Department, and include the Executive Office of the
President, the Treasury Department, the Federal Trade Commission (FTC) and other
relevant federal agencies. NTIA is also working with the private sector to assess the
impact that the implementation of the EU Directive could have on the United States.
The United States also will enter into a dialogue with trading partners on these issues
through existing bilateral forums as well as through regional forums such as the Asia
Pacific Economic Cooperation (APEC) forum, the Summit of the Americas, the North
American Free Trade Agreement (NAFTA), and the Inter-American
Telecommunications Commission (CITEL) of the Organization of American States, and
broader multilateral organizations.
The Administration considers data protection critically important. We believe that
private efforts of industry working in cooperation with consumer groups are preferable

to government regulation, but if effective privacy protection cannot be provided in this

way, we will re-evaluate this policy.
4. Security
The GII must be secure and reliable. If Internet users do not have confidence that their
communications and data are safe from unauthorized access or modification, they will
be unlikely to use the Internet on a routine basis for commerce. A secure GII requires:
1) Secure and reliable telecommunications networks;
2) Effective means for protecting the information systems attached to those networks;
3) Effective means for authenticating and ensuring confidentiality of electronic
information to protect data from unauthorized use; and
4) Well trained GH users who understand how to protect their systems and their data.
There is no single "magic" technology or technique that can ensure that the Gil will be
secure and reliable. Accomplishing that goal requires a range of technologies
(encryption, authentication, password controls, firewalls, etc.) and effective, consistent
use of those technologies; all supported globally by trustworthy key and security
management infrastructures.
On particular importance is the development of trusted certification services that
support the digital signatures that will permit users to know whom they are
communicating with on the Internet. Both signatures and confidentiality rely on the use
of cryptographic keys. To promote the growth of a trusted electronic commerce
environment, the Administration is encouraging the development of a voluntary,
market-driven key management infrastructure that will support authentication,
integrity, and confidentiality.
Encryption products protect the confidentiality of stored data and electronic
communications by making them unreadable without a decryption key. But strong
encryption is a double-edged sword. Law abiding citizens can use strong encryption to
protect their trade secrets and personal records. But those trade secrets and personal
records could be lost forever if the decrypt key is lost. Depending upon the value of the
information, the loss could be quite substantial. Encryption can also be used by
criminals and terrorists to reduce law enforcement capabilities to read their
communications. Key recovery based encryption can help address some of these issues.
In promoting robust security needed for electronic commerce, the Administration has
already taken steps that will enable trust in encryption and provide the safeguards that
users and society will need. The Administration, in partnership with industry, is taking
steps to promote the development of market-driven standards, public-key management
infrastructure services and key recoverable encryption products. Additionally, the

Administration has liberalized export controls for commercial encryption products

while protecting public safety and national security interests.
The Administration is also working with Congress to ensure legislation is enacted that
would facilitate development of voluntary key management infrastructures and would
govern the release of recovery information to law enforcement officials pursuant to
lawful authority.
The U.S. government will work internationally to promote development of marketdriven key management infrastructure with key recovery. Specifically, the U.S. has
worked closely within the OECD to develop international guidelines for encryption
policies and will continue to promote the development of policies to provide a
predictable and secure environment for global electronic commerce.
III. MARKET ACCESS ISSUES
1. Telecommunications Infrastructure and Information Technology
Global electronic commerce depends upon a modern, seamless, global
telecommunications network and upon the computers and information appliances that
connect to it. Unfortunately, in too many countries, telecommunications policies are
hindering the development of advanced digital networks. Customers find that
telecommunications services often are too expensive, bandwidth is too limited, and
services are unavailable or unreliable. Likewise, many countries maintain trade barriers
to imported information technology, making it hard for both merchants and customers
to purchase the computers and information systems they need to participate in
electronic commerce.
In order to spur the removal of barriers, in March 1994, Vice President Gore spoke to
the World Telecommunications Development Conference in Buenos Aires. He
articulated several principles that the U.S. believes should be the foundation for
government policy, including:
1) encouraging private sector investment by privatizing government-controlled
telecommunications companies;
2) promoting and preserving competition by introducing competition to monopoly
phone markets, ensuring interconnection at fair prices, opening markets to foreign
investment, and enforcing anti-trust safeguards;
3) guaranteeing open access to networks on a non-discriminatory basis, so that GII
users have access to the broadest range of information and services; and
4) implementing, by an independent regulator, pro-competitive and flexible regulation
that keeps pace with technological development.

Domestically, the Administration recognizes that there are various constraints in the
present network that may impede the evolution of services requiring higher bandwidth.
Administration initiatives include Internet II, or Next Generation Internet. In addition,
the FCC has undertaken several initiatives designed to stimulate bandwidth expansion,
especially to residential and small/home office customers.
The goal of the United States will be to ensure that online service providers can reach
end-users on reasonable and non-discriminatory terms and conditions. Genuine market
opening will lead to increased competition, improved telecommunications
infrastructures, more customer choice, lower prices and increased and improved
services.
Areas of concern include:
Leased lines: Data networks of most online service providers are constructed with leased
lines that must be obtained from national telephone companies, often monopolies or
governmental entities. In the absence of effective competition, telephone companies
may impose artificially inflated leased line prices and usage restrictions that impede the
provision of service by online service providers.
Local loops pricing: To reach their subscribers, online service providers often have no
choice but to purchase local exchange services from monopoly or government-owned
telephone companies. These services also are often priced at excessive rates, inflating
the cost of data services to customers.
Interconnection and unbundling: Online service providers must be able to interconnect
with the networks of incumbent telecommunication companies so that information can
pass seamlessly between all users of the network. Monopolies or dominant telephone
companies often price interconnection well above cost, and refuse to interconnect
because of alleged concerns about network compatibility or absence of need for other
providers.
Attaching equipment to the network: Over the years, some telecommunication providers
have used their monopoly power to restrict the connection of communication or
technology devices to the network. Even when the monopoly has been broken, a host of
unnecessary burden some "type acceptance" practices have been used to retard
competition and make it difficult for consumers to connect.
Internet voice and multimedia: Officials of some nations claim that "real time" services
provided over the Internet are "like services" to traditionally regulated voice telephony
and broadcasting, and therefore should be subject to the same regulatory restrictions
that apply to those traditional services. In some countries, these providers must be
licensed, as a way to control both the carriage and content offered. Such an approach
could hinder the development of new technologies and new services.
In addition, countries have different levels of telecommunications infrastructure
development, which may hinder the global provision and use of some Internet-based

services. The Administration believes that the introduction of policies promoting foreign
investment, competition, regulatory flexibility and open access will support
infrastructure development and the creation of more data-friendly networks.
To address these issues, the Administration successfully concluded the WTO Basic
Telecommunications negotiations, which will ensure global competition in the provision
of basic telecommunication services and will address the many underlying issues
affecting online service providers. During those negotiations, the U.S. succeeded in
ensuring that new regulatory burdens would not be imposed upon online service
providers that would stifle the deployment of new technologies and services.
As the WTO Agreement is implemented, the Administration will seek to ensure that new
rules of competition in the global communications marketplace will be technology
neutral and will not hinder the development of electronic commerce. In particular, rules
for licensing new technologies and new services must be sufficiently flexible to
accommodate the changing needs of consumers while allowing governments to protect
important public interest objectives like universal service. In this context, rules to
promote such public interest objectives should not fall disproportionately on any one
segment of the telecommunications industry or on new entrants.
The Administration will also seek effective implementation of the Information
Technology Agreement concluded by the members of the WTO in March 1997, which is
designed to remove tariffs on almost all types of information technology. Building on
this success, and with the encouragement of U.S. companies, the administration is
developing plans for ITA II, in which it will to seek to remove remaining tariffs on, and
existing non-tariff barriers to, information technology goods and services. In addition
the Administration is committed to finding other ways to streamline requirements to
demonstrate product conformity, including through Mutual Recognition Agreements
(MRAS) that can eliminate the need for a single product to be certified by different
standards laboratories across national borders.
Bilateral exchanges with individual foreign governments, regional forums such as APEC
and CITEL, and multilateral forums such as the OECD and ITU, and various other
forums (i.e. international alliances of private businesses, the International Organization
of Standardization [ISO], the International Electro-technical Commission [IEC]), also
will be used for international discussions on telecommunication-related Internet issues
and removing trade barriers that inhibit the export of information technology. These
issues include the terms and conditions governing the exchange of online traffic,
addressing, and reliability. In all forums, U.S. Government positions that might
influence Internet pricing, service delivery options or technical standards will reflect the
principles established in this paper and U.S. Government representatives will survey the
work of their study groups to ensure that this is the case.
In addition, many Internet governance issues will best be dealt with by means of private
open standards processes and contracts involving participants from both government
and the private sector. The U.S. government will support industry initiatives aimed at
achieving the important goals outlined in this paper.

2. Content
The U.S. government supports the broadcast possible free flow of information across
international borders. This includes most informational material now accessible and
transmitted through the Internet, including through World Wide Web pages news and
other information services, virtual shopping malls, and entertainment features, such as
audio and video products, and the arts. This principle extends to information created by
commercial enterprises as well as by schools, libraries, governments and other nonprofit
entities.
In contrast to traditional broadcast media, the Internet promises users greater
opportunity to shield themselves and their children from content they deem offensive or
inappropriate. New technology, for example, may enable parents to block their
children's access to sensitive information or confine their children to pre-approved
websites.
To the extent, then, that effective filtering technology becomes available, content
regulations traditionally imposed on radio and television would not need to be applied
to the Internet. In fact, unnecessary regulation could cripple the growth and diversity of
the Internet.
The Administration therefore supports industry self-regulation, adoption of competing
ratings systems, and development of easy-to-use technical solutions (e.g., filtering
technologies and age verification systems) to assist in screening information online.
There are four priority areas of concern:
a. Regulation of content: Companies wishing to do business over the Internet, and
to provide access to the Internet (including U.S. online service providers with foreign
affiliates or joint ventures) are concerned about liability based on the different policies
of every country through which their information may travel.
Countries that are considering or have adopted laws to restrict access to certain types of
content through the Internet emphasize different concerns as a result of cultural, social,
and political difference. These different laws can impede electronic commerce in the
global environment.
The Administration is concerned about Internet regulation of this sort, and will develop
an informal dialogue with key trading partners on public policy issues such as hate
speech, violence, sedition, pornography and other content to ensure that differences in
national regulation, especially those undertaken to foster cultural identity, do not serve
as disguised trade barriers.
b. Foreign content quotas: Some countries currently require that a specific
proportion of traditional broadcast transmission time be devoted to "domestically
produced" content. Problems could arise on the Internet if the definition of
"broadcasting" is changed to extend these current regulations to "new services."

Countries also might decide to regulate Internet content and establish restrictions under
administrative authority, rather than under broadcast regulatory structures.
The Administration will pursue a dialogue with other nations on how to promote
content diversity, including cultural and linguistic diversity, without limiting content.
These discussions could consider promotion of cultural identity through subsidy
programs that rely solely on general tax revenues and that are implemented in a nondiscriminatory manner.
c. Regulation of advertising: Advertising will allow the new interactive media to
offer more affordable products and services to a wider, global audience. Some countries
stringently restrict the language, amount, frequency, duration, and type of teleshopping
and advertising spots used by advertisers. In principle, the United States does not favor
such regulations. While recognizing legitimate cultural and social concerns, these
concerns should not be invoked to justify unnecessarily burdensome regulation of the
Internet.
There are laws in many countries around the world that require support for advertising
claims. Advertising industry self-regulation also exists in many countries around the
globe. Truthful and accurate advertising should be the cornerstone of advertising on all
media, including the Internet.
A strong body of cognitive and behavioural research demonstrates that children are
particularly vulnerable to advertising. As a result, the U.S. has well established rules
(self-regulatory and otherwise) for protecting children from certain harmful advertising
practices. The Administration will work with industry and children's advocates to ensure
that these protections are translated to and implemented appropriately in the online
media environment.
The rules of the "country-of-origin" should serve as the basis for controlling Internet
advertising to alleviate national legislative road blocks and trade barriers.
d. Regulation to prevent fraud: Recently, there have been a number of cases where
fraudulent information on companies and their stocks, and phony investment schemes
have been broadcast on the Internet. The appropriate federal agencies (i.e., Federal
Trade Commission and the Securities and Exchange Commission) are determining
whether new regulations are needed to prevent fraud over the Internet.
In order to realize the commercial and cultural potential of the Internet, consumers
must have confidence that the goods and services offered are fairly represented, that
they will get what they pay for, and that recourse or redress will be available if they do
not. This is an area where government action is appropriate.
The Administration will explore opportunities for international cooperation to protect
consumers and to prosecute false, deceptive, and fraudulent commercial practices in
cyberspace.

Federal agencies such as the Department of State, U.S. Trade Representative (USTR),
the Commerce Department (NTIA), the FTC, the Office of Consumer Affairs and others
have already engaged in efforts to promote such positions, through both bilateral and
multilateral channels, including through the OECD, the G-7 Information Society and
Development Conference, the Latin American Telecommunications Summits, and the
Summit of the Americas process, as well as APEC Telecommunications Ministerial. All
agencies participating in such forums will focus on pragmatic solutions based upon the
principles in this paper to issues related to content control.
3. Technical Standards
Standards are critical to the long term commercial success of the Internet as they can
allow products and services from different vendors to work together. They also
encourage competition and reduce uncertainty in the global marketplace. Premature
standardization, however, can "lock in" outdated technology. Standards also can be
employed as de facto non-tariff trade barriers, to "lock out" non-indigenous businesses
from a particular national market.
The United States believes that the marketplace, not governments, should determine
technical standards and other mechanisms for interoperability. Technology is moving
rapidly and government attempts to establish technical standards to govern the Internet
would only risk inhibiting technological innovation. The United States considers it
unwise and unnecessary for governments to mandate standards for electronic
commerce. Rather, we urge industry driven multilateral fora to consider technical
standards in this area.
To ensure the growth of global electronic commerce over the Internet, standards will be
needed to assure reliability, interoperability, ease of use and scalability in areas such as:
electronic payments;
security (confidentiality, authentication, data integrity, access control, nonrepudiation);
security services infrastructure (e.g., public key certificate authorities);
electronic copyright management systems;
video and data-conferencing;
high-speed network technologies (e.g., Asynchronous Transfer Mode, Synchronous
Digital Hierarchy); and
digital object and data interchange.
There need not be one standard for every product or service associated with the Gil, and
technical standards need not be mandated. In some cases, multiple standards will

compete for marketplace acceptance. In other cases, different standards will be used in
different circumstances.
The prevalence of voluntary standards oh the Internet, and the medium's consensusbased process of standards development and acceptance are stimulating its rapid
growth. These standards flourish because of a non-bureaucratic system of development
managed by technical practitioners working through various organizations. These
organizations require demonstrated deployment of systems incorporating a given
standard prior to formal acceptance, but the process facilitates rapid deployment of
standards and can accommodate evolving standards as well. Only a handful of countries
allow private sector standards development; most rely on government-mandated
solutions, causing these nations to fall behind the technological cutting edge and
creating non-tariff trade barriers.
Numerous private sector bodies have contributed to the process of developing voluntary
standards that promote interoperability. The United States has encouraged the
development of voluntary standards through private standards organizations, consortia,
test beds and R&D activities. The U.S. government also has adopted a set of principles to
promote acceptance of domestic and international voluntary standards.
While no formal government-sponsored negotiations are called for at this time, the
United States will use various forums (i.e., international alliances of private businesses,
the International Organization for Standardization [ISO], the International Electro
technical Commission [IEC], International Telecommunications Union [ITU], etc.) to
discourage the use of standards to erect barriers to free trade on the developing GII. The
private sector should assert global leadership to address standards setting needs. The
United States will work through intergovernmental organizations as needed to monitor
and support private sector leadership.
A Coordinated Strategy
The success of electronic commerce will require an effective partnership between the
private and public sectors, with the private sector in the lead. Government participation
must be coherent and cautious, avoiding the contradictions and confusions that can
sometimes arise when different governmental agencies individually assert authority too
vigorously and operate without coordination.
The variety of issues being raised, the interaction among them, and the disparate forums
in which they are being addressed will necessitate a coordinated, targeted governmental
approach to avoid inefficiencies and duplication in developing and reviewing policy.
An interagency team will continue to meet in order to monitor progress and update this
strategy as events unfold. Sufficient resources will be committed to allow rapid and
effective policy implementation.
The process of further developing and implementing the strategy set forth in this paper
is as important as the content of the paper itself. The U.S. Government will consult

openly and often, with groups representing industry, consumers and Internet users,
Congress, state and local governments, foreign governments, and international
organizations as we seek to update and implement this paper in the coming years.
Private sector leadership accounts for the explosive growth of the Internet today, and
the success of electronic commerce will depend on continued private sector leadership.
Accordingly, the Administration also will encourage the creation of private fora to take
the lead in areas requiring self-regulation such as privacy, content ratings, and
consumer protection and in areas such as standards development, commercial code, and
fostering interoperability.
The strategy outlined in this paper will be updated and new releases will be issued as
changes in technology and the marketplace teach us more about how to set the optimal
environment in which electronic commerce and community can flourish.
There is a great opportunity for commercial activity on the Internet. If the private sector
and governments act appropriately, this opportunity can be realized for the benefit of all
people.
The Internet as a Network Infrastructure
This section outlines the nature of the Internet, its history and the facilities that can be
used for e-Commerce. The Internet was born as a US military project and developed as
an academic and research network. The use of the Internet by members of the general
public and the commercial use of the Internet is a relatively recent phenomenon. The
commercial use of the Internet involves service providers, content providers and
software facilities; the chapter introduces the various categories of players and the range
of services and facilities they offer.
The web is a big place, and tens of thousands of people have put hundreds of thousands
of hours into making it enjoyable. The vast majority of them haven't made any money
from their work yet, and many did it for the joy of starting something new. (Hoffman,
1995)
The Internet is a strange phenomenon. It had its origins as a military project back in
1969. It was adopted by the research and academic community; became the tool (or toy)
of computer nerds around the world and then, in the space of a couple of years, it
became the engine that, it is claimed, is to people the world into the information age and
the twenty-first century.
The Internet is also an interesting phenomenon because nobody owns it. It is unlike the
railway, telegraph or telephone companies of the past that were owned by large private
corporations or state monopolies. It is a pattern of usage of information and
communications technologies that transcends any and all telecommunications
infrastructure providers.

The Internet is, at a technical level, defined not by the equipment but by its
communication protocol, Transmission Control Protocol / Internet Protocol (TCP/IP).
The Internet is, at another level, defined by the people who use it. The individuals,
institutions and companies that make information available, send messages, access web
sites and, in the case of e-Commerce, buy and sell.
The Internet is not the only, or the first, national and international data network. Other
data networks have been put together by multinational organisations, EDI VADS
providers and public access network companies such as CompuServe. The Internet has,
however, despite its simple planning and lack of formal control, evolved into the global
network; possibly its 'success' is because of that absence of formal controls.
The Development of the Internet
The origins of the Internet are commonly traced back to a US military project, the
ARPAnet, commissioned by the US Department of Defense in 1969. The aim of the
project was to explore packet switching technology in order to establish a network with
distributed control that could still function if some of its nodes and links were knocked
out in a nuclear war. The ARPAnet was demonstrated in late 1972 at an international
conference in Washington DC: the first public demonstration of packet switching'.
In the late 1970's and early 1980's further experimental networks were created that were
mainly used for e-Mail and between university departments. CSNet (Computer Science
Network) was established in 1981 and the military aspects were split from ARPAnet in
1983. Further academic networks were put in place to provide access to supercomputer
centres, notably JANET, Joint Academic Network in the UK (1984) and NSFNet,
National Science Foundation in the US (1986).
The TCP/IP protocol was established in 1982 and introduced for use on the ARPAnet on
the first of January 1983. Application protocols developed for and used in TCP/IP
include the file transfer system (FTP), e-mail protocol (SMTP) and the remote login
facility Telnet. The TCP/IP protocol also introduces the IP Address, a multipart numeric
code used to identify all nodes in the network; TCP/IP addresses are also represented by
an alphabetic equivalent in e-Mail and web site addresses.
In 1989 a group of scientists at the European Laboratory for Particle Physics (CERN) in
Geneva, Switzerland developed an Internet Tool that would link information produced
by various CERN researchers. The tool provided a way to link textual information on
different computers and created by different scientists. The object was to overcome
issues of computer incompatibility and utilize a new way of linking called 'hypertext'.
Rather than presenting information in a linear or hierarchical fashion, hypertext
permits information to be linked in a web-like structure. Nodes of information can be
linked to other nodes of information in multiple ways. As a result, users can dynamically
crisscross the information web using pieces in an order most convenient to them.

In 1993 the National Centre for Supercomputing Applications (NCSA) at the University
of Illinois pushed the CERN idea further by creating a software tool called Mosaic.
Mosaic is an easy-to-use, graphical user interface that permits text, graphics, sound and
video to be hyper linked. Mosaic was the first of the Internet tools that are now referred
to as 'web browsers'.
An alternative information access facility, developed at about the same time as the web,
was Gopher was, for a time widely used in the US but has largely succumbed to the now
near universal application of the web.
The first commercial web browser was Netscape. The Netscape Company was started in
1994 and included some of the programmers involved in the Mosaic Project. Some time
after, some might argue rather late in the day, Bill Gates caught onto the Internet and
Microsoft issued its Internet Explorer. With Netscape being the dominant web browser
and Microsoft having a habit of wishing to dominate everything there ensued a period
known as 'the browser wars'. Microsoft used their dominance of the PC operating
system market to get Explorer pre-loaded onto most new PCs - Netscape protested that
this was anticompetitive - Microsoft insisted that an Internet interface was central to the
design of their operating systems and a court case ensued. Netscape and Internet
Explorer vied with each other to add features to their browser. The added features were
not always compatible with other browsers or HTML standards and in the process
making the job of designing a web page more difficult (the provider of a web page
cannot guarantee which browser the customer will be using). On the plus side, from the
user point of view, the browser is now free. Internet service providers, on CDs through
the post, distribute Netscape and Explorer to thousands of potential users, and both
packages are downloadable via the web.
On the other side from the browser and the client computer, there is the software on the
server system. As with the client, the server can be any one of several boxes; UNIX and
(large) PCs being the most common choices. Internet server software is available from a
number of suppliers with Netscape and Microsoft both prominent and Apache, a public
domain product is also widely used on UNIX boxes and with the Linux operating
system.
Aside from browser wars is the need to add logic and system interfaces to web
applications. The commonly used approach has been a Common Gateway Interface
(CGI) program using Perl (or another programming language offering similar facilities).
More recently JAVA from Sun Microsystems and ActiveX products from Microsoft have
been issued with the capability to perform the same functions.
In 1994 there were approximately 500 web sites. One year later this had increased to
nearly 10,000 and any further statistics that could be included in this course material
would be out of date by the time it is read.
"Internet: A Network of Networks"

A facility to connect two or more computers together to exchange information is called a

network. When computers are connected within a building or a campus it is referred to
as a Local Area Network (LAN). When the systems around the world are connected to
one another it is Wide Area Network (WAN). While networks connect individual
computers, the Internet connects individual networks. Now each of these networks may
be running on different network software like Windows NT or DecNet etc. Therefore a
protocol is needed to communicate between networks. Several departments working
together interconnect their networks so that the information may be shared more easily
among the departments. This type of arrangement is called a regional network. These
regional networks are interconnections based on geography or function. Any collection
of such networks is called a backbone. The gateways are needed to provide physical
meeting point.
A gateway is a communication device or program that passes data between networks
having similar functions but dissimilar implementations. The gateways are the physical
meeting points of the backbone. Both the client and server need to be connected to the
Internet via an Internet gateway.
TCP/IP
The network protocol used on the Internet is Transmission Control Protocol/Internet
Protocol - TCP/IP. As has already been indicated this was introduced on the ARPAnet at
the beginning of January 1983.
TCP/IP is a packet switching protocol. In pocket switching, messages are split up into
segments (packets) and dispatched into the network with their source and destination
addresses plus other header information including a package sequence number. The
route a packet takes through the network is determined within the network and the lines
used are shared with other packets that are travelling through the network (this
contrasts with a circuit switched network where the line is used for just one
transmission at any time). The packets are reassembled into the message in the
destination system. TCP provides the transport protocol and ensures that the data that
is sent is complete and error free when it is received at the destination. IP provides the
routing mechanism. IP addresses consist of four sets of decimal numbers separated by
full stops, e.g. 192.9.1.20. The IP address specifies both the sending network (netid) and
the destination computer (hosted) - vital given the Internet. The IP address is used in
conjunction with the port number, a logical number that specifies the application, e.g.
80 for the World Wide Web.
The TCP/IP protocol stack has five layers. The reference model for network protocols is
the OSI seven layers of TCP/IP are commonly explained with reference to the OSI
model. The five layers of TCP/IP are:
a. Application Layer
Equivalent to the OSI Model layers 7, 6 and (part of) 5.

The application is the program that initiates the transfer. This may be the user's own
program / application package or one of the TCP / IP defined applications:
FTP (File Transfer Protocol) used to copy files across the network
SMTP (Simple Mail Transfer Protocol) used for all Internet e-Mail
Telnet (remote login facility)
The message generated at the .application layer, together with the IP address and port
number, are passed to the transport layer for further processing. If the application does
not have the full Address then the DNS (Domain Name System) / WINS (Windows
Internet System) can be invoked to provide it.
b. Transport Layer
Equivalent to the OSI Model layer 4 and (part of) 5.
At this level, TCP establishes a logical connection with the receiving computer and
determines the size of the segments to be sent. TCP then divides up the message into
segments and attaches a header to each; the header specifies the source and destination
ports and the sequence number of the segment within the message.
UDP is an alternative to TCP that is used for real-time audio or video. UDP provides no
error detection; there is little virtue in re-transmission of errored segments in such realtime applications.
For both protocols the segments are passed to the network layer, together with the IP
address.
c. Network Layer
Equivalent to the OSI Model layer 3.
The Network Layer is responsible for routing the packet from source station to its final
destination station, specified by the MAC address. If the MAC address is not already
available then an ARP (Address Resolution Protocol) request is broadcast to the network
and the machine with that IP address responds with its MAC address.
The Network Layer may fragment the segments from the Transport Layer into smaller
packets if this is necessary, to fit the frame size.
The output packets from this layer (referred to as datagrams) are passed to the datalink
layer.
d. Data Link Layer

Equivalent to the OSI Model layer 2.

At the datalink layer, IP interfaces with the network to be used, e.g. Ethernet, or X25.
The network protocol will typically add its own header (Nh) and trailer (Nt) that
incorporate the MAC address.
The packet is then passed onto the medium, the physical network layer.
e. Physical Layer
Equivalent to the OSI Model layer 1.
The cables used for transmission, at the time its introduction, TCP/IP was seen as an
interim measure with the OSI (Open System Interconnection) standard intended as an
eventual replacement. In the event the use of TCP/IP has continued and interest in the
OSI standard has wanted. The OSI standards are still used in a number of commercial
networks but the omnipresence of the Internet is tending to make TCP/IP the defacto
standard for wide-area networking.
Internet Components
The TCP/IP is the unifying factor of the Internet - the software, hardware and
connecting cables can be very diverse. Some of these components and the people who
run them are:
- Users of the Internet access its facilities from a client machine;
- A PC, Apple Mac or Workstation that is joined to a network.
The two most used facilities of the Internet are:
1. World Wide Web
The web is accessed from the client machine using a web browser; at the time of writing
the two most popular browsers are Microsoft Internet Explorer and Netscape Navigator.
The web page to be viewed is specified by its web address, the uniform resource locator
(url), e.g. www.aimalu.edu; the url contains the addressing information needed to derive
the IP address of the server that holds the web page.
2. e-Mail
Accessing e-Mail requires a mail client program; this may be a facility of the web
browser or a separate software package. Incoming e-Mails are downloaded from a postbox (file) on the server and outgoing e-Mails are sent to the server for onwards
transmission. Each e-Mail has to include the address of the recipient, e.g.
ramdurai@yahoo.com (the name is fictitious); the second part of the e-Mail address

(following the @) is the domain name and is used on the mail server to derive the IP
address.
Internet Service Provider
Access to the Internet, for members of the public and small organisations, is via an
Internet Service Provider (ISP). The user provides the client computer and uses a
modem to connect to the ISP's server. Telecom providers and cable companies are
increasingly providing digital services and open-all-the-time connections which give
increased speed and convenience of access.
The ISP provides access to the web, an e-Mail address and very possibly user space for
the client to set up their own home page. Some ISPs specialise in hosting business sites
with services designed to meet the need of that market. The provision of Internet
services has become very competitive and users have taken to shopping around for the
best package. Users of the service get the ISP's home page displayed when they log on
which gives the service provider the opportunity to create revenue from advertising and
hosting links to commercial sites; many ISPs use the advertising revenue to support a
free access service to the users. For many large organisations the ISP is the company,
the university or whatever. The organisation is wired with its own LAN and WAN and
access to the Internet-is via the company's own server.
Server
The server is a computer system linked into the Internet and that can be accessed by the
clients. The server may run a number of applications; Internet server applications
include:
Web Server
Software that takes requests from client browsers searches the web and passes back the
resultant pages to the browser. The server software will support TCP/IP. The server will,
very probably, store a number of home pages that are available to local users and other
Internet users.
Mail Server
Software that acts as a 'post office' for the e-Mail system. Mail created on the client sites
is passed to the appropriate post-box within the system or sent out over the Internet to
its intended destination. Mail from outside is stored in post-box files and uploaded to
the users machine when requested by the mail client. As with the web server, the mail
server uses TCP/IP for its Internet transmissions.
Intranets
A web site designed for use by the employees of an organisation - a private Internet. The
Intranet can be used to replace documents such as staff manuals, Internet telephone

directories and office notices. Their advantage is that they are (hopefully) always readily
available and that they can be easily updated. Intranet systems can include application
systems where scripting languages give access to databases and the use of a browser
gives easy access throughout the organisation.
Extranets
Some organisations have web sites available on the Internet but with access limited to
account holders by a password system; such a facility is called an Extranet. Extranets are
used in business-to-business trading where customers are required to have an account.
Another use of Extranets is by consultancies and business information services where
business reports are made available online but only to clients and subscribers.
Webmaster
The Webmaster is responsible for the provision of web services for the organisation.
Responsibilities include setting up and maintaining the server software and the home
page for the organisation. Where staff within the organisation can provide their own
web content the Webmaster will probably set the standards so that the organisation can
ensure a professional appearance and consistent look and feel' for its users.
Governance of the Internet
The Internet, as already described, is a network of networks - its co-ordination and
development is provided by a number of voluntary committees. These include:
Internet Society
Internet Engineering Task Force
Internet Research Task Force
The whole arrangement works well. It contrasts with the incompatibilities produced by
competing commercial organisations such as the provider of web browsers. Whether cooperation or competition is a better model for innovation and societal progress is
debatable.
Uses of the Internet
i. E-Commerce: One use of the Internet is e-Commerce, an application, is, as
indicated above, a relatively recent feature of the Internet. Other uses of the Internet
are:
ii. Personal Messaging (e-Mail): e-Mail was one of the first applications on the
Internet. The use of e-Mail is having a profound effect on the way people communicate
and the way that organisations operate. An e-Mail message can be quickly typed and
sent. Unlike the use of the telephone, it does not need the recipient to be available to

take a call. The e-Mail can be sent to many recipients to be available to take a call. The eMail can be sent to many recipients; it is a matter of record and its electronic content
can be saved, edited and / or used in other documents. The e-Mail does not facilitate a
conversation in the way that a telephone calls within organisations and between
individuals and organisations.
E-mail is not an invention of the Internet. E-Mail was a service available on the internal
networks of many organisations and has been provided by other public access network
services. The Internet, however, is an ideal tool for e-Mail as it is the one network that
can connect all users - the Internet is the default option for an e-Mail service unless
privacy requirements dictate a more secure provision.
iii. Data Interchange (EDI): EDI has been traditionally transmitted over
proprietary VADS. EDI started before the Internet was widely or commercially available
and made use of either VADS or point-to-point connections. Users of EDI have been
reluctant to transfer their communication needs to the Internet because of concerns
with security and reliability. Some EDI requirements are, however, being transferred to
the Internet, as its usage is generally cheaper than a VADS. There are also hybrid
systems where EDI messages are taken in by a clearing house operation, decoded and
forwarded, via the Internet, to small businesses users with limited EDI requirements
and no EDI provision.
iv. Tele-working: Tele-working is another practice that predated the general
availability of the Internet. Tele-work has a number of definitions but it generally
involves doing work that has an IT component at home (or at least at a location that is
away from the office) and using telecommunications to communicate with that office.
Full-time tele-working has not materialized as the radical shift in working practices that
was predicted by many pundits. Informal tele-working has, however, become a common
practice with employees spending the odd day working from home (or spending time in
the evening doing a bit extra); the general availability of Internet access* has been an
important facilitator of this change in working practices.
v. Distance Education: The Internet is being utilised by colleges as a facility for the
delivery of distance education. The traditional vehicle of distance education has been
'print through the post', supplemented in recent years by radio, television, video and
computer aided learning packages. The Internet has the facility to replace all of this as a
multimedia offering through a single delivery system. The Internet is been utilised by
traditional distance learning institutions such as the UK Open University and is being
leapt on by other institutions keen to get in on the act. The Internet can be a great
facilitator of distance education; to be worthwhile it still requires quality materials and
thorough support of the students (and it seems likely that many of the newer providers
will fall short of these standards).
vi. Entertainment: In addition to specific uses of the Internet there is a recreational
use of the Internet, the surfer. On the Internet people can play games, find snippets of
information, join a chat room or just admire the intricacies of other web sites. The

Internet can even be place to find a partner - hopefully that does not classify as an eCommerce transaction.
vii. Internet Age Systems:
Networks in general and the Internet in particular do not just exist in isolation; they
affect and effect the businesses and individuals that use them. Networks are an essential
technological component in many, or most, business information systems. Seddon
(1997) suggested that the evolution of information systems could be divided into periods
of 20 years as follows:
1955 - 1974 The Electronic Data Processing (EDP) era.
1975 - 1994 The Management Information Systems (MIS) era.
1995 - The Internet era.
A sequence that is represented diagrammatically in Figure 3.1

These systems types and their evolution have been enabled by a number of technological
developments, which have been required by various business imperatives. One of the
facilitators has been the availability of networks. The essence of each era is:
EDP was essentially batch. It was controlled by the DP professionals and used at the
'organisational level' within the company. MIS would normally utilize transaction
processing (TP) and databases. The MIS system subsumed the data processing functions

of the - EDP and enabled access to business data throughout the organisation and at all
levels of the organisation. The internal network of the company was an essential
enabling technology.
The Internet era systems include the Inter-organisational System (IOS) enabled by EDI
and the company and consumer, organisation to public systems enabled by the use of
the web. The Internet epitomizes these developments and is at the heart of many of
these systems.
Seddon derives his definition of e-Commerce from this evolution:
'Electronic Commerce is commerce enabled by internet-era technologies'
Interestingly, Seddon puts a twenty-year life span on each of this era. For Seddon the
Internet era ends (or evolves into a new era) at 2014. It requires a brave person to
predict the next stage!
viii. Business-To-Business (B2B): Here business is sale to other business. For
example Intel sells its chips to the other business - OEMs who make computers. Many
companies like Tata, IBM, Telco, ABB India, TCS, Citibank, Bank of Madura, BHEL, JN
Port Trust, HLL, Essar, TVS, Maruti Udyog, DuPont, Bajaj Auto, Samsung Electronics
and TVS electronics are using e-commerce in some way or other. They have started B2B
transactions with their suppliers. Samsung has redefined its business paradigm, and
deployed electronic commerce to redefine its critical business process linking it directly
to its suppliers and distributors. Though B2B e-commerce is in use, however, companies
do not perceive B2B opportunities with suppliers and trade partners (mainly EDI based)
as very important so far development of EC is concerned. Most of these activities are
covered under EDI.
ix. Business-To-Consumer (B2C): Here business is directly sale to the end
customer. Some enterprising players have already started offering on line shopping with
books, flowers and other gift items. There are more than 80 sites including export
houses, departmental stores, book stores and even grocery stores (Babazar.com) that are
using e-commerce for selling goods and services in India, such as: books, CDs, cloths,
tickets, etc. Naukri.com, discount.com, Pitara.com, etc. are some of the well-known
Indian e-commerce sites.
Under this level, e-commerce is going to have significant impact on information
intensive and service oriented industries, such as financial services and ICE
(Information, Communication and Entertainment}. Here the product and services is
amendable to online distribution. The products, which are basically of impulsive buying
nature, are the first one to mover over Internet. "Rediff On The Net" became the first
Indian web site to enable Indian credit card transactions online when they open shop in
August 1998. It offers books, music, chocolates, flowers, etc. and makes hotel
reservations online with the assurance of secured technology. Indishop has more to offer
from toothbrushes to computers. All of us are aware of the amazon.com, etc. thus it has
been demonstrated that B2C is a very booming category.

A new concept of consumer to business transaction may also be put in this category
under this concept, give the customer what he wants at the price he want, without the
merchant having to suffer public embarrassment, www.priceline.com is providing
airline tickets at the demanded price by the customer.
QUESTIONS
1) Discuss in detail various issues involved in EC.
2) Explain the term Public Policy Issues in EC.
3) Describe the legal issues in EC.
4) Explain the ethical issues in EC.
5) What is 'Uniform Commercial Code' for EC.
6) Explain the problems of EC in relation to privacy.
7) What are privacy issues in EC?
8) What is meant by security? Explain the security of transactions carried through EC.
9) Explain the Business-To-Consumer (B2C) model.
10) Explain the Business-To-Business (B2B) model.

- End of Chapter UNIT IV

INTERNET SECURITY

Introduction
Corporate networks are built assuming certain levels of trust in how the information
passing through them is accessed and used. When they are hooked into public networks,
like the Internet, a safer and more intelligent route leads security administrators to trust
no one on the outside.

In this page, we will examine firewall that protects network and system vulnerabilities
on systems attached to the Internet, as well as for private networks. To help answer any
questions you may have about where firewall is needed and used, this section will
explain security technologies used to defend against attacks initiated from both within
and without an organization.
The section will examine the pieces of the security puzzle to see how to best fit them
together for effective defenses and coverage. In the page, we'll explore several security
methods that are used wherever the Internet and corporate networks intersect. These
include the uses of:
Routers
Firewalls
Intrusion Detection Systems (IDSs)
Vulnerability Assessment Tools (Scanners, etc.)
Basic Security Infrastructures
Figure 4.1 illustrates the basic design for a secure network infrastructure. As you see, the
infrastructure relies upon layers of devices that serve specific purposes, and provide
multiple barriers of security that protect, detect, and respond to network attacks, often
in real time.

Figure 4.1: A Basic Network Security Model

Routers
A router is a network traffic managing device that sits in between sub-networks and
routes traffic intended for, or emanating from, the segments to which it is attached.
Naturally, this makes them sensible places to implement packet filtering rules, based on
your security policies that you've already developed for the routing of network traffic.
Packet Filtering
Straight Packet Filtering mechanisms allow communication originating from one side or
the other. To enable two-way traffic, you must specify a rule for each direction. Packet
filtering firewalls identify and control traffic by examining the source, destination and
port.
What is a Firewall?

A firewall insulates a private network from a public network using carefully established
controls on the types of requests they will route through to the private network for
processing and fulfillment. For example, an HTTP request for a public Web page will be
honoured, whereas an FTP request to a host behind the firewall may be dishonoured.
Firewalls typically run monitoring software to detect and thwart external attacks on the
site, and are needed to protect internal corporate networks. Firewalls appear primarily
in two flavours: application level gateways and proxy servers. Other uses of
firewalls include technologies such as Virtual Private Networks that use the Internet to
tunnel private traffic without the fear of exposure.
Defining Firewalls
A slightly more specific definition of a firewall comes from William Cheswick and Steven
Bellovin, two engineers with AT&T who wrote the classic Firewalls and Internet
Security (Addison Wesley, 1994). They based the book on their experience developing a
firewall to protect AT&T connections to the Internet. Cheswick and Bellovin define a
firewall as a collection of components or a system placed between two networks and
possessing the following properties:
All traffic from inside to outside, and vice-versa, must pass through it;
Only authorized traffic, as defined by the local security policy, is allowed to pass
through it; and
The system itself is highly resistant to penetration.
Put simply, a firewall is a mechanism used to protect a trusted network from an untrusted network, usually while still allowing traffic between the two. Typically, the two
networks in question are an organization's (trusted) internal network and the (untrusted) Internet. However, nothing in the definition of a firewall ties the concept to the
Internet. We traditionally define the Internet as the worldwide network of networks that
uses TCP/IP for communications. We define an Internet as any connected set of
networks. Although many firewalls are currently deployed between the Internet and
internal networks, there are good reasons for using firewalls in any Internet, or intranet,
such as a company's WAN. There will be more about this use of firewalls later in this
chapter.
Another approach to firewalls views them as both policy and the implementation of that
policy in terms of network configuration. Physically, a firewall comprises one or more
host systems and routers, plus other security measures such as advanced authentication
in place of static passwords. As shown in Figure 4.2, a firewall may consist of several
different components, including filters, or screens, that block transmission of certain
classes of traffic, and a gateway, which is a machine or set of machines relaying services
between the internal and external networks by means of proxy applications. The
intermediate area occupied by the gateway we often refer to as the De-Militarised Zone
(DMZ). These terms will be explained in more detail.

Fig 4.2: Basic Firewall Schematic (filters, gateway, and DMZ)

Internet work Traffic
When we say that all traffic from inside to outside and vice versa, must pass through a
firewall, we refer to data transported by the TCP/IP protocol suite. Figure 4.3 illustrates
a diagram of TCP/IP, showing the way the protocol is layered and the manner in which
addresses are used. To control TCP/IP traffic, one must gain a solid understanding of
how it is structured.

Figure 4.3: Diagram of TCP/IP, showing protocol layers and addressing

A protocol is a formal description of messages to be exchanged and rules to be followed
in order for two or more systems to exchange information in a manner that both parties
will understand. The TCP/IP protocol suite, officially referred to as the Internet Protocol
Suite in Internet standards documents, gets its name from its two most important
protocols, TCP and IP. Network applications present data to TCP, the Transmission
Control Protocol. TCP divides the data into chunks, called packets, and gives each one a
number. These packets could represent text, graphics, sound or videoanything digital
that the network can transmit. The sequence numbers help to ensure that the packets
can be reassembled correctly at the receiving end. Thus, each packet consists of content,
or data, and the information that the protocol needs to do its work, called the protocol
header.
TCP then presents the data to the Internet Protocol, or IP, the purpose of which is to
provide basic host-to-host communication. IP attaches to the packet, in a protocol
header, the address from which the data comes and the address of the system to which it
is going. IP is technically referred to as an unreliable datagram service. In this context,
the rather alarming term "unreliable" simply means that upper-level protocols should
not depend upon IP to deliver the packet every time. IP always does its best to make the
delivery to the requested destination host, but if it fails for any reason, it just drops the
packet. This is where the higher-level protocol, TCP, comes in. TCP uses the sequence
numbers to reassemble the packets in the right order and request re-transmission of any
packets that got lost along the way. It can do this even if some of the packets take
different routes to reach their destination, which makes the combination of TCP/IP a
very reliable protocol.

TCP uses another piece of information to make ensure that the data reaches the right
application when it arrives at a system. This is the port number, lying within the range 1
to 65535. The number does not represent a physical port, like the serial port to which a
modem or mouse might be attached, but is more like a regional memory address. Ports 1
to 1,023 are reserved for server applications, although servers can use higher port
numbers as well. Higher port numbers are dynamically assigned to client applications as
needed. Some applications use standard port numbers; for example, an FTP program
will connect to port 21 on the FTP server. Thus, data to be transmitted by TCP/IP has a
port from which it is coming and a port to which it is going, plus an IP source and
destination address. Firewalls can use these addresses to control the flow of
information.
For more about TCP/IP basics, I recommend Intranet and Internet Firewall Strategies
by Edward Amoroso and Ronald Sharp, (Ziff Davis Press, 1996). Like Cheswick and
Bellovin, Amoroso and Sharp were engineers at AT&T Labs, but whereas Cheswick and
Bellovin developed a firewall to protect AT&T from the outside, Amoroso and Sharp
developed a trademarked internal firewall, called CWTG or Computer Watch Trusted
Gateway. For more advanced reading on TCP/IP we recommend TCP/IP Tutorial and
Technical Overview, (5th Edition, Prentice Hall, 1995) by Eamon Murphy, Steve Hayes
and Matthias Enders, a trio of IBM engineers.
Need of firewall
The Internet, like any other society, is plagued with the kind of jerks who enjoy the
electronic equivalent of writing on other people's walls with spray paint, tearing their
mailboxes off, or just sitting in the street blowing their car horns. Some people try to get
real work done over the Internet, and others have sensitive or proprietary data they
must protect. Usually, a firewall's purpose is to keep the jerks out of your network while
still letting you get your job done.
Many traditional style corporations and data centres have computing security policies
and practices that must be adhered to. In a case where a company's policies dictate how
data must be protected, a firewall is very important, since it is the embodiment of the
corporate policy. Frequently, the hardest part of hooking to the Internet, if you're a large
company, is not justifying the expense or effort, but convincing management that it's
safe to do so. A firewall provides not only real security--it often plays an important role
as a security blanket for management.
Lastly, a firewall can act as your corporate "ambassador" to the Internet. Many
corporations use their firewall systems as a place to store public information about
corporate products and services, files to download, bug fixes, and so forth. Several of
these systems have become important parts of the Internet service structure (e.g.,
UUnet.uu.net, whitehouse.gov, gatekeeper.dec.com) and have reflected well on their
organizational sponsors.
Firewalls as Filters

When TCP/IP sends data packets on their merry way, the packets seldom go straight
from the host system that generated them to the client that requested them. Along the
way they normally pass through one or more routers. In this, TCP/IP transmissions
differ from LAN communications, which broadcast over a shared wire.
To look at how TCP/IP routes packets, and how this allows sites to filter for security, let
us first examine old-fashioned LAN communications. Suppose five PCs reside on a LAN.
If PC #2 wants to send some data to PC #4, it shouts out over the network and hopes
that PC #4 hears it. The other three systems on the same wire will also hear the same
data. This is true of both Ethernet and Token Ring, the two most widely used LAN
protocols. This method of communication, in which a number of computers share the
same wiring, increases efficiency, limits distance and scope. It also limits the number of
computers that can talk on the same wire.
Early efforts to enable computers to communicate with each other over long distances
used telephone lines and switches to connect calls from one specific computer to
another in a remote location (the X.25 protocol was developed for this). A connection
between two computers might pass through several switches until it reached its final
destination. When LANs emerged it made sense for all the computers on one LAN to
have access to the machine that had access to the remote connection, thus creating a
WAN. LAN protocols, however, were incompatible with X.25, and the machine hosting
the connection to the WAN tended to get overworked.
Next came a special type of switch called a router, which could take over the work of
making external connections, and could also convert LAN protocols, specifically IP, into
WAN protocols. Routers have since evolved into specialized computers. The typical
router is about the same size as a VCR, although smaller models and rack-mounted
units for major interconnections have entered the market.
Basically, routers look at the address information in TCP/IP packets and direct them
accordingly. Data packets transmitted over the Internet from the Web browser on a PC
in Florida to a Web server in Pennsylvania will pass through numerous routers along the
way, each of which makes decisions about where to direct the traffic. Figure 4.4 shows
the trace route program in action, listing the path the data takes.

Fig 4.4: The trace route program shows the path Internet data takes
Suppose the Web browser is on a PC on a LAN with a PPP connection to an Internet
Service Provider (ISP). A router, or a computer acting as a router, will likely direct the
packets out from the LAN to the ISP. Routers at the ISP will send the data to a backbone
provider, which will route it, often in several hops, to the ISP that serves the machine
that hosts the Web site.
Routers make their routing decisions based on tables of data and rules. It is possible to
manipulate these rules by means of filters so that, for example, only data from certain
addresses may pass through the router. In effect, this turns a router that can filter
packets into an access-control device, or firewall. If the router can generate activity logs,
this further enhances its value as a security device. We will discuss how this works in
more detail in the next chapter.
Proxy servers
A proxy server (sometimes referred to as an application gateway or forwarder) is an
application that mediates traffic between a protected network and the Internet. Proxies
are often used instead of router-based traffic controls, to prevent traffic from passing
directly between networks. Many proxies contain extra logging or support for user
authentication. Since proxies must "understand" the application protocol being used,
they can also implement protocol specific security (e.g., an FTP proxy might be
configurable to permit incoming FTP and block outgoing FTP).
Proxy servers are application specific. In order to support a new protocol via a proxy, a
proxy must be developed for it. One popular set of proxy servers is the TIS Internet
Firewall Toolkit (FWTK"), which includes proxies for Telnet, rlogin, FTP, X-Window,
HTTP/Web, and NNTP/Usenet news. SOCKS is a generic proxy system that can be
compiled into a client-side application to make it work through a firewall. Its advantage

is that it's easy to use, but it doesn't support the addition of authentication hooks or
protocol specific logging.
Firewalls as Gateways
Internet firewalls are often referred to as secure Internet gateways. Like the gates in a
medieval walled city, they control access to and from the network. In firewall parlance, a
gateway is a computer that provides relay services between two networks. A firewall may
consist of little more than a filtering router as the controlled gateway. Traffic goes to the
gateway instead of directly entering the connected network. The gateway machine then
passes the data, in accordance with access-control policy, through a filter, to the other
network or to another gateway machine connected to the other network.
In some configurations, called dual-homed gateways, one computer containing two
network connectors acts as the gateway. Alternatively, a pair of machines can create a
miniature network referred to as the DMZ (see Figure 4.5). Typically, the two gateways
will have more open communication through the inside filter than the outside gateway
has to other internal hosts. The outside filter can be used to protect the gateway from
attack, while the inside gateway is used to guard against the consequences of a
compromised gateway [Ches94].

Figure 4.5: The use of gateways

Firewalls as Control Points
By concentrating access control, firewalls become a focal point for the enforcement of
security policy. Some firewalls take advantage of this to provide additional security
services, including traffic encryption and decryption. In order to communicate in
encryption mode, the sending and receiving firewalls must use compatible encrypting
systems. Current standards efforts in encryption and key management have begun to

allow different manufacturers' firewalls to communicate securely, but these efforts have
a ways to go before the customer can assume compatibility. Firewall-to-firewall
encryption is thus used for secure communication over the public Internet between
known entities with prior arrangement, rather than for any-to-any connections.
Nevertheless it is a powerful feature, enabling the creation of virtual private networks
(VPN) as a lower-cost alternative to a leased line or a value-added network (VAN).
Verifying the authenticity of system users is another important part of network security,
and firewalls can perform sophisticated authentication, using smart cards, tokens and
other methods. Firewalls can also protect other external network connections, such as
remote dial-in. A company can apply the same traffic-restricting protections, enhanced
by authentication.
Internal Firewalls
While the phenomenal growth of Internet connections has understandably focused
attention on Internet firewalls, modern business practices continue to underscore the
importance of internal firewalls. Mergers, acquisitions, reorganizations, joint ventures
and strategic partnerships all place additional strains on security as the scope of the
network's reach expands. Someone outside the organization may suddenly need access
to some, but not all, internal information. Multiple networks designed by different
people, according to different rules, must somehow trust each other. In these
circumstances, firewalls play an important role in enforcing access-control policies
between networks and protecting trusted networks from those that are un-trusted.
Consider a manufacturing company that has, over time, developed separate networks
within the sales, marketing, payroll, accounting, and production departments. Although
users in one department may wish to access certain other networks, it is probably
unnecessary and undesirable for all users to have access to all networks. Consequently,
when connecting the networks, the organization may choose to limit the connection,
either with packet-filtering routers or with a more complex firewall.
In a WAN that must offer any-to-any connectivity, other forms of application-level
security can protect sensitive data. However, segregating the networks by means of
firewalls greatly reduces many of the risks involved; in particular, firewalls can reduce
the threat of internal hacking-that is, unauthorized access by authorized users, a
problem that consistently outranks external hacking in information-security surveys. By
adding encryption to the services performed by the firewall, a site can create very secure
firewall-to-firewall connections. This even enables wide-area networking between
remote locations over the Internet. By using authentication mechanisms on the firewall,
it is possible to gain a higher level of confidence that persons outside the firewall who
request data from inside the firewallfor example, salespersons on the road needing
access to an inventory databaseare indeed who they claim to be.

Firewalls and Policy

Diagrams of the various configurations of filters and gateways help when planning a
firewall defense, but the system administrator must not lose sight of the broader
definition of a firewall as an implementation of security policy. A firewall is an approach
to security; it helps implement a larger security policy that defines the services and
access to be permitted. In other words, a firewall is both policy and the implementation
of that policy in terms of network configuration, host systems and routers, as well as
other security measures such as advanced authentication in place of static passwords.
Types of Network Policy
Two levels of network policy directly influence the design, installation and use of a
firewall system. Network service access policy is a higher-level, issue-specific policy that
defines those services to be allowed or explicitly denied from the restricted network.
This policy also proscribes the way in which these services will be used, and the
conditions for exceptions to this policy. Firewall design policy is a lower-level policy that
describes how the firewall will actually go about restricting the access and filtering the
services as defined in the network service access policy. We will examine both levels of
policy in the following sections.
Network Service Access Policy
While focusing on the restriction and use of internet work services, the network service
access policy should also include all other outside network access, including dial-in and
SLIP/PPP connections. After all, restrictions upon one type of network service access
can often lead users to try others, so those other points of entry must also contain equal
protections. For example, if restricting access to the Internet via a firewall prevents

users from browsing the Web, some will likely create dial-up PPP connections in order
to obtain this service. These non-sanctioned, ad hoc connections are likely to be
improperly secured, opening the network to attack.
Network service access policy should stand as an extension of a strong site-security
policy and an overall policy regarding the protection of information resources in the
organization. This includes everything from document shredders to virus scanners,
remote access 'to removable media tracking.
Typically, a firewall implements one of two general network service access policies:
either allowing access to the Internet from the site but allowing no access to the site
from the Internet; or allowing some access from the Internet, but only to selected
systems such as information servers and e-mail servers. Some firewalls also implement
network service access policies that allow certain users access from the Internet to
selected internal hosts, but only if necessary and only when combined with advanced
authentication. At the highest level, the overall organizational policy might state the
following principles:
1) Information is vital to the economic well being of the organization
2) Every cost-effective effort will be made to ensure the confidentiality, integrity,
authenticity, availability and utility of the organization's information.
3) Protecting the confidentiality, integrity and availability of these information
resources is a priority and a job responsibility for all employees at all levels of the
company.
4) All information-processing facilities belonging to the organization will be used only
for authorized purposes.
Below this statement of principles come site-specific policies covering physical access to
the property, general access to information systems and specific access to services on
those systems. The firewall's network service access policy is formulated at this level.
For a firewall to function as the company desires, the network service access policy
should exist prior to the implementation of the firewall. The policy must be realistic and
sound. A realistic policy provides a balance between protecting the network from known
risks on the one hand and providing users reasonable access to network resources on the
other. If a firewall system denies or restricts services, only a strong network service
access policy will prevent the firewall's access controls from being modified or
circumvented on an ad hoc basis. A sound, management-backed-policy can provide this
defense against user resistance.
Firewall Design Policy
The firewall design policy is specific to the firewall and defines the rules used to
implement the network service access policy. The company must design the policy in

relation to, and with full awareness of, issues such as the firewall's capabilities and
limitations, and the threats and vulnerabilities associated with TCP/IP. As mentioned
earlier, firewalls generally implement one of two basic design policies:
1) Permit any service unless it is expressly denied; or
2) Deny any service unless it is expressly permitted.
Firewalls that implement the first policy (the permissive approach) allow all services to
pass into the site by default, with the exception of those services that the service-access
policy has identified as disallowed. Firewalls that implement the second policy (the
restrictive approach) deny all services by default, but then pass those services that have
been identified as allowed. This restrictive second policy follows the classic access model
used in all areas of information security.
The permissive first policy is less desirable, since it offers more avenues for
circumventing the firewall. With this approach, users could access new services not
currently addressed by the policy. For example, they could run denied services at nonstandard TCP/UDP ports that are not specifically mentioned by the policy.
This is where firewall design comes in. Certain firewalls can implement either a
permissive or a restrictive design policy. A company can also choose to locate those
systems requiring services that should not be passed through the firewall on screened
subnets, separated from other site systems. Some use this approach for Web servers,
which are partially shielded by packet filtering but are not sheltered behind the firewall.
(If the Web server calls information from, or feeds data to internal database systems,
then that connection between the Web server and the internal machines should be well
protected)

Figure 4.7: A screened sub-net

All the types of firewalls are functionally equivalent. The type of mechanism used
determines the granularity of the firewall: how much security work it can accomplish.
Packet filters are least granular. Application gateway firewalls are the most granular. A

Packet Inspection firewall can be made almost as granular as an application gateway

firewall.
IP Security (IPSEC)
Some have argued that this is the case. Before pronouncing such a sweeping prediction,
however, it's worthwhile to consider what IPSEC is and what it does. Once we know this,
we can consider whether IPSEC will solve the problems that we're trying to solve with
firewalls.
IPSEC (IP Security) refers to a set of standards developed by the Internet Engineering
Task Force (IETF). There are many documents that collectively define what is known as
"IPSEC". IPSEC solves two problems, which have plagued the IP protocol suite for
years: host-to-host authentication (which will let hosts know that they're talking to the
hosts they think they are) and encryption (which will prevent attackers from being able
to watch the traffic going between machines).
Note that neither of these problems is what firewalls were created to solve. Although
firewalls can help to mitigate some of the risks present on an Internet without
authentication or encryption, there are really two classes of problems here: integrity
and privacy of the information flowing between hosts and the limits placed on what
kinds of connectivity is allowed between different networks. IPSEC addresses the former
class, and firewall the latter.
What this means is that one will not eliminate the need for the other, but it does create
some interesting possibilities when we look at combining firewalls with IPSEC-enabled
hosts. Namely, such things as vendor-independent virtual private networks (VPNs),
better packet filtering (by filtering on whether packets have the IPSEC authentication
header), and application-layer firewalls will be able to have better means of host
verification by actually using the IPSEC authentication header instead of "just trusting"
the IP address presented. However, just because a particular product is characterized as
a particular type of firewall does not mean that it does all of the security processing
possible with that kind of firewall.
Types of firewalls
Conceptually, there are two types of firewalls:
1) Network layer
2) Application layer
They are not as different as you might think, and latest technologies are blurring the
distinction to the point where it's no longer clear if either one is better or "worse." As
always, you need to be careful to pick the type that meets your needs.

Which is which, depends on what mechanisms the firewall uses to pass traffic from one
security zone to another. The International Standards Organization (ISO) Open Systems
Interconnect (OSI) model for networking defines seven layers, where each layer
provides services that "higher-level" layers depend on. In order from the bottom, these
layers are physical, data link, network, transport, session, presentation, and application.
The important thing to recognize is that the lower-level the forwarding mechanism, the
less examination the firewall can perform. Generally speaking, lower-level firewalls are
faster, but are easier to fool into doing the wrong thing.
Network layer firewalls
These generally make their decisions based on the source, destination addresses and
ports in individual IP packets. A simple router is the traditional network layer firewall,
since it is not able to make particularly sophisticated decisions about what a packet is
actually talking to or where it actually came from. Modern network layer firewalls have
become increasingly sophisticated, and now maintain internal information about the
state of connections passing through them, the contents of some of the data streams,
and so on. One thing that's an important distinction about many network layer firewalls
is that they route traffic directly though them, so to use one you either need to have a
validly assigned IP address block or to use a "private internet" address block. Network
layer firewalls tend to be very fast and tend to be very transparent to users.
Screened Host Firewall

In Figure 4.8, a network layer firewall called a "screened host firewall" is represented. In
a screened host firewall, access to and from a single host is controlled by means of a
router operating at a network layer. The single host is a bastion host; a highly defended
and secured strong point that (hopefully) can resist attack.

Example Network layer firewall: In figure 4.9, a network layer firewall called a
"screened subnet firewall" is represented. In a screened subnet firewall, access to and
from a whole network is controlled by means of a router operating at a network layer. It
is similar to a screened host, except that it is, effectively, a network of screened hosts.
Application layer firewalls
These generally are hosts running proxy servers, which permit no traffic directly
between networks, and which perform elaborate logging and auditing of traffic passing
through them. Since the proxy applications are software components running on the
firewall, it is a good place to do lots of logging and access control. Application layer
firewalls can be used as network address translators, since traffic goes in one '"side" and
out the other, after having passed through an application that effectively masks the
origin of the initiating connection. Having an application in the way in some cases may
impact performance and may make the firewall less transparent. Early application layer
firewalls such as those built using the TIS firewall toolkit, are not particularly
transparent to end users and may require some training. Modern application layer
firewalls are often fully transparent. Application layer firewalls tend to provide more
detailed audit reports and tend to enforce more conservative security models than
network layer firewalls.
Dual - Homed Gateway

Example Application layer firewall: In figure 4.10, an application layer firewall called a
"dual homed gateway" is represented. A dual homed gateway is a highly secured host
that runs proxy software. It has two network interfaces, one on each network, and blocks
all traffic passing through it.
The future of firewalls lies someplace between network layer firewalls and application
layer firewalls. It is likely that network layer firewalls will become increasingly "aware"
of the information going through them, and application layer firewalls will become
increasingly "low level" and transparent. The end result will be a fast packet-screening
system that logs and audits data as it passes through. Increasingly, firewalls (network
and application layer) incorporate encryption so that they may protect traffic passing
between them over the Internet. Firewalls with end-to-end encryption can be used by
organizations with multiple points of Internet connectivity to use the Internet as a
"private backbone" without worrying about their data or passwords being sniffed.
Application Layer Firewalls vs. Network Layer Firewalls
The purpose of this section is to explain the classical definitions of both a network
firewall and an application firewall, and compare/contrast the two. In the process of
doing so, some assumptions have to be made. Many of the benefits arid drawbacks that
are stated do not really come into play, as an administrator should not set up their
network in this manner. The pros, cons and some of the vulnerabilities will be discussed
about each firewall type. To conclude the paper, an explanation of modern firewall
technology will be examined, and how the various technologies differ from the classic
definitions.
Network layer firewalls run at layer 3 (Network) and sometimes 4 (Transport) of the OSI
Model and are only able to make "decisions" that fall under these two layers. "One thing
that is an important distinction about many network level firewalls is that they route
traffic directly through them."1 Meaning they scan for source and destination
information and allow or disallow packets based on this information. Network layer
firewalls typically fall under one of the following two categories: packet filters and circuit
layer gateways.

"A packet filter examines IP packets and makes a decision to accept or deny traffic based
upon criteria such as source and destination IP addresses and source and destination
TCP/UDP port numbers."2 Circuit layer gateways take this a step further and operate in
layer 4. "As such, they can make basic authorization decisions based on source and
destination IP address as well as protocol type and port."3 This provides a higher level of
flexibility in that they can make decisions on whether inbound requests to ports are
valid. VLSI (very large scale integration) devices, such as routers and switches have the
ability to function as network firewalls.
Network firewalls are typically used when speed is essential. Since packets are not
passed to the application layer and the contents of the packet are not being analysed,
packets can be processed quicker. This can be advantageous for firewalls that scan for
connections to web and email servers, especially ones that have high amounts of traffic.
This is due to the fact that latency is your enemy when it comes to people accessing your
site. This offers a layer of protection to your network and does not impede connectivity.
Generally speaking, network firewalls are a cheaper alternative. Most logical network
devices offer at least some level of packet filtering. This would allow use of pre-existing
equipment to perform firewall duties. Some network operating systems also come with
the ability to do packet filtering. This may prove to be an inexpensive solution, but can
often produce problems. The most evident is that the firewall would be susceptible to
any attacks or vulnerabilities that the operating system possesses.
Network level firewalls run on an access control list and do not provide the same high
level of protection that application firewalls do, since they cannot monitor the contents
of packets. The list simply verifies if the source and destination data are valid. This can
present a problem if you are actively trying to scan for vulnerabilities in the data itself.
Typically network level firewalls do not provide a high level of auditing or logging. Based
on how closely the traffic needs to be scanned, this may present a problem.
Network firewalls are susceptible to different exploits. Three common ones are buffer
overruns, IP spoofing and ICMP tunnelling. Buffer overruns typically occur when data
sizes inside, a buffer exceed what was allotted. "A buffer overflow condition would
normally cause a segmentation violation to occur."4 If we were to assume that a buffer
was created with a fixed length of 500 bytes, we could send the process data exceeding
that size. If carefully crafted, executable code could be inserted and ran. For example, if
one were running sendmail behind the firewall, "an attacker could send specific code
that will overflow the buffer of a command like VRFY and execute /bin/sh. If sendmail
is running at root, /bin/sh will have root access."5 Since these exploits take advantage of
the application layer, a network firewall could not scan them and disallow them. IP
spoofing is simply sending your data to a source, in this case a firewall and faking a
source address that the firewall will trust. In this particular scenario, the hacker would
be able to access internal machines since he compromised the firewall. ICMP tunnelling
allows a hacker to insert his data into a legitimate ICMP packet. Since the network
firewall cannot probe the packet past the IP headers, it cannot deny the connection. In
order for an exploit like this to work properly, a process must be in place on the other
side of the firewall to strip the data out of this packet. The system has already been
compromised if it has reached this point. In real life, an intelligent administrator would

drop all ICMP traffic at the firewall. However, for purposes of this discussion, we see
how the firewall would not be able to stop this exploit in the long term.
Application level firewalls, as the name implies, operate in the Application Layer of the
OSI model. They view information as a data stream and not as a series of packets. In this
way, they are able to scan information being passed over them and to ensure that the
information is acceptable, based on its own set of rules. "They generally are hosts
running proxy servers, which permit no traffic directly between networks, and which
perform elaborate logging and auditing of traffic passing through them."6
As stated earlier, these firewalls work at the application level, so they tend to be
equipped with a certain level of logic. This allows the firewall to make some intelligent
decisions about what to do with packets that are passing through it. An example of this
ability follows: "In an early incarnation of sendmail, the original implementation of an
SMTP mail server, a backdoor command was inserted to assist in debugging the
application. SMTP is based on a simple, human-readable, text-based dialog between the
client and server, using commands such as 'HELO,) 'QUIT', and 'DATA'. The backdoor
command was WIZ', which allowed the client machine to gain root shell access on the
remote sendmail server. Since neither Packet Filters nor Circuit Layer Gateways
examine application data, they were vulnerable to this backdoor exploit."7 In this
example, an application firewall can be configured to check for a "known" vulnerability.
This may prove to be cumbersome, as an administrator would have to stay on top of all
possible vulnerabilities, but the option is available. Another benefit of application level
firewalls is that they typically do a large amount of logging, which makes it easier to
track when a potential vulnerability happens. Another major benefit of application
firewalls is that they typically support the ability to report to intrusion detection
software. This allows third party software to take control of an intrusive situation and
perform tasks above the capabilities of the firewall itself. This is useful if you want to
monitor a hacker once they get inside instead of just blocking them or have the system
send a page when an intrusion is detected.
The price you pay for the ability to scan packets for rogue data comes in performance.
Since the firewall operates at the application layer, the datagram has to be passed
through all the subordinate layers. The difference may not appear substantial, but when
the system is scanning thousands of packets, it becomes more evident. Many people
insist that the "bit stripping" or the removing of headers and passing the data up to the
next level, that occurs while passing packets up and down the layers, is not at all
significant. However, with the speed of machines today, the task of moving through the
OSI model is typically negligible. The application firewalls will suffer a higher rate of
diminishing utility. As more connections are being made to the firewall, its rate of
degradation will decrease faster than the available bandwidth. By today's standards, if
an application layer firewall were to suffer a solid performance hit, it is more likely that
it is related to I/O cycles required for logging and auditing than "bit stripping".
Due to the amount of work the firewalls must do, application firewalls are less
susceptible to attacks that hide data in legitimate traffic and more susceptible to
distributed denial of service (DDOS) attacks. If enough data is forced on the firewall it

can cease to operate. The high number of service level vulnerabilities that currently exist
can also compromise application firewalls. For example, sendmail and DNS have
numerous well-known exploits. If the firewall is allowing SMTP traffic or DNS traffic to
pass through and a hacker has access to one of the many exploits, typically the firewall
will allow the data to pass, unless elaborate rules are established. Setting such elaborate
rules usually proves to be burdensome to most administrators, so this type of exploit is
usually left unchecked.
In print, it would appear that what one firewall has as a benefit, the other has as a
drawback. In reality, the delineation between network layer firewalls and application
layer firewalls is quickly diminishing. Modern firewalls perform some tasks in both the
network and application layer. Many network IOS's have the ability to scan traffic for
vulnerabilities beyond layer 3, even though it may be a layer 3 device. "When viewed as
a whole, Circuit Layer Gateways do not operate purely at layer 4. They have become
hybrid software implementations to address the need for stringent Internet security. It
is generally marketed as 'Stateful Multi-Layer Inspection', which means the software
operates at many layers. Conversely, Application Layer firewalls do not solely function
at the application layer. For example, in the Axent Raptor Firewall, it is possible to pass
traffic through local-tunnels, a stateless layer 3 mechanism, or layer 4 Generic Service
Proxies with no application data scanning."8 Firewalls that fully function in the network
and application layer are not developed fully as of yet, but the advances in the
technology should be considered. It is also important to note that many application level
firewalls offer some level of clustering that allows the firewall to overcome its speed
issue. This allows one to add more machines as needed.
No one firewall will meet one hundred percent of everyone's needs. Before purchasing a
secure firewall solution, make sure to fully analyse the pros and cons. As a general rule,
if speed is the most important feature, look into the network layer firewall. If security is
a top concern, then look into an application layer firewall. 'In a perfect world, you would
have an application proxy securing your corporate network, but a network layer firewall
to protect your web presence, without impeding performance."9 Ultimately a firewall
serves more for peace of mind than a security device. In the end, a hacker is more likely
to look for another way in, such as social engineering passwords from the staff of a
company, using a war dialer to locate modems on a network to dial in and bypass the
firewall entirely or look for exploits on a mail or web server that would allow them to
pass through the firewall legitimately. This is due in part, to the high level of security
that firewalls provide. Hackers will always look for the easiest route into the system first.
It's very similar to locking the car doors even though a thief can still get into your car by
breaking the windows. The locked doors have forced the thief to go in a different route.
This does not mean that a firewall should not be put into place. Make sure that policies
are set up to cover all security related aspects of the LAN. Also remember that no matter
how powerful the firewall is it is only as strong as the policy enforcement. Ensure that
the firewall is up to date on security vulnerabilities and all access lists are accurate. If
this is not done, it will quickly become another doorstop in the organization.
Security in E-Commerce Transactions

The paper based society makes a contract legally binding in accordance to the provisions
of the contracts Act, 1872. Similar is the process of corporate where the common seal of
the company affixes the documents to contracts.
The presumption under the Indian Evidence Act of signing the document is that the
person has understood and agrees to the contents of the document and is legally liable.
The signatory is however free to prove that his signature was forged in cases of
signatures purported. In the latter, it is to the courts to conclude on the basis of
circumstantial evidence.
Therefore some of the cyber challenges that need to be addressed are:
Authentication (identify to contracting parties)
Data Integrity (the facts and figures are true and genuine)
Confidentiality in storage and transmission of data
Bridging real and virtual transactions.
Security and Authentication Issues
Lack of user confidence in E-commerce transactions has been a major hindrance to the
growth of E-commerce. Companies that do business on the web face many security
issues that need to be addressed in order to protect information and minimize risk. The
growth of B2C E-commerce depends on allaying the fears of consumers about
transaction security. Only developing sound security can do this and authentication
systems. The paying customer's concerns are not unfounded. There are several cases of
security frauds being committed on the net. Such a Security threat occurs when a
hacker, has the potential to disrupt data or network resources and incur economic loss.
This loss could be m the form of destruction, disclosure, modification of data, denial of
service, fraud, waste or abuse.
Security concerns in E-commerce can be broadly divided into concerns about user
authorisation, and concerns about data and transaction security. Authorisation schemes
such as password protection etc, and firewalls ensure that only valid users and programs
have access to information resources such as user accounts, files and database. Data and
security schemes such as secret key encryption, public/private key encryption etc, are
used to ensure the privacy integrity, and confidentiality of business transactions and
messages. (These are the basis on which several online payment systems such as
electronic cash and checks are constructed.)
Transaction Security
As more companies are beginning to conduct commerce online transact on security
becomes important. They are realising that consumers belief in the reliability and
protection of their business transactions against third party threats need to be

improved. Unsure of security consumers are not willing to provide credit card numbers
over the net. The threat of "sniffer programs" that collect credit card numbers is still
there. So companies are paying more attention to transaction security and
authentication.
Types of Online Transactions
The type of transaction depends on the type of content (data) that is sent across the
network. The different categories data are,
Public Data - This type of data has no security restrictions, and may be accessed by
any one. Such data however should be protected from unauthorised tampering or
modification.
Copyright Data - This type of data is copyrighted but not secret. The owner of the
data will provide the data if he is paid for it. So in order to maximise revenue security
must be tight.
Confidential Data - This type of data contains content that is secret, but the existence
of the data is not a secret. Such data include bank account statements and personal files.
Secret Data - The very existence of this type of data is secret and must be kept
confidential at all times. It is necessary to monitor and long all access and attempted
access to the secret data.
The fact that there many different types of Internet transactions makes security difficult.
Because of the sensitivity of information being transferred and in order to protect the
consumer from various forms of fraud and misconduct, security and verification is
necessary for all type of data.
Transmission of Electronic Documents
The transmission of electronic documents from' the originator is generally broken up
into smaller data packets to dispatch. At the destination they are reassembled to form
the entire message. However, one may intercept the document and tamper the contents
to the document. It thus becomes necessary to send the data in the encrypted/coded
form for security and the receiver alone is enabled to decrypt/decode the concerned
document. The general cryptosystem is the symmetric cryptosystem and the more
secured the asymmetric cryptosystem.
Symmetric Crypto-system
This is the simpler form of cryptography. Both the sender and the receiver operate a
single key to encrypt or decrypt a message. This type of single key encryption is called
symmetric crypto-system.

Though this system ensures security, as both the sender and the receiver of the message
use a single key, the key needs to be transmitted and hence is exposed to theft of the key.
Also legal, it becomes impossible to ascertain the sender or the receiver and hence fix
the contractual capacity.
Asymmetric Crypto-system
It is also referred to as the public key system. Here there are two keys, the private key
and the public key. The originator holds the private key, while to the intended sender
the public key is distributed. A message encrypted with the private key can only be
decrypted with its corresponding public key. The two keys form a unique pair and the
presumption if a document is signed and sent through this type of transmission the
sender alone has given the authority to the receiver.
Requirements for Transaction Security
There are three basic requirements for transaction security:

Transaction Privacy
The threat of information privacy is technically called unauthorised monitoring or
packet sniffing. Such sniffer attacks begin when a hacker breaks into a computer and
installs a packet-sniffing program that monitors the network traffic. The sniffer
programs watch the network traffic, typically for the first part of the sessions that
legitimate users initiate to gain access to another system, such as Telnet, FTP etc.
The first part of such sessions contains the information that will enable the sniffer to log
onto other machines - log in ID, password, the name of the user logging in etc. The
sniffer will also gather information about local users logging into other remote
machines, but also to any remote machine the user logs into. If the sniffed system is on a
backbone network, intruders can monitor any traffic between nodes

on that network. Such a network monitoring can rapidly expand the number of systems
intruders are able to access.
Users whose accounts and passwords are collected will not be aware that their accounts
are monitored. In one of the most famous sniffing case hackers defrauded the US
telephone major MCI to the tune of $28 million. They used sniffers to record 50,000
credit card and phone card numbers and then sold the data to European users who used
these accounts to make free long-distance calls.
Transaction Confidentiality
The E-commerce environment must ensure the confidentiality of the data being sent.
After successful delivery of information to the destination gateways, messages must be
removed from the public network, leaving only the accounting record of entry and
delivery. All message archiving must be done in well-protected systems. Confidentiality
is important for the transaction of such sensitive data like credit card numbers. It can be
accomplished using encryption methods, which secure links between computers.
Transaction Integrity
Integrity means that the transactions must remain unmodified during the transport
between the client and the server. Transmission must be tamper proof in the sense that
no one can add, delete or modify any part of the message in transit. Mechanisms for
integrity must prevent attacks involving the modification of data while the transaction is
in progress. Methods for ensuring information integrity include error detection,
sequence numbers, encryption techniques etc.
Encryption and Transaction Security
Using encryption or secret codes sensitive information over a public network like
Internet can be protected. Encryption is the mutation of information in any form (text,
video and graphics) into a form readable only with a decryption key. A "key" is a very
large number, a string of zeros and ones. The goal of encryption is to make it impossible
for the hacker who gets the cipher text (encrypted information) as it passes on the
network to recover the original message. There are two main types of encryption
techniques.
Secret-Key Encryption
Secret-key encryption involves the use of shared key for both encryption by the
transmitter and decryption by the receiver. It works in the following way. Suppose a
customer wants to send his credit card number to his online merchant, in such a way
that only the merchant can read it. The customer will encrypt the card number using an
encryption key and sends the encrypted message (cipher text) to merchant. This makes
the message unreadable to any third party.

The merchant will then decrypt the cipher text using the decryption key and will read
the number. In this both the encryption key and the decryption key are the same. The
transmitter uses a cryptographic secret "key" to encrypt the message and the recipient
must use the same key to decrypt it. Data Encryption Standards (DES) are available to
implement such singe-key encryption techniques.

Although useful, secret key encryption has certain limitations. All parties must know
and trust each other completely and have in their possession a protected-of the key. If
the sender and the receiver reside in different cities, they risk being overheard about the
key via the communication networks. Since shared keys must be securely distribute to
each communicating party, secret key encryption suffers from the problem of key
distribution- generation, transmission and storage of keys. Secure key distribution is
cumbersome in large organisations where a company deals with thousands of online
customers.
Further secret key encryption is impractical for exchanging information with a large
group of previously unknown parties over a public network. For example, if for an
online merchant to conduct transactions securely with Internet subscribers each
customer would need a distinct secret key assigned by the merchant and transmitted
over a separate secure channel such as the telephone, adding to the overall cost. So,
secret key encryption cannot play a dominant role in E-commerce.
Public Key Encryption
Public key encryption uses two keys: one key to encrypt the message and a different key
to decrypt the message. The two keys are mathematically related so that data encrypted
with one key can only be decrypted using the other key. Unlike secret key encryption
which uses a single key share by two parties, public key encryption makes use of two
keys. One of the keys is "public" and the other key is "private". The public key can be
made know to other parties, but the private key must be confidential and known only to
the owner.

The best known public key encryption algorithm is the "RSA" algorithm. In this method
each participant creates two unique keys, a "public key" which is published in a public
sort of directories and a "private key" which is kept secret. The two keys work together;
whatever the data one of the key "locks", only the other key can unlock.

For example, a customer sends a message (credit card information) to the online
merchant through e-mail. The message will be encrypted with the locking key (public
key) and forwarded to the merchant. He unlocks the message with the unlocking key
(his private key) and gets the information. If the copy of the key is intercepted or the
message is intercepted, it remains secure because the stolen "key" only locks the
contents; it is incapable of decrypting the message. The important concept in this is that
even if the channels are not secure, the message itself can be protected. The problem of
authentication is solved by checking the authenticity of the public key with a
certification authority and obtaining an Authorisation Certificate (AC).
The following table compares secret and public key systems.
Table 4.2 compares secret and public key systems.

In practical usage, both the key system are often combined to form a hybrid key system,
in order to exploit the advantages offered by the two systems. To determine which type
of encryption best meets its needs an organisation first has to identify its security
requirements and operating environment. Public key encryption is particularly useful
when the parties wishing to communicate cannot rely on each other or do not share a
common key, which is the case in online commerce.
Digital Signatures
Digital signatures work with public key encryption to ensure authentication and privacy.
It is cryptographic mechanism that performs the functions of a written signature. They
are used for sender authentication. For example a recipient of data (such as e-mail
message) can verify who signed the data and that the data was n modified after being
signed.
Let us consider the following scenario: a customer (say A) interacts with an online
merchant such as amazon.com. When A orders books from amazon.com, he will use
Amazon's public key to encrypt his confidential information. Amazon uses its private
key to decrypt the message. Thus the customer knows that only Amazon has received
the information. To ensure further security he can send a digital signature, encrypted
with his private key, which Amazon could decrypt with A's public key and know that
only A could have sent it.
Data is electronically signed by applying the originators private key to the data. To
increase the speed of the process the private key is applied to a shorter form of the data
called "hash" or "digital digest" rather than to the entire set of the data. The resulting
digital signature can be stored and transmitted along with the data. The signature can be
verified any party using the public key of the signer.
Digital signatures ensure authenticity in the following way. In order to digitally sign a
document, a user combines his private key and the document and performs a
computation on the composite (key + document) in order to generate a unique number
called 'digital signature'. For instance, when an electronic document such as a order

form with credit card number is run through the digital signature process the result is a
unique linger print' of the document. The "finger print" is attached to the original
message and further encrypted with the private key of the signer. If the user is
communicating with his bank, he sends the second encryption to the bank. The bank
then decrypts the document using the user's public key and checks to see if the message
is altered. To verify the signature the bank performs a computation involving the
original document, the purported digital signature and the user's public key. If the
results of the computation generate an identical "finger print" of the document the
signature is verified as genuine, otherwise it is fraudulent or tampered. These digital
signatures are the basis of secure e-commerce.
Digital Certificate
Authentication is further ensured by the use of digital certificates. Before two parties, A
and B, use public key encryption to conduct business, each wants to make sure that the
other party is authenticated. Before A accepts a message with B's digital signature, he
wants to ensure that the public key belongs to B and not to someone else masquerading
as B on an open network. One-way to be sure that the public key belongs to B is to
receive it over a secure channel directly from B, which in most cases, practically
impossible.
An alternative to the use of a secure channel is to use a trusted third party to
authenticate that the public key belongs to B. such a party is known as a Certification
Authority (CA). Once B has provided proof of his identity, the CA creates a message
containing B's name and his public key. This message known as the CA digitally signs
the certificate. It contains the owner identification information as well as a copy of the
owner's public keys. To get most benefit, the public key of the certificate authority
should be known to as many people as possible. Thus by using one public key (CA), as a
trusted third party means of establishing authentication disparate parties can engage in
E-commerce with a high degree of trust.
For example in the credit card industry Visa provides digital certificates to the card
issuing financial institution, and then the institution then provides a digital certificate to
the user. A similar process takes place for the merchant. At the time of the transaction,
each party's software validates both merchant and cardholder before any information is
exchanged. The validation takes place by checking the digital certificates that were both
issued by an authorised and trusted third party.
Electronic Mail (E-mail)
E-mail or electronic mail can be defined as the exchange of messages and computer files
between computers over a computer network. This network can be as small as a Local
Area Network (LAN) or it can be as large as the Internet that spans the world. Electronic
mail or e-mail is without doubt the most commonly used Internet service. E-mail is
much older than the Web, and more people use it. Every system on the Net supports
some sort of mail service, which means that we can send and receive e-mail from
millions of people around the world.

Advantages of Electronic mail

The main benefit of e-mail when compared to other messaging mediums like fax is that
it is almost instantaneous; it directly reaches the concerned individuals electronic mail
box without getting buried under a mountain of paper. In some cases, you can even
confirm whether your message has been received and read by the recipient.
Sure the good old telephone offers advantages similar to that of a letter or fax, but what
do you do when the person you are calling is not at his table or if the person is a few
continents away?
With e-mail even if the recipient is not around, the message is delivered into his mailbox
and is available the next time he checks his mailbox. E-mail also ensures a much higher
degree of security / privacy. Only an authorised person can open, or even know the
presence of the mail. An authorised person is one who knows the login name and
password to the recipient's mailbox.
Compared to other mediums e-mail is very economical. The cost of sending electronic
message across the world is the same as sending one across the city - in most cases, a
local telephone call. Further, as the message is in an electronic form, you save money on
printing, fax, paper and ink. Used correctly, e-mail offers many advantages over physical
mail or message. For example, using encryption technology you could electronically
deliver confidential documents saving time and money over the standard practice of
having a 'reliable' person - who could be waylaid - hand delivering a sealed document.
Similarly by using digital signatures, you can even hinder forgery as digital signatures,
like fingerprints can be verified and are unique for every user and message.
E-mail Addresses and Mail Boxes
Every one with e-mail access has an e-mail address, which is the cyberspace equivalent
of a postal address or a phone number. When you send an E-mail message, you enter
the address or addresses of the recipients so that the computer knows to whom send it.
Internet mail addresses have two parts, separated by the @ (at sign). The part before
@ is the mailbox which is roughly speaking your personal name, and the part after that
is the domain. Usually the name of your Internet service provider (ISP), such as
bgl.vsnl.net.in or goa.vsnl.net.in or udupi.com, is the domain name.
The mailbox is usually your username, the name your provider assigns to your account.
If you are lucky, you get to choose your name; in other cases, you get what the provider
gives. For example you can write to the President of the United States at
president@whitehouse.gov. The Presidents mailbox is president, and the domain that
stores his mailbox is whitehouse.gov.
When an e-mail message comes across the Internet, the message needs space until
someone is ready to read it. The Internet has two mail protocols to handle this POP
(Post Office Protocol) and SMTP (Simple Mail Transfer Protocol). Every Internet
Service Provider runs a POP server and an SMTP server for the use of its customers.

When your mail program picks up the mail it gets your mail from your provider POP
server to your PC. After you have downloaded your message you can get disconnected.
You can read and respond to your mail while you are offline. When you are ready to your
responses you can reconnect and transmit your outgoing mail to the SMTP server. This
process is very simple if you use a good E-mail program.
How E-mail Works?
E-mail works on the 'store and forward' principle. To understand this let us assume
person A (from a@bgl.vsnl.net.in) sends a mail to B (at b@hotmail.com). The bgl server
checks the network for a mail server with the lowest traffic and uploads A's mail to this
server. This server in turn holds the mail while checking the network for a mail server
in turn holds the mail while checking the network for a mail server with the lowest
activity and uploads A's mail there. This process continues until the mail is uploaded to
hotmail server into B's mailbox. The recipient then downloads it from the destination
mail server, (here B downloads the mail from hotmail server).
E-mail works in the same way as the postal system does. When you write an e-mail
message and 'mail' it, it gets posted in the mail server, which could be on your private
network or the Internet. This is analogous to your local post office where all your letters
end up after you deposit the in the letterbox. The mail server also plays a large part in
controlling the data traffic on the network. It stores messages when network traffic is
high and forwards them when network traffic is low thereby reducing network
congestion. It also acts as a gateway or translator between different types of e-mail
systems like the Internets POP3 or X400 (A recommended international
communication standard that defines how e-mail should be transported over different
kinds of network like TCP/IP or X25). Once the message reaches the destination mail
server, they are stored until the recipient collects it.
E-mail Options
Just like there is a car for every driver, different e-mail options are available from the
low budget option all the way up to the relatively expensive but rock stable corporate
option. Broadly speaking, the options available are:
E-mail through Internet service provider
Internet-based free e-mail
Internet-based e-mail for forwarding services
E-mail service providers
E-mail through Internet Service Provider:
The public access to Internet is available in India since August 15, 1995. This service is
called Gateway Internet Access Services or GIAS. The country's long distance telecom

service provider Videsh Sanchar Nigam Ltd. (VSNL) initially offered the service in the
four metros of Delhi, Calcutta, Mumbai and Bangalore. Today GIAS has expanded to
many cities and includes the Department of Telecom (DOT) as a complimentary
connectivity provider.
The GIAS service presently offers two types of dial-up access to the Internet:
- Text-based Unix shell account (with a special discount option for students)
- TCP/IP protocol-based graphical account
In both cases, an e-mail account is offered as a default option to the subscriber.
Of the two options, though the text based Unix shell option is cheaper, it has its
downside. It does not offer the familiar Windows-based interface and you will need to
spend some time familiarising yourself with the Pine e-mail program that is provided to
shell account subscribers. Secondly, you cannot write your mail offline, you have to be
connected to the GIAS service to be able to use Pine. If you send a lot of e-mails or long
e-mails, this could result in hefty telephone bills. The only real advantage shell account
seems to offer is better connectivity. That is because most subscribers prefer the TCP/IP
service resulting in fewer lousy' tones since the ratio of available shell account dial up
lines to subscribers has improved.
With the TCP/IP account you not only get the graphical interface to the Internet, you
also get to choose any of the easy-to-use e-mail clients like Eudora or Netscape's
Messenger. This allows you to connect, retrieve, read and write all your messages offline
but also receives and sends them in multimedia rich HTML format. One disadvantage of
the TCP/IP account is poor connectivity. Due to its popularity the number of people
dialing the service has out-stripped the number of access telephone lines put up by
VSNL in India.
Web based Free E-mail
Unlike GIAS service where you are provided an e-mail address by default, you need to
have Internet access before you can start using Internet based free e-mail. This can be
either through a dial-up connection. These can be used to access the two types of e-mail
available on the Internet: Web-based e-mail and post-office protocol (POP) based email.
In the case of Web-based e-mail service, a web browser like Internet Explorer or
Netscape Navigator is the access client. To send or receive messages, you have to browse
to the e-mail service providers' homepage, identify yourself and then read or write your
e-mail.
POP protocol based e-mail services are similar to the GIAS e-mail service. In fact all
Internet messaging - including - GIAS is based on POP. As with GIAS -based e-mail, to
access your mail, you need a client like Eudora or Netscape messenger and you can read

or write your message offline. Thus, irrespective of your location, be it Delhi or New
York, as long as you have access to the Internet you will be able to send and receive email. The only problem is that you will have to put up with a few advertisements (that's
how these services make money) when you access your e-mail. POP based free e-mail
has the disadvantage of having to install and configure an e-mail client. This means that
it is not portable like the Web browser-based e-mail services since client software needs
to be installed at the access point - unless you are using a laptop PC, which again needs
an Internet connection.
Besides offering an e-mail address, most e-mail service providers, particularly Web
browser ones, also offer you customised content. These include sports, financial or
world news, articles from online magazines and special interest information or world
news, articles from online magazines and special interest information. Most popular
Web based e-mail services like Hotmail (www.hotmail.com) includes advanced features
like spell checkers, anti-Spam options, auto e-mail filtering and sorting, ability to collect
e-mail from your POP based accounts and a personal address book. Some, like
Net@address (www.netaddress.com), also allows you to access you e-mail through
Internet indexes and directories. In fact, most index and directories like Yahoo! or
Excite also offer free e-mail services. To check out the Free E-mail Address Directory go
to www.emailaddresses.com which lists over 100 e-mail sources.
Internet-Based Forwarding Services
Free e-mail is not the only useful service that is available on the Internet. If you have a
long e-mail address, would you not love to have one that is short and easy to remember?
You can always open a free account with any one of the many Internet-based e-mail
services that have addresses easy to remember. But what do you do if you are one those
types who like to keep all mails in one box? Then, you choose a forwarding service.
A forwarding service works like your paperboy who collects your paper and drops it at
your house. The newspaper agent never gets to know where you live. All he knows is
your name and the paperboy. And if he passes any message to the paperboy, like the
monthly bill, it will get delivered to you. Similarly, when you register yourself with a
forwarding service, all you have to provide is your long e-mail address, which can often
be customised. For example, if you sport yourself to be a VIP or a computer addict then
on NetForward (WWW.NetForward.com) you could pick yourself an address like
yourname@A-VIP.com or yourname@CyberJunkie.com. Now all you have to do is
distribute this e-mail address and all the e-mail mailed to this address will automatically
be redirected to your long address. Even when you get a new, easy to remember e-mail
address you can continue to use your forwarding service. All you have to do is change
your forwarding e-mail address to the new e-mail address.
E-mail Service Providers
The e-mail service providers (ESP) existent even before the Internet became popular.
Corporations use ESP services because of their superior connectivity and messaging

solutions. Unlike Internet-based messaging services, which uses POP, most ESP's use
either the X.25 and X.400 messaging has a return receipt option that notifies the sender
whether the recipient has received the mail or not, furthermore, these technological also
allow prioritisation of e-mail. These features, which are often important to most
organisations, are not available in the existing internet-based messaging offered by
GIAS.
As ESP's do not use the standard Internet messaging technology, with ESP based
solutions you need to use messaging clients that are X.25 or X.400 compliant. The ESP
provides these. Most ESP's also provide gateways to these popular messaging packages
like cc Mail or Microsoft mail. However, there are some exceptions like Business India
Information Technologys (BIITs) aXcess World that offer Internet technology-based
messaging.
On the negative side, if the e-mail volumes are high, e-mail provider-based messaging
becomes an expensive option. The reason is e-mail service providers charge by volume,
connect time, peak hour charges and the message is for national or international
distribution. Most e-mail service providers also offer other value-added services like email-to-fix. Under this service you can send an e-mail message to a fax number and the
service converts the e-mail message to a fax message. If you are sending loads of long
distance faxes, this works out cheaper compared to regular tax transmission and costs
about the same as an e-mail message. But the advantage with ESP is that they offer email solutions and onsite support to both small and large organisations. A service not
offered by the consumer e-mail oriented GIAS service. VSNL does not just offer Internet
messaging, they also offer X.400-based messaging services under their GEMS 400
service.
E-mail Software
Microsoft Outlook Express and Netscape Messenger are popular and smart E-mail
Software. E-mail Software is used to manage the E-mail accounts. Messages can be
composed off-line, and stored in an Outbox until all the mail to be sent is ready. All the
mail in the Outbox can then be mailed together after connecting to mail server using the
Internet account.
What your E-mail Program Needs to Know?
If you are using PPP account, you have to inform your e-mail program the name of your
incoming (POP) and outgoing (SMTP) mail servers. Following are some things you need
to know before using any E-mail software.
Your e-mail address: i.e. your username followed by an @ and the domain name.
Example: aimalu@md4.vsnl.net.in
Your e-mail password: The password for your mail box. In internet based e-mail this is
usually the same as the password for your Internet account.

Your incoming (POP3) mail server: The name of the computer that receives your e-mail
messages. You can get this information from your ISP. Example:
aimalu@md4.vsnl.net.in or 140.128.1.1.
Your outgoing (SMTP) mail server: The name of the computer that distributes your
outgoing mails to the rest of the Internet (often the same as the POP3 server). Example:
aimalu@md4.
QUESTIONS
1) Explain the basic security infrastructures.
2) What is a Firewall?
3) Explain the need of firewall.
4) What does Proxy server mean? Explain its functions.
5) How do Firewalls function as Gateways?
6) Explain the function of Firewalls as Control Points.
7) Explain the different types of Network Policy.
8) Explain the different types of firewalls.
9) Distinguish between Application Layer Firewalls and Network Layer Firewalls.
10) Describe the process of ensuring security in e-commerce transactions.
11) Explain the different types of online transactions.
12) What are digital signatures?
13) Explain the advantages of Electronic mails.

- End of Chapter UNIT V

E COMMERCE AND WORLD WIDE WEB

Electronic commerce is not an entirely new idea, nor is the online transaction. Dial-up
computer services, like those provided by CompuServe since 1980, usually include
services and products that can be ordered online. Electronic funds transfer (EFT) is
another relatively mature field that is only now reaching a mass market as ATMs, gas
stations, and supermarkets increasingly accept credit, debit, and charge cards.
In 1993, when the World Wide Web protocols were first being proposed as Internet
standards, few people outside the research and academic world had even heard of the
Internet, let alone used it. Today, the Internet and the World Wide Web are such a part
of daily life that major mainstream publications no longer define Internet-related terms
like Web site, home page, or new posting.
The Internet Advantage
Despite the Internet's long existence as a non-commercial research network, its
commercialisation owes its apparent success to several factors:
The Internet is an open system
The Internet itself does not belong to anyone
The World Wide Web is the Internet's killer app.
The Internet is Open
All the Internet protocols are open and public, and anyone can use them to write
software implementations that can intemperate with other computers and networks
running the Internet protocols. Most of the competition between vendors of Internet
and TCP/IP software is based on performance, ease of use, and compatibility. None of
these vendors is foolhardy enough to announce a new version of their software that
provides even the most attractive of new features at the cost of compatibility with other
TCP/IP implementations.
LAN (Local Area Network) operating system vendors such as Novell and Microsoft have
traditionally kept their product specifications private and incompatible, but have lost
the benefits of having an entire community of researchers and developers working on
interoperable implementations, as has happened with the Internet protocols. Because of
this openness, a wide range of implementations are available, from freeware through
high-performance, high-function versions of Internet software sold by companies like
FTP Software and SunSoft. The result of this competition is lower cost barriers to small
companies and individuals who previously could not afford to connect to the Internet.
Connectivity through the Internet allows any connected individual to browse any freely
available content, without regard to memberships. At least as important is that anyone
with a dedicated Internet connection and a computer can be not just an information
consumer, but also an information provider. And instead of communicating with an
online service population, people with Internet connectivity can potentially

communicate with anyone else connected to the Internet: 30, or 40, or 50 million
people, or more, depending on when you read this.
World Wide Web, Killer App of the Internet
Most Internet applications were developed by computer scientists more often concerned
with performance and extensibility than with usability. Applications such as telnet (for
running terminal sessions on remote computers) and ftp (the File Transfer Protocol
application, for transferring files between two computers) required from the user a high
level of awareness about the operating systems of the local and remote computers.
While not entirely unusable by the less technically sophisticated, these applications
nevertheless had a sufficiently high cost of entry (long learning times) to turn off many
potential users.
Even before 1993, there were enough different information providers on the Internet to
make it a complicated matter to find a desired resource. Various applications were
developed to make searching the Internet simpler, but none was sufficiently compelling
to users. One application, Gopher, held promise. Gopher servers simply made various
Internet resources available through a common interface, using menus instead of
requiring entry of explicit commands. The resources could be file repositories or remote
computers allowing guest logins, or they could use any other allowable Internet
application; Gopher simply provided a simple character-based system, with a menubased front end to those resources. No serious contender for a killer application
appeared until the World Wide Web began and graphical browsers became available. It
had always been a hassle to track down sources of information on the Internet, connect
to the server, and attempt to locate the desired data. The World Wide Web offers
improvements both to the end users, who can point and click to navigate the Web and
locate interesting or necessary information, and to the information providers, who can
offers access to their own data as well as other related providers to a much wider
audience. Even more attractive is the ease with which regulate users can create and
publish their documents for Internet consumption.
The result was an application that appealed to a huge potential user base: those wanting
to access to free or cheap information and entertainment, but without the hassles of
figuring out how to work all the different computers and programs.
The World Wide Web
In 1989, the World Wide Web began to take shape as the ultimate networked hypertext
document. 'The idea was to use a mark-up language to create documents, relying on tags
(function-oriented labels that define how a part of a document behaves) rather than
using traditional word-processing formatting options to control the .way the document
is displayed. The result is that parts of each marked-up document behave the way they
are supposed to, no matter how they are being displayed. For example, if a line is
tagged as a title, it can be printed out in a specified font and size appropriate for hard
copy, but when it is displayed on a monitor it may appear in a different specified font,
size, and colour appropriate for that particular video display monitor.

This is very dry and technical way of saying that Web documents can be created in such
a way that a person using virtually any kind of computer (with a character-based or
graphical user interface) can access virtually any information, resources, or device
connected to a World Wide Web server. The user starts up client software and connects
to a home page, and then can surf on to other Web documents by traversing links on the
home page and other connected pages. The result is world wide web of connections
between information services on the Internet. Connected services are often provided
directly through Web documents, but the protocols allow any type of Internet
application to be accessed, including more traditional file transfer servers and terminal
sessions on larger host systems.
Although backward compatibility with existing services and systems is important, the
Web owes its success to an extra ordinarily simple user interface. Rather than requiring
an explicit search for Internet resources using arcane tools, all the services are available
in a graphic format and the user simply points and clicks to access them. As it becomes
trivially easy for increasing numbers to access a Web site, it also becomes an especially
attractive avenue for companies looking for new ways to market their products. World
Wide Web document development, server maintenance, specifications, and standards
are all important topics, but are also mostly beyond the scope of this book.
World Wide Web Standards
The World Wide Web is defined by handful of protocol specifications. Software
developers use those specifications to implement the Web browser and Web server
programs. The interaction between browser and server is defined by the Hypertext
Transfer Protocol (HTTP). Web browsers send messages conforming to this protocol to
Web servers; these, in turn, return the requested information.
Traditional Internet addressing conventions are for locating computers attached to
specific network interfaces. Special Internet host names and addresses are used, but
these are sufficient only to locate a computer - locating a specific resource on a
computer can be equally complicated, requiring the user to search through (sometimes
unfamiliar) operating system directories, folders, and files. The Uniform Resource
Locator (URL) protocol specifies how individual resources (file, documents, or even a
specific section of a document) are to be identified within the World Wide Web browsers
use these URLs in HTTP requests to remote servers. They identify to the server exactly
what resources are being requested.
Information transmitted from servers to browsers comes from Web documents stored
on the server that have been specially tagged using Hypertext Mark-up Language
(HTML) tags, which define the different functional pieces of each document. As
mentioned earlier, tags allow different parts of a document to behave differently; most
important are the abilities of text and graphics to behave as pointers to other parts of a
document, other documents and resources, and especially resources on other Web
servers. HTML documents consist of plain text (ASCII) files and may point to graphics
files, other types of multimedia files (for example, sound or full motion video files)
stored in standard formats, or other network resources (URLs).

It isn't possible to put all the information that person browsing the Web would like from
your site into HTML-formatted files. Large databases, in particular, work better when
they stay in their original formats. The Common Gateway Interface (CGI) specifies
mechanisms for passing information from the person browsing your Web server to
other resources available through that server, in particular by collecting information
along to the other resource.
This type of interchange is vital to allow the remote user to access resources such as
databases, but it is equally critical to collecting information (and then using it correctly
and automatically) for the purposes of transacting business through the World Wide
Web. Designing forms to collect orders through a Web site is not enough; there must be
some mechanism outside the server to handle that information. The user's order needs
to be processed: if a physical product has been ordered, inventory and shipping
information must be handled; billing information must always be processed. CGI
provides the link between the Web server and the rest of commercial process. Finally,
the security protocols relevant to the World Wide Web include secure Sockets Layer
(SSL) Hypertext Transfer Protocol (S-HTTP).
Browser and Servers
Web browsers (or clients) must be able to send HTTP requests and receive HTTP replies
from servers. The most popular browsers are fully graphical, although non-graphical
browsers are necessity for character-based operating systems. Browser's range from
Spartan text only implementations like Lynx for UNIX and other operating systems to
full-featured commercial products like Netscape Navigator and Microsoft Internet
Explorer. Browser functions can also be integrated into more complete network or
communications packages (like Netcom's Netcruiser or Wollongong's Emissary), or even
into operating systems (like IBM's OS/2 Warp).
There is no shortage of Web browsers for any taste or budget. All should provide access
to any Web-connected resource, although some will offer extra functions or features
such as integration with other Internet tools (e-mail, network news), options for saving
or copying retrieved data to files, and display-customisation options. Performance
enhancements, like the ability to "cache" or save documents already retrieved, can also
differentiate browsers. Just as Web browsers are available for virtually every computer
and operating system, Web server software is also widely available. To offer Web
services, a computer must be connected to the Internet, be running a Web server
program, and have Web documents available. Web servers can contain highly graphical
content without being able to display that content locally: The server system need only
be able to run the server software and store the hypertext documents and files.
Although a basic PC with a full-time dial-up telephone link to the Internet is sufficient to
act as a Web server, it would not be sufficient to serve very many simultaneous users.
More often, Web servers are set up on higher-performance systems with higherperformance connections to the Internet. Individuals and organisations wishing to
provide Web services have the option of setting up (and managing and maintaining)

their own system, or paying an Internet presence provider to run their Web sites for
them.
Selling on the World Wide Web
With its easy-to-use and graphical interface, the World Wide Web seems an ideal
medium for commerce. The biggest obstacle to commercialisation of the Internet, its
funding by government agencies for research purposes only, disappeared rapidly in the
early 1990s as those subsidies expired and were not renewed. Obstacles such as a lack of
market penetration and lack of mechanisms for secure transactions are rapidly
disappearing, as consumers and businesses are flocking to the Internet and developers
are turning their attentions to the problem of securing the Internet for commerce.
Keeping in mind the previous discussion of commercial transactions, we can say that
selling on the World Wide Web parallels selling in the real world. Very simply, the
customer enters the merchant's Web site and views product and company information.
If the merchant successfully sells a product and fosters sufficient trust in the customers
to generate an order, the customer will place an order.
The merchant's overall presentation, both online and offline, determines the consumer's
level of trust. The Web page presentation content - products, descriptions, pricing, and
delivery - will help the consumer to make a decision. The rest of the transaction is
carried on across the World Wide Web, but may require additional mechanisms
connected to it. For example, the purchase of a digital product such as the text of an
article can be carried on entirely through the Web page: The buyer selects the desired
article and enters a credit card account number, and the Web server transmits the
article. Assuming that some security mechanism is in place to keep the credit card
account number private, no other network mechanisms are required (remember, of
course, that the vendor in this instance would have to collect the sale information and
process the credit card transaction manually).
Commerce over the World Wide Web requires more than transaction security: it
requires mechanisms for processing sales as well. Those mechanism cover the process
from the point at which the sale information has been captured through the Web,
moving information to the appropriate systems within the merchant's organisation as
well as outside, to companies that provide services like credit card authorisation, to
banks providing electronic banking services, and to other organisations involved in
electronic transfers of value.
Commerce Models and Environments
The movement of money between buyer and seller is rarely simple even in the
traditional storefront. Credit cards, debit cards, and charge cards all represent different
payment methods; add to the mix cash, personal and third party cheques, traveller's
cheques, and money order, and it is no longer simple to figure out where the money is
and where it is going.

Electronic commerce systems include many of the same options as non-electronic

commerce, but add different methods of transmission. Electronic payments can be as
simple as the unencrypted transmission of a credit card account number, or as complex
as the encrypted transmission of a digitally signed electronic check. Third-party
payment processors and electronic currencies add to the complexity.
Consumer Oriented e-Commerce (B2C)
The Internet offers the opportunity to buy and sell almost anything. Books, CDs and IT
supplies have been among the first products to make a splash online but buying ticket,
contracting insurance, servicing a bank account or finding a house are just a few of the
many products and services that are available.
Consumer e-Commerce has gained a new dynamic by the popularisation and
commercialisation of the Internet but online business has been around for some time
using technologies such as interactive videotext and TV shopping channels.
Consumer trade transactions are open to anyone with an Internet connection. eShopping can take place using a computer at home, from work or at a cyber cafe. The eshop can be anywhere in the world and it is open 24 hours a day. All that said, shopping
is still shopping and sometimes it is a pleasure and sometimes it is a curse. How it works
out depends on who is buying, who is selling and what is being sold. This section looks
at what constitutes an e-Shop and analyses e-Sales in terms of the stages of the trade
cycle.
Internet e-Commerce
The basic elements of Internet use and of Internet e-Commerce are:
The user of the system with a computer hooked-up to the Internet. The user accesses
the Internet using software known as a browser, e.g. Netscape or Internet Explorer; the
computer running the browser is the client.
The content provider who has set up an Internet application and installed it on an
Internet linked computer. The computer that holds the Internet content is known as a
server.
The Internet application may be linked to back office systems to process transactions
and utilise information held on databases.
For Internet service provider through the World Wide Web (web) the data is
formatted, for the basic web page, using mark-up language (HTML).
These elements are shown in the following figure:

e-Shop
For e-Commerce applications that are selling goods or services the Internet application,
held on the server, is an e-Shop. The infrastructure of the e-Shop can be very simple or it
may be very complex. The" basic element of an e-Shop is a web page that offers or
advertises the goods for sale and provides a means for the shopper to make the
purchase. A example of a simple e-Shop, set up by Charlie Bucket (and with apologies to
Roald Dahl) are shown in Figure 2.

At its very simplest the e-Shop, or online advert, could simply list the products for sale
or the services offered and invite the customer to phone, fax or e-mail their order.
The next step up, to make a 'real' e-Shop, is to add online purchasing. This adds a level
of complexity, the site is no longer simply coded in HTML but needs some way of
interacting with the server so that the customer and credit card details can be passed
across.
Complex e-Shops have many more features, these can include:
Customer Registration
Some e-Shops ask the customers to register and then store the customer details on a
database. This then allows the vendor to tailor its information for the specific customer
and saves the customer typing in details again on future visits. Registration can, it is
thought, encourage a customer to return but it can also be off-putting for the first time
customer - it is a hassle to input a lot of personal details and the customer may be
concerned about how the information will be stored and used.
Dynamic Web Pages
The basic web page is formatted in HTML and is then fixed; to change it requires that
the source be edited. A dynamic web page is built for each user when the web browser
requests it. Reading a database in which case the page can include, for instance, the

latest price and possibly whether the goods are in stock may build the dynamic web
page.
Personalised Web Pages
This is another use of the dynamic web page. If the customer has registered with the site
the system can generate a page for that specific customer. An airline site could, for
instance, display the details of the customer's frequent flyer programme and feature
flight deals from the customers' local airport.
A Shopping Basket
Customers in a conventional shop are likely to collect a number of products, in a
shopping basket / shopping cart, before coming to the till and making the purchase. The
shopping basket analogy is used in many larger e-Shops. Goods can be selected and
placed in the electronic basket. Facilities are made available for the contents of the
basket to be reviewed and unwanted goods can be returned to the 'shelves'. When the
shopping is complete the customer then makes payment for the goods in the basket.
Additional Information
The e-Shop needs to let the customer know what the product or service is. The Internet
has both advantages and disadvantages in this area. The customer cannot select their
own bananas or try on the jumper but they can have additional information not
normally available in a conventional shop. Examples of this are:
The wine shop that gives a detail assessment of each vintage;
Bookshops that provide customer views (both good and bad);
Music sites that can play a sample of the recording that is for sale.
The provision of the additional information, if done well and kept up to date, can give
the shop a buzz and keep the punters coming back.
Community
Beyond the concept of additional information, is trying to create a sense of community
around the store. Bulletin boards are one such device in this area (but preferably not
bulletin boards where the shop and the products are criticised too much).
Multiple Payment Options
The current norm for online payments is a credit card and most e-Shops will want to
accept all major credit cards. Some e-vendors also have / accept:

 Their own store credit card (often also available for use in conventional branches of the
store);
Debit Cards;
e-Cash, money represented electronically on the web and available for spending with
sites that are participants in the scheme;
Payment by phoning the credit card number or posting a cheque. A device that delays
completing the transaction but that is made available for customers that are concerned
about online payments.
Encryption
e-Shops are very sensitive to the notion that e-commerce is insecure, particularly when
it comes to online payments. Most e-Shops use an encryption system to secure (or add
security) to the transmission of personal and payment details. There are various security
/ encryption schemes in use or being developed and there are arguments as to which is
best.
Online Delivery
Electronic products such as software, information and music can be delivered online.
Where is appropriate, the use of online delivery cuts the cost of distribution and avoids
the customer having to wait for the goods to arrive.
Loyalty Schemes
Some e-Shops are introducing loyalty schemes. Each purchase made attracts a number
of points, accumulated electronically by the vendor, can eventually be used for discounts
or free goods.
Online Help
Having used the Internet for sales it can also be used for after sales. The web page can
be used for product instructions and self-diagnosis pages - all of which can be updated
when the need arises. The customers can also use e-mail for online help (an expensive
game for the vendor to play if the help service is free and it becomes popular).
Shopping Mall
e-Shops may be set-up as a part of an online mail. Like their conventional equivalent the
online mall is designed to attract customers because there is a range of stores. e-Mails
can help out the individual vendors with shared facilities, for instance a common
customer file and a shared payment infrastructure.
Internet Shopping and the Trade Cycle

As with any other trade exchange, a purchase on the Internet has a number of stages.
Typically for a retail sale the trade cycle is simpler than for business to business
transactions; there is no negotiation and settlement takes place at the same time as the
order (there is no credit offered). The stages in the retail trade cycle, and some of the
difference when the selling is done online, are:
Search
To make a purchase a shopper has to find an appropriate vendor. This is true for a
business looking for suppliers or a consumer going to conventional shops and is equally
true of the online shopper. For the online shopper, the ways of finding goods are:
Selecting a menu item or a button on the portal - the screen that is first shown when
the user logs on to the Internet.
Using a search engine to find an appropriate Internet e-Store site.
Following a link to a store from another page that is advertising it.
Selecting a page that has been featured on an advert or that is recommended by a
friend.
And finding a shop that sells what is wanted in a way that the customer is comfortable
with can be just as easy, or as hard, as it is on the high street. Once a useful store is
found the customer is likely to want to return; Internet addresses are not necessarily
memorable and book marking the site in the browser is the way this is done.
Order
Once on the site the consumer has to do their shopping. In the conventional shop the
consumer can wander through isles or departments looking at the merchandise or ask
an assistant for help. The online shop does the same, except electronically. The larger eStore will have departments and there will be a search engine (or an index) that can
assist in finding goods. There is less likely to be an assistant that comes to bother you
(but the boffins are working on that one).
A picture and a description rather than the real thing represent the goods, when found.
This can be a disadvantage for goods such as clothes but it may be an opportunity to
provide better information for items such as books and wine. Technical ways of
overcoming the deficit are being developed; virtual reality to show off garments is one
such approach. Ordering of goods takes place by selecting the image, the name of the
product or a selection box.
Payment

Once the goods have been selected they have to be paid for. The normally way of paying
for online purchase is by the input of credit card details; e-Cash is an alternative that is
under development.
Delivery
The smart way to do business is to get your customers to do the work for you. Ecommerce does this with the ordering process but not with delivery. In a conventional
shop the customer usually transports the goods home, in an e-Shop the goods have to be
delivered and that could be inconvenient and always adds to the cost.
The delivery issue associated with e-commerce is an important one and it is one that is
often ignored. An e-commerce vendor needs a retail distribution network that matches
the nature of the goods, the cost structures of the distribution industry and the
expectation of the consumer. The delivery requirements differ for a book that can be
posted from almost anywhere, fresh food that needs a local distribution depot and, for
instance, software that can be delivered, at the time of purchase, online.
After-Sales
Goods that you don't like or that don't work can be taken back to the store (although
how helpful the store can be another issue). Sending back goods bought online can seem
to be more of a problem.
Advantages and Disadvantages of Consumer e-Commerce
The spread of Internet e-Commerce will depend on the perception of the consumer of its
advantages and disadvantages. This perception depends, in part at least, on the
individual, their circumstances and the goods or services that are to be traded. Among
the advantages of Internet e-Commerce for both the consumer and the trader are:
1. Home Shopping
Shopping can be done from the home, hopefully quickly and conveniently. Internet eCommerce avoids the hassles of travelling, parking, queuing and whatever else makes
you made in a shop.
2. World-wide, 24 hours a Day Trading
The Internet home shopper can access an e-Shop anywhere in the world at any time day
or night (although not all e-Shops will deal with a world-wide clientele).
3. The Latest Thing at Bargain Prices
Goods bought online may be cheaper or more up-to-date than goods available in a
conventional retail shop.

4. Home Delivery
The goods are brought to your door - can be an advantage if you are there to take them
in.
5. Online Sales Support
For some goods there can be information online on how to use them and how to fix
them. E-mail can also be an appropriate facility for after-sales services.
Disadvantages of Internet e-Commerce include:
1. Privacy and Security
The privacy of personal details and security of financial transactions are a concern to
many users and potential users of e-Commerce.
2. Delivery
Where tangible goods are bought online they have to be delivered. Delivery can be an
advantage but it causes delay, sometimes inconvenience and it adds another cost.
3. Inspecting Goods
The web can provide a good picture, an eloquent description and even customer reviews
or virtual reality displays but you cannot actually see, feel or try on the goods you are
buying.
4. Social Interaction
Shopping for some is a chore and for others is an excursion. A shopping trip on the
Internet will not be the same experience as a shopping expedition with family or friends
(for those who like such things).
5. Return of Goods
Having to return faulty goods takes time and is an embarrassment. Returning good to
an online vendor can seem even more problematic.
The online trader has some of these advantages; access to world-wide markets may be
one of these. Advantages specific to a trader are:
a. High-tech Image
Being known as an online trader gives an up-to-date image. Some customers will use
the web site to look up products and then use the conventional store to make purchase.

b. Reduced Costs
The online trader does not have the expense of staffing and maintaining conventional
retail outlets - premises for an online trader can be much more functional.
An additional issue for the consumer is whether they will always have the option to
choose between e-Commerce and the conventional trade alternative. The possibility of
submitting forms to public administration electronically or getting discounts /
favourable terms for online services such as ticket sales and banking transactions may
turn into compulsion. Service providers may be able to make significant cost savings
using online transactions and the conventional alternative may, one-day, be withdrawn.
Electronic Payment Systems1
1The

original source is greatly acknowledged

http://www.ex.ac.uk/~RDavies/arian/emoneyfaq.htrnl and other sites.
As the Internet continues to transform commerce, it known the method of payment is
one component, which is critical to successfully conducting business across a network.
Electronic Payment Systems offers the first comprehensive, up-to-date survey of the
major electronic payment schemes currently available - from a technical perspective.
Motivation for Electronic Payment
Characteristics of Current Payment Systems
Cryptographic Techniques
Credit Card-Based Systems
Electronic Checks
Electronic Cash Payment Systems
Micropayment Systems
Payment Systems - Prospects for the Future
Requiring only a basic familiarity with computing and networking, the book covers
numerous Internet payment systems including SET (Secure Electronic Transactions),
FSTC electronic checks, electronic cash and Millicent. It also identifies the properties
unique to the various payment schemes, provides a working knowledge of the necessary
cryptography, and explains the protocols involved. In eight concisely written chapters,
people acquire the background they need to fully understand how each payment system
works.

If they deal with payment systems and financial software on a daily basis, this book does
the homework for them. It saves time by gathering and presenting timely information
on today's most influential Internet payment systems - and helps you understand the
key criteria for evaluating and selecting a system that's efficient, effective, and secure.
Digital Cash & Monetary Freedom
Much has been published recently about the awesome promises of electronic commerce
and trade on the Internet if only a reliable, secure mechanism for value exchange could
be developed. This lesson describes the differences between mere encrypted credit card
schemes and true digital cash, which present a revolutionary opportunity to transform
payments. The nine key elements of electronic, digital cash are outlined and a tenth
element is proposed which would embody digital cash with a non-political unit of value.
It is this final element of true digital cash, which represents monetary freedom -the
.freedom to establish and trade negotiable instruments. For the first time ever, each
individual has the power to create a new value standard with an immediate world-wide
audience.
If all that digital cash permits is the ability to trade and store dollars, francs, and other
governmental units of account, then people have not come very far. Even the major card
associations, such as Visa and MasterCard, are limited to clearing and settling
governmental units of account. For in an age of inflation and government ineptness, the
value of what is being transacted and saved can be seriously devalued. Who wants a
hard drive full of worthless "cash"? True, this can happen in a privately managed digital
cash system, but at least then the market determines it and individuals have choices
between multiple providers.
The section on key elements of a private digital cash system compares and contrasts true
digital cash to paper cash as we know it today. Each of the following key elements will
be defined and explored within the bounds of electronic commerce:

Secure (unable to alter or reproduce)

Anonymous (untraceable)
Portable (physical independence)
Infinite duration (until destroyed)
Two-way (unrestricted)
Off-line capable (availability)
Divisible (fungible)
Wide acceptability (trust)
User-friendly (simple)
Unit-of-value freedom (non-political)

The transition to a privately operated digital cash system will require a period of brandname recognition and long-term trust. Some firms may at first have an advantage over
lesser-known name-brands, but that will soon be overcome if the early leaders fall

victim to monetary instability. It may be that the smaller firms can devise a unit of value
that will enjoy wide acceptance and stability (or appreciation).
True digital cash as an enabling mechanism for electronic commerce depends upon the
marriage of economics and cryptography. Independent academic advancement in either
discipline alone will not facilitate what is needed for electronic commerce to flourish.
There must be a synergy between the field of economics, which emphasises that the
market will dictate the best monetary unit of value and cryptography, which enhances
individual privacy and security to the point of choosing between several monetary
providers. It is money, the lifeblood of an economy, which ultimately symbolises what
commercial structure we operate within.
"Money does not have to be created legal tender by government: like law, language and
morals it can emerge spontaneously. Such private money has often been preferred to
government money, but government has usually soon suppressed it." - F. A. Hayek,
Nobel Laureate.
The year is 2005. People buy lunch at a deli and they pay in wireless digital cash from
them through electronic wallet. Currently, all promised visions of the future - with one
notable exception. The cashier gives them a choice of monetary units, which are both,
displayed on the flat-panel screen for them to view. The turkey and cheese sandwich will
cost them Rs.50 or 5 pvu. The monetary symbol "pvu" is an abbreviation for "private
value units", which now compete in most commercial settings with the US Dollar and
have stayed remarkably stable since their initial issuance in mid-1996.
The future belongs to superior private currencies and the linchpin for successful digital
cash ventures will undoubtedly be freedom in the unit of value. People are witnessing
nothing less than the birth of a new industry - the development, issuance, and
management of private currencies. Once seeded, digital cash as the representation of
binary value will pave the way to a further off-network revolution in money. Much has
been published recently about the awesome promises of electronic commerce and trade
on the Internet and World Wide Web if only a reliable, secure mechanism for value
exchange could be developed. This lesson highlights the differences between mere
encrypted credit card schemes, as Visa, Mastercard, and others are currently developing,
and "true" digital cash, which presents a revolutionary opportunity to transform
payments. The nine key elements of electronic, digital cash are outlined and a tenth
element is proposed which would embody digital cash with a non-political unit of value.
It is this final element of true digital cash, which represents monetary freedom -the
freedom to establish, circulate, and trade negotiable monetary instruments. The
opportunity to launch an alternative monetary system on a grand scale simply has not
been available until recently. Granted, small local experiments, such as LETS and
constants, with limited real-world penetration have always seemed to exist in one form
or another. But, only lately with a global, inter-networked societies can truly say that the
established monetary order is susceptible to challenge.

Specifically, the Internet provides (1) ease of mass issuance and circulation, (2)
accessible encryption technology, (3) affordable currency transfer infrastructure, and
(4) real-time conversion between competing units. Essentially, for the first time ever,
each individual has the power to create a new value standard with an immediate worldwide audience. This should serve as a friendly warning to the clearing associations,
banks, and financial service providers of the current paradigm.
Importance of Monetary Freedom
Monetary freedom is essential to the preservation of a free-market economy. As the
current trend on the Internet demonstrates, robust economic commerce depends on a
flexible, responsive monetary system which can best be provided by unbridled market
competition. This implies not only market competition among issuers but also strong
competition among the units or representative units that are being issued. Ultimately,
the competition for the standard of value should be no different than the competitive
market of multiple providers that see for toothpaste or shoes.
When a single currency issuer, such as the "Fed", controls the supply of money and the
specific units being transacted, the potential exists for monetary manipulation and an
overbearing control of the economy. With the unprecedented growth of the Internet, the
standards for electronic commerce are still evolving. Neither the US Dollar, nor any
other governmental unit, has gained a foothold into this new economy. The monetary
landscape is ripe and wide open and private currencies should infiltrate now.
If all that digital cash permits is the ability to trade and store dollars, francs, marks, yen,
and other governmental units of account, then people have not come very far. Even the
major card associations, such as Visa and MasterCard, are limited to clearing and
settling governmental units of account. For in an age of inflation and government
ineptness, the value of what is being transacted and saved can be seriously devalued.
Who wan; a hard drive full of worthless digital "cash"? True, this can happen in a
privately managed digital cash system, but at least then the market determines it and
individuals have choices between multiple providers.
Key elements of a private digital cash system
This section compares and contrasts true digital cash to paper cash. Each of the
following key elements will be defined and explored within the bounds of electronic
commerce:
Secure
Anonymous
Portable (physical independence)
Infinite duration (until destroyed)

 Two-way (unrestricted)
Off-line capable
Divisible (fungible)
Wide acceptability (trust)
User-friendly (simple)
Unit-of-value freedom
As would-be currency providers should note, there are ten key elements to a successful,
private digital cash system. This section compares and contrasts true digital cash to
paper cash, as we know it today. Each of the following key elements of digital cash
"token" will be defined and explored within the bounds of electronic commerce. It has
yet to discover a working digital cash system, which meets all ten criteria although
several are reportedly close. In 1991, Tatsuaki Okamoto and Kazuo Ohta proposed six
properties of ideal digital cash, which are incorporated into elements one through six
below:
Secure: The transaction protocol must ensure that a high-level security is maintained,
through sophisticated encryption techniques. For instance, Alice should be able to pass
digital cash to Bob without either of them, or others, able to alter or reproduce the
electronic token.
Anonymous: Anonymity assures the privacy of a transaction on multiple levels.
Beyond encryption, this optional intractability feature of digital cash promises to be one
of the major points of competition as well as controversy between the various providers.
Transactional privacy will also be at the heart of the government's attack on digital cash
because it is that feature which will most likely render current legal tender irrelevant.
Both Alice and Bob should have the option to remain anonymous in relation to the
payment. Furthermore, at the second level, they should have the option to remain
completely invisible to the mere existence of a payment on their behalf.
Portable: The security and use of the digital cash is not dependent on any physical
location. The cash can be transferred through computer networks and off the computer
network into other storage devices. Alice and Bob should be able to walk away with their
digital cash and transport it for use within alternative delivery systems, including noncomputer-network delivery channels. Digital wealth should not be restricted to a
unique, proprietary computer network.
Two-way: The digital cash can be transferred to other users. Essentially, peer-to-peer
payments are possible without either party required attaining registered merchant
status as with today's card-based systems. Alice, Bob, Carol, and David share an
elaborate dinner together at a trendy restaurant and Alice pays the bill in full. Bob,

Carol, and David each should then be able to transfer one-fourth of the total amount in
digital cash to Alice.
Off-line capable: The protocol between the two exchanging parties is executed offline, meaning that neither is required to be host-connected in order to process.
Availability must be unrestricted. Alice can freely pass value to Bob at any time of day
without requiring third-party authentication.
Divisible: Digital cash token in a given amount can be subdivided into smaller pieces
of cash in smaller amounts. The cash must be fungible so that reasonable portion of
change can be made. Alice and Bob should be able to approach a provider or exchange
house and request digital cash breakdown into the smallest possible units. The smaller,
the better it is to enable high quantities of small-value transactions.
Infinite duration: The digital cash does not expire. It maintains value until lost or
destroyed provided that the issuer has not debased the unit to nothing or gone out of
business. Alice should be able to store a token somewhere safe for ten or twenty ' years
and then retrieve it for use.
Wide acceptability: The digital cash is well known and accepted in a large
commercial alone. Primarily a brand issue, this feature implies recognition of and trusts
in the issuer. With several digital cash providers displaying wide acceptability, Alice
should be able to use her preferred unit in more than just a restricted local setting.
User-friendly: The digital cash should be simple to use from both the spending
perspective and the receiving perspective. Simplicity leads to mass use and mass use
leads to wide acceptability. Alice and Bob should not require an advanced degree in
cryptography, as the protocol machinations should be transparent to the immediate
user.
Unit-of-value freedom: The theme of this lesson: the digital cash is denominated m
market-determined, non-political monetary units. Alice and Bob should be able to issue
non-political digital cash denominated in any defined unit, which competes with
governmental-unit digital cash.
Implementing a Non-political Unit of Value
The transition to a privately operated digital cash system will require a period of brandname recognition and long-term trust. Some firms may at first have an advantage over
lesser-known name-brands, but that will soon be overcome if the early leaders fall
victim to monetary instability. It may be that the smaller firms can devise a unit of value
that will enjoy wide acceptance and stability (or even appreciation).
Potential Unit Providers
Opportunities abound for almost anyone but in reality the greatest advantage currently
goes to the on-line shopping malls and the large merchant sites on the Internet, such as

Open Market, Internet Shopping Network, and Net Market, for it is this group that will
directly influence the payment channel between consumer and merchant through their
extensive contact with both. And, this influence can be utilised to their advantage to
build preference for their "site" through money issuance in much the same way that
various forms or scrip and coupons build customer loyalty and guarantee repeat visits.
As will be explained later, the true business gain is realised when the units are
negotiable in their own right and not merely accepted at the mall only.
Other potential unit providers include Internet service providers (ISPs), bulletin board
system operators (BBSs), content publishers, card-based payment networks, and wellknown manufacturer or service companies. They all share in common the existence of
an extensive base of on-line customers. As the new digital cash providers, international
brand names, such as Coca-Cola, Microsoft, and IBM, find themselves in an enviable
position to capitalise immediately on their global name recognition.
Distribution and Circulation
Probably the least exploited system in the world of money is the metric system. To cite
an example, I propose a decimal unit-of-value measurement system that is based on the
1864 metric system. It possesses built-in ease of calculation and is universally
recognised. Hypothetically, it would have the following monetary unit prefix
designations:
kilo- (1,000)
hecto- (100)
deca- (10)
base unit name (1)
deci- (0.1)
centi- (0.01)
milli- (0.001)
The base unit name becomes the unit, which is being distributed, such as a pvu in the
2005 example. Initial distribution techniques for the new private money include
elimination of discount fees for merchants, free coupons or promotions to consumers,
and royalty schemes for content providers that accept payment in the new digital cash.
This area affords unique opportunities for innovative advertisers and marketers to
involve them in electronic commerce. Once digital cash has hit the market, circulation
will then be a factor of merchant acceptance and the rewards of ultimate redemption.
Redemption and Convertibility

Monetary backing includes equity mutual funds, commodity funds, precious metals, real
estate, universal merchandise and/or services, and even other units of digital cash.
Anything and everything can be magnetised. This will undoubtedly develop into a main
basis for competition among digital cash providers as each one promotes their
underlying currency backing as the strongest and most reliable. Unlike today's national
monetary systems, the benefits of a strong currency will be immediately noticeable
within a country's borders. With multiple monetary unit providers, domestic prices will
adjust rapidly to reflect relative values of monetary units and the holders of stronger
currencies will benefit. This is a vastly different world then people have now and
consumers will analyse currencies as the investments that they really are.
Focusing on the option of equity mutual funds, this does not imply that a prospective
digital cash provider learns to become adept at managing an entire portfolio. Mutual
funds of mutual funds exist today and contracts can be executed with the specialist
managers of those funds. Outsourcing the portfolio function takes advantage of the
experts in the field today who compete already on reliability and overall performance prime benchmarks for a private monetary unit. The issuer's skills should concentrate on
distribution, monitoring geographic circulation of the unit, and managing the rate of
redemption.
Managing a Non-political Unit of Value
After initial issuance and circulation, the digital cash providers must turn their attention
to the management of the monetary unit if it is to survive in an ultra-competitive
environment. This can prove the most difficult area due to the perennial temptation of
over-issuance.
Digital Cash-flow Administration
Since electronic monetary units on a client/server network can return to the issuer
almost instantaneously, extreme diligence is required in accounting for digital cash and
tracking redemption patterns. This need not be solely the function of the issuer and
probably will not be as new sheets and databases evolve to manage the discounting and
exchange function. As multiple currencies infiltrate the market, their relative values will
dictate that they trade at a discount or premium to some other benchmark. These freemarket clearinghouses act as a central bank forcing each issuer to maintain an adequate
balance between digital cash outstanding and the chosen reserve backing. Systems of
clearing and redemption are a necessity for the smooth operation of free banking as they
provide a check on over-issuance and the general deterioration in sound credit.
Therefore, the manager of a private monetary unit can rely on these clearinghouse
parties to communicate to the public the unit's standing in the economy. Moreover, if
the discount of a particular unit begins to deteriorate, it can alert management to the
fact that some market forces are affecting the demand for that unit.
Issuer Benefits

Taking the proposal one step further, let us assume that after witnessing the on-line
successes with monetary freedom a point-of-sale brand such as American Express
wanted to capitalise on their global infrastructure and issue proprietary monetary units,
in both digital cash and non-digital cash form. Just as with our on-line provider, the
benefits to American Express are substantial if an American Express monetary unit can
gain world-wide acceptance. Primarily, American Express will benefit from:
a) Increased acceptance of American Express card products at merchant locations. This
will be possible because of the lower fees and discount rates derived from managing a
private unit of account.
b) Increased demand for American Express card products in countries without
established currencies and in countries with severe monetary instability of the
established currency. This applies to several new democracies in Eastern Europe and the
volatile third world nations of Africa and South America. Devaluations and revaluations
of a currency have always plagued American Express from a financial management
perspective. However, a new American Express monetary unit will provide these
countries with a stable alternative to their own currency without the political
ramifications of adopting the "imperialist" US Dollar.
c) Natural marketing benefits associated with a private currency or unit of account. It is
easiest to displace cash and cheques by becoming cash and cheques. American Express
will gain clout from the name association and brand identification that accompanies a
pricing system. Since American Express's private monetary unit will be the first nongovernmental unit of account. It is difficult to compare to other products, but it is fair to
say that from a trade perspective American Express will benefit in much the same way
that the United States benefits when products globally are priced in US Dollars.
d) Transaction volume that remains within the American Express system by providing a
unit of account with ultimate redemption only at an American Express location. A sharp,
sustained increase in transaction volume can be expected because the majority of
cardholder transactions made in the American Express monetary the acceptor of the
American Express monetary unit will duplicate unit. This will occur because of the
incentive to avoid costly conversion out of the American Express monetary unit. The
user incentive is maintained by providing a stable unit of value with strong merchant
acceptance. The great irony occurs when Visa and Mastercard begin accepting and
processing transactions denominated in the American Express monetary unit through
their authorisation and clearing systems.
e) Open market operations conducted by American Express that expand or contract the
available supply of American Express currency. The gains in this case are derived from
the fact that American Express can determine its own monetary unit's short-term
interest rate, and hence lending revenue, by manipulating its own unit's supply. The
capital for these operations is generated from the difference between the digital cash
face value and the cost to produce and ultimately back the electronic token. Issuers may
lend capital or spend capital that is generated in this fashion.

Since the treasury division of American Express would resemble, in some respects, the
dealing room of the Federal Reserve Bank, American Express could artificially expand
the supply of its own monetary unit to generate direct corporate revenue with the
obvious constraint being the long-term preservation of the unit's market value. This may
prove to be a tricky endeavour and it is the tightrope that a monetary issuer walks.
f) Increased corporate borrowing capacity resulting from an almost immediate increase
in overall capitalisation of the company. Over time, the balance sheet of the issuing
entity will largely be a function of the American Express monetary units in circulation. A
stronger balance sheet can only enhance the strategic position of the corporation in
financial markets.
g) Potential unrealised profits from a managed portfolio comprised of a reserve-backed
currency at a time when government fiat currencies are suffering from international
market instability. The profits of currency held are a direct result of the appreciation of
the new monetary unit relative to other monetary units.
True digital cash as an enabling mechanism for electronic commerce depends upon the
marriage of economics and cryptography. Independent academic advancement in either
discipline alone will not facilitate what is needed for electronic commerce to flourish.
There must be a synergy between the field of economics, which emphasises that the
market will dictate the best monetary unit of value and cryptography, which enhances
individual privacy and security to the point of choosing between several monetary
providers. It refers to this new sub-discipline as cryptonomics. The Internet is a new
world demands a new currency - a new standard of value. As an enabling mechanism for
social change, digital cash has vast implications for macroeconomics in the area of a
government's money monopoly and taxing authority. In light of the growing attacks on
individual privacy both in the United States and abroad, there has never been a more
important time to emphasise the concepts behind the vigilant protection of total
financial and monetary privacy. It is money, the lifeblood of any economy, that
ultimately symbolises what commercial structure, and hence what political structure,
humans operate within.
Prepaid Smart Card Techniques
A prepaid smart card contains stored value, which the person holding it can spend at
retailers. After accepting stored value from cards, system providers periodically
reimburse retailers with actual money. A system provider receives money in advance
from people and stores identical value onto their cards. During each of these three kinds
of transactions, secured data representing value is exchanged for actual money or for
goods and services. Telephone cards used in France and elsewhere are probably the best
known prepaid smart cards (though some phone cards use optical or magnetic
techniques, which are not considered here). National prepaid systems combining public
transportation, public telephones, merchants, and vending have already been
announced in a number of countries. And road tolls at full highway speed are not far
behind. The systems proposed so far are compared, after a quick look at the card types
on which they are based.

Card Types
There are in essence only four types of microcircuit card that have been suggested for
use in prepaid applications, each based on a particular kind of chip. They are listed here
in historical order:
Memory cards: The chip in these cards consists only of storage and a little extra
hardware that prevents access to the stored data unless certain stored passwords or
PINs are input correctly. Most telephone cards are of this type.
Shared-key cards: Secret keys in the chip let the card authenticate its
communication with any device sharing the same keys. The chips are standard microcontroller card chips, with masked-in software for the cryptographic authentication
algorithms.
Signature-transporting cards: The same chip hardware as in shared-key cards is
used, but with different software masked-in. The card stores publicly verifiable digital
signatures created by the system provider, and fills them in like blank cheques when
spending them.
Signature-creating cards: These chips also contain a micro-controller, but in
combination with a dedicated co-processor capable of making digital signatures. Instead
of spending signatures created by the system provider, they create their own.
Comparison
Security and cost are the fundamental criteria used here for comparing prepaid card
techniques, but the best choice of technology depends on the situation. Security suitable
for an in-house company card, for instance, may be wholly inadequate for a national or
international card, which may require protection of many system providers from each
other as well as protection of personal privacy. Also depending on the setting, higher
card costs can lead to lower system costs.
Closed or Open Security
Memory cards are suitable only for closed systems where a single company issues the
cards and accepts them as payment for goods and services, or for systems with very low
fraud incentive. The reason is that defrauding such systems requires only a small
computer interposed between an actual card and a cash register. The computer merely
has to record the secrets communicated during an initial transaction and can then, as
often as desired, be used to play the role of a card having the initial balance.
Shared-key card systems require a tamper-resistant secured module in each vending
machine or other point of payment. The module uses the key it shares with a card to
authenticate messages during purchases. This lets the card convince the module that it
has reduced its stored value by the correct amount and that it is genuine. A card
convinces by using the shared key to encrypt a random challenge issued by the module

together with an amount, so that the module can decrypt the transmission and compare
the result with the expected challenge and amount. Periodically, the module transmits a
similarly authenticated message, via telecommunication or manual collection
procedure, back to the system provider, who reimburses the retailer.
The secured module in a shared-key system thus needs to store or at least be able to recreate secret keys of all cards, which gives some problems. If the cards of multiple
system providers are to be accepted at the same retailers, all the retailers must have
secured modules containing keys of every provider. This means either a mutually
trusted module containing the keys of multiple providers, which might be hard to
achieve, or one module per provider, which becomes impractical as the number of
providers, grows. Furthermore, in any shared-key system, if a module is penetrated, not
only is significant retailer fraud facilitated, but also the entire card base may be
compromised.
Signature-transporting and creating card types avoid these problems since they do not
require secured modules. Cash registers need no secret keys, only public ones, in order
to authenticate the signatures, which act like guaranteed checks filled in with all the
relevant details. The system provider for reimbursement can later verify these same
signatures. (Although tamper-resistant modules are not needed for verification, they can
still be used to aggregate transactions.) Both signature-based card types also allow the
cards of any number of issuers to be accepted at all retailers; retailers cannot cheat
issuers, and issuers cannot cheat each other. These are the only truly open systems.
Privacy
All cards, except the signature-transporting type, uniquely identify themselves in each
transaction. This means that even if the card does not reveal the person's identity, all
payments a person makes are linked together by the card identity. As a consequence, if a
reload or any one of the payments made by a person is traced to that person, then they
all are. The reason for identification of shared-key cards is that security is thought to be
too low if all cards have the master key. Therefore cards are given unique keys, and the
cash register needs the card identity each time to re-creates the corresponding unique
card key from the master key. The signature-transporting approach avoids the need for
identification, since instead of a single key per card, cards use a different signature per
payment. When the system provider makes signatures on blinded checks that are then
un-blinded by the card, not even the system provider can trace payments to cards.
Card Costs
The overall cost of cards for a system is determined not only by how much each card
costs, but also by how long cards last and how much of each card is needed. Nonrefillable memory cards have a very limited card lifetime and are suitable only for a
single purpose. But micro-controller cards can last years and is flexible enough to
handle a variety of things, not limited to stored value, thereby allowing sharing of card
cost among multiple applications.

Bonding chips into modules, assembling them into cards, and printing can cost about
the same for all card types, roughly US$ 0.50 to 2.00 (plus the cost of the small fraction
of chips that are damaged during production). Non-refillable cards, however, typically
use less durable materials and less costly production techniques.
Memory card chips are much smaller, and consequently much less expensive to
produce, than those in micro controller cards. They cost, depending on the type, roughly
between US$ 0.10-0.40 in quantity. Shared-key and signature-transporting cards today
use exactly the same chip hardware, only the masked-in software differs. Suitable chips
cost about US$ 1.00-1.20 in quantity. Signature-creating card chips, which need extra
circuitry for the co-processor (or a very powerful processor), require more on a chip, are
relatively new on the market, and currently cost several times more.
Non-Card Costs
Apart from cards themselves, the other main system costs are card issuing and refilling,
retailer equipment, and system provider processing and security measures. If cards are
issued with value on them, as is of course required with non-refillable memory cards,
then they must be transported, stored, and dispensed, using costly security and audit
provisions, like those associated with bank notes. Refillable cards can be distributed
without value and avoid these costs, but on the other hand require infrastructure for online reload transactions with system providers. Retailer equipment costs may be higher
than card costs. Typical ratios of cards to points of sale (about 100 to 1 for cash registers
and higher with vending, phones, etc.) and even the price of current terminals (about
US$ 150-1500) suggest that the point-of-sale equipment can be more costly than even a
dedicated micro-controller card base.
In the shared-key approach, secured modules trusted by all system providers must be
installed in all retailer equipment. In open systems such security modules must be
significantly more elaborate and costly than any card, since the security offered by a
card is generally considered inadequate to protect the keys of all other cards. But the
higher cost of terminals incorporating such modules is at odds with the objective of
automating all manner of low value payments, such as in vending. Transaction
processing by the system providers also requires tamper-resistant devices. Proper
management of keys and auditing of such systems are cumbersome > and expensive. If
shared-key systems grow, and start to include less trustworthy retailers and more
system providers, even the minimum security necessary becomes excessively costly.
With either signature card type, suitable software not tamper-resistant modules are all
retailer equipment needs in order to verify payments and later forward the signatures
for reimbursement. These can then be verified by any transaction processing computer
that has copies of the freely available public keys, thereby reducing exposure while both
increasing the quality and reducing the cost of security audit and controls.
The simplest of the four card types, the memory card, is well suited for closed systems
where there is little incentive for fraud by persons or retailers. The low card cost makes
this approach attractive, but the low security makes it unsuitable for more general use.

The most expensive type, the signature-creating card, seems to offer little fundamental
advantage over less expensive cards and, incidentally, is far too slow in signing for
highway speed road-tolls and even some Telephones. The remaining two card types,
shared-key and signature transporting, can today be based on exactly the same kinds of
micro-controller chips, and thus have the same card cost. The system cost with sharedkeys, however, is significantly higher than with signature transporting. The main reason
is that shared-keys require tamper-resistant modules at all points of payment and
processing sites, while these modules are not needed with signature- transporting.
In addition to cost, there are other reasons to prefer signature-transporting cards for
larger systems. Privacy may be an issue in large-scale consumer systems, and the other
card types are unable to address this problem, while signature transporting solves it
neatly. When more retailers and system providers are included, as large open systems
are built or as closed systems grow and merge, .he cost of maintaining even merely
acceptable security with shared keys becomes prohibitive. By contrast, signature
transporting maintains a very high level of security while allowing flexible scaling and
merging of systems.
PayMe Protocol Set
The use of the www as an electronic marketplace is increasing, and there is a need for a
cash payment system that is scalable, anonymous and secure. In this lesson examine
two existing systems: E-cash and NetCash, discuss their strengths and weaknesses and
propose a new system called the PayMe Transfer Protocol (PMTP). It shows how it
improves on existing systems, and illustrates its use with an example based on purchase
of goods across the WWW.
Keywords: "Web payment, electronic cash, secure payment, scalable payment,
Internet payment mechanisms, and security".
The World Wide Web has potential to become a highly efficient electronic marketplace
for goods and services. When payments are effected electronically, there is always a risk
that organisations may resort to gathering information relating individuals with the
amounts that they have spent, locations involved and types of good purchased. Misuse
of such information can give rise to serious breaches of personal privacy. If a payment
system for the WWW is to receive widespread support, it must offer its users some form
of protection against the gathering of such information. The most effective method of
achieving this is to implement a form of electronic cash, where the coins being spent
cannot be linked with their owner. This gives rise to a secondary problem in that since
the coin is an electronic quality that is easily duplicated, such a payment system must
guard against the coin being spent more than once. It should not be possible for an
attacker to bypass the system or to falsely obtain monetary value from it.
At the time of writing, it has been estimated that there may be over 30 million users of
the Internet spread across 96 different countries using over 6.6 million host computers,
and these figures are rising very rapidly. This means that an effective electronic payment
system must be highly scalable. In practice, the system must support large numbers of

buyers and sellers affiliated to many different banks. The problem of detection of double
spending is particularly acute, and solutions must be found, that allow for large
numbers of payments to take place without requiring unreasonably large databases to
be maintained. In the following section, will be discuss related work on two systems for
electronic payment and go on to propose a new set of protocols that surmounts some of
their inherent problems.
Related Work
Recently, two electronic cash systems, requiring no additional hardware such as smart
cards, which can be used to make payments for WWW resources have been published.
The first, Ecash, is a fully anonymous electronic cash system, using numbered bank
accounts and blind signatures. The second, NetCash, uses identified electronic cash
giving a more scalable but less anonymous system.
Electronic cash is the electronic equivalent of real paper cash, and can be implemented
using public-key cryptography, digital signatures, and blind signatures. In an electronic
cash system there is usually a bank, responsible for issuing currency, a customer who
has accounts at the bank and can withdraw and deposit currency, and merchants who
will accept currency in exchange for goods or a service. Every customer, merchant, and
bank has its own public/private key pair. The keys are used to encrypt, for security, and
to digitally sign, for authentication, blocks of data that represent coins. A bank digitally
signs coins using its private key. Customers and merchants verify the coins using the
bank's widely available public key. Customers sign bank deposits and withdrawals with
their private key, and the bank uses the customer's public key to verify the signature.
Ecash from DigiCash
Ecash is a fully anonymous electronic cash system, from a company called Digicash,
whose managing director is David Chaum, the inventor of blind signatures and many
electronic cash protocols. It is an on-line software solution, which implements fully
anonymous electronic cash using blind signature techniques.
The Ecash system consists of three main entities: Banks, who mint coins, validate
existing coins and exchange real money for Ecash; Buyers who have accounts with a
bank, from which they can withdraw and deposit Ecash coins; Merchants who can
accept Ecash coins in payment for information, or hard goods. It is also possible for
merchants to run a pay-out service where they can pay a client Ecash coins.
Ecash is implemented using RSA public-key cryptography. Every user in the system has
his own public/private key pair. Special client and merchant software is required to use
the Ecash system. The client software is called a "cyberwallet" and is responsible for
withdrawing and depositing coins from a bank, and paying or receiving coins from a
merchant.
Withdrawing Ecash Coins

To make a withdrawal from the bank, the user's cyber-wallet software calculates how
many digital coins of what denominations are needed to withdraw the requested
amount. The software then generates random serial numbers for these coins. The serial
numbers are large enough so that there is very little chance that anyone else will ever
generate the same serial numbers. Using a 100-digit serial number usually guarantees
this. The serial numbers are then blinded using the blind, signature technique.
Multiplying the coins does this by a random factor. The blinded coins are then packaged
into a message, digitally signed with the user's private key, encrypted with the bank's
public key, and then sent to the bank. The message cannot be decrypted by anyone but
the bank.
When the bank receives the message, it checks the signature. The withdrawal amount
can then be debited from the signature owner's account. The bank signs the coins with a
private key. After signing the blind coins, the bank returns them to the user, encrypted
with the user's public key. The user can then decrypt the message, and unblind the coins
by dividing-out the blinding factor. Since the bank couldn't see the serial numbers on
the coins it was signing there is no way to now trace these coins back to the user who
withdrew them. In this way the cash is fully anonymous.
Spending Ecash
To spend Ecash coins, the user starts up their cyberwallet software and a normal Web
client and then browses the Web till they find a merchant shop selling goods. The Ecash
software can be used with any existing Web client and Web server software. A merchant
shop is simply an HTML document with URLs representing the items for sale. To buy an
item the user selects the URL representing that item. The following steps occur in
making a purchase with Ecash:
1) The user's Web client sends an HTTP message requesting the URL to the Merchant's
normal Web server. This URL will invoke a Common Gateway Interface (CGI) program.
2) The CGI program invoked will be the merchant Ecash software, and it will be passed
details of the item selected encoded in the URL. The location of the buyer's host
machine will also be passed in an environment variable from the server to the merchant
Ecash software.
3) The merchant software now contacts the buyers wallet using a TCP/IP connection,
asking it for payment.
4) When the cyberwallet receives this request, it will prompt the user, asking them if
they wish to make the payment. If they agree, the cyberwallet will gather together the
exact amount of coins and send this as payment to the merchant. The coins will be
encrypted with the merchant's public key so that only the merchant can decrypt them:
{{Coins} K[public, Merchant]
If they disagree or do not have the exact denominations necessary to make a correct
payment, the merchant is sent a payment refusal message.

5) When the merchant receives the coins in payment, he must verify that they are valid
coins, and have not been double spent. To do this he must contact the bank, as only the
minting bank can tell whether coins have been spent before or not. Thus the merchant
packages the coins, signs the message with his private key, encrypts the message with
the bank's public key, and sends it to the bank:
{{Coins}K[private,Merchant]}K[public,Bank]
6) The bank validates the coins by checking the serial numbers with the large online
database of all the serial numbers ever spent and returned to the bank. If the numbers
appear in the database then they are not valid, since they have been spent before. If the
serial numbers don't appear in the database, and have the banks signature on them,
then they are valid. The values of the coins are credited to the merchant's account. The
coins are destroyed, and the serial numbers added to the database of spent coins. Thus
coins are good for one transaction only. The bank notifies the merchant of the successful
deposit.
7) Since the deposit was successful, the merchant was paid, and a signed receipt is
returned to the buyer's cyberwallet.
8) The purchased item, or an indication of successful purchase of hard goods, is then
sent from the merchant Ecash software to the Web Server.
9) The Web server forwards this information to the buyer's Web client.
Ecash client and merchant software is available for many platforms. Currently no real
money is used in the system, but an Ecash trial with 10,000 participants, each being
given 100 "cyberbucks" for free has been running since late 1994. There are many
sample Web shops at which to spend cyberbucks.
Advantages and Failings
The strengths of Ecash are its full anonymity and security. The electronic cash used is
untraceable, due to the blind signatures used when generating coins.
By employing secure protocols using RSA public key cryptography, the Ecash system is
safe from eavesdropping, and message tampering. Coins cannot be stolen while they are
in transit. However, password protection and encryption could strengthen the
protection of coins on the local machine.
The main problem with Ecash may be the size of the database of spent coins. If a large
number of people start using the system, the size of this database could become very
large and unmanageable. Keeping a database of the serial number of every coin ever
spent in the system is not a scalable solution. Digicash plans to use multiple banks each
minting and managing their own currency with inter-bank clearing to handle the
problems of scalability. It seems likely that the bank host machine has an internal
scalable structure so that it can be set up not only for a 10,000-user bank, but also for a

10,00,000-user bank. Under the circumstances, the task of maintaining and querying a
database of spent coins is probably beyond today's state-of the-art database systems.
NetCash
NetCash is a framework for electronic cash developed at the Information Sciences
Institute of the University of Southern California. Many of the ideas used in PayMe
came from the NetCash proposal. It uses identified on-line electronic cash. Although the
cash is identified there are mechanisms whereby coins can be exchanged to allow some
anonymity. The system is based on distributed currency servers where electronic checks,
such as NetCheque can be exchanged for electronic cash. The use of multiple currency
servers allows the system to scale well.
The NetCash system consists of buyers, merchants, and currency servers. An
organisation wishing to set up and manage a currency server obtains insurance for the
new currency from a central certification authority. The currency server generates a
public/private key pair. Being signed by the central authority then certifies the public
key. This certificate contains a certificate ID, name of the currency server, currency
server's public key, issue date and an expiry date, all signed by the central authority:
{Certif_id, CS_name, K[public) CS], issue_date, exp_date} K[private, Auth]
The currency server mints electronic coins, which consist of:
Currency Server Name: Identifies a currency server.
Currency Server Network Address: Where the currency server can be found. If
this address is no longer in use, a name server can be queried to find the current
address.
Expiry Date: Limits the state that must be maintained by each currency server.
Serial Number: Uniquely identifies the coin.
Coin Value: Amount coin is worth.
The coin is signed with the currency server's private key:
{CS_name,CS_addr,exp_date,serial_num,coin_val}K[private,CS]
The currency server keeps track of the serial numbers of all outstanding coins. In this
way checking a coin's serial number with the currency server at the time of purchase (or
exchange) can prevent double spending. If the coin's serial number is in the database it
has not been spent already and is valid. When the coin is checked the serial number is
then removed from the database. The coin is then replaced with a new coin (coin
exchange).

An electronic cheque can be exchanged with a currency server for electronic coins. The
currency server is trusted not to record to, whom the coins are issued. To further aid
anonymity a holder of coins can go to any currency server and exchange valid coins for
new ones. The currency server does not know who is exchanging coins, only the network
address of where they are coming from. By performing the exchange and by choosing
any currency server to do this with, it becomes difficult to track the path of the coins. If a
currency server receives coins that were not minted by it, it will contact the minting
currency server to validate those coins.
The following steps are clearly explained how a buyer uses NetCash coins to purchase an
item from a merchant. In this transaction the buyer remains anonymous since the
merchant will only know the network address of where the buyer is coming from
NetCash assumes that the buyer has or can obtain the public key of the merchant, and
that the merchant has the public key of the currency server.
Implementation details of how the NetCash protocols might be linked with applications
such as the Web are not available, but it could be done in a similar fashion to Ecash
using an out-of-band communications channel. The transaction consists of the following
four steps, starting from when the buyer attempts to pay the merchant:
The buyer sends the electronic coins in payment, the identifier of the purchased service
(S_id), a freshly generated secret key (SK[Buyer]), and a public session key
(K[public,Buyer]), all encrypted with the Merchant's public key, to the merchant.
{Coins, SK[Buyer],K[public, Buyer], S_id} K[public, Merchant]
The message can't be eavesdropped or tampered with. The merchant to establish a
secure channel with the buyer later uses the secret key. The public session key is later
used to verify that subsequent requests originate from the buyer who paid for the
service.
The Merchant needs to check that the received coins are valid. To do this he sends them
to the currency server to be exchanged for new coins or for a cheque. The merchant
generates a new symmetric session key SK[Merchant] and sends this along with the
coins and the chosen transaction type to the currency server. The whole message is
encrypted with the server's public key so that only it can see the contents:
{Coins, SK[Merchant], transaction_type} K[public, CS]
The Currency Server checks that the coins are valid by checking its database. A valid
coin is one whose serial number appears in the database. The server will then return
new coins or a cheque to the merchant, encrypted with the merchant's session key:
{New_coins} SK[Merchant]

Having received new coins (or a cheque) the merchant knows that the buyer has
properly paid him. He now returns a receipt, signed with his private key and encrypted
with the buyer's secret key:
{{Amount,transaction_id,date}K[private,Merchant]}SK[Buyer]
The buyer can then use the transaction identifier and the public session key to obtain
the service purchased.
This is the basic purchase protocol used in NetCash. While it prevents double spending
it does not protect the buyer from fraud. There is nothing to stop the merchant spending
the buyer's coins without providing a receipt.
Extensions to the protocol are detailed in these are more complex and give protection
against fraud for both the merchant and buyer. There are also mechanisms to allow the
merchant to be fully anonymous to the buyer. Partially offline protocols where the
bank does not need to be contacted during a purchase are also described. These however
rely on the buyer contacting the currency server beforehand, and knowing who the
merchant is at that time. They use a time window in which the coins are only valid for
certain short lengths of time.
The advantages of NetCash are that it is scalable and secure. It is scalable since multiple
currency servers are present and security is provided by the cryptographic protocols
used. Possible disadvantages of the system are that it uses many session keys and in
particular public key session keys. To generate a public key of suitable length to be
secure takes a very large amount of time compared with that involved in generating a
symmetric session key. This could compromise the performance of the system as a
whole.
NetCash is not fully anonymous, unlike Ecash. It is difficult but not impossible for a
currency server to keep records of who it issues coins to and who it receives them back
from. The ability to exchange coins and use any or multiple currency servers increases
the anonymity of the system.
A NetCash system is currently being implemented, but no details are given as to how it
will be linked with applications such as the Web. NetCheque will be used to provide
cheques, which can be used to buy coins, or which can be issued when coins are traded
in.
The two payment systems outlined each have their strengths and weaknesses. Ecash is a
fully secure system that provides for very strong anonymity. The use of banks within the
system reflects current practice in non-electronic payment systems. Successful
operation of the Ecash system depends on the maintenance of a central database of all
coins ever issued within the system. If it were to become accepted as a global payment
system, this would quickly become a major problem.

NetCash uses identified coins with multiple currency servers, and thus, while anonymity
is maintained, there is only a requirement to keep track of all currency currently in
circulation. This makes for a much more scalable solution to the payment problem.
NetCash is also fully secure, and achieves these using protocols that are quite complex in
nature.
The PayMe Protocol Set
In an attempt to combine the best features of the two systems described, a new payment
system called the PayMe Protocol Set was devised. A major goal was to preserve as much
of the anonymity provided by Ecash while adopting many of the features of NetCash
that allow it to scale to large numbers of users with multiple banks. In the following
sections, will be discussed the overall design of the protocol set and work through an
example of a network payment. Since this paper concentrates on payment for WWW
resources, detailed coverage will be given of both the currency representation and the
protocol primitives used during a Web transaction.
The PayMe system and protocol set are now presented. Many of the design ideas are
based on a close examination of systems such as NetCash, Ecash and other related
systems such as Magic Money and Netbill. In this way PayMe is a collection of the
successful parts from existing systems, minus the failings of those systems.
PayMe is an on-line electronic cash system. The entities involved are banks and users.
Users can be either buyers or merchants but each has the same functionality. They can
make payments, accept payments, or deal with the bank. Each bank mints its own
identified electronic cash with serial numbers. The bank maintaining a database of coins
in circulation prevents double spending of coins. This scale is better than the blind
signature electronic cash approach. Any user in the PayMe system can accept payments
and make payments. Merchants can receive payments for selling Web goods but they
can also make payments to the buyers. This can be used for making refunds or in payout services.
The PayMe system uses its own secure communications protocol, the PayMe Transfer
Protocol (PMTP), to communicate between entities. This provides security and a means
of communicating out-of-band, that is, outside the Web's HTTP protocol. This approach
was adopted to allow a full prototype to be developed that could eventually be used with
any emerging Web security standard.
PayMe Currency
Coins are the pieces of data that represent monetary value within the system. The coins
are digitally signed by the bank using public key cryptography to make them valid
currency. Each coin has a serial number, which is entered into the bank's database,
when the coin is minted. Coins have fields for the coin value, serial number, bank id,
bank host name and port number, and expiry date. When these five fields are put
together and signed with the bank's private key, a valid coin is created. An example coin
is of the form:

{10 MIK1234 BANK1 bank.cs.ted.ie.8000 18-12-98}K[private,BANKl]

Here the coin is worth 10, its serial number is MIK1234, the user-id of the bank's public
key is BANK1, the bank is located at port 8000 on the machine bank.es.ted.ie, and the
coin expires on 18th December 1998.
A bank within the PayMe system mints coins, maintains a database of the serial
numbers of coins in current circulation to prevent double spending, and manages the
accounts of merchants and buyers.
PayMe Transfer Protocol (PMTP)
PMTP is the set of secure messages designed to provide the communications necessary
in the PayMe system. It uses both symmetric and public-key cryptography. PMTP
consists of six request-response message types. For each of the six message types there
are three different possible message identifiers. There is one request message identifier
and two different response message identifiers. These have been called request,
response and refusal respectively. A request is where the receiver is being asked to
perform an action. A response message identifier indicates that the action has been
performed and the message body contains the results of that action. A refusal is where
the receiver refused to perform the action, and the message body may contain a reason
for this refusal.
A bank account owner to withdraw or deposit coins, or obtain a bank statement from the
bank for that account uses the first three messages.
Withdraw Coins
Requires an account identifier, matching account name, account password, and amount,
digitally signed by the account owner.
Deposit Coins
Attempts to deposit coins into a bank account. The bank will check that the coins
are*valid before crediting the account. The account identifier, name, and digital
signature are required to make a deposit. A deposit can be done with any bank with
which the user has an account. If that bank does not mint the coins then the minting
bank will be contacted to validate the coins. Banks have accounts with other banks and
in this way records are kept of how much each bank owes another. These accounts could
then be settled using a real-world inter-bank clearing mechanism.
Request Bank Statement
Returns a bank statement for an account. A digital signature is required to authenticate
the account owner.
Exchange Coins for new ones

Any user, who holds valid coins from a bank, can exchange the coins for new ones. The
process for doing this is anonymous, but it is still secure. During the exchange the bank
only knows the network address of where the coins are being sent. If the coins it receives
are valid it will return new ones in exchange. It is not necessary to have an account at a
bank to exchange coins. For efficiency an exchange must be done with the bank that
minted the coins.
Either a buyer or merchant can use this mechanism to help hide their identity. When a
user withdraws coins from a bank the bank could record the numbers on the coins and
whom it gave them to. Then when a merchant later deposits the coins the bank could
check to whom it issued the coins. In this way the spending habits of a user could be
recorded.
However, if during a purchase a merchant exchanges the coins rather than depositing
them, then the bank does not know who has performed the exchange. Either the
merchant or buyer, or even another trusted third party could perform this exchange to
"launder" the money, making it more difficult to trace spending habits.
Ask for payment
The last two messages are used between a user and another user such as a merchant.
The ask payment message is used to ask a buyer for a payment amount. During a
purchase a buyer remains anonymous to the merchant. Ideally the buyer should have
obtained the merchant's public key before the purchase. However the merchant's public
key is also sent within the payment request. There is some risk involved with this, since
an attacker could replace the merchant's key with his own. The user is given the choice
to accept a new merchant key in this way or not. If the user already holds the merchant's
public key, then this is compared with the one received in the payment request as part of
the procedure to authenticate the merchant.
Pay coins
Attempt to pay coins to a merchant. The buyer remains anonymous to the merchant in
this transaction. The merchant only knows the network address of the buyer. The
parameters will often be generated automatically by the PayMe software. The address of
where to send the message to, also needs to be given.
PMTP Security
PMTP messages are secure from attacks using eavesdropping, message tampering,
replay, and masquerading techniques.
Eavesdropping Prevention
An attacker cannot see the contents of a PMTP message because the message is either

 encrypted with the public key of the receiver. Only the private key can decrypt the
message, or
encrypted with a symmetric session key which has been distributed securely. The
session key was distributed by sending it in a public-key encrypted message.
The only exception to this is the ask_payment_request message. Since the buyer is to
remain anonymous this message is transmitted in clear text.
Message Tampering Prevention
Any encrypted message cannot be tampered with, since it will not be possible to decrypt
it after it has been changed. By using message digests, a digitally signed message cannot
be tampered with.
Replay Prevention
A nonce is used within each PMTP message to ensure that the message can be used for
one occasion only, and to prevent a replay of that message. It ensures that the message
must come from a specific network address and within a small time window. If an
attacker can forge the IP network address to be the same as that of the message sender,
then he could possibly replay the message within the short time frame that it is valid. To
help prevent this software keeps track of all recently received nonce's and will not accept
two messages with the same nonce such as a replayed message would have.
Masquerading Prevention
Where possible all messages are authenticated with a digital signature. Bank
withdrawals also require the password of the bank account. In the anonymous messages
where a digital signature is not possible, knowledge of a symmetric session key is used.
The network address within the nonce prevents an attacker at another site from
masquerading as the message sender at the original network address.
Private Key Protection
The private key of a user is stored on file at the user's local site. It is encrypted with a
secret passphrase. If the user's account is broken into, this prevents the attacker being
able to access the private key. Without this private key any cash stored locally cannot be
decrypted, and PMTP messages cannot be sent.
PayMe with the Web
PayMe was tailored for use with any Web client or server. To purchase an item a user
starts up both their PayMe Wallet and any Web client. They browse the Web until they
find a merchant shop, which will be presented by an HTML document. Combinations of
PMTP messages are used in a purchase transaction...

1) To purchase an item (information, hard goods, or pay-out service) a URL is selected

representing that item. When selected the URL causes the Web server to automatically
start up a merchant's Wallet software. This is done using the Common Gateway
Interface (CGI).
2) The Wallet is passed the item details and the network address of the requesting Web
client. Additional information, such as a shipping address for hard goods, can be passed
through a Web form if required.
3) The Wallet then looks up the cost of the item and contacts the buyer's Wallet software
asking for payment. This is a PMTP ask_payment_request.
4) The buyer will be notified of the request. He will then either refuse
(ask_payment_refusal) or accept (pay_coins_request) the payment request. If he
accepts the Wallet selects the coins needed to make the exact payment and sends them
to the Merchant.
5) The Merchant validates the coins by either anonymously exchanging them for new
coins or depositing them into a bank account. For efficiency, if an exchange is performed
it must be done with the bank that minted the coins. A deposit can be done with any
bank with which the merchant has an account. The minting bank checks the serial
numbers of the coins with those in its database. If a serial number is not present in the
database the coin is not valid and is rejected. If the serial numbers are present then the
coins are valid.
Having performed the check the bank then removes the serial numbers from the
database, thereby invalidating the coins. This must be done because otherwise the same
coins could be presented many times and they would always be valid. The merchant is
given new coins in replacement, or the amount can be credited to his bank account.
6) The merchant will receive an indication from the bank as to whether the coins were
valid. A valid coin indication will be new coins in an exchange
(exchange_coins_response), and a deposit acknowledgement (deposit_coins_response)
with a deposit.
7) For a good payment the merchant then issues a signed receipt to the buyer
(pay_coinsresponse).
8) The purchased item is sent from the merchant to the Web server,
9) The Web server then forwards this to the buyer's Web client.
Payments must be made with the exact amount. No change can be given since this could
compromise anonymity if a merchant colluded with the minting bank.
Implementation

A prototype was implemented in a C++/Unix environment on a Sun workstation cluster.

An extended version of PgpTools, a set of C functions, which provide low-level PGP
packet functionality in memory, was used to implement the cryptographic functions. It
uses RSA to provide the public key cryptography and IDEA for the symmetric key
cryptography. Pgptools is subject to similar patent restrictions as PGP.
Coin backups and log files are maintained to increase the fault tolerance of the system.
In this way the chance of losing coins, and hence monetary value, is kept to a minimum
if any of the entities crash.
PayMe could be used for schemes other than just monetary payment. A coin within the
system could be used to represent a unit of CPU time, or connection time to a limited
resource, in order to provide resource sharing in an institution. Jobs which require units
of CPU time could be submitted or initiated through the Web where the merchant would
be the CPU host requesting the PayMe coins representing time on that CPU.
For applications where anonymity is important the exchange coins mechanism can be
used to anonymously exchange the coins with a bank preventing the bank knowing who
now holds the new coins. In an environment where anonymity is not necessary or
desirable the banks involved can be configured to refuse any requests to exchange
certain coins, such as those representing CPU time. In this way the bank can record to
whom it issues the coins and who then deposits them, knowing for certain that no
anonymous exchange has taken place. Thus the configuration of the bank can control
the anonymity available to its users.
Taking the best features of existing systems, a new payment mechanism using electronic
cash for use with the Web has been designed and implemented. It offers the following
desirable properties:
Security
The system was designed to be secure from fraud. The possibility of an attacker being
able to bypass the system or falsely obtain value in it was minimised. PMTP was
designed to provide secure communication. Security steps were also taken to protect
coins, the private cryptographic keys used, and the accounts at the bank.
Scalability and Reliability
Multiple banks can be used in the PayMe system, giving no central point of failure. The
simple PMTP protocols can be used for inter-bank communication as well as with
regular users; Electronic cash where only a database of the serial numbers in current
circulation is used, much like in the NetCash system. In this way it is much more
scalable than Ecash. The serial numbers of every com ever spent need not be
maintained. Secondly the serial numbers can be short, unlike the long serial numbers of
about 100 digits, necessary to prevent serial number collisions when using blind
signatures.

Usable by all
It is important that the system can be used by anyone provided they have the money to
pay for the items they wish to buy. No credit card numbers are used, since not all
Internet users, for whatever reasons, hold valid credit cards, in theory anyone who
wants to can buy PayMe electronic coins and have an account at a PayMe online bank.
Usable with any Web client or server software
PayMe can be used with any Web client or server software and it is not limited to any
specific product or HTTP version. As many new innovations and advances in Web
technology are designed and released, it is important that a Web payment mechanism
can be used with all of these. By using its own secure out-of-band protocol, PayMe can
be used with both current and emerging Web technology and protocols.
Payment for information, hard goods, and pay-out services
Web information of any type such as text, images, audio streams or video can be
purchased using PayMe. Hard goods can be paid for through the Web using forms. The
PayMe client software used by a buyer can also receive payments. In this way pay-out
services can be used.
Hardware independent
No special hardware's, such as smart cards, are required to use PayMe. The system can
be used right now using only software, and this is more suited to the global Internet
where it would take time for users to obtain and begin to use new hardware.
Limited Anonymity and Privacy
It is desirable to prevent a database being, built with full details of every purchase made
by an individual. Some anonymity can be provided by the system by anonymously
exchanging coins with a bank, similar to NetCash's exchange mechanism. A buyer will
also remain anonymous to a merchant during a purchase transaction, as only the
buyer's network address will be known.
The system does not offer offline operation. It was not possible to fulfill all the above
requirements and at the same time remove the need for a bank to be contacted during a
purchase transaction. However it is felt that with the trend towards faster, and more
reliable global networks, offline operation is not required. Secondly, on the Internet
where it is easy to hide one's identity, it is not acceptable to use an off-line electronic
cash system where fraud will only be detected after it has occurred.
The final implemented system provides a secure and scalable means of paying for all
types of Web services. It would seem to be more scalable than the fully anonymous
Ecash system, and more efficient than the complicated protocols and use of both
symmetric and asymmetric session keys of NetCash.

In this lesson have examined two existing means of effecting anonymous electronic
payment across networks and looked at their strengths and weaknesses, then presented
the design of PMTP, a hybrid of these two approaches that offers a fully secure, scalable
anonymous payment system. And it was shown how this can be combined with WWW
client and server software allowing payment to occur on an out-of-band link as users
browse the Web. Only a payment system with these properties will allow the Web to1 be
used as an electronic marketplace without compromising the privacy of its users.
Electronic Data Interchange (EDI)
Electronic Data Interchange (EDI) is used by organisations for transactions that occur
on a regular basis to a pre-determined format. For the most part it is used for purchase
transactions. The area of application of EDI to the trade cycle is shown in figure 3.

EDI is most commonly applied in the Execution and Settlement phases of the trade
cycle. In execution of a simple trade exchange, the customer's order can be sent by EDI
and the delivery notification from the supplier can also be electronic. For settlement the
supplier can use EDI to send the invoice and the customer can finish the cycle with an
electronic funds transfer via the bank and an EDI payment notification to the supplier.
This whole cycle may be more complex and other electronic messages can be included.
The cycle can be repeated many times, as often as the supermarket wants to buy
Cornflakes or the vehicle assembler needs new supplies of wheels.

EDI can be used for pre-sales transactions; there have been EDI messages developed for
transactions such as contract buy they are not widely implemented. Finding an
appropriate trading partner and negotiating conditions of trade is likely to be
undertaken by a member of staff in the buying department (or a manager on golf
course). EDI could be used for after-sale transactions but only if they were in a
standardised format and frequent enough to justify the system costs; transactions such
as a dealer claiming payment for warrantee work could be a possible application. EDI
can also be used for standardised and repeated transactions that do not fall with the
usual definition of trade exchanges. Examples are:

In the UK, many National Health Service Dentists keep dental records on a
computer system and treatment details are sent, by EDI, to the Dental Practice
Board. The board then pays the dentists for its proportion of the treatment cost
and again this transaction is electronic, using the national bank clearing system
(BACS) (Willmott 1995).
British Telecom has also started using EDI, in this case for its bills from the gas
electricity and heating oil utilities. With 9,000 telephone exchanges computer
centres and offices up and down the country it was processing about 120,000
bills a year from the various utilities. In 1996 it started a programme of
switching these invoices to EDI starting with the 250 bills from Scottish Power the 250 bills, processed manually, took up two days work, much of which can be
saved using EDI (Electronic Commerce. 1996)

Both these applications of EDI facilitate the passing of data between the computer
applications of trading/co-operating organisations without the delays, inaccuracies and
inefficiencies associated with the exchange of data on paper.
EDI Definition
EDI is often summed up as Paperless Trading. More formally EDI is defined, by the
International Data Exchange Association (IDEA), as: 'The transfer of structured data, by
agreed message standards, from one computer system to another, by electronic means.'
This definition of EDI has four elements, each of them essential to an EDI system.
1. Structure Data
EDI transactions are composed of codes, values and (if necessary) short pieces of text;
each element with a strictly defined purpose. For example, an order has codes for the
customer and product and values such as quantity ordered.
2. Agreed Message Standards
The EDI transaction has to have a standard format. The standard is not just agreed
between the trading partners but is a general standard agreed between the trading
partners but is a general standard agreed between or international level. A purchase
Order will be one of a number of agreed message standards.

3. From One Computer System to another

The EDI message sent is between two computer applications. There is no requirement
for people to read the message or re-key it into a computer system. For example, the
message is directly between the customer's purchasing system and the supplier's order
processing system.
4. By Electronic Means
Usually this is by data communications but the physical transfer of magnetic tape or
floppy disc would be within the definition of EDI. Often networks specifically designed
for EDI will be used.
There are many further definitions of EDI; most of them include the same four points.
The definition presented by Sokol (1989) is one further example:

The INTER COMPANY COMPUTER-TO-COMPUTER communication of

STANDARD BUSINESS TRANSACTIONS in a STANDARD FORMAT that
permits the receiver to perform the intended transaction.

This definition emphasis the point that the normal application of EDI is in business
transactions between companies but, contrary to this definition, there are also
applications of EDI for information exchange and for intra-company transactions.
The Benefits of EDI
EDI can bring a number of advantages to the organisations that use it. It should save
considerable time on the exchange of business transactions and has the potential for
considerable saving in costs. EDI can be simply used to replace paper transactions with
electronic transactions - this is the normal route taken in the initial installation of EDI.
The full advantage of EDI is only realised when business practices are restructured to
make full use of the potential of EDI; when EDI is used as an enabling technology to
change the way the business operates - just-in-time (JIT) manufacture and quick
response supply being prime examples of where EDI is used as an enabling technology
to gain competitive advantage.
The direct advantages of EDI include:
Shortened Ordering Time
Paper orders have to be printed, enveloped and sent out by the customer's post room
and input to the supplier's order processing system. To achieve all this reliably in underthree days would be to do very well. EDI orders are sent straight into the network and
the only delay is how often the supplier retrieves messages from the system. Orders can
be in the suppliers system within a day, or if there is urgency the messages can be
retrieved more frequently, for example every hour.

Cost Cutting
The use of EDI can cut costs. These include the costs of stationery and postage but these
all probably be fully matched by the costs of running the EDI service. The principle
saving from the use of EDI is the potential to save staff costs. The obvious example of
this is that if the orders are directly input to the system there is no need for an order
entry clerk. Note also that seasonal peaks, staff holidays, etc. no longer create a backlog
in the order entry area. The cost savings need to be offset against the system
development and network costs.
Elimination of Errors
Keying any information into a computer system is a source of errors and keying paper
orders into the order processing system is no exception. EDI eliminates this source of
errors. On the down side, there is no order entry clerk who might have spotted errors
made by the customer - the customer will get what the customer asked for.
Fast Response
With paper orders it would be several days before the customer was informed of any
supply difficulty, such as the product is out of stock. With EDI the customer can be
informed strait-away giving time for an alternative product to be ordered or an
alternative supplier to be used.
Accurate Invoicing
Just like orders, invoices can be sent electronically. EDI invoices have similar
advantages to EDI orders in saved time and avoided errors. However, the major
advantage in EDI invoices is that they can be automatically matched against the original
order and cleared for payment without the sort of queries that arise when paper invoices
are matched to orders.
EDI Payment
Payment can also be made by EDI. The EDI payment system can also generate an EDI
payment advice that can be electronically matched against the relevant invoices, again
avoiding query and delay.
Indirect advantages of the use of EDI can be:
Reduced Stock Holding
The ability to order regularly and quickly reduces the amount of goods that need to be
kept in a storeroom or warehouse at the shop or the factory. For many JIT manufacture
and quick response supply systems stockholding is eliminated altogether with goods
being delivered only as they are needed. Reduced stock holding cuts the cost of

warehousing, the double handling goods (into store and*then out again onto the factory
or shop) and the capital requirement to pay for the goods that is just sitting in store.
Cash Flow
Speeding up the trade cycle by getting invoices out quickly, and directly matched to the
corresponding orders and deliveries, can and should speed up payments and hence
improve cash flow. Elimination of most invoice queries can be particularly significant in
reducing delays in payments.
Business Opportunities
There is a steady increase in the number of customers, particularly large, powerful
customers that will only trade with suppliers that do business via EDI. Supermarkets
and vehicle assemblers are prime examples. Being ready and able to trade electronically
can be an advantage when competing for new business.
Customer Lock-in
An established EDI system should be of considerable advantage to both customer and
supplier. Switching to a new supplier requires that the electronic trading system and
trading relationship be redeveloped, a problem to be avoided if a switch of supplier is
not essential.
To gain these advantages EDI has to be seen an investment - there are costs up-front
and the payback is longer term. The cost is the set up of the EDI system (hardware,
software and network) and the time required establishing agreements with trading
partners. The savings only start when there is a significant volume of business
transacted using EDI, a point that is called the 'critical mass' in the jargon of EDI.
EDI Example
The nature and use of EDI is best illustrated by an example. At the simplest level EDI
can be a direct replacement for the paper transactions and this, using the Pens and
Things case study, is what this example shows.
Pens and Things plans its production on a monthly basis. Each month the details of
orders and sales are reviewed and sales forecasts for the coming month are made. The
sale forecast is then compared with the goods in stock and a production plan is devised.
The production plan is, in turn, correlated with the stock of raw materials, components
and packaging and orders are placed with the stocks of raw materials, components and
packaging and orders are placed with the suppliers. The monthly production plan does,
however, need to be flexible - any significant new order can require that the plan is
modified and that new materials be ordered at short notice, if they are not available
from the factory store. Most of Pens and Things production materials are easily held in
store. The range of materials is limited; the items are relatively small, not easily held in
store. The ranges of materials are applicable across a range of products; Pens and

Things can keep two or three months supplies in stock without any great disadvantage.
The exception to this is the packaging. The packaging is also very dependent upon the
customer order and is the item most vulnerable to short notice changes in the
production schedule.
Pens and Things has been talking to its packaging supplier on how the situation might
be improved. Pens and Things wants to cut down on its stock of packaging and its
supplier would like to improve its processing of orders, particularly urgent orders. The
packaging supplier used EDI with other customers, EDI is an option in Pens and Things
production control system and it is EDI that is to be used for this requirement. Assume,
for example, Pens and Things need, at short notice, more packaging for their Executive
Elite fountain pen and ball-point pen set. Before the EDI system went in:
The production controller would have typed out an order and posted or, more probably,
faxed it. A copy of the order would be retained and be entered into the stock control
system 'to keep the records straight'. The order is shown at the following figure 4.

When the order arrived with the packaging company it had to be keyed into their order
processing system / production control system. Hopefully the order would be
recognised as urgent and would be keyed in correctly, but that would not always be the
case.
EDI Applications in Business, EDI and E-Commerce
EDI has potential applications in any organisation where the administration processes
are computerised and that exchanges regular and standardised transactions with other
organisations. Extensive users of EDI include:
Bhs
Bhs is a UK and European multiple retailer dealing mainly in apparel (fashion) goods. It
operates some 120 large retail outlets and is represented in most major UK shopping
centres. Bhs deals with about 400 suppliers on a regular basis and all orders for
merchandise are sent by EDI. Using just-in-time supply it is important for Bhs to know
what the suppliers have in stock and for the supplier to be able to anticipate demand by
seeing Bhs sale data; this two-way flow of information is also maintained using EDI. In
addition to the orders, EDI is used to confirm supplier delivery and to communicate bar
code information for use in delivery and packaging. The use of EDI at Bhs is the backend to an integrated merchandising, sales and replenishment system. Replenishment
decisions are dependent on the sales plan and the stock available (updated from the
EPOS systems). New EDI orders can be generated overnight and be with the supplier
the next day. Bhs calculate that they can be making 4.5 million replenishment decisions
each working week.
- Derived from the role of computers within Bhs(1994)
Lucas Rist
All volume, car manufacturers make extensive use of EDI as a facilitator of just-in-time
manufacturing systems. Typically parts supply is divided into categories, many smaller
parts are stocked in warehouses at the assembly plant but a number of large parts will
be ordered for 'sequenced delivery' for the models that are to go down the line on that
day.
Lucas Rist manufactures the "main harness for Rover Cars. The main harness is a
wiring loom that carries all the electrical cables for virtually every electrical part of a
motor car. The loom can contain as many as a thousand individual wires and a thousand
individual components; the configuration of the loom varies individual components; the
configuration of the loom varies depending on the model, variant and component
configuration of the specific car that is being built.
Rover sends Lucas Rist a ten day build plan and later a provisional order, both by EDI.
The actual, confirmed EDI orders are placed every two to four hours and are for delivery
of the correct specification main harness, in sequence, to track side within 10 hours

from the dispatch of the order. Lucas Rist inform Rover, again using EDI, of when the
part is to be dispatched; this gives Rover requirement is that the part needs to be there,
to be fitted to the body shell before it goes through the paint shop; without the part the
production line stops.
- Based on a case supplied by Perwill Plc
TeleOrdering
The EDI system for the book trade is called TeleOrdering, a system that is linked to the
Whitaker's catalogue Books in Print. The book trade has a number of methods of supply.
Some bookshops deal with the representatives of the major publishers and some with
wholesale book suppliers but, for the academic bookshop, the Whitaker's catalogue is a
standard tool.
Books in Print is a monthly catalogue issued on CD-ROM. It allows the bookshop to
look up any book that is in print but not in stock. If the customer then wants the book
ordering the system will format an EDI order that is sent via TeleOrdering to the
appropriate publisher. The system is flexible and readily copes with the various types
and sizes of organisations in the book trade. Smiths, for example, have incorporated
Whitakers into their own warehouse. At the other end of the scale, the small publisher
that does not have an online connection to the system will receive a printed version of
the EDI order, from TeleOrdering, in the post. A good supply chain is important to both
the virtual as well as the physical bookshop. Online bookshops must ensure that orders
are satisfied as rapidly as possible and Blackwells, for example, have made a point of
linking their online bookshop to TeleOrdering so that efficient supply can be assured.
EDI Trading Patterns
Hubs and Spokes
Many of the prime movers in the adoption of EDI have been large retail organisations,
such as Bhs and component assembly manufacturers such as the Rover Group. These
prime movers have set up extensive electronic trading networks with their suppliers.
The EDI flows have been typified as a 'hub and spoke' pattern, the major organisation is
the hub and the suppliers are the spokes. The orders are sent from the hub to the
suppliers (spokes) and, after the goods have been delivered, the spoke will transmit the
EDI invoice to the hub.
Initially EDI is implemented with a small number of important suppliers and then, over
time, the system is extended to encompass all suppliers to the core business activity. For
many of these organisations EDI is made a condition of trade - if the supermarket is to
sell your product then you will use EDI. Bray (1992) expresses it thus:
Therefore, when it (the Hub) says, "thou shall trade electronically", or in a phrase
attributed to the UK supermarket chain, Tesco: EDI or DIE

The hub and spoke pattern of electronic trading leads to the formation of closed user
communities. The supermarket or the car builder hub chooses the VADS and the EDI
standard and the suppliers (spokes) are required to confirm. The arrangements will in
fact be more specific than that - the supplier will specify a number of very detailed
requirements including a strict subset of the EDI standard that is specific to that closed
user community (and is not always in strict compliance with the EDI standard).

This arrangement can work reasonably well for a supplier that is a spoke serving just
one hub. The EDI implementation decisions are already taken, they just need to be
implemented. Some hub organisations will specify the system or even supply the
software that is to be used. The position is less satisfactory when the supplier trades
with more than one hub. The major food processors will typically supply most, if not all,
of the major supermarket chains. In Britain, these suppliers will have to join at least two
EDI VADS (most supermarkets trade using the GEIS/INS network but one of the majors
uses IBM for its network) and then meet the different EDI standard and other
conditions laid down by each of the hub organisations.
This situation is illustrated by Hood, et al. (1994). Their paper presents a study of one of
the large supermarkets and four of its suppliers. One of the suppliers, a bakery, supplied
several of the top ten food retailers and the following supply arrangements are recorded
with different customers:

 EDI orders and invoices with three customers

EDI orders only and manual invoices
Telephone orders and manual invoices
Manual orders but invoices on tape
Salesmen calling at the retail outlet.
The authors summarises the situation as:
'Supermarkets see only their own systems whilst suppliers have to cope with multiple
EDI systems, and the attendant coding problems, and combine this with a non-EDI
system for other customers'
The spread of EDI trading is increasing the number of electronic traders and the
number of trading partners that any organisation might have. The hub and spoke
pattern is becoming messy:
The spokes are becoming inter-wined and the hubs are spokes to other hubs.
Different EDI standards, messages and message subsets are used by different
organisations.
The number of available EDI VADS is growing and interconnection with organisations
connected to other VADS can be difficult.
These issues are further examined in the following sub-sections:
Overlapping User Communities
As illustrated above, electronically capable suppliers to organisations such as
supermarkets and vehicle assemblers are becoming involved in EDI trading relationship
with several customers. The user community looks like a hub and spoke network to the
hub but more like a spider's web to the spoke organisation, entrapped by the conflicting
requirements of a number of powerful and demanding customer organisations. An
illustration of the nature of the overall trading network is given at figure 2.
Between the players in the network
To further tiers of suppliers of subcontractors
Links to secondary suppliers are a logical development. If the supplier of cakes to the
supermarket is receiving EDI orders then they might want to use the same system to
purchase the flour and dried fruit they use in their baking. EDI links with secondary

suppliers have not occurred at the same rate as with the major hub organisation. Many,
but by no means all, supplier organisations are small or medium size firms which:
Have enough on their plate coping with the EDI and JIT demands of their customers.
Are less computerised, automated and streamlined than their larger trading partners.
The extension of the trading network is further discussed in the following section.

Differing Patterns of EDI Trade

The hub and spoke' is often presented as the general pattern of EDI trade. As EDI trade
has developed differing patterns are beginning to develop for differing sectors. The
patterns vary in the range of trading links established and the type of messaging that is
used. Retailing is one the sectors most advanced in electronic trading and a pattern has
developed of:
Major retail chains with EDI links to many (or most) suppliers;
Suppliers with links to one or (typically) several of the major retail chains.
This pattern has already been illustrated in Figure 2. Automotive assembly is another
sector that is making widespread use of EDI and the trading pattern is similar to that of
the retail sector. The pattern of suppliers trading with a number of hubs gets further
complicated when second tier suppliers start trading electronically. As already discussed
this has been happening but in general development has not been rapid. There are,
however, instances of large organisations introduced to electronic trading by their

customers which have then gone on to make extensive use of EDI in their own supply
networks:
Spokes like Courtaulds Textiles (pushed into EDI by customer pressure), which are
large companies and have their own suppliers, are busy becoming hubs of their own EDI
networks, so that they can reap the same benefits as their own customers'
(Bray, 1992)
The spread of EDI to second tier suppliers, when added to the picture at figure 2,
extends the network still further, see figure 3. The addition of further layers of suppliers,
and suppliers acting at more than one layer, has the potential for a significant increase
in complexity (a complication if there are disparate EDI standards, messaging and
networks in use).

The hub and spoke pattern, with the spokes networking to several hubs, seems to be the
most common pattern but is not the only pattern of EDI trade. An alternative pattern is
that exhibited by a wholesaling organisation. In a simple form the wholesaler has EDI
links with a number of its (larger) customers and then is a traditional 'hub' of its own
supplier network (maybe it could be called a 'corn sheaf structure', but then again
perhaps only). This structure is illustrated at figure 4. It is of course, very possible for
wholesalers to be integrated into wider supply networks, the reader is left to construct a

mental picture of this structure integrated with the links of the network shown at figure
7.

Co-operative User Communities

The hub and spoke pattern of electronic trading is typically lead by the hub customer
and, as already discussed, the suppliers who form the spokes are not necessarily willing
participants. In many instances the customer organisation, in the hub and spoke, can
also gain considerable competitive advantage from the arrangement at the expense of
the supplier organisations.
EDI trading is not sold on this basis and there are EDI communities where the process
of setting up the community is co-operative and where a win-win share of advantage
appears to be achieved. One such EDI network is TeleOrdering; the network used by
bookshops for ordering books and featured as a case study at the start of this chapter; all
publishers and book retailers, large and small can take part in this network, sending and
receiving book orders on a broadly equal basis. Further such examples exist, particularly
in Scandinavian countries where electronic trade systems are often set up by trade
associations or organised as co-operative ventures.

Open User Communities

The opposite of a closed user community is an open user community. The hub and
spoke pattern and the closed user community evolved to later for the established trading
relationships. The spread of electronic trading has produced unwelcome complexity
within that model. That complexity has evolved while trade is still restricted to the core
business of organisations. A new approach is required if electronic trading is to be
extended to most, if not all, of the inter-organisational transactions that organisations
make. EDI must be defined and implemented in a way that is appropriate to an open
user community. There are three principle barriers to the evolution of open EDI trade:
Networks
EDI Standards
Product Coding
The norm for EDI trading is the use of a VADS - closed user communities will conduct
all their business on a single VADS chosen by the hub. There are, however, some half
dozen major VADS offering their services in the UK. There has been a tendency for any
given trade sector to concentrate on one particular VADS and this has lessened the
potential problem. However, by definition, miscellaneous trade will cross trade sector
boundaries and the problem of the user community defined by the membership of a
VADS will increase. The problem is both national and international. VADS have links to
similar services in Europe, North America and across the world but again these
partnerships only give access to the user community belonging to the connected VADS.
The EDI standards that have evolved are again associated with closed user communities.
Standards have been evolved on national basis (e.g. Tradacom or XI2), on an industry
basis (e.g. Odette) or even for one industry in one country (e.g. VGA). The requirement
is for a common EDI standard and this is recognised by the European Community
promotion of EDIFACT and the evolution of other standards towards the underlying
structure of the EDIFACT standard. This move to a common standard starts to solve one
of the problems but generates another. The EDIFACT standard, in trying to encompass
the needs of all, is so vast that it cannot, readily, be fully implemented and dialects are
being used - in effect reproducing the problem of separate standards that the use of
EDIFACT was designed to overcome.
The final problem is that of product codes and the quantities they imply. Most
manufactures code their products but it can be a problem unless the coding system is
accepted on an industry basis.
EDI Transactions
EDI Trade Exchanges

The main use of EDI is for the execution and settlement exchanges of the trade cycle.
These exchanges take place within an agreed trade relationship and often in the context
of a formal contract. The basic pattern of documentation for these trade exchanges is:
The customer sends an order to the supplier.
The supplier sends the goods and a delivery note.
The supplier follows up the delivery note with an invoice.
The customer makes payment against the invoice and sends a payment advice.
This pattern is illustrated in the following figure 9.

This is a simple, perhaps idealised, version of trade documentation. The four exchanges
shown are present in most trade exchanges even if not exactly in the form indicated
above. Some of the important variations and complications that occur in each of the four
phases are outlined below:
Order
The order (often referred to as a purchase order) is a contract for one specific
consignment of goods. It specifies what is wanted, in what quantity, where it is to be
delivered, who will pay and often much more beside. The order may reference a contract
or it may be against call-off order, see below.

Along with the order comes the need to amend orders. The customer may need to
amend or part of an order. The supplier might have a problem in fulfilling the order, for
example errors in the order data or unavailability of stock. The EDI order serves the
same purpose as the paper order. Its merit is that it gets into the suppliers order
processing system speedily, cheaply and with no transcription errors. EDI can also be
used to amend orders or confirm receipt and availability; these later facilities will often
not be implemented because of the system costs of setting them up.
Another form of order that is widely used in commercial transactions, it is the 'call-off
order'. This is an order for goods that will be needed but it does not specify when
(and/or where) they will be delivered. It is arguably more of a contract than an order. It
is perhaps most easily understood by considering a couple of examples:
Vehicle assemblers extensively use call-off orders. The assemblers place large call-off
orders with component suppliers. These specify product, price, etc., but not delivery.
The assembler then places orders, weekly, daily or even hourly, for the delivery of the
required quantity of components for the specific production plan.
Call-off orders are also used in the retail trade. The call-off order can be placed for, say,
a large quantity of a particular design of garment. The actual orders than specify the
quantity, date and retail location for delivery. This then gives the retailer the flexibility
to ensure that each outlet gets the stock it requires when it needs it (the advantage to the
supplier is more datable, the supplier could be left with stock that the retailer never asks
for).
The call-off order will be for large quantities and / or for an extended period. It can be
EDI but the real advantage is in using EDI for the many orders raised against call-off
order.
Delivery Note
Goods arriving at a customer's door should have documentation to indicate who they are
from and why they have been sent; there should be a notification of which order they
fulfil. The document that does this is the delivery note. It may be that the invoice is sent
with the dual purpose of notifying delivery and requesting payment but it is a common
practice to keep the two functions separate: a delivery note for the lads (and lasses) in
blue overalls and with dirty hands in 'goods-in' and an invoice for the nice clean people
in the office.
The delivery note is used to check the goods in - the details from the delivery note then
have to be input to the computer system and matched with the originating order (the
system needs to know that the goods have been delivered before payment can be
authorised). There can be a discrepancy against the ordered quantity or there can be
damaged or faulty goods. This in turn sparks off a further exchange with a delivery
variance or goods returned note. The delivery note can be sent by EDI. This saves the
not inconsiderable effort involved in typing the details from the delivery note and
matching it to the corresponding order; the electronic delivery note will have all the

correct codes and the matching should be automatic. The problem with the EDI delivery
note is that it does not prove that the package and the goods actually arrived. There is
still the need to confirm that delivery took place but this can be done with much less
detail - many organisations use bar - code labels on the delivery to meet this need and to
allow automated matching with the electronic delivery note.
Invoice
When goods or services have been delivered, the supplier issues an invoice. This -says
what has been supplied, for which order(s) and the total cost (which we would now like
paying). Invoices can be issued for each order or at the end of the month for all orders
sent out in that period (sometimes referred to as a statement).
The payment of invoices is often delayed to take advantage of credit, with or without
acquiesce of the supplier. Most organisations check invoices against the original orders
and deliveries to make sure that they are only paying for goods and services received.
The task is made more difficult by disparate invoice formats, incorrect / incomplete data
and complications such as partial deliveries / multiple deliveries of an order. The
processing of paper invoices can be a costly and time-consuming matter.
The use of EDI for invoicing means that the invoice gets through reliably and quickly
and is accurately matched to the original order and subsequent delivery-note. The use of
EDI should save time for the customer, cut out most invoice queries and improve cash
flow with earlier payment for the most invoice queries and improve cash flow with
earlier payment for the supplier. The excuse that the invoice was lost in the post loses its
credibility.
Payment and Payment Advice
The final step in the cycle is payment. For paper systems this requires a cheque and a
payment advice to indicate what the cheque is for. The processing of the cheque is
relatively easy, it goes to the bank. The payment advice is another matching job, this
time it is the supplier that needs to search through the outstanding invoices and tick off
those that are paid. With EDI, both payment and payment advice can be electronic.
Payment can be sent to the bank either using an EDI payment message or the BACS
system. The payment advice can be sent to the supplier as an EDI message and is readily
matched, within the computer system, to the invoice(s) for which it is the payment.
Many banks offer an EDI payment service and will take instruction on payment from the
supplier and forward the payment advice to the customer (arguably giving confidence
that the payment advice actually represents a real payment).
EDI Adoption and EDI Maturity
Business System Evolution
The development of business computer systems has essentially taken place over the last
30 years. Initially, the commercial use of computers was limited to mainframe

computers, the main administrative processes and to large organisations. The

development of mini and microcomputers allowed the adoption of information
technology by medium and small size enterprises and, in many organisations, there is
now a computer on every desktop.
The marriage of computers and telecommunications has enabled organisations to
network their computers. Offices have local area networks linking one desktop to
another, to a server and / or a central computer. Geographically dispersed organisations
have wide area networks linking their locations and systems together, throughout the
country and / or across the world. Many organisations have used these networks to
interface or integrate their business processes with common customer files, interfaces to
the accounting system and the like.
At the simplest level this is achieved by numerous interface transactions but it can also
involve the set-up of the corporate database of distributed database on networked and
client server systems. The integration of systems has been a factor in improving
customer service and customer care, it has also given birth to new products and services,
particularly in the financial services industry.
However, this integration of computer systems stopped at the companies' front (and
back) doors. Inside the company, for example, the order processing system formulated
the replenishment demand, updated the stock file and made a posting to the accounting
system but then printed the order on paper. The paper order was then posted to the
supplier where it would be typed into their order processing system with the inevitable
quota of delays, transaction errors and coffee stained documents. It is calculated that,
for a typical company, 70% of the documents they type into their system will have been
printed out from another computer system and, of these documents, 50% will be input
with mistakes in the transcription. The answer to these difficulties and inefficiencies is
the Inter-organisational System (IOS). The prime "technology" of the IOS is EDI.
The development of EDI and IOS systems is, arguably, a new generation of computer
application that has changed inter-organisation business practices in much the same
way as the evolution of IT and IS has radically changed intra-organisational procedures.
These developments of business information systems can be represented as three stages
or three generations:

The development of Internet enabled system is arguably the next stages in this
evolution. The overall impact and implications of the development of the Internet on
corporate systems is still to be evaluated.
EDI Maturity
EDI development, it is suggested, follows a fairly standard pattern. This can be
represented as a six-stage maturity model. The model had as its starting point a three
stage model suggested in Saxena and Wagenaar, (1995) and has been developed using
the author's own commercial and research experience. The model was first presented in
a paper EDI: Re-Engineering the Competitive Edge', Whiteley, (1995).

The stages of the model and some of the opportunities and implications of each stage
are:
a. Discovery Stage
The first stage in EDI development is the discovery stage. Discovery can be by an
organisation choosing to adopt EDI to gain competitive advantage or to solve an
administrative problem. Often it arises from the realisation that competitors are
adopting EDI and the being left behind will result in competitive disadvantage. For most
EDI users discovery has come in the form of a 'request' from a significant customer
organisation that is converting its trade transactions to EDI - such 'requests' are not
necessarily negotiable.
b. Introductory Stage
Organisations setting out on the EDI path generally start with a pilot scheme. Initiators
of EDI trading networks will choose one or two trading partners with which to pilot a
single message (transaction) type. Organisations, which are forced into EDI trading by
an insistent partner, start electronic trading in a similar way. This stage can be termed
the introductory stage. This stage requires investment - there are direct costs in
computer hardware and software but at least as significant will be the time commitment
in establishing the parameters of the electronic trading relationship. This stage, on its
own, does not result in any cost saving or efficiency gain.
c. Integration Stage

Having found out about EDI and having gained some practical experience the system
can be developed further. Very probably the introductory system was a free standing
system with transactions being transcribed from the EDI system to the main business
system (or vis a versa depending on the selected message type). There is little benefit in
an EDI system if, for example, orders have to be printed out and typed back into the
order processing system. The next stage therefore is to interface the EDI software with
the business application so that EDI messages can be transferred electronically and
automatically between the two systems. This stage is referred to as the integration stage.
The work involved in this stage is very variable but is often expensive. To establish the
EDI service EDI software can be bought off-the-shelf. Integrating the EDI software and
the business system would normally apply to data input. Integration is an essential stage
for the large user of EDI. Many small organisations, often forced into EDI by a large
trading partner, never achieve integration.
d. Operation Stage
Integration realises the EDI benefits of saving time and avoiding transcription errors.
Real business benefits only come when a significant number of trading partners and / or
commonly used trade transactions are converted to EDI. Reaching a 'critical mass' in the
volume of electronic trading gives cost savings - the staff dealing with manual
transactions can be re-deployed. The conversion of the major part of the trade cycle,
both in volume of trading partners and in numbers of '' message types is the operational
stage. Different organisations have placed differing emphasis on the completion of the
operation stage. Large retailers have been keen to convert all their suppliers to EDI
orders but there has been less emphasis on electronic invoicing and payment. The
vehicle assemblers, however, tend to be more advanced in implementing other message
types. Completing the electronic trade cycle speeds up business transactions and gives
the opportunity to look at the organisation of the trade cycle and the supply chain.
e. Strategic Stage
There are savings to be made by simply replacing paper documents by their electronic
equivalent. The real opportunities come from making changes to established business
practice. These opportunities only arise when significant progress is made in the
operational stage - the implementation of these changes is the strategic stage. Possible
areas of change and examples of where such changes have taken place are:
The sequence of trade documents can be revised. Document matching is a considerable
problem in order processing: the customers have to match deliveries to the orders and
invoices to the deliveries; the suppliers have to match deliveries to the orders and
invoices to the deliveries; the suppliers have to match payments to invoices - each
process made more complex by
Disparate document types, part deliveries and incorrectly recorded codes. EDI makes
the process easier - at the very least codes should be correct and in the proper place. The
use of EDI has allowed companies to disband their order processing and invoice
matching sections with large staff savings reported by the major EDI users. EDI also

gives the opportunity to re-engineer the trade document cycle; self-invoicing, discussed
earlier in this chapter, having been adopted by a number of major organisations.
EDI can give dramatic timesaving. The time between formulating a replenishment
demand to the order being processed by the supplier can be as short as is required - for
all orders, not just rushed orders. This has facilitated the reduction or elimination of
stock holding (by the customer organisation at least) and is a part of the development of
just-in-time (JIT) manufacture and quick response supply.
f. Innovating Stage
The establishment of an operational EDI infrastructure and the change of operational
procedures that it facilitates also give the possibility of changing the nature of the
product or the provision of new services. These developments are termed the innovation
stage in the model and it is contended that they open up new possibilities for
competitive advantage. Examples of such developments are emerging as the early users
of EDI achieve maturity in their systems. One example of such a development is:
Rover Cars who, for the UK market at least, have stopped producing cars for stock only
produce a car when they have the dealers' order. EDI and the associated changes in
supply and production have reduced the time from production planning to delivery of a
car from seven weeks to two. Rover dealers have been equipped with computer systems
where the punters can specify their own car (well at least the options they want) and two
weeks later there it is with sun roof, alloy wheels and gleaming pink paint work.
A number of moves for product customisation rely on a mature EDI infrastructure. For
example:
Raleigh will build their top of the range mountain bicycles to a customer specification.
Levi Jeans, if you are female and live in the US, will produce a factory made to measure
pair of jeans. The measurements are taken in the store and submitted electronically to
the centre.
Further moves to exploit a mature EDI infrastructure in an innovative way should be
expected. A sector where the linking of EPOS and EDI is set to change the market is that
of the best seller' book trade. Timely market intelligence can allow reprints of successful
blockbusters to be rushed out before the stock disappears and the public interest is lost.
Eddi Bell, chairperson of Harper Collins, forecast this possibility in 1992 in a speech to
the BIC Symposium:
"With EPOS and EDI working together on our behalf, we could have had the reprint out
three weeks earlier; no bookshop need ever have been out of stock - and we could
probably have doubled our sales during this early hot' period. The
Converse is that the same market information can dramatically reduce the half of all
printed books that are remaindered or pulped.

EDI and Internet e-commerce

The use of EDI is in no way rendered redundant by the introduction of internet eCommerce. Internet e-Commerce provides for searching for products and for once-off
purchase; it is, above all else, a person to application interface. EDI is, in contrast, an
application to application interface for repeated and standardized transactions. As
already discussed it is an essential part of the JIT or quick response supply chain of
many organisations.
The user of Internet e-Commerce is looking for a quick response. One of the problems of
Internet e-Commerce is waiting for delivery and this problem is compounded if the
online retailer does not have stock and there is a second delay while goods are ordered
from the wholesaler or manufacturer. The e-Commerce vendor needs their own quickresponse supply chain to minimize stock-outs and back-order delays. There is not
much point n being able to order goods in matter of minutes from home if delivery times
are unpredictable and can stretch out to be several weeks.
For many e-Commerce vendors EDI is, and will be an essential element of their supply
chain. Existing retailers, supermarkets that start an e-Commerce / home delivery
operation being an obvious example have their supply chain and distribution operations
already in place. Other e-Commerce vendors are, as they grow, going to need to pay
attention to their back-office systems. The Blackwells online bookship is specifically
designed to interface with the book trade TeleOrdering system and that is that is but one
example. The overall electronic supply chain is illustrated at the following figure 12.

EDI Implementation
The final technical element of the EDI system is the EDI software. If Pens and Things is
to send an order from its production control system to Packaging Solutions it needs to
code that order into the agreed EDI standard and squirt it into the chosen VADS. To
pick up the order at the other end, Packaging Solutions has a similar need to extract the

data from the network and to decode the data from the EDI message into its order
processing system. The coding/decoding of the EDI message and the interfacing with
VADS is normally achieved using EDI software. The overall picture is summarized in
Figure 13.

The EDI software is normally bought in from a specialist supplier. There are a number
of software houses supplying EDI solutions or the EDI software may come from:

Major Trading partner the trading partner may supply the software or
recommend a third party supplier
The VADS supplier.
As part of applications package, e.g. packaged software for production control,
order processing or accounting may include EDL software as an integral feature
or as an optional module.
A third party. An example of this is that a number of banks provide EDI solutions
that include the collection of and accounting for electronic payments.
Obtaining EDI software from an interested party has both advantages and
disadvantages. If the software is, for example, bought from the VADS supplier
then, hopefully, there would not be any problem interfacing with the chosen
network but using an additional VADS or switching to a new network supplier
may be more problematic.

The basic functions of the EDI Software are the already outlined, namely:
Coding business transactions into the chosen EDI standard;
Interfacing with the VADS.
Many EDI software suppliers provide additional functions. These may include:

 A trading partner database integrated into the EDI software. This can provide for code
transaction (e.g. internal customer codes to a trade sector standard code) and / or for
the specification of the EDI requirement of each trading partner;
Support of multiple EDI standards. The selection of the appropriate standards may be
determined by the trading partner database;
Sophisticated facilities to ease the formatting of internal application data to and from
the EDI Standard. 'Drag and drop' interfaces are available for this purpose. Various EDI
software suppliers have associations with the large suppliers of business applications
(production planning, order processing, etc.) and provide standardised interfaces to
those packages;
Facilities for transactions to be sent by fax or e-Mail to customers that do not use EDI.
The identification of such customers may be determined by the trading partner
database;
Interfacing with a variety of EDI VADS (including the Internet). The selection of the
appropriate VADS may be determined by a trading partner database;
The option to encrypt the EDI message;
Facilities for the automatic acknowledgement of the EDI message;
Message tracking and an audit trail of messages sent and received;
Direct input and printed output of EDI transactions - allowing free standing EDI
Operation - in effect the EDI system provides the service of a fax machine.
EDI Software is available on a variety of platforms, from the basic PC up to a mainframe
system. As with all classes of software the price varies: the basic PC packages starting at
(say, 500 pounds sterling / 800 US dollars and the price then goes up from there for the
larger machines, additional facilities and services such as consultancy. For some EDI
software the support of each standard and / or VADS is additional plug-in that is paid
for separately. Yearly maintenance charges, that include updates as the new versions of
the EDI Standards are released, tend to quite hefty.
At the top of the range is the concept of an EDI Corporate. This software, often mounted
on its own, mid-range, machine acts as a central clearinghouse for all the e-commerce
transactions of a large organisation. The external interfaces can link to several EDI
VADS's and translate to a variety of EDI Standards to meet the needs of a large number
of trading partners. The internal interfaces can link to a number of business systems
such as order processing and accounts payable, possibly systems that are replicated
across the various divisions of the organisation. The system can also be used for intraorganisational transactions - if the interface for external customers and suppliers uses
EDI, why not use the same interfaces for trades between divisions of the organization.

QUESTIONS
1) Describe the salient features of WWW
2) Explain the World Wide Web standards.
3) Give short notes on Browsers and Servers.
4) What do you understand by the term e-Shop?
5) Explain Multiple Payment Options.
6) Explain Internet Shopping and the Trade Cycle.
7) Discuss in detail advantages and disadvantages of Consumer e-Commerce
8) Why monetary freedom is important for the growth of EC?
9) Explain the key elements of a private digital cash system.
10) What is Smart Card Technique?
11) Explain the different types of Cards that can be used to make payment in EC
12) Explain the strengths and weaknesses of electronic payment.
13) Explain the approaches to the payment system in EC.
14) What is protocol set?
15) Explain the Secure Cash Payment.
16) Explain the cash payment system in EC.
17) What will back the new monetary units and how will they be redeemed?
18) Who will be the new monetary unit provider?
19) What will the providers be issuing and how will they circulate it?

- End of Chapter -

UNIT - VI
INTRA-ORGANISATIONAL ELECTRONIC COMMERCE

In this category we include all internal organisational activities, usually performed on

Intranets that involve exchange of goods, services, or information. Activities can range
from selling corporate products to employees to online training and cost-reduction
activities.
The purpose of intra-organisational applications is to help a company maintain the
relationships that are critical to delivering superior customer value by paying close
attention to integrating various functions in the organisation. In this perspective some
of the applications offered by E-commerce are:
Workgroup Communications
These applications enable managers to communicate with their employees using e-mail,
video conferencing and bulletin boards. The goal is to use technology for knowledge
sharing, which will result in better-informed employees.
Electronic Publishing
These applications enable companies to organise, publish and disseminate human
resource manuals, product specification, sales data etc. The goal is to provide the
information to enable the better strategic and tactical decision making throughout the
firm. Also online publishing shows immediate and clear benefits: reduced costs for
printing and distribution, faster delivery of information etc.
Sales Force Productivity
These applications improve the flow of information between the production and sales
force, and between the companies and the customers. By better integrating the sales
forces with other parts of the organisation, companies can have greater access to market
intelligence and competitor information, which can be funneled into a better strategy.
Within intra-organisational commerce the largest area of growth has been in the area of
"corporate Intranets". Intranets are primarily set up to publish and access corporate
information.
APPLICATIONS OF INTRANETS
In this section, review the applications of intranets from three perspectives: generic
functions, application areas, and industry specific intranet solutions.
To build an intranet, we need Web servers, browsers, Web publishing tools, back-end
databases, TCP/IP networks (LAN or WAN) and firewalls.

A. Generic functions of Intranet

The major generic functions that intranets can provide (SurfCONTROL 1997) are
Corporate/department/individual Web pages
Database access: Web-based database
Search engines and directories: assist keyword-based search
Interactive communication: chatting, audio, and video conferences
Document distribution and workflow: web based download and routing of documents
Groupware: fancy e-mail and bulletin board
Telephony: intranets are the perfect conduit for computer based telephony
Integration with EC: interface with Internet-based electronic sales and purchasing
Extranet: linking geographically dispersed branches, customers, and suppliers to
authorised sections of intranets creates happier customers, more efficient suppliers, and
reduced staff costs.
These functions provide for a large number of applications.
B. Intranet Application Areas
According to a survey conducted by Information Week with 988 responding managers
(Chabrow 1998), information that is most frequently included in intranets are corporate
policies and procedures, document sharing, corporate phone directories, human
resource forms, training programs, customer database, product catalogues and manuals,
data warehouse and decision support access, image archives, purchase orders,
enterprise suits, and travel reservation services. The applications are customer
databases, product catalogues and manuals, purchase orders, and travel reservation
services are directly related to electronic marketing a.id purchasing.
Electronic commerce: Sales and purchasing can be done online.
Customer service: UPS, FedEx, and other pioneering companies have proved that
information about product shipments and availability make customers happier.
Reduced time to market: Easy online access for product development speeds
teamwork.
Enhanced knowledge sharing: web pages can enhance knowledge sharing.

Enhanced group decision and business process: Web based group-ware and
workflow is becoming the standard Intranet platform.
Empowerment: Everything should be available to everyone with the right to know.
Virtual organisations: Web technology at both ends removes the barrier of
incompatible technology between businesses.
Software distribution: Use the Intranet server as the application warehQtasee and
avoid many maintenance and support problems.
Document management: Employers can access pictures, photos, charts, maps, and
other documents regardless of where they are stored.
Project management: Share the reports and check the project progress.
Training: The Web page is a valuable source of providing knowledge to novices.
Facilitate transaction processing: The data are entered efficiently through the
Intranet Web only once, and internal control can be applied consistently throughout the
system.
Eliminate paper-based information delivery: Eliminating the paper in a firm
can result in lower cost, easier accessibility, and greater efficiency.
Administrative process support: The internal management of production,
inventory, procurement, shipping, and distribution can be effectively supported by
linking these functions in a single threaded environment - intranet - and these functions
can also be seamlessly integrated with the inter organisational extranets.
C. Industry-Specific Intranet Solutions
Intranet solutions are frequently classified by industry instead of technology, because
the technology is no longer a bottleneck for implementation. The development of
business models has become a critical concern for the managerial success of Intranets.
According to the classification of Information Week Online, the top 100 Intranet and
extranet solutions can be classified by industry as follows:
Financial services: banking, brokerages and other financial services, insurance
Information technology
Manufacturing: chemicals and oil, consumer goods, food and beverage, general
manufacturing, and pharmaceuticals.
Retail

 Services: construction/engineering, education, environmental, health care, media,

entertainment, telecommunications, transportation, and utilities.
SUPPLY CHAIN MANAGEMENT
Supply chain is a stream of interrelated activities that extends from an organisations
suppliers to its end customers. It is a network of facilities and distribution options that
performs the function of procurement of materials, transformation of these materials
into intermediate and finished goods and the distribution of these finished products to
customers. It includes suppliers, logistics providers, distributors and retailers. The
typical supply chain for an organisation is:

A supply chain has 3 key flows namely,

Materials, products and services

Information
Money

Supply chains exist in both service and manufacturing organisations, although the
complexity of the chain may vary greatly from industry and firm to firm. In an efficient
supply chain,
Goods flow seamlessly from suppliers to customers.
Information flows immediately and openly up and down the chain.
Activity in the money conduit is triggered when the customer actually purchases the
product/services.
Players in the Supply Chain
The players in the supply chain are:
1) Suppliers
Preferred suppliers
Tier-1 suppliers
Tier-2 suppliers
Vendors
Preferred vendors
2) Logistics providers (both inbound and outbound)
Surface transport providers like
Road ways
Railways
Shipping companies
Air cargo companies
Warehouse providers
3) Manufacturers and Service providers
4) Distributors
Country wide

 Region wide
5) Retailers
Super markets and chain stores
Specially stores
Industrial retailers and dealers
6) End-customer
Companies
Individual customer
Components of Supply Chain
The components of supply chain are plan, Buy, Make, move and sell. Each component
requires focused expertise as well as knowledge and managerial effort. They are:

Plan - The organisation-wide synchronisation and deployment of products and

services across the entire supply chain to meet both operational needs and
customer demands.
Buy - Those activities related to sourcing and purchasing from suppliers of all
types.
Make - The process of manufacturing and configuring products for customers or
for companies in the service sector, organising operations to provide services.
Move - The transportation, warehousing and distribution activities which get
materials and products from suppliers to the end-customer and back.
Sell - The support, sales and marketing activities that service customer in
buying, ordering, delivery and returning processes.
The right operation strategy will differentiate a company from its competitors. While
products, services and technology can be matched, operating efficiencies driven by the
right supply chain strategy will yield a sustainable advantage.

Pull vs. Push Supply Chain Models

The rapid growth in technology is driving companies to more efficient operations. It is
also an era where the customer is more increasingly determining his choice rather than
other way round. As more and more companies strive for competitive advantage they
are beginning to realise that satisfying the customer' demands is the only way. This
consumer-need-based business is forcing a paradigm shift from a manufacturers push
based model (build-to-stock) to a customer-pull-based model (build-to-order).
In the push based model the product is actually pushed into the customer. The following
figure shows this:

In this model the customer data is not flowing through the supply chain. The interaction
among various players is not coordinated. The manufacturer pushes the inventory to the
distributor based on the safety stock levels (warehouse) and the distributor in turn
replenishes the retailer based on the shelf inventory level (safety stock) of the retailer.
As the power being shifted to the customer today, such a model will not yield any
advantage. The push-based model addresses these shortcomings. The figure shows the
model.

As the figure shows, the information associated with the movement of the product flows
seamlessly throughout the supply chain. Demand data becomes accurate as retailers and
distributors share the customer data with the manufacturer. The full model requires
companies to:
Collect data about the customer demands quickly and accurately.
Satisfy the customer demand quickly and at the lowest possible cost.
Maintain the customer loyalty by delivering the products and services promptly.

Financial and Accounting Management

This aspect of supply chain management deals with the financial flows associated with
the suppliers and the customers through financial intermediaries. The streamlining of
the financial flows help companies to process their invoices faster and also avoids
unnecessary delays in financial transfers.
Problems with Traditional Supply Chain
Traditional supply chain management takes an over-the-wall approach to filling
customer demand and time lags between systems make it impossible to commit to
orders in real time. Manufacturing determines production and passes finished goods to
distribution. Distribution packages the goods and passes them to transportation, which
delivers them to the customer. These processes take place sequentially, which results in
delivering commitments that cannot be fulfilled efficiently.
Traditionally, marketing, distribution, planning, manufacturing and the purchasing
organisations along the supply chain operated independently. These organisations have
their own objectives and are often conflicting. Marketing's objectives of high consumer
service and maximum sales conflict with manufacturing and distribution goals. Many
manufacturing operations are designed to maximise output and lower costs with little
consideration for the impact on inventory levels and distribution capabilities.
Purchasing contracts are often negotiated with very little information beyond historical
buying patterns. The result of these factors is that there is not a single, integrated plan
for the organisation.
The process of logistics - distribution and transportation - can't react to changes in
customer demand because distribution focuses inside the four walls and transportation
manages equipment. Distribution planning systems allocate goods to warehouses and
warehouse management packages products and gets them to the shipping dock. But
these systems don't have access to real-time information about production plans,
inventory in other facilities, or customer delivery routes.
Lack of integration among manufacturing systems and the supporting logistics creates
breaks in the process of fulfilling customer demand. And at each handoff between
applications, increased uncertainty leads to overstocked inventories, longer product wait
time, and slower customer response. These problems clearly indicate that a new
approach to supply chain management will be the key in the new market of today which
are dynamic and volatile.
Supply Chain Management (SCM) as a Competitive Strategy
One of the biggest challenges facing organisations today is the need to respond to everincreasing volatility. Faster customer service, greater product diversity, shorter Product
and technology lifecycles and globalisation have all dramatically increased the
complexity of running a business.

The changed conditions in the global marketplace demand a much more agile response
from the organisation and its partners in the supply chain. In the past, success was
based upon strong brands and innovative technologies. Today brands and innovation
are still critical but they are not enough. Instead the winning combination is strong
brands and innovative technologies supported by an agile supply chain capable of
responding more rapidly to volatile demand. In today's business environment it is
important that a business be agile as well as efficient. Supply chains can help achieve
this through the ability to respond quickly to customer demand and by reducing
operating costs.
Recent years have seen a significant shift in the balance of power between the consumer
and companies providing them with products and services. Companies accustomed to
pushing products to stable homogenous markets are now straining to succeed in
satisfying more knowledgeable and demanding consumers. Companies that deal with
the consumer through complex distributor/ retailer channels are now finding
themselves face-to-face with their end customers via the Internet. Increasing demands
for customised products require firms to match market demands with production
capabilities and their inventory. Gaining quick access to accurate data can be difficult.
The bottom line is that customers want ever more innovative and complex products
tailored to their specific personal needs and delivered when and where they choose.
To meet these new consumer-driven challenges, companies are reinventing their supply
chains in order to succeed. They now seek partnership with organisations whose
complementary capabilities can give the whole supply chain a competitive edge. True
competitive advantage is gained when the organisation is able to consistently meet the
needs of customers more precisely and in a more timely way than anyone else. Their
goal is to bring together the production, delivery, and service capabilities of multiple
supply chain partners, and to have them operate as though they were one seamless
organisation.
Supply chain management has come into vogue because companies no longer compete
simply on quality. Manufacturing quality - a long-time competitive differentiator - is
approaching parity across the board, meeting customer's specific demands for product
delivery has emerged as the next critical opportunity for competitive advantage. In the
past, manufactures were the drivers of the supply chain, managing the place at which
were manufactured and distributed. Today, customers are calling the shots, and
manufacturers are scrambling to meet customer demands for options/styles/features,
quick order fulfillment and fast delivery. To meet the challenge, companies must
undergo a fundamental management shift. They have to stop looking at jobs in isolation,
and start seeing the supply chain as continuous cycle.
Supply Chain Efficiency
This often means the difference between success and failure for companies. If a
customer is seeking a company's product arid it is not available when he/she wants it,
the customer will purchase another company's product. So, having the right product at
the right place at the right time is one way to define "customer service."

Save Money/Reduce Costs

It includes reducing the cost of getting the products to market. In other words,
containing all costs associated with moving the product through the supply-chain. And
this usually results in a more time-efficient supply chain as well. Companies leading in
supply chain efficiency have an advantage in cash-to-cash cycle time over average
companies. Leading companies have cash available 2 to 3 months faster. (Cash-to-cash
cycle time begins when commitments are made for the sourcing and procurement of
materials and components and continues through the manufacturing and assembly
process to final distribution and finishes with the receipt of payment from the
customer.) The quicker a company gets it, the quicker it can reinvest it in raw materials
and /or plant/operations improvements.
Critical time advantage
SCM helps companies to compete on time. A company, which reduces its time to
market, will emerge as the winner.
Finding opportunities to create value for shareholders is a constant pursuit of the CEO.
Historically, many senior executives viewed the supply chain as a collection of materials
management functions (procurement, manufacturing, warehousing, and
transportation). In the 1980's and 1990's numerous reengineering programs reduced
supply chain costs and assets within companies.
True value creating opportunities are not limited to cost reduction and asset
productivity - supply chains can be significant source of competitive advantage and
revenue growth. At the same time, recent technology advances in software,
communications and computing power have created a wealth of opportunities to plan
and execute supply chain activities more quickly and effectively than ever before, raising
the bar of competitive performance. The major emerging opportunity over the next few
years lies in creating more value for consumers by enhancing the supply chain among
supply chain partners. Striving to achieve efficiency in supply-chain management
should last as long as the company is in business.
As the realisation grows that it is no longer company competing against company but
rather supply chain against supply chain, how well a company manages its supply chain
will determine its business performance. The ultimate goal is to improve shareholder
value by differentiating the supply chain from that of the competitors and winning and
retaining customers as a result. Heightened customer expectation and shorter channel
response times will be difficult to achieve for some organisations, but for those that can
deliver the right product in a timely fashion, increased market share will be the reward.
SCM and E-Commerce
In the traditional supply chain, raw materials flow to manufacturers, and then finished
product flow to distributors, retailers and consumers. E-Commerce is changing this
linear view of business-to-business interactions. Instead of goods flowing from one

participant to the next, today's online market places allow each participant to reduce
costs by bypassing some of the other participants. To survive, each participant in the
chain must establish a more direct connection with the party who pays for it all the
consumers.
Retailers can ensure their place in the supply chain by establishing themselves online.
This enables them to provide information about available goods, fulfill electronic orders,
and reach some consumer's directly all while reducing costs.
Distributors can leverage electronic information to supply value to their retailers. They
can link the best manufacturers with the appropriate retailers to vied better end-to-end
service. In some instances, E-Commerce enables distributors to reach consumers
directly. Manufactures can provide better product information to the rest of the supply
chain and take advantage of new electronic channels to reach customers for their
branded products.
In addition to these opportunities there exist certain risks also. Traditional retailers rely
on physical locations to store and sell products to consumers. Manufacturers and
distributors alike can bypass these retail channels by selling directly to consumers via
the World Wide Web. Distributors are easy to eliminate from the supply chain, because
E-Commerce makes it much easier for manufacturers to sell directly to consumers and
retailers. Also manufacturers need to reinforce brand identity to build mind share with
the public and ensure future sales. In an electronic environment, consumers have a wide
range of choices and are not as influenced by the physical placement of goods or their
packaging, making manufacturers with weak brands vulnerable.

Developing a Web Enabled Supply Chain Model

The model is based on the "Pull" based supply chain whereby the customer initiates the
purchase and drives the activities along the supply chain. This model is the reality today
with the power being shifting to the customer.

The model will address the information issues that are associated with above flows. The
integration of information issues will enable the organisation to manage its supply chain
in a better way. In the Pull model customer satisfaction depend on effectively linking the
customer information gathering front lines (sales and customer service) to the upstream
functions (manufacturing and distribution). If we consider the supply chain players as a
single organisation the, basic model will be...

In such a basic model the information flows using the Web may be considered to be:

If the model is to be considered in terms of a manufacturer centric one certain

functions of the model are ideal for converting into a web enabled one. For instance we
can consider web enabling the supplier and the manufacturer. For this we have to make
certain assumptions. They are
The company has a vendor rating program
A source list of all the raw materials for all products is maintained
The supplier is having net enabled PC
The information exchange is secure and protected
The manufacturers web site is integrated with his internal IT system (central)
repository)
The information exchange that accompanies the flow of goods and services between the
manufacturer and the supplier may be
1) Electronic purchase orders
2) Production plans (time period)
3) Re-order levels
4) Information re-order levels

The Stages of SCM

Stage 1
Web presence is the first stage, which prepares the organization for E-Commerce.

Stage 2
The second stage is when suppliers go beyond displaying electronic brochures and allow
the customers to place the orders directly with them by linking to internal line of
business systems. Both stages are supplier-centric models.
Stage 3
In the next stage, Internet will shift to customer-centric computing. This will help
customers to obtain personalized data and products and service tailored to their needs.
Suppliers in this case will therefore deliver data and the product and services that can be
integrated in to the customers business process electronically.
It also enables radically different relationships and generates competition and how
effectively suppliers can integrate their information with the customers business
systems.
Stage 4
The ultimate stage is the automated inter-business process where the decision making
system between the customers and suppliers are tightly integrated. Supply chain
decisions are strategic decisions (long term) and operational decisions (short term). The
four major decisions are location, production, Inventory and Transportations
(distribution).
According to Mr. George Moakley, Supply chain excellence through technology
forecasts that the real competitive edge for organizations will come through these
Intelligence supply chains.
In the Logistics SCM a concurrent move is taking place in electronically linking up the
logistics providers along with suppliers and customers. Thus the complete supply chain
including logistics can be operated through E-Commerce.
Supply Chain in the Age of E-Commerce
Lower operating costs through reduced inventory requirements
Improve customer satisfaction by maintaining adequate stock
Improved productivity through better data integrity, fewer order entry errors, less
rework and faster communications.
Supply Chain Management as E-Business
This is done over the web using:
Customised extranet sites

 Web servers
Group-ware (email integrated collaborative software)
Characteristics of Supply Chain Management
Supply chain management is a tool to achieve sustainable competitive advantage.
It supports both differentiation-based and cost-based strategies
It contributes to world-class performance by progressing beyond functional excellence
and cross-functional integration.
It focuses on the practices used by the different businesses that together produce the
product and service the customer.
It integrates the activities of all members of the value-added chain to produce higher
levels of performances than can be achieved individually.
Supply chain management practices create supply chain integration that yields
superior business performance.
Supply chain integration utilises a variety of business practices such as just-in-time
manufacturing, quick response and continuous replenishment.
Objectives
The progress and success of supply chain management should be measured against
objectives. Supply chain integration can be evaluated against the objectives of...
Service: Do customers receive what they ordered, when they want it in the manner
they desire?
Cost: Is the net landed cost to the end user optimised with service and time
requirements?
Assets: Does inventory exists within the supply chain merely to respect the variability
of consumer demand, or to create operational efficiencies?
Time: Is this cycle time from source to delivery limited only by physical constraints?
Supply chain integration is practised in aboard range of industries.
Supply Chain Management in Practice
Supply chain integration practices can be tailored to unique industry situations. A
leading distributor of hospital supplies offers a program to deliver hospital products

directly to the nursing station, bypassing storage and handling in a hospital in a hospital
store room Orders are issued based on nursing station use, and replenished directly
from the distributor inventory, timeliness and accuracy are paramount, yet an entire
step in the traditional flow of products is eliminated, reducing operating costs and
investment.
The Supply Chain Development Model
First Dimension: The closed loop
It contains of the four stages. These are
1. Diagnosis and concept development
The first stage is assesses the supply-chain competitiveness of the organisation and
builds a vision the desired supply changed. The evaluation begins with the diagnosis and
comparison of business objectives against existing capabilities and performance.
2. Detailed action planning
The second stage is the engineering phase that future develops the master plan in detail
that is created in stage one. During the phase, the long terms supply chain structure is
designed in detail.
3. Building capabilities
This is the stage of the effort when detailed plants to achieve world class supply chain
agility and performance are executed. New technology, capital, people and resources are
effected to team building and high involvement activity.
4. Performance Results
It is the stage when results of the plan are measured for performance success of the five
drivers like velocity, flexibility, quality, cost and service. The master plan is a continuous
closed loop process, and once performance drivers are assessed, the major activity
returns to stage 1 for further diagnosis and development.
Second Dimension: Six Key Holes
These are production, supply, inventory, location, transportation, and information.
1. Production
Strategic decisions regarding production focus on what customers went and the market
demands. The production must focus on capacity, quality and volume of goods keeping
in mind that customer demand and satisfaction must be met.

2. Supply
An organisation must determine what their facility or facilities are able to produce, both,
economically and efficiently while keeping the quality high and must carefully select the
suppliers for raw materials.
3. Inventory
The strategic decisions focus on inventory and how many products should be in-house.
A delicate balance exists between too many inventories and not enough inventories to
meet market demands.
4. Location
The strategic decision must focus on the placement of production plants, distribution
and stocking facilities, and placing them in prime locations to the market served.
5. Transportation
Any organisation must have a transport mode in place to ensure a smooth distribution
of goods.
6. Information
Effective supply chain management requires obtaining information from the point of
end-use, and linking information resources throughout the chain for speed of exchange.
Third Dimension: Performance drivers for success
These are velocity, flexibility, quality, costs and service.
1. Velocity
It is the rate at which raw materials, parts, components, finished products and
information travel through the supply chain.
2. Flexibility
It is the ability to adopt new or changing demands m the market.
3. Quality
It is the degree of excellence performed in designing, selling, producing and delivering
products and information.
4. Costs

Cash are the total cost of the conversion and movement through the supply chain per
unit.
5. Service
Customer's service is the quantitative as well as qualitative measurement. Quantitative
approach is the more traditional method of customer service of orders placed to orders
shipped. The qualitative approach measures the customer's satisfaction with service
received.
Requirements of Supply Chain Management
Any secure networked supply chain requires:
Public-Key Infrastructure (PKI) Technology Solution
Data Privacy over un-trusted networks Encryption
Data Integrity Digital Signature
Password management
Public key authentication techniques.
Electronic Authentication and Digital Signature with PKI certificate
Strong binding between a user and a transaction Public Key Infrastructure
- Digital Signature Encryption
- Digital Certificates
- Time stamping of transactions and events
- Trust Management (Certificate Revocation)
- Encryption Key Recovery PKI Integration with Business Application
With the adoption of the above-mentioned aspects the supply chain would prove to be a
competitive differentiator to a firm.
Supply Chain Management Software
From source to shipping to manufacturing, SCM software turns discrete supply chain
function into an intelligent process.

For companies concerned about time-based competition, SCM software can be one of
their most powerful weapons. It enables them to collaborate with suppliers
Importance of Networked Supply Chain Management
Today's customers want / expect to buy in small quantities
buy customised products
postpone the buying decision to be close to the act of purchase
enjoy and be rewarded by the buying experience and
get instant gratification of their needs
Supply Chain Modelling Approaches
It consists of the following three methods:
A. Network Designs Methods
These models typically cover the four major strategic decisions.
Location
Production
Inventory
Transaction (distribution)
These decisions are focus more on the design aspect of the supply chain, the
establishment of the network and the associated flows on them.
B. Rough Cut Methods
This method gives guiding policies for the operational decisions. These models typically
assume a "single site" (i.e., ignore the network) and add supply chain characteristics to
it, such as explicitly considering the sites relation to the others in the network.
C. Simulation based methods

It is a method by which a comprehensive supply chain model can be analysed,

considering both strategic and operational elements. However, one can only evaluate
the effectiveness of a pre-specified policy rather than develop new ones.
Supply Chain Process
Supply chain integration links suppliers, manufacturers, channel partners, and
customers through the process used from order creation to customer delivery. Each
supply chain partner should support others to create greater productivity, value, and
customer satisfaction. Processes that are well aligned will produce higher service, incur
lower manufacturing and distribution costs, and give higher quality. The key processes
within the supply chain are depicted in the above figure. Each of these processes results
in the clear output, and the potential to contribute to supply chain integration.
Order Creation
Order creation results in the customers decision as to the quantity, frequency and
composition of an order. Supply chain integration through the order creation process
requires deep understanding of marketing strategy, competitors capabilities, and cost
structures. Leaders in supply chain integration establish operational capabilities are
coupled with managed service, time and cost, to permit a mutual benefit.
Order Entry
The order entry process enables a customs desires to be acted upon. The opportunity to
manage the method or order entry creates the potential to solidify marketing strategies,
create sales opportunities, and build relationships. Supply chain integration through the
order entry process requires through knowledge of customer requirements, customer
business practices and technology. Leaders in supply chain integration provide a variety
of order entry methods so that customers can order, on the way they desire. Computerto-computer Electronic Data Interchange (EDI) and voice response expand traditional
but often valid, approaches such as phone or mail.
Production Planning
Production planning establishes the location, quantity, and schedule of product
generation. The opportunity to co-ordinate consumption and production creates the
potential to minimise investments in finished goods, storage space, and handling costs.
Producing closer to the point of need minimises the risk of obsolescence or rework.
Supply chain integration requires linkages with purchasing, production, and customers,
to balance the multiple objectives of each in a manner that achieves overall objectives.
Leaders in supply chain integration have established the shop floor procedures and
process by which the material will be used in production. Customised transportation
programs between supplier and manufacturer are often developed to manage total cost
and create mutual efficiencies.
Purchasing

The purchasing process results in decisions on source of supply, purchase quantity,

purchase frequency, and purchase order composition. Correct decisions maximise
availability and minimise cost. Making the correct decision requires a detailed
knowledge of production requirements and an intimate understanding of each supplier's
business drivers. Supply chain integration transforms the procurement process from an
adversarial relationship based primarily on price to a partnering relationship based on
total cost. Leaders in supply in integration establish customised order quantities and
frequencies based on mutual understanding of the activities required to create material
on the part of the supplier and process by which the material will be used in production.
Customised transportation programs between supplier and manufacturer are often
developed to manage total cost and create mutual efficiencies.
Production
The production process generates product. A production process that exhibits flexibility
and responsiveness strengthens supply chain integration. The benefits of co-ordination
between customers and manufacturer are lost if the production process cannot routinely
respond with quality products.
Inventory Management
The inventory management process establishes the available product to respond to
customer demands. A business strategy of make-to-stock or make-to-order creates
different issues, but the objective remains the same. The opportunity to establish singleinventory investments between supplier and manufacturer and customer establishes a
potential benefit in capital reduction through integrating this process. An objective of
maintaining inventory only to respect the variability of consumer demand, or to create
an operational efficiency in production or procurement that reduces net landed cost,
establishes a stretch goal.
Inventory Deployment
Inventory deployment determines the location of product awaiting orders. Decisions on
inventory deployment strongly influence the customer service parameters of order
cycle time and order completeness. Inventory deployment presents the opportunity to
create competitive advantage through responsiveness and service quality.
Order Fulfillment
Order fulfillment results in the configuration of products that conform to the customer's
desires. The opportunity to customise an order provides the potential to create
additional value by avoiding duplicate efforts and re-handling. Supply chain integration
through order fulfillment requires detailed understanding of customer requirements,
flexibility in order selection efficient processes that permit mutual benefits.
Delivery Process

The delivery process produces the cycle time, delivery precision, and arrival quality of
the customers order. The opportunity to minimise cycle inventory, reduce buffer
inventories and create cost efficiencies. Supply chain integration through the delivery
process requires careful monitoring of transportation economics, a commitment to
long-term business relationships and a willingness to act in partnership with others.
These supply chain processes are applicable to a broad range of businesses. By focusing
on the process outputs, progressive organisations can develop new business practices
that achieve improved results. Without a results-oriented process approach, attempts at
true breakthroughs among supply chain partners may not be achieved. Attention may
focus on functional performance and tradeoffs among functions and channel partners
may not be achieved. Supply chain integration must therefore be judged against
performance rather than by technique.
Integrating the Supply Chain
Initiating supply chain management requires top management involvement. Supply
chain integration may produce fundamental changes in the relationship among channel
partners. Such change must have the full support and commitment of senior
executives. In addition, the supply chain management approach will call for a cultural
change within an organisation.
Requirements of Supply Chain Integration
Identifying opportunities for supply chain integration requires a deep knowledge of
customer satisfaction objectives, documentation of the existing supply chain economies,
and understanding of practices used in other businesses and industries. From these,
thoughtful analyses will reveal gaps in practices or gaps in execution that can lead to a
prioritised action plan.
Customer Satisfaction Objectives
Establishing customer satisfaction objectives requires quantitative analysis of customer
requirements and an analysis of the customers business issues. Customer requirements
for many criteria such as order cycle time, delivery precision, item availability and order
fill rate can be established by a variety of survey approaches and methodologies.
Current Business Practices
Understanding current business practices requires an ability to explain not only how key
business processes work but what derives the process. Utilising framework based on
business processes assists in moving toward supply chain integration. Since processes
produce results. Close attention must be paid to identifying the rules, beliefs, values,
and principles that are incorporated within a business process. Completion of these
steps ensures analysis of supply chain integration and contains and understanding of
existing business practices and alternative approaches used by others.

 Performance profile
The performance profile quantifies performance along the entire supply chain: supplier,
manufacturer, channel partner, and customer. The dimensions of time, cost and
investment should be applied to understand the service, quality, and financial
performance that result along the supply chain. With this knowledge, opportunities will
surface and leverage points may be identified. Leverage points represent the places
along the supply chain where large improvements are possible with a relatively small
investment.
Gaps in practices and gaps in execution
From these three building blocks an objective assessment of gaps in practices and gap in
execution must be made. Potential improvement opportunities may be revealed, and
sufficient knowledge will exist to suggest how such opportunities could improve
customer satisfaction and business performance. These can then be synthesised and
prioritised, so that efforts initiated for supply chain integration yield substantial
benefits.
The Role of SCM in Financial and Market Place
Supply chain management assists in achieving financial and marketplace success. The
integrated movement of materials through the supply chain can build customer
satisfaction and improve performance. Supply Chain Management does not require
massive scale or volume. It does require insightful thinking about the processes used to
make, move, and sell products. Functional excellence is expected of companies today.
Supply chain management moves beyond that to better align the capabilities of
suppliers, manufacturers, channel partners, and customers, to increase customer
satisfaction and yield better performance. Competitive advantage will spring largely
from service-focused commitments - the result of intelligent performance with suppliers
and customers. Supply chain management provides and approach for making those
objectives a reality.
The web life style is going to be the order of the day in time to come. Hence, every
business will have to think as to how they will survive and prosper in their new emerging
world. Work in time, be fast, be flexible, be adaptable, or be left behind that
is the frantic pace of E-commerce. Through supply chain management, corporate will be
forced to revamp their traditional marketing and operating strategies. They would
become much more agile in their approach. The entire concept of the traditional
brick-and-mortar shop will be replaced by the virtual store.
CASE STUDY: ASIAN PAINTS
Background
One of the pioneer paint companies in India, Asian paints was among the first
companies in India to go for computerisation. In 1971 the company decided to go for a

mainframe. By 1978, all the account functions of the company have been transferred to
this new machine. From 1981 onwards on the company went for CP/M machines. The
new machines handled functions like customer billing and dealer requirements. In 1983
the company decided to extent computerisation to the shop floor. Asian paints became
the first company to use Unix on the shop floor. All this computerisation brought direct
changes in two areas. The company's clerical staff strength has not gone up much and
computerisation has helped the company to tackle competition in a more effective
manner.
The company's strategy to compete against MNCs liker Berger paints and ICI was to
spread to smaller towns. This it could do by providing better service and also a wider
range of stocks to the retailers. It had therefore to do two things - spread its
geographical reach and increase its product reach. All this meant that the company
started selling paints in more number of colours, shades and can sizes than the
competition to a larger dealer network. So the company developed a Manufacturing
Resource Planning (MRP) application in 1984 which is working well even today.
Today the company has 73 branches and 14,000 dealers - one of the largest networks in
India. The company sells 2000 shades and pack types in decorative paints and another
1500 in industrial paints. Six Regional Distributions Centres (RDC), each in one zone of
the country, receive the previous days stock position from each of the company's 73
branches. Since each branch is dealing on an average of 300 dealers, there is an
enormous amount of data is being generated. The salesman, sales supervisor or the
branch manager according to his requirement does the data crunching.
The Road to SCMs
In 1994, Asian paints installed VSATS (Very Small Aperture Terminals) in three plants
and 16 branches. Today a total of 49 VSATS installed at a cost of Rs,30 million link six
factories and 43 depots. But for many Indian companies installing a VSAT is a costly
option even today. The paint major then decided to install a Supply Chain Management
System (SCMS). SCMS is being implemented in modules and will be fully functional by
year 2000.
Why did the company go for SCMS instead of an Enterprise Resource Planning (ERP)?
The company felt that ERP implementation takes a long time. Since it touches almost
every person in the organisation, it meant that all most all the persons in the
organisations need to be trained. Also the ERP needs to be customised or the
organisation may have to adapt to the ERPs process logic both of which are big and will
take a long time. But SCMS touches a lesser number of people and takes lesser time.
The SCMS takes care of the planning system, corporate office, users at the plants among
other functions. It helps to make the core business of the company efficient which is the
supply chain for a manufacturing or marketing company. It allows the company to have
shorter production cycles, enable it determine proper inventory levels based on demand
and supply variability. SCMS will reduce sales forecasting by the depots from the
present 15 days to one week to one day. The Company will know exactly how much stock

each depot will require. With increasing competition this is important, since if the
products are stocked out, the company may lose a sale eventually the customer.
SCMS will also help to track the various promotion schemes adopted by a branch
manager. The full installation of SCMS will lead to a shorter planning system For
example, if earlier 100 cans were dispatched, now the company will need to send only
20 cans so that it is not supplying more than necessary. The reaction from the plants
and depots will also be much faster. The company recruits IT professionals and also
rope in training institutes like NUT to train its staff. The company feels that it has a 10
year lead time over its competitors and it wants to maintain this. No wonder, then it had
gone to implement SCMS to further hone its competitive edge.
Electronic Commerce Catalogues or Online Catalogues
An important factor in EC is the manner in which products of services are presented to
the users. This is frequently done via online catalogues.
Evolution of Online Catalogues
Printed paper has been the medium of advertisement catalogues for a long tune.
However, recently electronic catalogues on CD-ROM and on the Web have gained
popularity. For merchants, the objective of online catalogues is to advertise and promote
products and services, whereas the purpose of catalogues to the customer is to provide a
source of information on products and services. Electronic catalogues can be searched
quickly with the help of software agents. Also, comparisons involving catalogues
products can be made very effectively.
Electronic catalogues consist of product database, directory and search capability, and a
presentation function. On the web-based e-mails, web browser, alone with Java and
sometimes virtual reality, play the role of presenting static and dynamic information.
The majority of early online catalogues were online replication of text and pictures of the
printed catalogues. However, online catalogues have evolved to be more dynamic,
customised, and integrated with selling and buying procedures. As the online catalogue
is integrated with order taking and payment, the tools for building online catalogues are
being integrated with merchant sites.
Electronic catalogues can be classified according to three dimensions:
1) The dynamics of the information presentation
Two categories are distinguished.
a. Static catalogues: The catalogue is presented in textual description and
static pictures

b. Dynamic catalogues: The catalogue is presented in motion pictures or

animation, possibly with sound to supplement static content.
2) The degree of customization
Two extremes are distinguished:
a. Ready-made catalogues: Merchants offer the same catalogue to any
customer.
b. Customised catalogues: Deliver customised content and display
depending upon the characteristics of customers.
3) The degree of integration of catalogues
With the following business processes:
a. Order taking and fulfillment
b. Electronic payment system
c. Intranet work flow software and systems
d. Inventory and accounting system
e. Suppliers or customers extranet
f. Paper catalogues
Comparison of Online Catalogues with Paper Catalogues
The advantages and disadvantages of online catalogues are contrasted with those of
paper catalogues in the following table. Although there are significant advantages of
online catalogues, such as ease of updating, ability to integrate with the purchasing
process, and coverage of a wide spectrum of products with a strong search capability,
there are still disadvantages and limitations. Most of all, customers need computers and
the Internet to access online catalogues. However, since computers and Internet access
are spreading rapidly, we can expect a large portion of paper catalogues to be replaced
by or at least supplemented by electronic catalogues. On the other hand, considering the
fact that printed newspapers and magazines have not diminished due to the online ones,
we can guess that the paper catalogues will not disappear in spite of the popularity of
online catalogues. There seems to be room for both media. However, in B2B, paper
catalogues may disappear more quickly, as shown in the following Application Case 1:

Advertising in Online Catalogues versus Electronic Mails

Some catalogues on Web sites provide text and pictures without linking them to order
taking. Refer to Calvin Klein ads in www.pobox.upenn.edu/davudtic. The site has an
electronic directory with a large number of electronic catalogues. However, there is no
reason why the catalogues cannot be linked with order taking or at least e-mail contacts.
So, the dedicated advertising site seems to be a transient form of e-mail. However, some
ads about company image can only be linked with e-mail, because the ads do not
correspond to a specific product. For instance, Coca-Cola's Web site
(www.cocacola.com) is not appropriate for taking Coke's orders online. It just reminds

people about the taste of Coca-Cola. However, you can buy Coke's collector items and
more.
APPLICATION CASE 1
With annual revenues of more than $5.2 billion, AMP, an electronics components
manufacturer, spent more than $7 million each year to mail and update 400 specialty
catalogues to its distributors around the world and another $800,000 in faxback phone
costs. These catalogues cover about 134,000 electrical and mechanical components.
In this past, AMP had only enough resources to update about one-half of their 400
catalogues each year, so many catalogues had a life-cycle of two years, even though
products changed more often than that. The estimate of the cost of setting the online
catalogues up and running is $1.2 million, roughly one-fifth of the previous printing
costs. Of the $1.2 million, software and hardware costs were $300,000 to $400,000,
with the remainder spent for language translation and catalogue development.
Customised Catalogues
A customised catalogue is a catalogue assembled specifically for a company, usually a
customer of the catalogue owner. It can be tailored to individual shoppers in some cases
as well. There are two approaches is to let the customers identify the interesting parts
out of the total catalogue as is done by companies such as One-to-One
(www.broadvision.com) and Point Cast (www.pointcast.com). Then, customers do not
have to deal with irrelevant topics. A tool that aids customisation is LiveCommerce from
Open Market (www.openmarket.com/livecom). See the demos of their customers.
LiveCommerce allows the creation of catalogues with branded, value-added capabilities
that make it easy for customers to find the products they want to purchase, locate the
information they need, and quickly compose their order. Product offerings can be
specialised for each customer's organisation or for individuals with specific needs. Every
customer company can view a custom catalogue with individualised prices, products,
and display formats. An e-mail manager who uses LiveCommerce can control a
complete range of information that the customer sees and link the online catalogue with
related computing resources. LiveCommerce features a specialised catalogue language
that offers complete control over the look and feel of catalogs. This combination of
power and flexibility allows a catalogue to be quickly and easily modified to meet the
evolving needs of customers.
The second approach is to let the system automatically identify the characteristics of
customers based on their transaction records. For collecting data, Cookie technology is
used to trace the transactions. However, to generalise the relationship between the
customer and items of interest, data mining technology and support by intelligent
systems, such a neural network, is necessary. This second approach can be effectively
combined with the first one.

As an example of the second approach, let us review a scenario of using a tool by Oracle
called ICS in a customised catalogue.
Joe logs on to the Acme Shopping site, where he has the option to register as an account
customer and record his preferences in terms of address details, preferred method of
payment, and interest areas. Acme shopping offers a wide range of products, including
electronics, clothing, books, and sporting goods. Joe is only interested in clothing and
electronics. He is not a sportsman or a great book lover. Joe also has some very distinct
hobby areas-one is photography.
After Joe has recorded his preferences, the first page of the electronic store will show
him only the clothing and electronic departments. Furthermore, when Joe goes into the
electronics department, he only sees products related to photography -cameras and
accessories. But some of the products are way out of Joe's price range, so Joe further
refines his preferences to reflect that he is only interested in electronics that relate to
photography and cost $300 or less1.
Such personalisation gives the consumer a value-added experience and adds to the
compelling reasons for revisiting the site, building brand loyalty to that Internet store.
Against the backdrop of intense competition for Web airtime, personalisation provides a
valuable way to get the consumer matched to the products and information they are
most interested in as quickly and painlessly as possible.
1 Source: Oracles white paper (1998), P6.
DOCUMENT MANAGEMENT AND DIGITAL LIBRARIES
Gone are the days when libraries were store houses of books. Information technology
has changed the complexion of today's libraries in a big way with the current thrust on
universal education. With the development of automation and computing and a
knowledge society, libraries have evolved to become information provider rather than
mere documents provider. The Internet explosions have opened up electronic
information to the masses and they are demanding that information be presented to
them in an aesthetic manner. Indeed recent advances in the field of information
technology contribute significantly to improve the services of libraries. Further, the
impact of information technology has led to a paperless society, digital libraries and
virtual libraries. It may not be wrong to say that everyone associated with the
management of knowledge in the coming days would be talking about the digital
processes and the digital library. With the availability of computers, capable of
computing at very high speed and having large disc storage space, it is possible to
digitise and store information in the form of high quality graphics, colour images, voice
signal and video clips at a relatively affordable cost. Internet, a worldwide network of
thousands, of networks interconnecting countless computers located world-wide, has
become a most efficient channel for dissemination of information. World Wide Web
(WEB) technology based on Hyper Text Markup Language (HTML) and emergence of
advanced web browsers have provided a very easy-to-use interface to users, giving

clickable access to the vast amount of multi-media information stored on millions of

web servers across the globe.
The World Wide Web popularly known as WWW was started as a project in 1992 by
CERN (European Laboratory for particle physics) in Switzerland. This is meant for
information retrieval services on the Internet. WWW also provides hypertext links
between textual documents of related files. The word hypertext (HT) means the
combination of natural language text with embedded links enabling non-linear
information's access and navigation. A large number of information fragments, chunks
such as text, graphics and images linked together electronically/forming a multifaceted
indefinite shaped database in which one can write and read the information nonlinearly. Hypertext Transfer Protocol (HTTP) refers to the protocol enabling retrieval of
information pointed to by the hypertext link. This protocol can transfer plain text file,
hypertext or even images from the server end to the user's end. It is important to
mention here that HTTP is an internal requirement of WWW and is also sometime
referred to as client - server protocol. In this process the client (who is a user of
hypertext document) may ask a query to the server makes available the required
information in a formal, which is interpreted by a WWW browser such as Internet
explorer, Netscape communicator, Mosaic etc. Precisely, we can say that the web is an
important tool for dissemination of information. Hypertext Markup Language (HTML)
allows the authors of a document identify particular locations within their document as
the source of the links and to specify the location of the target of those links.
The Uniform Resource Locator or URL specifies the Internet Address of a file stored on
a host computer connected to the Internet. Every file on the Internet has a unique URL.
The Web software programmes use the URL to retrieve the file from the host computer
and the directory in which it resides. URLs are translated into numeric addresses using
the Domain Name System (DNS). The format of the URL is: Protocol/host/path
filename. For example in the site - http://www.vtls.com, http stands for the protocol;
www stands for World Wide Web i.e. Web or the Internet; the middle name vtls
belongs to a particular organisation (it refers to the organisation to which the site
belongs); and 'com' means a commercial organisation. Similarly 'edu' means educational
institutions, while 'org' normally stands for voluntary or non-profit organisation. In
addition to the above, dozens or domain names have been assigned to identify the
country and locate files stored on host computers in different countries around the
world.
Meaning of Digital Library
Digital Libraries does not mean Libraries in the classical sense, but a network of
multimedia systems. A typical digital library is a media server (group of interlinked
workstations) connected to high-speed networks. Unlike a conventional library where
users are provided with physical materials from many sources, a digital library is a
group of distributed repositories that users see as a single repository in digital form.
According to the Berkeley Digital Library project, University of California, "the digital
library will be a collection of distributed information sources. Producers of information
will make it available, and consumers will find it perhaps through the help of automated

agents". The Stanford Digital Library project states, "Integrated digital library will create
a shared environment linking everything - personal information collection to collection
of conventional libraries to large data collection shared by scientists. Integrated virtual
libraries provide an array of new services, uniform access to networked information
collection. In other words we can say that in digital library, the information arrives as
needed at the users screen, like the ever-attendant waiter filling your water glass before
you know it is empty.
Need for Digital Libraries
In 1990 Alvin Toffler estimated in his book, "Powershift" that in one year the United
States runs out 1.3 trillion documents. By now the number of documents may have risen
to four trillion. According to another estimate, there are close to 50,000 periodicals in
Science and Technology. This information explosion is not confined to any particular
subject and is also taking place in Social Sciences and Humanities and in every country.
With libraries facing manpower and monetary constraints, it is impossible to acquire
every publisher's document under one roof and thus evolved the concept of resources
sharing and networking. Since information can be digitised, the participant libraries are
coming together to convert their holdings to electronic form and then putting them on
the network. The technology for electronic transfer of information is developing rapidly;
electronic publishing, electronic storage, processing and delivery of information
including text and images are all feasible and operational. Further, presently most of the
information is reproduced on paper. The legibility of documents, which are reproduced,
is poor, and the transmission of the same to other users is difficult. Moreover, it requires
a large amount of storage space. Since there is a demand for information with a facility
for searching tailor-made information at faster speed, the digital library seems a suitable
solution at the moment.
Characteristics of Digital Libraries
The transformation effects that digital technology brings in to information system are as
follows:
Collections: Digital library collections contain fixed, permanent documents. While
current libraries have more dynamic collections, a digital library facilitates quicker
handling of information.
Work: Digital libraries are to be used by individual working alone. There is workoriented perspective focusing on a group of information analyst, work being done and
the documents and technologies that support it.
Trans-bordering of Information: Breaking the physical boundaries of data
transfers within and outside the countries. It is viewed that the support for
communications and collaboration is as important as information seeking activities.
Technologies: The digitisation requires certain technologies. They are basically
grouped as:

1) Computer technologies with input devices that collect and convert information into
digital form. Such devices include keyboards; touch screens, voice recognition systems,
flatbed scanner, reprography copy stand, high-resolution digital camera, image
navigator software etc.
2) Storage technologies - a variety of devices to store and retrieve information in digital
form such as magnetic tapes/cassettes, floppy disks, hard disks, DAT Tape, CR-ROM,
smart cards etc.
3) Processing technology - creating the systems and applications software that is
required for the performance of digital network.
4) Communication technologies primarily to communicate information in digital form.
5) Display technologies - varieties of output devices.
Methodology
The first major process is to digitise the entire physical medium. This may get started
with the use of Optical Character Recognition (OCR) to convert the captured digital
images to text content. Next, the content has to be catalogued and indexed so that the
repository can be easily made available to users, allowing them to make searches for
information through bibliographic description or content. In case of multi-media
collection such as video, catalogues would have a preview of a video clip describing the
consents of the actual video file.
Functions of Digital Library
The key functions of digital library are:
Providing access to a very large information collection(s)
Supporting multi-media content
Making the network accessible
Providing user-friendly interface
Providing unique referencing of digital objects
Enabling 'link' representation to local/external objects (hypertext)
Supporting advanced search and retrieval
Making information available for a very long time

 Supporting traditional library missions of collection development, organisation, access

and preservation of information.
Supporting editing, publishing, annotation and integration of information
Integrating personal, group, enterprise, public digital libraries.
Advantages of Digital Library
The major advantages of Digital Libraries are mentioned below:
Promote universal accessibility
Access to more information than is possible to physically acquire and maintain
Protecting rare books that are rapidly deteriorating due to over-use and poor storage
conditions.
The user can peruse them instantly.
The e-books and journals provide key words, subject and various other searches.
Provide multiple access and access through the campus LAN
Facility for the downloading and printing
Saving the cost and manpower required for publishing and bringing out new edition.
One copy of the documents could be viewed by any number of persons simultaneously.
Saving space which is required for physical documents.
A tool for preservation of heritage.
Users of the Digital Public Library
Digital library can be accessed by all sections of the community, irrespective of caste,
creed, religious, age, sex etc. One can enlighten himself/herself even sitting at home.
This facility is very useful since it not only saves the amount of money required for
travelling but also precious time. Any research scholar writing thesis on agrarian
reforms done during Mogul period in India may access the requisite material from any
corner of the globe provided the library specialises in the said theme is putting their
material in digitised form for world wide access.
Challenges Faced by the Digital Library
1) Protecting the intellectual property rights

A major administrative challenge is in complying with copyright and intellectual

property rights issues. The library authority have to discuss seriously with publishers on
this aspect in order to evolve some mechanism profitable to both users, publishers as
well as authors, Users may be charged for each access, downloading from servers and/or
each kind of digital library collection. This would provide revenue for publishers,
authors and libraries.
2) Security aspect
This is the most pressing challenge of the digital affair. Piracy of database, viral
invasions, parallel satellite, and networking stress etc. are some of the issues for digital
libraries are confronted as a way of routine.
3) Lack of expertise
Not too many vendors/experts are available m the country and abroad as well. Overseas
vendors charge too much and also reluctant to import techniques/technology.
4) Technophobia
In general, some people do, however, fear any upcoming technology. Individuals may
have several reasons for not using the new technology.
Efforts in the West
The Vatican Library possesses an extraordinary collection of rare books and
manuscripts such as original copies of works by Aristotle, Dante, Euclid, Homer and
Virgil However, because of the time and cost required to travel to Rome, only about
2000 scholars can afford to visit each year. In 1995, a team comprises the Vatican
Library IBM research, the Pontifical Catholic University of Rio De Janeiro and Case
Western Reserve University investigated the practically of prodding Online Digital
Library service to scholars. The project's goals included:
- Allowing broader access to the unique collections held by the library
- Providing tools that enable more effective scholarship
- Protecting the Vatican Library's assets
- Determining how to achieve self-funding digitisation and delivery.
These goals were pursued though scanning set of manuscript, making them available
via, the Internet and collecting the view of participating scholars. Moreover, several
digital library projects have also been executed in the USA, for instance the (US)
National Gallery of Arts has an extensive collection of paintings and drawings. In 1990,
IBM started working to develop a digital library of images of the gallery's arts. It was
successfully completed and the Gallery later decided to provide access to their

collections through a web site that serves the general public. Their website www.nga.gov
first made public in 1997 provides some of the most beautiful images available online.
These are not only the libraries/information centres which have made progress m the
area of digitisation. In fact there are a number of libraries in the developed countries
where sizeable collections of the library have already been digitised and also made
available for world wide access able it with some restrictions.
Indian Scenario
India has made tremendous progress in the field of Information Technology. We are
indeed, proud of having produced the best IT professionals. These professionals are
greatly in demand across the globe interestingly, in the field of automation of libraries
not only IT professionals but also libraries have shown a great interest and hence today
a number of libraries in the country / have either been automated or in the process of
automation. However, unfortunately, in the digitisation area, we have not yet made any
significant headway. Indeed the vast amount of information in our country is scattered
in libraries, individual possessions, oral and disciple traditions, archaeological findings,
museums and at so many others places. Some of this invaluable information have got
lost, mutilated, destroyed and stolen, for which we cannot do much. Nevertheless huge
amount of information is still available and could be used for the development of
society. We can start digitisation process of our rate collections, which would be an
important step in preserving our composite culture and heritage. In academic institutes,
probably, the central University of Hyderabad (UOH) will establish the first digital
library in the country. The university has already identified and started digitisation
process for its thesis/dissertation collections. This will be joint effort of UOH, Sunmicro
Systems and VTLS Software Company.
QUESTIONS
1) Explain Intra-organisational Electronic Commerce and its functions, and
applications.
2) What is supply chain management?
3) Narrate the components of a typical supply chain.
4) Explain supply chain management (SCM) as a competitive strategy.
5) Briefly explain the problems of traditional supply chain.
6) Why do companies care about supply chain efficiency?
7) Explain the characteristics of an efficient supply chain management.
8) Discuss in detail supply chain modelling approaches.
9) Explain the importance of networked supply chain management.

10) Describe the supply chain development model

11) List the advantages of electronic catalogues over paper catalogues.
12) How does a Digital Library work?
13) Explain the need of digital library and its challenges, and advantages.

- End of Chapter -