

RF Home

Courses List | About ROCW | ROCW Home 

Welcome to Rai OpenCourseware, opening the treasure

trove of knowledge and related resources.

Available Courses . .

Subject Listing Computing > Under Graduate > B. Tech. Computer Science and Engineering (4

Syllabus yrs)

Lecture Notes
Lecture Notes > E-Commerce
Practicals
Assignments
Lecture 1 Introduction To E Commerce
Suggested Readings
Lecture 2 Benefits And Limitations Of E-Commerce
Lecture 3 Generic Framework Of E-Commerce
Lecture 4 Architectural Framework Of E-Commerce
Lecture 5 Web Based E Commerce Architecture
Lecture 6 Consumer Oriented E-Commerce
Lecture 7 E-Services

Lecture 8 Electronic Data Inter Change

Lecture 9 Electronic Data Inter Change (Cont.)
Lecture 10 Electronic Data Inter Change (Cont.)
Lecture 11 Electronic Data Inter Change (Cont.)
Lecture 12 Electronic Payment System
Lecture 13 Electronic Payment System (Cont.)
Lecture 14 Electronic Payment System (Cont.)
Lecture 15 Electronic Payment System (Cont.)
Lecture 16 Electronic Payment System (Cont.)

Lecture 17 Electronic Payment System (Cont.)

Lecture 18 Electronic Payment System (Cont.)
Lecture 19 Threats To Computer Systems

Lecture 20 Internet Security

Lecture 21 Internet Security (Cont.)
Lecture 22 Internet Security (Cont.)
Lecture 23 Issues In E-Commerce




Rai Foundation Colleges All individuals like faculty, students and self learners can use the content. All institutions should contact
Rai Foundation Colleges before using any of our course content.






 Introduction
 Electronic Data Interchange
 Advantages and Disadvantages of Electronic Markets
 Summary
 Exercise

After this lecture the students will be able to:
 Understand What is “E Commerce”
 Describe various application areas of E Commerce
The availability of Internet has led to the development of
Ecommerce which is becoming very popular these days. So let’s
start our discussion on this very interesting field. Most of the
people think that E Commerce is just purchasing something on
the Internet but this is a misconception; let’s see what the reality
is.

Electronic commerce applications started in the early 1970s, with
such innovations as electronic fund transfers (EFT). However,
the extent of the applications was limited to large corporations,
financial institutions, and a few daring small businesses. Then
came EDI, which expanded from financial transactions to other
transaction processing and enlarged the participating companies
from financial institutions to manufacturers,
retailers, services, and so on. Many other applications followed,
ranging from stock trading to travel reservation systems. Such
systems were described as telecommunication
applications and their strategic value was widely recognized. With
the commercialization of the Internet in the early 1990s and its
rapid growth to millions of potential customers, the term electronic
commerce was coined, and EC applications expanded rapidly. One
reason for the rapid expansion of the technology was the
development of networks, protocols, software, and specifications.
The other reason was the increase in competition
and other business pressures. From 1995 to 1999 we have
witnessed many innovative applications ranging from
advertisement to auctions and virtual reality experiences. Almost
every medium- and large-sized organization in the United States
already has a Web site. Many are very extensive; for example, in
1999 General Motors Corporation offered 18,000 pages of
information that included 98,000 links to its products, services,
and dealers.

Conducting business online. Selling goods, in the traditional sense,
is possible to do electronically because of certain software programs
that run the main functions of an e-commerce Web site, including
product display, online ordering, and inventory management. The





software resides on a commerce server and works in conjunction
with online payment systems to process payments. Since these
servers and data lines make up the backbone of the Internet, in a
broad sense, E-commerce means doing business over
interconnected networks.
Electronic commerce is an emerging model of new selling and
merchandising tools in which buyers are able to participate in all
phases of a purchase decision, while stepping through those
processes electronically rather than in a physical store or by phone
(with a physical catalog). The processes in electronic commerce
include enabling a customer to access product information, select
items to purchase, purchase items securely, and have the purchase
settled financially.
It is an emerging concept that describes the process of buying and
selling or exchanging of products, services; and information via
computer networks including the Internet.
 From a communications perspective, EC is the delivery of
information, products/services, or payments over telephone
lines, computer networks, or any other electronic means.
 From a business process perspective, EC is the application
of technology to-ward the automation of business
transactions and work flow.
 From a service perspective, EC is a tool that addresses the
desire of firms, consumers, and management to cut service
costs while improving the quality of goods and increasing
the speed of service delivery.
 From an online perspective, EC provides the capability of
buying and selling products and information on the Internet
and other online services.
The term commerce is viewed by some as transactions conducted
between business partners. Therefore, the term electronic commerce
seems to be fairly narrow to some people. Thus, many use the
term e-business. It refers to a broader definition of EC, not just
buying and selling but also servicing customers and collaborating
with business partners, and conducting electronic transactions
within an organization

Electronic Commerce (e-Commerce) is a general concept covering
any form of business transaction or information exchange
executed using information and communication
technologies (ICTs). E-Commerce takes place between companies,
between companies and their customers, or between companies
and public administrations. Electronic Commerce includes
electronic trading of goods, services and electronic material.
E-Commerce systems include commercial transactions on the
Internet but their scope is much wider than this; they can be
classified by application type:


The principle function of an electronic market is to facilitate the
search for the required product or service. Airline booking systems
are an example of an electronic market.

EDI provides for the efficient transaction of recurrent trade
exchanges between commercial organizations. EDI is widely used
by, for example, large retail groups and vehicle assemblers when
trading with their suppliers.
 
The Internet (and similar network facilities) can be used for
advertising goods and services and transacting one-off deals.
Internet commerce has application for both business-to-business
and business to consumer transactions.
Fig 1.1 : The three categories of E Commerce

Electronic Commerce (e-Commerce) is a term popularized by the
advent of commercial services on the Internet. Internet e-
Commerce is however, only one part of the overall sphere of
e-Commerce. The commercial use of theInternet is perhaps typified
by once-off sales to consumers. Other types of transactions use
other technologies. Electronic Markets (EMs) are in use in a number
of trade segments with an emphasis on
search facilities and Electronic Data Interchange (EDI) is used for
regular and standardized transactions between organizations. The
mainstream of e-Commerce consists of these three areas; these
are represented as a diagram in Figure 1.1 and outlined in a little
more detail below.

An electronic market is the use of information and
communications technology to present a range of offerings

 
available in a market segment so that the purchaser can compare
the prices (and other attributes) of the offerings and make a
purchase decision. The usual example of an electronic market is an
airline booking system.

EDI provides a standardized system for coding trade transactions
so that they can be communicated directly from one computer
system to another without the need for printed
orders and invoices and the delays and errors implicit in paper
handling. EDI is used by organizations that make a large number
of regular transactions. One sector where EDI is
extensively used is the large supermarket chains, which use EDI
for transactions with their suppliers.
 
Information and communications technologies can also be used
to advertise and make once-off sales of a wide range of goods
and services. This type of e-Commerce is typified by the
commercial use of the Internet. The Internet can, for example, be
used for the purchase of books that are then delivered by post or
the booking of tickets that can be picked up by the clients when
they arrive at the event. It is to be noted that the Internet is not the
only technology used for this type of service and this is not the
only use of the Internet in e-Commerce.

Electronic markets are exampled by the airline booking systems.
Electronic markets are also used in the financial and commodity
markets and again the dealing is done via intermediaries; to buy
stocks and shares a member of the public uses the services of a
stockbroker. Arguably the use of electronic markets has served
the customer well. With the assistance of a good travel agent the
airline customer can be informed of all the flights available for an
intended journey and then select, on the basis of price,
convenience,loyalty scheme, etc. the flight that they wish to book.
Let’s discuss the advantages and disadvantages of each of
these areas.


The advantages of an electronic market to the customer are self-
evident.Using an airline booking system, for example, there is a
screen that shows all the flights from (say) New York to Los
Angeles and the consumer can make an informed choice without
having to spend time and effort finding out which airlines fly that
route and then contacting each of the airlines to obtain flight
times, price and availability details. Once a flight is selected the
system facilitates the booking of that flight, paying the fare and
printing the ticket.
For the seller the advantages are less evident. The seller that is the
most competitive may do well, the electronic market makes available
information on their product and the advantage of that offering
should be apparent. Less competitive suppliers are likely to be
forced into price. Reductions and the competitive effect may force
all suppliers to cut prices, possibly below the level at which it is
possible to make a profit (as in the case on
some air transport routes).

Fig 1.2: Basic transactions in EDI
The above figure shows the basic transactions which take place
between two business organizations. Let’s see the benefits when
these transactions are not taking manually but through computer
systems and that is known as EDI.

EDI can bring a number of advantages to the organizations that
use it. It should save considerable time on the exchange of business
transactions and has the potential for considerable savings in costs.
EDI can be simply used to replace paper transactions with
electronic transactions – this is the normal route taken in the initial
installation of EDI. The full advantage of EDI is only realized
when business practices are restructured to make full use of the
potential of EDI; when EDI is used as an enabling technology to
change the way the business operates–just-in-time (JIT)
manufacture and quick response supply being prime examples of
where EDI is used as an enabling technology to gain competitive
advantage.


Paper orders have to be printed, enveloped and sent out by the
customer’s post room, passed through the postal service, received
by the supplier’s post room, and input to the supplier’s order
processing system. To achieve all this, reliably, in under three days
would be to do very well. EDI orders are sent straight into the
network and the only delay is how often the supplier retrieves
messages from the system. Orders can be in the supplier’s system
within a day, or if there is urgency the messages can be retrieved
more frequency, for example every hour.

The use of EDI can cut costs. These include the costs of stationery
and postage but these will probably be fully matched by the costs
of running the EDI service. The principle saving from the use of
EDI is the potential to save staff costs. The obvious example of
this is that if the orders are directly input to the system there is no
need for an order entry clerk. Note also that seasonal peak, staff
holidays, etc. no longer create a backlog in the order entry area. The
cost saving need to be offset against the system development and
network casts.

Keying any information into a computer system is a source of
errors and keying paper orders into the order processing system is
no exception. EDI eliminates this source of errors. On the down
side, there is no order entry clerk who might have spotted errors


made by the customer – the customer will get what the customer
asked for.

With paper orders it would be several days before the customer
was informed of any supply difficulty, such as the product is out
of stock. With alternative product to be ordered or an alternative
supplier to be used.
 
Just like orders, invoices can be sent electronically. EDI invoices
have similar advantages to EDI orders in saved time and avoided
errors. However, the major advantage in EDI invoices is that they
can be automatically matched against the original order and cleared
for payment without the sort of queries that arise when paper
invoices are matched to orders.

Payment can also be made by EDI. The EDI payment system can
also generate an EDI payment advice that can be electronically
matched against the relevant invoices, again avoiding query and
delay.



The ability to order regularly and quickly reduces the amount of
goods that need to be kept in a store room or warehouse at the
shop or the factory. For many JIT manufacture and quick response
supply systems stockholding is eliminated altogether with goods
being delivered only as they are needed. Reduced stock holding
cuts the cost of warehousing, the double handling goods (into
store and then out again onto the factory or shop) and the capital
requirement to pay for the goods that are just sitting in store.
 
Speeding up the trade cycle by getting invoices out quickly, and
directly matched to the corresponding orders and deliveries, can
and should speed up payments and hence improve cash flow.
Elimination of most invoice queries can be particularly significant
in reducing delays in payments.

There is a steady increase in the number of customers, particularly
large, powerful customers, that will only trade with suppliers that
do business via EDI. Supermarkets and vehicle assemblers are
prime examples. Being ready and able to trade electronically can be
an advantage when competing for new business.

An established EDI system should be of considerable advantage
to both customer and supplier. Switching to a new supplier
requires that the electronic trading system and trading relationship
be redeveloped, a problem to be avoided if a switch of supplier is
not essential.
To gain these advantages EDI has to be seen as an investment
there are costs upfront and the payback is longer term. The costs is
the set up of the EDI system (hardware, software and network)
and the time required to establish agreements with trading partners.
The savings only start when there is a significant volume of

business transacted using EDI, a point that is called the ‘critical
mass’ in the jargon of EDI.

 Electronic Commerce (e-Commerce) is a general concept
covering any form of business transaction or information
exchange executed using information and communication
technologies (ICTs).
 E-Commerce takes place between companies, between
companies and their customers, or between companies and
public administrations.
 Electronic Commerce includes electronic trading of goods,
services and electronic material.
 An electronic market is the use of information and
communications technology to present a range of offerings
available in a market segment so that the purchaser can
compare the prices (and other attributes) of the offerings
and make a purchase decision.
 EDI provides a standardized system for coding trade
transactions so that they can be communicated directly from
one computer system to another without the need for
printed orders and invoices and the delays and errors implicit
in paper handling.
 Information and communications technologies can also be
used to advertise and make once-off sales of a wide range of
goods and services. This type of e-Commerce is typified by
the commercial use of the Internet.

1. What is eCommerce?
2. What so you understand by EDI?
3. Explain electronic market.



 
 



 Introduction
 Integration of various infrastructure components in
framework
 Summary
 Exercise

After this lecture the students will be able to:
 Understand the integration of various infrastructure
components in our framework
In this lecture we will discuss the various resources required to
build an infrastructure to support E commerce applications.

From the business activity already taking place, it is clear that
ecommerce applications will be built on the existing technology
infrastructure-a myriad of computers, communications networks,
and communication software forming the nascent Information
Superhighway. Figure 3.1 shows a variety of possible e-commerce
applications; including both inter organizational and consumer-
oriented examples. None of these useswould be possible without
each of the building blocks in the infrastructure:
 Common business services, for facilitating the buying and
selling process
 Messaging and information distribution, as a means of Fig 3.1 Generic Framework of E Commerce
sending and retrieving information To better understand the integration of the various infrastructure
 Multimedia content and network publishing, for creating a components in our framework, let us use the analogy of a
product and a means to communicate about it traditional transportation business. Any successful e-commerce
 The Information Superhighway-the very foundation-for application will require the I-way infrastructure in the same way
providing the highway system along which all e-commerce that regular commerce needs the interstate highway network to
must travel the two pillars supporting all e-commerce- carry goods from point to point. You must travel across this
applications and infrastructure-are just as indispensable. highway, whether you are an organization purchasing supplies

 Public policy, to govern such issues as universal access,
privacy, and information pricing
 Technical standards, to dictate the nature of information
publishing, user interfaces, and transport in the interest of
compatibility across the entire network
or a consumer ordering a movie on demand. Understand, however,
that the I-way is not one monolithic data highway designed
according to long-standing, well defined rules and
regulations based on well-known needs. Rather, still under
construction, the I-way will be a mesh of interconnected data
highways of many forms: telephone wires, cable TV wires,
radio-based wireless-cellular and satellite. Far from complete, the
I-way is quickly acquiring new on-ramps and even small highway
systems. The numerous constructors
are either in com-petition with or in alliance with one another, all
in an effort to convince traffic to use their on-ramps or sections of
the highway because, like toll ways, revenues in ecommerce are
based on vehicular traffic, in our case, vehicles transporting
information or multimedia content. The myriad transactions
among businesses means that the ultimate winner must select the
technology for the I-way that best matches future business needs
by using today’s tools. Building an access road to a ghost town or


 
a highway too narrow to handle the traffic will yield equally little
return on investment for those who have been less successful at
matching needs with the infrastructure. Building the various
highways is not enough. Transport vehicles are need-ed, routing
issues must be addressed, and of course the transportation costs
must be paid. On the I-way, the nature of vehicular traffic is
extremely important. The information and multimedia content
determines what type of vehicle is needed. A breakdown of
potential everyday e-commerce vehicles into their technological
components shows that they vary widely in complexity and may
even need to travel different routes on the I-way, much the way an
eighteen-wheeler may be restricted from traveling roads that cannot
accommodate it:
Movies = video + audio
Digital games = music + video + software
Electronic books = text + data + graphics + music + photographs
+ video.
Once these vehicles (multimedia content) are created, where are
they housed? What sort of distribution warehouses is needed to
store and de-liver their multimedia cargo? In the electronic
“highway system” multimedia content is stored in the form of
electronic documents. These documents are often digitized,
compressed, and stored in computerized libraries or multimedia
storage warehouses called servers that are linked by transport net-
works to each other and to the software/hardware clients that
allow customers to access them. Exactly how do the vehicles
move from one distribution warehouse to another? In a traditional
transportation business, diesel engines or gasoline powered motors
move the trucks along the roadways. On the I-way, messaging
software fulfills this role, in any number of forms: e-mail, EDI,
or point-to-point file transfers. In adulation to the development
of new vehicles and systems, other key components of commercial
transactions need to be examined. How can businesses assure
customers of safe delivery? How can customers pay for using the
I-way? The Common Business Services block of Fig. 3.1 addresses
these supporting issues. Encryption and authentication methods
have been developed to ensure security of the contents while
traveling the I-way and at their destination, and numerous
electronic payment schemes are being developed to handle highly
complex transactions with high reliability. These logistical issues
are difficult to address in long-established transportation systems.
That complexity is compounded in the nascent world of electronic
commerce by the unique interplay among government, academia,
and private commercial endeavors as well as by the challenge of
integrating otherwise incompatible transportation systems while
maintaining an uninterrupted flow of traffic. And whereas
traditional businesses are governed by the Commercial Code and
detailed case histories, very basic policy and legal questions are
materializing in relation to e-commerce.
In the case of vehicular traffic over the interstate highway system,
public policy issues concern pollution, consumer protection from
fraud, environmental impact, and taxation. Similarly, in
information traffic, public policy issues deal with the cost of
accessing information, regulation to protect consumers from fraud
and to protect their right to privacy, and the policing of global
information traffic to detect information pirating or pornography.
Again the issues themselves, let alone the solutions, are just now


evolving and will become increasingly important as more and
more people with variable intent enter the electronic marketplace.
The final pillar on which the e-commerce framework rests is
technical standings, without which the impact of this revolution
would be minimized. For instance, returning to our
analogy with traditional transportation systems, railroads would
not have flourished had each state established a separate track
standard (meter gauge versus broad gauge, for example) and goods
would have to be constantly moved from one train to
another every time the standard changed, as they do today at the
border between Russia and Western Europe.
Standards are crucial in the world of global e-commerce, to ensure
not only seamless and harmonious integration across the
transportation network but access of information on any type of
device the consumer choose_-laser disc, PCs, portable hand-held
devices or television + set-top boxes (cable converter boxes)-and
on all types of operating systems. For example, with-out the
adoption of video standards, video conferencing will never become
widespread, as each manufacturer will attempt to develop
equipment that maximizes their short-term profits rather than
working toward customer goals such as
interoperability. While we have strived to limit our initial discussion
of the elements of a framework for electronic commerce to an
understanding of what part they play within this complex
network, it is no accident that we have ended with a convergence
of technical, policy, and business concerns. The concept of
“convergence” is essential to the operation of the Information
Superhighway and to the way the business world is gearing up to
deal with it. It is only fit-ting that we preface our discussion of the
one element of our framework we have not yet discussed in detail-
e-commerce applications themselves with a clarification of the
concept of convergence.

 The building blocks in the infrastructure of E Commerce are
Common business services, Messaging and information
distribution, Multimedia content and network publishing
and the Information Superhighway
 The two pillars supporting all e-commerce-applications and
infrastructure-which -are just as indispensable are Public
policy and Technical standards.

1. Discuss the various requirements to built the framework of
E-commerce.

 
Question 1: What is eCommerce?

Basically, doing business-as-usual, but across the
Internet. You advertise your products or services on your Web
site, as you would in any other media like newspapers, TV or
brochures.Advertising on your Web site can be done in two ways.
The first is by use of a relatively simple Web site consisting of a
few pages whereby you tell potential customers who you are, what
you do, where you are and how they can contact you ( easiest done
by giving them your email address).
The second way of enabling world-wide customers to buy from
you is to provide them with an On-Line Catalogue of your
products which they can browse at their leisure without having to
go to your place of business.
Question 2:What is an on-line catalogue?

A catalogue that people access via the Internet.
But it is also a lot more than that. It enables you to increase your
marketplace to a global scale ... without proportionately increasing
your overheads. Your On-Line Catalogue is an integral part of
your website, enabling your customers to ...
 Browse through your stock list, read about an item or
service;
 Look at photographs of the products.
 Select which items they want to purchase
 And drop them into a shopping cart as they go along.
 When they have completed their shopping, they go to the
Check-Out.
The next step is to request the order by filling in their details and
method of payment on a form which is waiting for them at the
Check-Out. The form is already partially completed with a
breakdown of the items in their shopping cart, prices inclusive of
tax, and shipping & handling charges, if any. If they choose to pay
by credit card, the form includes a place for them to fill in their
credit card number. And then, with one press of a button, they
send the order to you. It’s as simple as that.
Question 3: Why would i want to use an on-line catalogue?

To boost your sales! There is no simpler way to enable more
people - from all over the world - to buy your products or
services. With the new Millennium here and all fears of the
dreaded Millennium Bug now allayed, everyone is rushing to
exploit the vast new frontiers of the Internet. It is a proven
lucrative means of conducting business. If you don’t have your
business on the Net, you are giving your competitors a wonderful
gift - an big advantage over you!


Question 4:
How will customers access and use your catalogue?

Very easily - by entering your Web address in their Browser.All
they have to do is type your Web address into their Browser
(www.YourName.com) and they will be taken straight to your
Web site. If your Web site is well designed (read about our website
design service) then your customers will be able to access your On-
Line Catalogue with the click of a button and place their orders
quickly and easily!

How do you receive the orders - and what do you do with them?

You download them from the Internet and then process them
the same as you would any other orders.
As soon as a customer places an order via your On-Line Catalogue,
it is stored in an orders file at your Web Site until you download
and process it. (Alternatively, it can be forwarded directly to your
email address.) On downloading, it is stored in a local file on your
computer designated for ‘Outstanding Orders’. How you deal
with it once you have it is up to you, but generally people print it
out and hand it to the member of staff who deals with filling out
orders. Once the order has been sent to the customer, you merely
mark it as ‘Shipped’ in your Outstanding Orders file.
Question 6: How will you get paid?

Much the same as you do normally. Customers will have an option
to submit their credit card number (securely!), in which case you
process the order the same as you would normally, or follow it up
with a cheque. Again, you would wait for cheque clearance as per
your normal practice. Alternatively, you may choose to open an
account for them. So as you can see, there is very little difference in
the actual sales process between your customary way of working
and selling on-line.
Question 7: What about shipping & handling?

Your shipping charges (if any) are stated clearly in your on-line
catalogue and automatically added to the invoice for customers to
view and agree to before they submit their order.
Question 8: What are the benefits of E-Commerce?

The benefits below are some of the more obvious ones:
 A world-wide market instantly
 No added sales staff
 A catalogue which is quickly and easily updateable. This
means that when prices or stocks are changed, you don’t

 have to have hundreds or thousands of obsolete catalogues
lying around. You don’t have to wait for the printer to
deliver the catalogue before the new prices can come into
effect.
 The facility to advertise daily, weekly or monthly ‘specials’ and
sales, or any special discounts - and they can be changed
within minutes, when and if necessary.
 You can also add a marketing message which highlights your
strengths, such as the range and quality of your products or
services - or anything else you want to tell your customers.



 
 


 transports information. These were discussed extensively earlier

 Introduction and will not be addressed here. We begin our discussion with the
application level services.
 Various layers of electronic commerce application architecture
 Software framework necessary for building
 Summary
 Exercise

After this lecture the students will be able to:
 Understand the software framework necessary for building
Electronic Commerce applications
In the previous lecture we studied the conceptual framework of E
Commerce, today we will discuss in detail the six layers of
functionality or services in E Commerce application architecture.


The software framework necessary for building electronic
commerce applications is little understood in existing literature.
In general a framework is intended to define and create tools that
integrate the information found in today’s closed systems and Fig 4.1 Electronic Commerce: A conceptual framework
allow the development of e-commerce applications. It is important 
to understand that the aim of the architectural frame-work itself The application services layer of e-commerce will be comprised of
is not to build new database management systems, data repository, existing and future applications built on the innate
computer languages, software agent based transaction monitors, architecture.Three distinct classes of electronic commerce application
or communication protocols. can be distinguished: customer to business, business-to-business,
Rather, the architecture should focus on synthesizing the diverse and intra organization (Fig 4.2)
resources already in place in corporations to facilitate the integration 
of data and software for better applications. We call this category marketplace transaction. In a marketplace
The electronic commerce application architecture consists of six transaction, customers learn about products differently through
layers of functionality, or services: electronic publishing, buy them differently using electronic cash
(1) applications; and secure payment systems, and have them delivered differently.
Also, how customers allocate their loyalty may also be different. In
(2) brokerage services, data or transaction management;
light of this, the organization itself has to adapt to a world where
(3) interface, and; support layers” the traditional concepts of brand differentiation no longer hold-
(4) secure messaging, security and electronic document where “quality” has a new meaning, where “content” may not be
interchange; equated to “product,” Where “distribution” may not automatically
(5) middle ware and structured document interchange; and mean “physical transport.” In this new environment, brand equity
can rapidly evaporate forcing firms to develop new ways of doing
(6) network infrastructure and basic communications services business .
(see Fig. 4.1).
These layers cooperate to provide a seamless transition between
today’s computing resources and those of tomorrow by
transparently integrating information access and exchange within
the context of the chosen application. As seen in Fig. 4.1, electronic
commerce applications are based on several elegant technologies.
But only when they are integrated do they provide uniquely
powerful solutions.
In the ensuing discussion of each of these layers, we will not
elaborate on the various aspects of the network infrastructure that


 

Figure 4.2 Different types of electronic commerce applications

We call this category market-link transaction. Here, businesses,
governments, and other organizations depend on computer -to-
computer communication as a fast, an economical, and a
dependable way to conduct business’ transactions. Small companies
are also beginning to see the benefits of adopting the same
methods. Business-to-business transactions include the use of
EDI and electronic mail for purchasing goods and services, buying
information and consulting services, submitting requests for
proposals, and receiving proposals.Examine this scenario. The
current accounts payable process occurs through the exchange of
paper documents. Each year the trading partners exchange millions
of invoices, checks, purchase orders, financial reports, and other
transactions. Most of the documents are in electronic form at
their point of origin but are printed and key-entered at the point
of receipt. The current manual process of printing, mailing is
costly, time consuming, and error-prone. Given this situation and
faced with the need to reduce costs, small businesses are looking
toward electronic commerce as a possible savior.

We call this category market-driven transactions. A company
becomes market driven by dispersing throughout the firm
information about its customers and competitors; by spreading
strategic and tactical decision making so that all units can participate;
and by continuously monitoring their customer commitment by
making improved customer satisfaction an ongoing objective. To
maintain the relationships that are critical to delivering superior
customer value, management must pay close attention to service,
both before and after sales. In essence, a market-driven business
develops a comprehensive understanding of its customers’
business and how customers in the immediate and downstream
markets perceive value.
Three major components of market-driven transactions are
 customer orientation through product and service
 customization; cross-functional coordination through
enterprise
 integration; and advertising, marketing, and customer
service.



The information brokerage and management layer provides service
integration through the notion of information brokerages, the
development of which is necessitated by the increasing
information resource fragmentation. We use the notion of
information brokerage to represent an intermediary who provides
service integration between customers and information providers,
given some constraint such as a low price, fast service, or profit
maximization for a client. Information brokers, for example, are
rapidly becoming necessary in dealing with the voluminous
amounts of information on the networks. As on-line databases
migrate to consumer information utilities, consumers and
information professionals will have to keep up with the knowledge,
and owner-ship/of all these systems. Who’s got what? How do
you use it? What do they charge? Most professionals have enough
trouble keeping track of files of 1 interest on one or two database
services. With all the complexity associated with large numbers of
on-line databases and service bureaus, if it is impossible to expect
humans to do the searching. It will have to be software programs-
information brokers or software agents, to use the more popular
term-that act on the searcher’s behalf.
Information brokerage does more than just searching. It addresses
the issue of adding value to the information that is retrieved. For
instance, in foreign exchange trading, information is retrieved
about the latest currency exchange rates in order to hedge currency
holdings to minimize risk and maximize profit. In other words,
the act of retrieving the information is the input to other
transactions. With multiple transactions
being the norm in the real world, service integration becomes
critical. Taking the same foreign exchange example further,service
integration allows one to link the hedging program (offered on a
time-sharing basis by a third party) with the search program (could
be another vendor) that finds the currency rates from the cheapest
on-line service to automatically send trades to the bank or financial
services company. In effect, a personalized automated trading
system can be created without having to go to any financial
institution. This is just one example of how information
brokerages can add value.
Another aspect of the brokerage function is the support for data
management and traditional transaction services. Brokerages may
provide tools to accomplish more sophisticated, time-delayed
updates or future compensating transactions. These tools include
software agents, distributed query generator, the distributed
transaction generator, and the declarative resource constraint
basewhich describes a business’s rules and-environment
information. At the heart of this layer lies the work-flow scripting
environment built on a software agent model that coordinates
work and data flow among support services.
As pointed out earlier, software agents are used to implement
information brokerages. Software agents are mobile programs
that have been called “healthy viruses,” “digital butlers/” and
“intelligent agents.” Agents are encapsulations of users’ instruction
that perform all kinds of tasks in electronic marketplaces spread
across networks. Information brokerages dispatch agents capable
of information resource gathering, negotiating deals, and
performing transactions. The agents are intelligent because they

have contingency plans of action. They examine themselves and
their environment and if necessary
change from their original course of action to an alternative plan.
For example, suppose you send an agent to an on-line store with
a request to order a bouquet of roses for $25 or less. If the shop
offers roses starting at $30, your agent can either choose a different
bouquet or find a different store by consulting an on-line “Yellow
Pages” directory, depending on prior instructions.
Although the notion of software agents sounds very seductive, it
will take a while to solve the problems of interregna
communication, interoperable agents, and other headaches that
come with distributed computing and net-working. To some
critics, the prospect of a single-agent language like Telescript as a
world standard is disturbing. They worry that agents sound a bit
too much like computer viruses, which instead of running errands
may run amok. Vendors such as General Magic go to great lengths
to explain the precautions it has taken to make this impossible:
the limits placed on the power of agents, the “selfdestruct”
mechanism built into their codes. Yet until electronic commerce
services are up and running on a large scale, it is impossible to
know how well software agents will work.

The third layer, interface and support services, will provide
interfaces for electronic commerce applications such as interactive
catalogs and will sup-port directory services-functions necessary
for information search and access. These two concepts are very
different. Interactive catalogs are the customized interface to
consumer applications such as home shopping. An interactive
catalog is an extension of the paper-based catalog andincorporates
additional features such as sophisticated graphics and video to
make the advertising more attractive.
Directories, on the other hand, operate behind the scenes and
attempt to organize the enormous amount of information and
transactions generated to facilitate electronic commerce. Directory
services databases make data from any server appear as a local
file. A classic example of a directory is the telephone White Pages,
which allows us to locate people and telephone numbers.
In the case of electronic commerce, directories would play an
important role in information management functions. For
instance, take the case of buying an airline ticket with several
stopovers with the caveat that the time between layovers be
minimized. This search would require several queries to various
on-line directories to-find empty seats on various airlines and
then the avail-ability of seats would; be coordinated with the
amount of time spent in the air-port terminals.
The primary difference between the two is that unlike interactive
catalogs, which deal with people, directory support services interact
directly with soft-ware applications. For this reason, they need not
have the multimedia glitter and jazz generally associated with
interactive catalogs. From a computing perspective, we can expect
that there will be no one common user interface that will glaze the
surface of all electronic commerce applications, but graphics and
object manipulation will definitely predominated. Tool developers
and designers might incorporate common tools for interface
building, but the shape of catalogs or directories will depend on
the users’ desires and functional requirements.


Secure Messaging and Structured Document Interchange Services
The importance of the fourth layer, secured messaging, is
clear.Everyone in business knows that electronic messaging is a
critical business issue. Consider a familiar business scenario:
You hand over an urgent fax Monday and find out Tuesday that
it’s still sitting on your fax operator’s desk. What happened?
The line was busy and he thought he’d try again later.Or, the
number was wrong, but he forgot to let you know.
Or you’re in London and you need to send a spreadsheet that
details a marketing plan for a product introduction strategy to a
co-worker in New York. This must be done today, not tomorrow
when the courier service would deliver. There is a solution to
these common and frustrating problems. It’s called Integrated
Messaging: a group of computer services that through the use of
a network send, receive, and combine messages, faxes, and large
data files. Some better-known examples are electronic mail,
enhanced fax, and electronic data interchange.
Broadly defined, messaging is the software that sits between the
network infrastructure and the clients or electronic commerce
applications, masking the peculiarities of the environment. Others
define messaging as a frame-work for the total implementation
of portable applications, divorcing you from the architectural
primitives of your system. In general, messaging products are not
applications that solve problems; they are more enablers of the
applications that solve problems.
Messaging services offer solutions for communicating non
formatted (unstructured) data-letters, memos, reports as weft as-
formatted (structured) data such as purchase orders,
shipping notices, and invoices. Unstructured messaging consists
of fax, e-mail, and form-based systems like Lotus Notes.
Structured documents messaging consist of the automated inter-
change of standardized and approved messages between computer
applications, via telecommunications lines.
Examples of structured document messaging include EDI.
Messaging is gaining momentum in electronic commerce and
seems to have many advantages. It supports both synchronous
(immediate) and asynchronous (delayed) message delivery and
processing. With asynchronous messaging, when a message is
sent, work continues (software doesn’t wait for a response).This
allows the transfer of messages through store-and-forward
methods.
Another advantage of messaging is that it is not associated with
any particular communication protocol. No preprocessing is
necessary, although there is an increasing need for programs to
interpret the message. Messaging is well suited for both client
server and peer-to-peer computing models. In distributed systems,
the messages are treated as “objects” that pass between systems.
Messaging is central to work-group computing that is changing
the way businesses operate. The ability to access the right
information at the right time across diverse work groups is a
challenge. Today, with the messaging tools, people can
communicate and work together more effectively-no matter where
they are located. When an employee sends an electronic mail form,
the information travels along with the form. So one person can
start the form, mail it to the next person, fill it in/ sign it, mail it

to the next, and so on. This is known as message-enabled work-
flow solutions.
The main disadvantages of messaging are the new types of
applications it enables-which appear to be more complex, especially
to traditional pro-grammers-and the jungle of standards it
involves. Because of the lack of standards, there is often no
interoperability between different messaging vendors leading to
islands of messaging. Also, security, privacy, and confidentiality
through data encryption and authentication techniques are
important issues that need to be resolved for ensuring the legality
of the message-based transactions themselves.

Middleware is a relatively new concept that emerged only recently.
Like so many other innovations, it came into being out of necessity.
Users in the 1970s, when vendors, delivered homogeneous
systems that worked, didn’t have a need for middleware3&heR
conditions changed-along with the hardware and the software the
organizations couldn’t cope: The tools were inadequate, the
backlog was enormous, and the pressure was overwhelming. And,
the users were dissatisfied. Something was needed to solve all the
interface, translation, transformation, and interpretation problems
that were driving application developers crazy.With the growth of
networks, client-server technology, and all other forms of
communicating between/among unlike platforms, the problems
of get-ting all the pieces to work together grew from formidable
to horrendous. as the cry for distributed computing spread, users
demanded interaction between dissimilar systems, networks that
permitted shared resources, and applications that could be accessed
by multiple software programs.
In simple terms, middleware is the ultimate mediator between
diverse software pro-grams that enables them talk to one another.
Another reason for middleware is the computing shift from
application centric to data centric. That is, remote data controls all
of the applications in the network instead of applications
controlling data. To achieve data-centric computing, middleware
services focus on three elements: transparency, transaction security
and management, and distributed object management and
services.

Transparency implies that users should be unaware that they are
accessing multiple systems. Transparency is essential for dealing
with higher-level issues than physical media and interconnection
that the underlying network infrastructure is in charge of. The
ideal picture is one of a “virtual” network: a collection of
workgroup, departmental, enterprise, and inter enterprise LANs
that appears to the end user or client application to be a seamless
and easily accessed whole.
Transparency is accomplished using middleware that facilitates a
distributed computing environment. This gives users and
applications transparent access to data, computation, and other
resources across collections of multi-vendor, heterogeneous
systems. The strategic architectures of every major system vendor
are now based on some form of middleware. The key to realizing
the theoretical benefit of such architecture is transparency. Users
need not spend their time trying to understand where something
is. Nor should application developers have to code into their


applications the exact locations of resources over the network.
The goal is for the applications to send a request to the middleware
layer, which then satisfies the request any way it can, using remote
information.

Support for transaction processing (TP) is fundamental to success
in the electronic commerce market. Security and management are
essential to all layers in the electronic commerce model. At the
transaction security level, two broad general categories of security
services exist: authentication and authorization.
Transaction integrity must be a given for businesses that cannot
afford any loss or inconsistency in data. Some commercial sites
have had gigantic centralized TP systems running for years. For
electronic commerce, middleware provides the qualities expected
in a standard TP sys-tem: the so-called ACID properties (atomicity,
consistency, isolation, and durability).


Object orientation is proving fundamental to the proliferation of
network-based applications for the following reasons: It is too
hard to write a net-work-based application without either extensive
developer retraining or a technology that camouflages the intricacies
of the network. Objects are defined as the combination of data
and instructions acting on the data. Objects are an evolution of
the more traditional programming concept of functions and
procedures. A natural instance of an object in electronic commerce
is a document. A document carries data and often carries
instructions about the actions to be performed on the data. Today,
the term object is being used interchangeably with document
resulting in a new form of computing called document oriented
computing. Here, the trend is to move away from single data-type
documents such as text, pictures, or video toward integrated
documents known as com-pound document architectures.
The best example of this approach is an active document. If you
create a new document that is an integration of the spreadsheet,
word processor, and presentation package, what you’ll see in the
next generation of operating systems is that as you scroll through
your document, the tool bar will automatically change from a
spreadsheet too bar, to a word processing tool bar, to a
presentation package tool bar. These applications will also be able
to access and retrieve data from any file in the computing network.
The implications are clear: We’re going to see a gradual movement
toward active documents that will be designed out of linked
applications.

 The architectural framework of E Commerce focuses on
synthesizing the diverse resources already in place in
corporations to facilitate the integration of data and software
for better applications.
 The electronic commerce application architecture consists of
six layers of functionality, or services:
(1) applications;
(2) brokerage services, data or transaction management;
(3) interface, and; support layers”

 (4) secure messaging, security and electronic document
interchange;
(5) middle ware and structured document interchange; and
(6) network infrastructure and basic communications
services
 The application services layer of e-commerce categorizes three
distinct classes of electronic commerce application: customer
to business, business-to-business, and intra organization.
 The information brokerage and management layer provides
service integration through the notion of information
brokerage which represents an intermediary who provides
service integration between customers and information
providers, given some constraint such as a low price, fast
service, or profit maximization for a client.
 The third layer, interface and support services provide
interfaces for electronic commerce applications such as
interactive catalogs and will sup-port directory services-
functions necessary for information search and access
 Secure Messaging and Structured Document Interchange
Services the fourth layer deals with the issues of security,
privacy, and confidentiality through data encryption and
authentication techniques
 Middleware the fifth layer is the ultimate mediator between
diverse software pro-grams that enables them talk to one
another.
 Last but not the least is the Network Infrastructure

1. What is the functionality of middleware in E-commerce
2. How do middleware provide transparency?
3. Discuss the security issue in middleware.
4. What do understand by C2b and B2B transaction?
5. Explain various layers in electronic commerce architecture




 
 


 Introduction
 Web System Architecture
 Generation Of Dynamic Web Pages
 Cookies
 Summary
 Exercise

After this lecture the students will be able to:
 Understand web based E Commerce architecture
All of you might have understood that web system together with
the internet forms the basic infrastructure for supporting E
Commerce. In this lecture we will discuss in detail what are the
components a web bases system is consist of assuming that you
have a knowledge of basic network architecture of the internet
(i.e. Layered model of the Internet)

Figure 5.1 gives the general architecture of a web-based ecommerce
system.
Basically, it consists of the following components:
 Web browser: It is the client interface. Essentially, it is used
for displaying information to the user as well as collecting
user’s input to the system. Serving as the client, the web
browser also interacts with the web server using the HTTP.
 Web server: It is one of the main components of the
service system. It interacts with the web client as well as the
backend system.
 Application server : It is the other main component of the
service system and it hosts the e-commerce application
software.
 Backend system: It supports the service system for
fulfilling the user’s request. In many cases, it is a database
management system.
 Internet: It is the communication platform for the web
server and the web client to exchange information with each
other.
Fig 5.1 Web System Architecture
As the web client and the web server are not connected directly, we
need a protocol for them to “talk” or communicate with each


other over the internet. This protocol is called the Hypertext Transfer
Protocol (HTTP).

To identify web pages, an addressing scheme is needed. Basically,
a Web page is given an address called a Uniform Resource Locator
(URL). At the application level, this URL
provides the unique address for a web page, which can be treated
as an internet resource. The general format for a URL is as follows:
protocol://domain_name:port/directory/resource
The protocol defines the protocol being used. Here are some
examples:
 http: hypertext transfer protocol
 https: secure hypertext transfer protocol
 ftp: file transfer protocol
 telnet: telnet protocol for accessing a remote host
The domain_name, port, directory and resource specify the domain
name of the destined computer, the port number of the
connection, the corresponding directory of the resource and the
requested resource, respectively.
For example, the URL of the welcome page (main.html) of our
VBS may be writ-ten as http://www.vbs.com/welcome/
main.html. In this example, the protocol is http, the
domain_name is www.vbs.com, the directory is welcome (i.e., the
file main.html is stored under the directory called welcome). Note
that in this example, the port is omitted because the default port
for the protocol is used; that is, formally the URL should be
specified as http://WWW.vbs.com:80/welcome/main.html
where 80 specifies the port for HTTP as explained later. In some
protocols (e.g. TELNET) where the user name and password are
required, the URL can be specified as follows :
protocol://username:password@domain_name:port/ directory/
resource where username and password specify the user name and
password, respectively.
Let us consider a general overview of HTTP before discussing its
details. This protocol is used for the web client and the web server
to communicate with each other.

Sup-pose that you access the URL of the VBS http://
www.vbs.com/welcome/main.html by clicking the corresponding
hyperlink. This is what happens in terms of the interactions
between the web browser and the web server according to. Utilizing
the URL of the hyperlink, the web browser (or web client) obtains
the IP address of the VBS through the DNS. After receiving the
reply, the web client establishes a TCP connection to port 80 of
the web server. Note that port 80 is the default port for HTTP.
Then it issues a GET command (more specifically, GET/
welcome/main.html) to retrieve the web page “main.html” from
the web server. The web server then returns the corresponding

file to the browser. In HTTP/1.0, the TCP connection is then
closed. In ‘HTTP/ 1.1, the connection is kept open in order to
support multiple requests. The browser then shows the text in
the hypertext file. It also obtains the images in the hypertext file
from their respective URLs and displays them. This is why you see
the text first and the images enter, because the images take a longer
time to download. In many companies, a proxy web server is set
up for security and other administrative reasons. In this case,
users need to access other web servers via the proxy web server.
Basically, a user’s browser issues a request to the proxy web server
first and then the proxy web server retrieves the specific web page
on behalf of the user. Having retrieved the web page, it is then
returned to the user’s browser for display. Essentially, the proxy
web server acts as an application gateway for enhancing security. A
proxy web server can have both positive and negative effects on
web performance. On the positive side, it can be used to keep
cache copies of web pages so that if subsequent users require
these web pages, they can be returned to the users almost
immediately. In other words, the retrieval time can be greatly
reduced. However, the proxy web server can also become a
bottleneck if the system is not well planned.

HTTP is a simple application protocol working under a client/
server computing environment. Basically, a client issues a request
to a server and then the server returns the response. The request is
specified in text (ASCII) format, whereas the response is specified
in Multipurpose Internet Mail Extensions (MIME) format, which
defines different types of content types such as text, image, and
audio. The common content types for a server’s response are
 text/html - text file il1 html format
 image/JPEG - image file in JPEG format
 image/GIF - image file in GIF format
JPEG and GIF are different encoding techniques that compress
an image for transmitting and storing so as to reduce the number
of bytes (size) for representing the image.
As discussed in the previous section, the basic operation of HTTP
is as follows. The web client (e.g. your web browser or even a.
”robot” program) makes a TCP connection to a web server at
port 80. Subsequently, an HTTP request consisting of the specific
request, required headers and additional data is forwarded to the
web server. After processing the request, the web server returns an
HTTP response consisting of the status, additional headers, and
the requested resource such as a web page. A new version of
HTTP called HTTP/1.1 is also becoming popular
HTTP request
The general format of the client request is as follows:
Request_method Resource_address HTTP!Version_number
General_header(s)
Request_header(s)
Entity_header(s)
Blank_line
Entity (Additional_data)


Method name Description
GET 
HEAD 



POST 


Table 5.1 Request methods in HTTP/1.0
As described in Table 5.1, Request_method specifies the request
method used. Resource_address is essentially the URL that specifies
the location of the requested resource in the web server. HTTP/
Version-number tells the web server what HTTP protocol the
web client is using. There are three types of headers for passing
additional information to the web server, namely, General_header,
Request_header, and Entity_header. They are described in Tables
5.2, 5.3, and 5.4, respectively. Finally, the web client can post
additional data to the server after the Blank_line, This is used in
conjunction with the POST request method.
Let us look at the following example of an HTTP request message.
GET /vbs.html HTTP/l..0

This request message means that the client wants to get a document
called “vbs.html” from the server. The document IS located at the
root directory of the server. Version 1.0 of the HTTP is used. The
client can accept any content type as indicated by “*/*” but for the
image content, GIF is preferred to JPEG .Note that no additional
data can be enclosed in the HTTP request.
Header name
Description
DateIt specifies when (i.e. date and time) the message was
generated.
Pragma This header is for specifying implementation-specific
directives. For example, if the client does not want to receive a
cached copy of the requested resource, it will specify Pragma: No-
cache


Header name Description
Date It specifies when (i.e. date and time) the message was generated.
Pragma This header is for specifying implementation-specific directives.
For example, if the client does not want to receive a cached
copy of the requested resource, it will specify Pragma: No-cache
Table 5.2 General headers in HTTP/1.0
Header Name Description
Authorization Used with the later WWW-Authenticate
response header, it provides authentication
information to the web server. HTIP
provides a basic authentication scheme by
encoding the username and password in
Base64 format.
From This header provides the contact e-mail
address. (e.g., the e-mail address of the
person who generates the request)
If-Modified-Since It asks the web server to provide the
requested resource only if it has been
modified since the specified time in the
header.

Having processed the web client’s request, the web server returns
a response to the client. The general format of the response is as
follows.
HTTP/Version_number status_code Result_message (Status
line)
General_header(s)
Response_header(s)
Entity_header(s)
Blank_line
Entity_body (e.g., web page)
Again, the HTTP/ Version-number indicates the version of HTTP
that the server is using. The Status_code indicates the result of the
request. The common status codes are given in
Table 7.1. The headers General_header(s), Response_header(s),
and Entity_header(s) are used to pass additional information to
the web client. Gen-eral_header and Entity_header have been
described in Tables 5.2 and 5.4, respectively. Response_header is
described in Table 7.2. Following the headers, the response data is
enclosed as the Entity _body. Usually this is a hypertext file.

Referer It indicates where (i.e. URL) did the

client obtain the current address. By using
this header, a web server can trace back the
previous link(s), e.g., for maintenance or
administrative purposes.

User-Agent It provides information on the user agent

(e.g. web browser) used by the web client

Table 5.3 Request heade rs in HTTP/1.0

Header Name Description

Allow It indicates the request methods (e.g. GET,
POST, and HEAD) allowed

Content-Encoding It specifies the encoding method (e.g.

compression method) applied to the
content.

Content-Length It indicates the length of the content in

number of octets.

Content-Type It indicates the content type or MIME type

of the content, e.g., text/html means
HTML document in text format.

Expires It specifies when (i.e. date and time) the

content becomes expired

Last-Modified It specifies when the content (web page) was last

modified

Table 5.4 Entity header in HTTP/1.0


 
 Status Result Meaning
code message
200 OK This refers to the normal case in
which the request is OK or successful.
201 Created The request is processed and the r
resource is created as requested.

204 No content The request is processed but no

content is available for the client
301 Moved permanently The resource has been moved
permanently to the URL as given
in the “Location” header.
302 Moved temporarily The resource has been moved
temporarilyto the URL as given
in the “Location” header. As it is
only a temporary relocation,
future requests should still be
sent to the current URL
304 Not modified The requested web page is not
returned to the client as it has
not been modified since the
time as specified in the “If-
Modified-Since” header.
400 Bad request
401 Unauthorized Used in conjunction with
WWW- Authenticate header
files, it indicates that user
authentication is required
403 Forbidden Access is forbidden, e.g. the user
does not have the access rights
404 Not found The requested resource is not
found, possibly because it has been deleted from the
web server
Table 7.1 Commonly used status codes in-HTTP/1.0

Let us look at an example of a server response. Suppose that the

response message was as follows.
HTTP/1: 0 200. OK
Server: Microsoft-IIS/4.0
Date: Sat, 30 Sep. 2000 09:30:00 GMT
Last-Modified: Sat, 30 Sep. 2000 09:00:00 GMT
Content-Type: text/html
Content-Length: 600


 
This response message means that the web server is using version
1.0 of HTTP. The request has been processed successfully.
The server is Microsoft-IIS/4.0. The current date and time are 30
Sep. 2000 and 09:30:00, respectively. The response document is an
HTML file in text format and the file size is 600 bytes. This file has
not been modified since 09:00:00 on 30 Sep.,2000.

Location :Used with the status code 301 and 302 etc, it provides
the for redirection purpose. new URL
Server It provides information about the server software.
Server WWW-Authenticate Used with the unauthorized
response message (i.e.-status code of 401), it provides the
authentication information required for successful authentication
Table 7.2 Commonly used response header in HTTP/1.0
So far, we have talked about how to get a static web page from a
web server by using the GET command. In many cases, the
returned web page is user-dependent, i.e., it is dynamic rather than
static. For example, a user may _ant to use the search engine of
our YES to search for books about e-commerce. In this case, the
returned web page will be dependent. on the user’s search criteria.
Therefore, we need a method for the web client topass additional
data to the web-server

One simple way to do this is to attach the data at the end of the
URL by using the following format :
?namel=valuel&name2=value2&...&nameK=valueN
where namel, name2,..., nameN specify the names of the input
elements and value1 value2,.. ., valueN specify the corresponding
values.
For example, if a user wants to search for all books on e commerce
published in the year 2000, he can append the search criteria after
the URL as shown in the following: 1
http://www.vbs.com/servlet/
booksearch?title=ecommerce&year=2000
where namel is “title” and the corresponding value is “e
commerce” and name2 is “year” and its value is “2000.”
By entering these, the web browser will issue the following
GET command:
GET /servlet/booksearch?title=e commerce&year=2000
HTTP/l.0 in the HTTP request message
In this case, the request is not just for a static web page. Instead,
we invoke a program called “booksearch” in order to generate the
search result and then return it to the user. The program
“booksearch” is a servlet program stored under the logical directory
“servlet” of the host_.vbs.com. At the moment, our concern is
how to pass the search criteria to the web server. In some cases, we
may need to pass some special characters to the web server as well.
The default encoding method is called “application/x-www-
form-urlencoded.”
In this encoding method, the following rules are used: a space
becomes a “+” . a no alphanumeric character becomes a hexadecimal
code preceded by a %


For example,
?Input=%2F%7Ehenry%2Flecture2%2Dnotes.html is equivalent
to attaching a name called “Input” with value-
/~henry/lecture2-notes.html to the URL because %2F is “1”,
%7E is “~” and %2D is “-”.
An alternative way to pass data to the web server is by using the
POST command. In this case, data is appended after the headers
in the HTTP request message. For example, if we use the POST
command to pass data to the above “booksearch” program, you
will find the following in the HTTP request message:
POST /servlet/booksearch HTTP/l.0
Accept * / *
title=ecommerce&year=2000
Note that data is appended after a blank line following the header.
In this example, there is only one header called” Accept * /* .”
It specifies that the web client is willing to accept any content type.
All of you might have heard about cookies. Let’s discuss what
basically the cookies are.

HTTP is a stateless protocol. That means, the web server will not
keep user’s state or user’s information. For example, when a web
server receives an HTIP request, it does not know whether this
request comes from a previous client or a new client. In other
words, there is no way to tell whether or not the current request is
related to a previous request. In many e-commerce applications,
knowing the user’s state is an important requirement.
For example, in a shopping cart application, the server needs to
know the content of the user’s shopping cart in order to display
the items to the user correctly. To address this
important issue, Netscape proposed a method called “cookies”
for a web server to save state data at the web client. The original
specification is stored at http://www.netscape.com/newsref/
stdlcookie_spec.html. and it has now been standardized.
A maximum of 20 cookies are allowed at each domain and each
cookie is limited to 4 Kb to prevent overloading the memory of
the client’s computer. . If a web server wants a web client to save
“cookie,” it will send the Set-Cookie header in the HTTP response.
The Set-Cookie header is of the form
Set-Cookie: Name=Value
where Name and value are the name and value of the cookie,
respectively.
Whenever required, the client will include the cookie in .the HTIP
request header using the following format:
Cookie: Name=Value
This allows the user’s information to be passed to the server. Let
us look at how cookies can be used to implement a simple
shopping cart for: our VBS. Suppose that there are already two
items in the shopping cart. The firs: item (Iteml) has a product
code of 11111 and the second item (Item2) has a product –code
of 22222. When the client sends a HTTP request to put another
item (say an item with product code 33333) into the shopping
cart, the server can set a cookie =-including the following cookie
header:

Set-Cookie: Item3=33333
It means that the third item has a product code of 33333. In the
next HTTP request, the user needs to send to the server the
following cookie headers:
Cookie: Item1=11111 Cookie: Item2=22222 Cookie:
Item3=33333
By reading the cookies, the server knows the content of the
shopping cart so that it can be displayed in the returned web page
accordingly.
Besides the Set-Cookie header, the following are extra information
that can be provided for the cookie(s) They can be added on the
Set-Cookie header as shown in the later example* .
 Comment-provides information on the cookie (e.g. its-use)
 Domain-specifies in which domain the cookie is effective
 Expires-specifies when the cookie will expire
 Max-age-specifies the cookie’s lifetime in seconds
 Path -specifies the URLs to which the web client should
return the cookie(s)
 Secure -specifies that the cookie is returned only if the
connection is secure.
Here is a simple example !!!!!!!!!
Suppose that the VBS web server wants to create a cookie called
Credit= 111 in order to remember the user’s credit.
The Set- Cookie header is
Set-Cookie: Credit=lll;
secure;
expires=Thursday, 07-Dec-200010:00:00 GMT;
domain=.vbs.com; path=/
The expiry date of the cookie is 07-Dec-2000, 10:00:00 GMT.
The cookie is effective under the domain name vbs.com. Note
that “path=/” means that the cookie applies to any directory
under the root directory of the server. In the discussions above
we have used HTTP version 1.1
Let’s see how this is different from HTTP.
HITP/1. 1
In HTTP/1.1, many enhancements are included to improve the
performance of HTTP, to enhance its functionality, and to eliminate
the limitations of HTTP/1.0. Generally speaking, HTTP/1.1
works in a similar-manner to HTTP/1.0 except that many
additional headers are added so HTTP/1.1 is upwardly compatible
with HTTP/1.0. Some of the major enhancements are
summarized as follows:

In HTTP/1.0, a connection is released after a request is served.
Obviously this is inefficient because a web client may want to
retrieve other web pages from the same web server. In HTTP/
1.1, a connection is kept open such that the web client can send
multiple requests over the same connection. For example, after
accessing the home page of the VBS, the customer may want to
read the company. Information by getting the corresponding web
page from the web server. Instead of opening a hew connection
for this request, it can be sent along the same connection.


Furthermore, a web client can send the next request without
waiting for the response to the previous request. In other words,
HTTP/ 1.1 allows pipelining of requests and responses.
If a web client wants to close a connection, it can specify a “Close”
option in the Connection request header, i.e., Connection: close.

Currently many small organizations use a web hosting service
from ISPs. For example, we may put the VBS in an ISP’s web
server such that we do not need to set up and look after a web
server ourselves. In HT P/ 1.1, a Host header must be included in
the HTIP request message to specify the host name in the web
server. This enables different organizations to share the same IP
address of the web server thus allowing the efficient use of IP
addresses.

HTIP/1.1 allows a web client to retrieve part of the file by using
the Range header. For example, if the connection is broken while
the web client is receiving a large file, it can request the web server
to send the file from the “break point.” Furthermore, the range
request function is useful when the web client wants only a portion
of a large file.

The purpose of caching is to. shorten the retrieval time of web
pages. It is done by maintaining a cache copy of the previous
responses in the web browser or the proxy server so that future
requests can be served by the cache copies rather than by the original
servers: HTTP/1.0 only supports basic cache control. For example,
by using the Expires header, the original server can tell the proxy
server when a cache copy should be removed. Furthermore, the
web client can tell the proxy server that it does not want a cache
copy of the response by using the “Pragma: No-cache” header. In
HTIP/1.1, a “Cache-Control” header is included to provide better
cache control and cache functions.

HTTP/1.1 provides the Proxy-Authentication and Proxy-
Authorization headers for enabling proxy authentication. In
principle, they work in a similar manner to the WWW-
Authentication and Authorization headers in HTTP/1.0,
respectively. However, the Proxy-Authentication and Proxy-
Authorization headers are used on a hop-by-hop basis.

HTIP/1.1 provides better support for data compression. In,
particular, a web client can specify the encoding method such as
the compression scheme(s) that is/are supported and preferred
by using the Accept-Encoding header.
Better support for language{s}:
In HTTP/1.1, a web client can specify the language(s) that is/are
acceptable and preferred.

In HTIP/1.1, Content integrity can be supported by the Content-
MD5 header.


Four additional request methods are added as described in Table
7.3. However, they are less commonly-used than the GET, POST,
and HEAD request methods.
3. How the web client and server communicate with each other.
4. What do you understand by Caching
5. Explain cookies?What all are the additional information
provide while setting a cookie?

Method name Description of the request

PUT Put the specified resource to the web server.
DELETE Delete the specified resource from the web
server.
OPTIONS Return the options available from the web
server.
TRACE “Loop back” a request, e.g., for diagnostic
purposes

Table 7.3 Additional request methods in HTTP/1.1

Table 7.3 Additional request methods in HTTP/1.1


 The general architecture of a web-based e-commerce system.
Basically, it consists of the following components: Web
browser, Web server, Application server, Backend system
and Internet
 A Web page is given an address called a Uniform Resource
Locator (URL)
 The web client and the web server communicate with each
other based on a request/response protocol called HTTP.
 The web client can also pass additional data to the web server
by appending it after the URL or embedding it inside the
HTTP request message. This can be used to generate
dynamic web pages.
 As the HTTP is stateless, a “Cookie” method can be used to
keep track of a user’s state. This is important for many
ecommerce applications such as building a shopping cart.
 Some of the major enhancements of HTTP 1.1 over HTTP
are:
 Persistent connections and pipelining,
 Efficient use of IP addresses,
 range request, Cache control,
 Support for proxy authentication,
 Better support for data compression,
 Better support for language{s},
 Support for content integrity and Additional request
methods

1. What are the various components in web system
architecture?
2. Explain the following terms:
 HTTP
 URL


 
 

typically go to the customers’ location rather than the customer

Question 1: How is e-commerce defined?
coming to them (e.g., door-to-door sales, home parties) and
Answer: E-commerce is defined as the value of goods and services includes businesses such as heating oil dealers making residential
sold online. The term “online” includes the use of the internet, deliveries and mobile food services.
intranet, extranet, as well as proprietary networks that run systems
Question 8: Can the e-commerce categories be separated into B2B
such as Electronic Data Interchange (EDI).
and B2C?
Question 2: Does E-Stats cover the entire economy?
Answer: Although the surveys did not collect separate data, one
Answer: No. E-Stats covers manufacturing, merchant wholesale can approximate relative shares by using some simplifying
trade, retail trade, and selected service industries. These sectors assumptions. If one assumes all manufacturing and wholesale is
and industries are the same as those covered by existing annual entirely B2B and all retail and service is B2C, then more than 94%
Census Bureau surveys. Sectors and industries not covered include of total e-commerce was B2B.
agriculture, mining, construction, and utilities as well as non-
Question 9: How do you account for firms that go out of
merchant wholesalers and parts of the service sector.
business?
Question 3: Is the value of e-commerce included in the estimates
Answer: Our surveys are updated each year to add new businesses
of total economic activity provided in your ongoing surveys?
and to delete ones no longer in business. Once we receive
Answer: Yes. notification that a firm has ceased operation we drop it from our
Question 4: Are e-commerce sales of retail businesses with both survey. Results are included up until the point the firm ceased
a physical and internet presence, commonly referred to as “brick operation.
and click” businesses, included in the Electronic Shopping and Question 10: How frequently will E-Stats be published?
Mail Order Houses industry estimates?
Answer: We plan to publish the E-Stats E-commerce Report
Answer: If the “brick and click” business has a separate business annually in March.
unit set up for internet sales and is not selling motor vehicles,
then its e-commerce sales are included in the Electronic Shopping
and Mail Order Houses industry estimates. Otherwise, the e-
commerce sales are included with the NAICS industry classification
for the brick part of the company.
Question 5: What is the difference between merchant wholesalers
and non-merchant wholesalers?
Answer: Merchant wholesalers take title to the goods they sell
and include wholesale merchants, distributors, jobbers, drop
shippers, and import/export merchants. These businesses typically
maintain their own warehouse, where they receive and handle
goods for their customers. Non-merchant wholesalers arrange for
the purchase or sale of goods owned by others and do not take
title to the goods they sell. Examples of non-merchant wholesalers
include manufacturers’ sales branches and offices, agents, brokers,
commission agents, and electronic marketplaces.
Question 6: Are the sales of online marketplaces (eMarketplaces)
included in the e-commerce estimates?
Answer: Only sales from eMarketplaces that take title to the goods
they sell are included. Generally, most eMarketplaces arrange for
the purchase or sale of goods owned by others and do not take
title to the goods they sell. This type of eMarketplace is considered
to be a non-merchant wholesaler and would be excluded from the
estimates in this report.
Question 7: What other types of “Nonstore Retailers” are there
in addition to Electronic Shopping and Mail Order Houses?
Answer: It also includes Direct Selling Establishments and
Vending Machine Operators. Direct Selling Establishments


 
 


 Introduction
 Difference between Traditional Retailing and E-Retailing
 Benefits and disadvantages associated with E-Retailing
 Various models of E-Retailing
 Summary
 Exercise

After this lecture the students will be able to:
 Describe the difference between Traditional Retailing and E-
Retailing
 Describe the benefits and disadvantages associated with E-
retailing
In this lecture we will discuss how the customer and business
organizations is benefited through E Commerce, how he can
purchase the things and how any business organization can sell
the goods online.

E-retailing essentially consists of the sale of goods and services.
Sometimes we refer to this as the sale of tangible and intangible
goods, as shown in Figure 6.1. We can divide tangible goods into
two categories: physical goods and digital goods. Examples of
physical goods would be a book, a television set, a video recorder,
a washing machine, etc. Examples of digital goods are software
and music, which may be downloaded from the internet. The sale
of intangible goods is sometimes called e-servicing. -Examples
of services that may be sold are information such as the most
recent stock prices, the most
recent foreign exchange rate, or education. Entertainment such as
-games that would be played on the internet are also examples of
e-services. So are the sales of services such as telecommunication
services or banking services. The sale of tangible and intangible
goods are all referred to as customer oriented e-commerce or e-
retailing, if they are sold directly to the consumer who is the end
user. Here we discuss the sale of tangible goods.
Fig 6.1 Selling of different type of goods


Let’s see the difference between Traditional Retailing And E-
Retailing

Before we begin a discussion of e-retailing, it would be useful to
look at some aspects of traditional retailing. This helps to identify
some essential characteristics of retailing.
Traditional retailing essentially involves selling to a final customer
through a physical outlet or through direct physical
communication. This normally involves a fairly extensive chain
starting from a manufacturer to a wholesaler and then to the
retailer who through a physical outlet has direct contact with the
final customer.
Examples of physical outlets that retailers currently use are:
 malls
 generalized stores (e.g. department store)
 specialized stores
 franchise stores
It is useful to reflect that even in traditional retailing we have
moved away from just using a static physical outlet within which
a customer can have direct contact with the retailer. Thus, more
recent forms of traditional retailing include
 direct mailing
 telemarketing
 door-to-door sales
 vending machines
Direct mailing to a customer normally involves sending a brochure
or catalog to a customer. The customer browses through this
catalog and then carries out mail ordering. In some respects, this
notion of browsing through a catalog is a forerunner of e-retailing.
Direct mailing, telemarketing, door-to-door sales, or the use of
vending machines includes other forms that have actually moved
away from a physical fixed outlet and in a way are an intermediate
form of the movement away from traditional physical retailing
outlet to the virtual retailing we see on the internet.

The internet has allowed a new kind of specialization to emerge.
Instead of specializing just in a special product line, they allow
specialization in particular classes of customers and sellers. Thus,
we see lastminute.com, which allows last minute purchases of
travel tickets, gift, and entertainment to be matched against last
minute sellers of the same items. Here, we see specialization not
in a product line but in a class of purchasers and a class of sellers.
This kind of specialization would not have been possible before
we had the internet.
In addition to these specialized stores, we also get generalized e-
stores where a store sells several product lines under a single

management. Examples of these generalized stores include JC
penny and Walmart.
We also have the electronic counterpart of malls or e-malls. E-
malls essentially provide a web-hosting service for your individual
store much in the way that mall provide a hosting
service in the sense of a physical location for your store.


In the future we may see the equivalent of franchise stores
developing. One new class of business that is developing very
quickly on the internet is the e-broker. The e-broker does not sell
directly to a customer but brings the customer in touch with a
particular supplier, so that a given set of criteria specified by the
customer is satisfied. For example, the customer may want to buy
goods at the cheapest price and so the e-broker would then do a
search to find the supplier that would provide the cheapest goods.
Or, a customer may want to find a particular kind of goods and
the e-broker sets about determining which supplier would provide
those goods. This area of e-broking is likely to grow very greatly
in the near future.
In summary, we can, therefore, map traditional forms to e-retailing
as follows:
Specialized stores ® specialized e-stores
Generalized stores ® Generalized e-stores
Malls ® E-malls
Franchise stores ® ?
New form of business: e-broker


Customers enjoy a number of benefits from e-retailing. The first
of these is convenience. It is convenient for the customer as he
does not have to move from shop to shop physically in order to
examine goods. He is able to sit in front of a terminal and search
the net and examine the information on goods. The second aspect
of convenience he gets is in terms of time.
Normally, the traditional shop has an opening time and a closing
time and the customer can only visit the shop within these periods.
On the net, the customer can choose at any time to visit a site to
examine the goods that are available and actually carry out his
purchasing at one’s own convenient time. The third type of
convenience that the customer gets is that he has access to a search
engine, which will actually locate the products that he describes’
and also the site where they may be available, or perhaps even
locate the sites where they may be available at the best price
The second type of benefit to customers is better information.
The Internet and the World Wide web are essentially
communication media that allow retailers to put on quite extensive
information related to their products, which is available to the
customers. Furthermore, since the customer can look at several
sites, he will be able to obtain different pieces of information
from each site to build a far better picture for himself about the
products that he is interested in. In some sites, there are customer
reviews of different products as well as reviews by the business
itself. An example of this can be found on Amazon.com. This


allows-the customer to finesse his requirements before actually
making the purchase. It also gives different sources of information.
The third type of benefit that the customer gets is competitive
pricing. This is due to two factors.
 The first is lowered costs to the retailer because he does not
have to maintain a physicalshowroom, he does not have to
hire several shop assistants, and these savings can be passed
on to customers in the form of reduced prices.
 Secondly, competitive pricing pressure that arises from the
fact that the customer is now able to look at prices at several
sites. Therefore, the pressure is always there on the retailer to
maintain a competitive price for his products.
 The third benefit is customization. The customer can
actually specify the features of the products that he would
like and thus in some cases it is possible that the retailer may
allow a customized product to be delivered.
An example of this is on the Dell site. The computer site allows
shoppers to custom specify their own computer software and
hardware configurations. Thus, the customer is able to select exactly
what he wants. This ability to get the business to deliver a product
that the customer specifies he wants is the essence of C2B e-
commerce.
In summary, the benefits of e-retailing to the customer include
 convenience
 better information
 competitive price .
 customization
 shopping anyWhere, anytime
So with e-retailing, the customer can shop “anywhere around the
globe without being restricted to his local vicinity. He could, for
example, purchase goods over_ and have them delivered to a
domestic address. He can also shop, as mentioned earlier at any
time. These are very considerable benefits of e-retailing to the
customer. These benefits could see larger and larger numbers of
customers move more and more of their shopping on to e-
retailing sites in the future.

There are a number of benefits of e-retailing to the business
itself.
 The first of these is global reach. The retailer now is no
longer restricted to customers who are able to reach the store
physically. They can be from anywhere around the globe. The
retailer must, of course, deliver the goods of a purchase to
the customer. We see later that has an impact on the types of
goods that are most easily handled through e-retailing.
 The second benefit is better customer service. The use of
email and the use of electronic interchange of messages
between the customer and the retailer allows better
communication between the customer and the retailer. These
allow one to easily inquiries and deal with complaints. These
also allow a much more rapid response time than was
possible in the days of faxes and postal mail.
 The third benefit is the lowered capital cost to the retailer .
The retailer does not have to maintain showrooms, he can

 probably have lower inventories. Thus, while Amazon.com
lists over a few million titles, it keeps an inventory of a few
thousand best selling titles only. Therefore, the retailer has
lower warehousing costs. He does not have to have many
shop assistants who are physically answering questions and.
Showing the customer goods.
 The fourth benefit to the retailer is mass customization.
Based on requests by the customers, the retailer is now able
to carry out mass customization with reduced time to
market for the customized products.
 The next advantage is targeted marketing. The retailer is
now able to pick on a specific targeted group of customers
and direct marketing towards these customers. The retailer is
also able to provide more value-added services in the way
of better information, add-on services to basic services, or
add-on options to products that he is selling.
 The last advantage to the retailer consists of different new
forms of specialized stores that he is now able to utilize.
As we have mentioned previously, now he does not have to
specialize his store based just on a product line but could choose
to specialize his store based on a specialized targeted group of
customers. It also creates new opportunities for niche marketing.
A summary of the benefits to the e-retailer are
 global reach
 better customer service
 low capital cost
 mass customization
 targeted marketing
 more value-added services
 new forms of specialized stores and niche marketing


There are a number of key success factors which have been identified
for traditional retailing . Two of these are the size and the number
of outlets. The larger the retailer, the greater the buying muscle
and therefore the lower the price for procurement. The number
of outlets also allows the retailer to spread the purchase costs over
a larger inventory.
In addition, the number of outlets provides for better visibility.
The retailer is now visible to the customer at many geographical
locations rather than just one. Location is, of course, an extremely
important success factor in traditional retailing. The retailer may
choose to be sited in the central business district, in a regional area,
in a shopping complex, or in a street of shops. This may relate to
the category of customers and the costs associated with the site.
Other factors that are very important in traditional retailing are
store atmosphere and store layout Store atmosphere evokes a
particular look and feel about the retailer and is therefore important
to the positioning in the market. Store layout is important in
creating an atmosphere but is also important in ensuring that one
groups different sets of products together, so that the purchase
of one product will frequently lead to the purchase of another,
thus allowing for cross selling. Price is important and here it is


not necessarily the cheapest price, but the price which is consonant
with what the customer expects to pay for the goods.
The variety of goods in the case of a large store, particularly of a
department store, is also important because a customer would
come in looking for one set of goods and then choose to purchase
others. Profit margins are important in traditional retailing, and
last but not least is the level of turnover.
To summarize; the key success factors for traditional retailing are
 size
 number of outlets .
 visibility
 location
 store atmosphere
 store layout
 price
 variety of goods
 profit margins
 turnover

In this section, we explore how these success factors of traditional
retailing translate top e retailing.
The first one considered is size. The important point to realize
here is that no matter how large the company is your e-store
presentation is still-limited to the size of the computer screen,
which may be, say, 15 in. It is not necessary to look at the number
of outlets in cyberspace because you probably need only one web
set up. However, this web site is linked to other similar web sites
and portals. therefore, it is not the number of outlets that is
important but the number of links from other important sites to
your web site which is far more important. When one thinks of
visibility, it is all the more important in cyberspace. It is notes
enough to create a web site; you have to let the world know the
existence of your ‘web site and that people can purchase from
you’re-store. When looking at visibility, important point to realize
here is that most people find information on the Internet: trough
the use of search engines. Therefore, it is very important to register
the web or estore with the most common or the most widely
used search engines, such LS-Lycos, Alta Vista, and Yahoo. It is
also important to link your web site with other well-known web
sites that have similar interests, or major portals such as Yahoo,
which link back to your e-store. This can greatly increase the visibility
of the web site.
When considering location, we note that the geographic
boundaries no longer exist. A local e-store and a foreign e-store
are both just “one click” away.
Store atmosphere is particularly important on the web. The “look
and feel” of web site should match with the company’s image as
well as the market position Look it seeks to address.
Thus, if you are selling very up-market clothes such as Gucci and
Armani, your web site for these stores should have a sophisticated
look and feel rout it. On the other hand, if you
are selling other kinds of goods, you could choose to have a
slightly jazzier image on your web site. The front page or the

homepage of your e-store is particularly important. It may be the
only chance that you get of. Wring a potential customer into your
e-store. In some ways it plays a similar role fur the e-store that the
window display plays for the traditional store. What is also
important is in going through this store. The layout of the
store has to be such that it facilitates the customer’s interests. The
advantage of using store layouts in the e-store is that the layout
can actually be made dynamic and be determined by the customer’s
interests. The customer’s interests could be obtained from data
mining his previous purchases at the e-store. This is the major
difference between a traditional store and an e-store.
Price is very important in cyberspace because the customer can
easily carry out comparison pricing between your e-store and other
e-stores not just in your immediate neighborhood but all around
the world. Also some e-brokers provide agents or services that
carry out comparison pricing; therefore, the customer can easily
find me cheapest price. For this reason, it is important that in e-
retailing one sets up a competitive pricing
structure. Next, when one looks at the variety of goods, one here
needs to consider very carefully whether you are setting up a
specialized e-store or an e-department store. If you are setting up
a specialized e-store, then you need to gain access to the specific
target group of customers you are interested in because they can
travel so easily in cyberspace to reach you. When one looks at
profit margin and turnover, generally profit margins per item
tend to be lower with e-retailing, and so turnover must be higher.
Lastly, if one examines profitability one finds that this is still
important with the e-stores, but in recent times the share price of
the e-store appears. to have assumed more importance in the eyes
of investors. However, in the long run, profitability will assume
more importance.

There are several models for e-retailing and these include
 Specialized e-store
 Generalized e-store
 E-mall
 Direct selling by the manufacturer
 Supplementary distribution channel
 E-broker
 E-services

The first class of model what we mention in e-retailing was the
specialized e-store and here you can distinguish between two
different kinds of specialization. The more traditional
specialization along product lines and specialization by function
(which we discuss later). When you have specialization by product
line, essentially you have a store that decides to pick one particular
product line, say books, flow-ers, CDs, clothes, and sells only this
particular product line. It may also choose to position itself in a
particular part of the product line, e.g. clothes; it could choose to
position itself at the very
expensive end of the market selling brand names _ Gucci and
Armani. Alternatively it could do more mass marketing by selling


non - brand names at a much lower price, or it could go into
discount selling. So, you. can have a specialization by product line,
and then you could have specialization -positioning within that
product line to cater for a particular part of the marker. In contrast
to this, a new kind of specialization is emerging on the internet, as
mentioned. earlier, namely specialization by function. A good
example of this is lastminute.com In lastminute.com they sell
gifts, travel tickets, and other items
for last minute shoppers who want to purchase these items at a
very short notice. Generally, when one purchases an item at a very
short notice (e.g. travel), he often pays a premium, which is an
extra amount for the convenience of booking the travel at the last
minute. Now, this means that the air ticket is likely to cost much
more than if he had purchased it some time before traveling and
made use of different discounts or promotions. The producers
of the web site lastminute.com realized that there are groups of
customers who make these purchases at the last minute and feel
some degree of angst at having to pay the premium for doing this
shopping at the last minute.
On the other hand, you will find that you may have sellers, e.g.
airline companies, that have empty seats at the last minute which
they are unable to fill. So, what lastminute.com does is bring
together travelers who want to book at the last minute and an
airline which has got spare capacity at the last minute, and allow
the former to buy from the latter at the last minute. In this
situation, the purchaser may get his airline ticket at a reduced price.
So, there is a win-win situation for both the purchaser and the
seller. This is a unique kind of specialization. It is very difficult to
do this unless one utilizes the internet to carry out this kind of
specialization.

The next category of e-retailing models that we intend to look at
is generalized e-stores. Generalized e-stores sell a large number of
product lines rather than con-fining themselves to just one or a
very few product lines.

The next e-retailing model we consider is the e-mall. In an e-mall,
cyberspace is rented out to cyber e-stores that wish to sell their
goods. This store could be a specialized or generalized e-store. So,
several product lines can be present. in a single e-mall. However,
unlike the generalized e-store which is under a single unified
management, in an e-mall, each store is under its own management.
E-mall management is responsible only for creating the cyber sites
that can be rented and can support services and marketing of the
mall. It, thus, provides a web hosting service. Several e-malls also
provide software tools,
which can be utilized by a prospective e-store to create and maintain
it_ e-store. The advantage for an e-store is that it is grouped
together with other stores in a well-known e-mall site and,
therefore, is likely to pick up visitors to the mall.

A number of manufacturers with well-known brand name
products have chosen to use the internet to carry out direct selling
via the internet. One. of the best known here is Ford,which utilizes
the internet to achieve direct selling but uses its dealer network to
facilitate distribution and delivery. The other well -known examples

are Cisco systems and Dell computers. Note that this approach 6. An on-line customer salesperson, “who” can help customers
permits mass customization to meet customer preferences. This to navigate through the site.
direct selling by the manufacturer has an important 7. An order status checking facility, which is a useful feature
disintermediation effect leading to reduced costs to the end before submission.
customer and increased profitability to the manufacturer.
8. The use of Forums (collaborative purchasing circles) to create
A note of caution is important here. By and large, this approach a customer community and thus increase “stickiness.”
can be used by manufacturers of well-known brands of products
because the customer already knows the pro-duct. 
When one examines e-retailing, one can distinguish between two
Secondly, the manufacturer must have a thorough understanding trends, namely Technologies that help you see and experience the
of customer preferences, otherwise he has to rely on the customer product better, e.g. virtual reality, Java 3D, etc. Technologies that
knowledge of a retailer. help you not to see at all but use an intelligent agent (or mobile
 agent) that does all the shopping tasks for you.
This class of e-retailers is essentially an extension of the notion of 
a broker from the physical to the cyber world. A broker is an E-retailing essentially consists of the sale of goods and services.
intermediary who Sometimes we refer to this as the sale of tangible and intangible
 may take an order from a customer and pass it on to a goods.
supplier The benefits of e-retailing to the customer include
 may put a customer with specific requirements in touch with
 convenience
a supplier who can meet those requirements
 better information
 may provide a service to a customer, such as a comparison
between goods, with respect to particular criteria such as  competitive price
price, quality, etc.  customization
Thus, brokers provide comparison shopping, order taking and  shopping anyWhere, anytime
fulfillment, and services to a customer. That is the reason why A summary of the benefits to the e-retailer are
they are sometimes referred to as electronic intermediaries.  global reach
 There are several different models for electronic brokers  better customer service
and these include:
 low capital cost
 Brokers that provide a registration service with directory,
search facilities, e-payment facilities, and security-related  mass customization
facilities. Any business can register with such an e-broker (e.g.  targeted marketing
anewshop.com).  more value-added services
 Brokers that meet a certain requirement such as a fixed price  new forms of specialized stores and niche marketing
(e.g.Priceline.com). The key success factors for traditional retailing are
 Brokers that provide comparison shopping between  size
products (e.g. mySimon.com or bestbooksbuy.com).The last
 number of outlets
model i.e. E-services is discussed in the next lecture.
 visibility

Now that we have reviewed different models for e-retailing and  location
examined several e-retailing web sites, we are in a position to  store atmosphere
distill some of the most important features, and these include  store layout
1. The provision of an on-line catalog, which allows one to  price
browse through different categories of goods. Thus, it is  variety of goods
dynamic and linked with order process.
 profit margins
2. The provision of a search engine, which is a very important
 turnover
feature that does not exist in traditional retailing.
3. The provision of a shopping cart, which allows convenient There are several models for e-retailing and these include
goods selection. An ability to provide an automatic price  Specialized e-store
update.  Generalized e-store
4. Personalization of store layouts, promotions, deals, and  E-mall
marketing.  Direct selling by the manufacturer
5. The ability to distribute digital goods directly. Thus, these  Supplementary distribution channel
goods can be downloaded instantly.
 E-broker
 E-services


 

1. How do you differentiate between traditional and E
retailing?
2. What are the benefits of E retailing for a customer?
3. Discuss various success factors for traditional retailing.
4. What is the difference between an electronic distributor and
e-broker?
5. Is Internet Commerce always global? When does it become
regional?
6. Which business model was more successful: generalized e-
brokers or specialized e-stores?




 
 


 Introduction
 Various E-services
 Various Web enabled services
 Summary
 Exercise

After this lecture the students will be able to:
 Describe the e-services offered through the Internet
In the previous lecture we discussed about e-retailing, its
advantages and disadvantages and the various models of e-retailing
one of which was e-services which we will discuss
today. This delivery of services via the internet to consumers or
other businesses can be referred to by the generic term of e-services.
There is a wide range of e-services currently offered through the
internet and these include banking, loans, stock trading, jobs and
career sites, travel, education, consultancy advice, insurance, real
estate, broker services, on-line publishing, and on-line delivery of
media content such as videos, computer games, etc.This list is by
no means exhaustive and it is growing all the time. In this lecture,
we will give an overview of e-services.
In order to bring some order to the discussion of these wide
variety of e-services, we organize them into the following categories,
namely
1. Web-enabling services, which were previously provided by
humans in office agencies and/or their branches. The
primary purpose here is that these services help to save time
and effort for the user, bring convenience, and improve the
quality of life. In many cases, it can result in a reduced cost
for the consumer. E-services that fall into this category
include
 Banking
 Stock trading
 Education
In some cases, this may bring a new dimension to the original
service, enhancing and altering it. E-education is an example of
this. It may also bring into the catchments new groups of
consumers of the service to whom it might not have been
previously accessible.
2. Matchmaking services. These take a need from an
individual or business customer and provide mechanisms
(from providers) for matching that need. E-services that fall
into this category include
 Jobs and employment sites
 Travel
 Insurance


 Loans including mortgage loans
 Real estate sales
 Brokers
The advantage of this kind of matchmaking through the internet
is that the ability to search electronically over a wider area to satisfy
the customer need and to more precisely meet the customer need
is greatly facilitated by both computerization and communication
over the internet.
3. Information-selling on the web. This group essentially sells
information content of one sort or another and includes e-
commerce sites that provide · on-line publishing such as
web-based newspapers
 consultancy advice
 specialized financial or other information
4. Entertainment services. These provide internet-based access
to videos, movies, electronic games, or theme sites. This e-
entertainment sector is expected to grow rapidly in the next
few years, with a convergence of TV and internet-based
technologies.
5. Specialized services such as auctions. Many different
auction sites have appeared and these are discussed further in
this lecture. It is not possible to discuss all the different e-
services in this lecture and so we will briefly sample only a
few examples for each category.

As mentioned in the last section, web-enabled services include
personal banking, stock trading, and education. We discuss each
of these in turn briefly in the next few subsections.

Security First Network Bank (SFNB; www.sfnb.com/)was the first
internet bank. It provides most of the banking services on the
web. Therefore, you can do your banking with your fingers instead
of your feet. Looking at e-banking, we can distinguish between
twp distinct models:
1. Pure cyberbanks
2. Traditional banks that provide e-banking to complement
their retail banking
SFNB. is a pure cyberbank, while the homepage of Bank of
America (www.bankofamerica.com) illustrates the second model.
While not all banks offer the full range of services on the internet,
banks in both the aforementioned groups offer a varied range of
services including
1. personal banking
2. commercial banking for both small businesses and large
corporations
3. financial services

4. loan application services
5. international trade including settlement instruments, foreign
exchange transactions, etc.
There are significant advantages for both the individual or
corporation as well as the bank in using e-banking. An individual
doing personal banking on the internet can, amongst other things,
pay bills, do account transfers, make queries on account balances,
obtain statements, in some cases view images of checks, etc., and
import transactions directly into home account management
software. Furthermore, one can make such transactions 24 hours
a day from any place with internet access around the world.
In addition to these, a number of banks offer personal financial
services including making personal loan applications on the
internet. All these represent a large increase in convenience and
time saving for the bank customer, saving him trips to the bank
branch, queuing, etc.
The advantages to the banking institutions themselves include
1. reduction in the number of retail banking branches, saving
rentals or ownership of the related properties.
2. reduction in staffing because of the reduction in paper
processing as well as face-to-face bank teller contact.
3. bringing about increase in the time the bank hangs on to the
money before making the required transfers, leading to
increase in interest received by the banks.
These advantages are so significant that some banks offer
customers a number of incentives to -switch to internet banking,
such as free checks, reduced fees, increased deposit rates, etc.

Several companies such as E-Trade (www.etrade.com). Datek.on-
line, American Express Financial Services, etc. allow you to trade
stocks, bonds, mutual funds, etc. on the internet. These companies
offer you to trade at a very small cost compared to discount brokers
or full-service brokers. This has resulted in these on-line trading
companies grabbing an increasing market share. In response to
this, discount brokers including Charles Schwab and full-service
brokers have also moved to introduce internet trad-ing of stocks.
The steps involved essentially are the following:
1. place a request to trade, say buy a stock
2. the system responds with current “on the web site” prices
3. the internet trader has to confirm this trade or cancel it
Several companies allow one to create a simulated portfolio, which
one watches over time without actually buying or selling the stocks
in reality. An example of this can be found on the Smart Money
site (www.smartmoney.com).
The major advantages to the person doing the trading are
1. the reduced cost;
2. the convenience of being able to trade anywhere in the world
with internet access, e.g. while traveling; and
3. access to a wide variety of information on a number of sites.
In addition to actually allowing you to trade, these sites provide a
considerable amount of information. The reduction in margins
available to stockbrokers as a result of internet trading is beginning
to have an effect on other more traditional forms of brokers. This


has led to some traditional brokers also providing internet trading
of stocks.

A number of e-universities are being spawned around the world.
Again, three models can be seen:
1. Pure cyber universities, such as Jones International University
(http://www. jonesinternationa1.edu) .
2. Traditional universities setting up new cyber vehicles for
providing university education perhaps. with other business
partners. An example of this the Hong Kong CyberU
.(www.hkcyberu.com.hk;) which was set by the Hong Kong
Polytechnic University and Pacific Century CyberWorks.
3. Traditional universities offering courses themselves on the
internet. There are a number of web-based technology tools
for this purpose. An example is Web CT.
A number of so called “open universities” that previously provided
distance learning have moved into providing an internet-based
version of their courses. These traditional universities have a
number of advantages. They can now reach a client base that is
outside their catchment. They also expect to be able to deliver
these courses at a reduced cost; however, the jury is still out on
this. Another advantage a traditional university has on the internet
over a new pure cyber university is that it has an established brand
name. There are a variety of issues that need to be explored carefully
when preparing to deliver educational material on the internet and
these include the following:
1. Does one use a distance learning model where the student
uses a PULL model to acquire the material?
2. Does one use a traditional lecture model using video
streaming? This is a PUSH model whereby a teacher
“pushes” the materials to the students.
The use of the ‘internet for education opens up many possibilities,
namely use of quizzes, tests to provide the student with instant
feedback on his/her mastery of the materials, use of graphics and
animation to explain concepts, particularly those that have a
dynamic character to them. It is anticipated that the internet will
not only lead to cyber universities of one kind or another but will
also have a marked. effect on teaching and learning in traditional
universities.
One among some of the innovations that are being explored is
the joint teaching by two universities on different continents in
order to enhance the learning experience.

This has perhaps been the area in which there has been the greatest
growth in e-services. Essentially, in most of these applications,
the customer who could be an individual or business specifies his
requirements in relation to the service. The e-commerce site then
does a search over its own databases or over the internet using
mobile agents, or over other databases or web sites to look for
one or more matches to these requirements. The information is
then returned to the e-service provider site to give the customer
the required service.


Before the internet, one might have gone along to a travel agent in
order to book one’s travel requirements such as air tickets, train
tickets, car hire, hotel, tours, etc. The travel
agent would try his best to meet these requirements by providing
information regarding schedules, pricing, promotions, as well as
suggestions on changes to de itinerary. These bookings could be
for individuals or corporations involving corporate rates, etc. A
large number of e-commerce sites have appeared, which address
this precise market segment. These include trip.com travelweb.com,
and priceline.com. These web sites work in exactly the same way.
When a customer provides h..: requirements, these sites do a
search of their own databases or send agents our _ explore other
web sites and respond to the consumer. Amongst the requirement
that the customer could specify is an acceptable price. A number
of sites, such as priceline.com, require that provided the price
specified is met, the customer cannot refuse the offer found. These
e-commerce sites are beginning to grab an increasing part of the
travel market. They are attractive to consumers because
of the convenience, the ability to meet requirements such as
specified prices, and in some cases like lastminute.com, a special
customer need (i.e” booking at the last minute). These travel sites
often also have a lot of information on promotions, suggestions,
etc., which are useful for customers. These ecommerce sites are
having a strong “disintermediation” effect. Disintermediation
refers to the removal of intermediaries such
as travel agents from the process involved in the purchase of the
service. A recent increasing trend has also seen the primary provider
of a service such as an airline introducing internet based booking
at reduced prices, further emphasizing the disintermediation effect.

There are several different kinds of services provided here, namely
1. sites where you can get advice on developing your resumes
and can post your resumes on the web
2. recruiters who use the web site to post available jobs, such as
Hot jobs (www.hotjobs.com) or Jobdirect
3. employers who list available jobs on the web sites
4. matchmaking facilities that search the internet for jobs for
jobseekers based on a specification, such as
www.monster.com
5. matchmaking facilities to search the internet for resumes that
best fit a job description given by a prospective employer use
of agents to do the search
These approaches of using the internet for e-employment or e-
jobs avoid many of the costs and difficulties associated with
traditional approaches to advertising, such as high cost, limited
duration, and minimal information.

In some areas, such as real estates e.g., (www.realestate.com). The
visualization ‘(3D’ facilities provided on the web allow one to
either
 show visualizations of buildings at the drawing board
stage,or
 allow people distant from the physical site of building to
actually visualize it


This area of matchmaking and brokering services is expected to
grow greatly in the near future with e-commerce sites exploiting
new market niches. This is also an area with the greatest likelihood
of disinter mediation, and traditional agents or brokers will have
to build new dimensions to their services in order to survive.

These e-commerce sites sell information of one kind or another.
There are a number of distinct business models varying from
subscription only, mixed subscription/advertising, and fee for
service for each access. They also often provide some information
free. Sites also frequently provide free information to attract
customers to their web site, and then make their money on the
transactions the customer carries out on their web site.The kind
of information that is provided on the web varies greatly with.
sites specializing in different areas such as
1. investment information like
 stock evaluation (www.marketguide.com;)
 investor information (www.investorguide.com)
 Mutual funds (www.morningstar.net)
 General information (www.money.com)
2. resume-writing for jobs (www.resumelink.com)
3. contracts for jobs (www.ba.jobs.contract)
4. financial advice, planning, and counselling
5. mortgage information (www.mortgagenet_com)
The categories of information sold and the number of sites selling
it are too numerous to enumerate here. In order to view such
sites, go to a search engine and type in the category of advice you
ate interested in and a number of sites will be listed, some of
which offer free information and some of which will charge.

This is expected to be a growing area of e-commerce in the future.
A number of companies are gaining access to or have purchased
large inventories of movies or other entertainment material with
the view of allowing people to download this on the web. Sites
here vary from theme sites that use a small amount of interactive
entertainment to promote their products, such as Disney, to others
that provide games either for a fee or are free coupled together
with advertising that pays for the site. An important issue here is
that the payments involved are relatively small for each transaction,
and hence the use of micro payment techniques is likely to be of
considerable importance here.

The use of auctions in the real world is used by sellers to achieve
the best possible price for items that they wish to sell. The essential
idea is that the seller puts up the items for sale but does not give
a fixed price for it. The item is then subject to a series of bids until
a bid is established that is acceptable or the time duration for the
auction expires, and the item is sold. The whole process is
conducted by somebody called an auctioneer. There are several
different types of auctions, the most common ones being an
increasing bid auction (English auction), a decreasing bid auction
(Dutch auction), and a price quantity pair auction.
Auctions found their way onto the internet as early as 1995. In
this section, we will briefly discuss these ‘web-based electronic

auctions’. Increasing bid auctions on the internet are sometimes
referred to as forward auctions. Essentially, here the seller puts
up an item for sale and specifies an acceptable minimum price or
reserve price that he is willing to accept. The item is then posted
on the auction site together with the minimum price and the
bidding is kept open for a specified period. During this period,
potential buyers bid for the item and the latest high bid is displayed
(but not the identity of the bidder). When the specified period
lapses, the highest bidder is required to purchase the item at the
bid price. There are clearly defined rules for the auction site that the
bidder and the seller of the item are required to adhere to. In the
decreasing price option, or reverse auction, the seller puts up an
item for sale at a high price. The price of this item is
progressively reduced until a potential buyer accepts the bid and
the items are then deemed to have been sold to the buyer. The
third option has potential buyers making a bid for a certain quantity
of an item at a certain price and sellers offering to sell a given
quantity at a specified price. The buyer’s bids are progressively
increased and seller’s “asking” price progressively decreased until
matching bids are obtained and the requisite quantity is then
deemed to have been sold to the buyer at the right bid price.
We will divide this brief discussion of auctions into two types
1. C2C auction sites
2. B2B auction sites
3. C2C auction sites
C2C auction sites essentially involve a customer selling an item to
another customer through an auction site. These auction sites can
be
1. Generalized auction sites
2. Specialized auction sites
3. Agent-based auction supporting sites
Generalized auction sites like eBay (www.ebay.com). Auction
Universe, etc. will allow a customer to put up many different
kinds of items for sale on the auction site. eBay has a forward
auction facility.
An example of a decreasing bid auction site is Klik klok, which
auctions gold and jewellery. In contrast to the general auction
sites, one can have some sites specializing in the auction of a
particular class of items. Thus, Bid.com only deals with refurbished
computers while Coin Universe (www.coinuniverse.com;) only
deals with coin auctions.
The third class of auction related services are agent-based services
or search engines that will allow a buyer to specify an item, and the
mobile agent or search engine would then visit relevant new sites
returning information on where the item can be found. An
example of this is www.usaweb.com.

There are basically three models for these B2B auction sites.
1. Use of a liquidation broker to sell excess items. In this case,
the liquidation broker is essentially a third party auction site
that does the auctioning for you;
2. Use of your own web site to auction items.
3. Use of the auction facility on a virtual market site that one is
a participant in to auction excess inventory. These approaches


will be increasingly used by businesses, particularly if they are
dealing with perishable commodities.

 The e-commerce sites sell information of one kind or
another like investment information, resume-writing for
jobs, contracts for jobs, financial advice, planning, and
counseling, mortgage information.
 A number of companies are gaining access to or have
purchased large inventories of movies or other
entertainment material with the view of allowing people to
download this on the web
 Auction sites are basically of two types: C2C auction sites
and B2B auction sites
 C2C auction sites essentially involve a customer selling an
item to another customer through an auction site. These
auction sites can be Generalized auction sites, Specialized
auction sites and Agent-based auction supporting sites
 There are basically three models for these B2B auction sites:
Use of a liquidation broker to sell excess items, Use of your
own web site to auction items, Use of the auction facility on
a virtual market site that one is a participant in to auction
excess inventory.
 The delivery of services via the internet to consumers or
other businesses can be referred to by the generic term of
services
 We organize e-services into the following categories, namely
Web-enabling services, Matchmaking services, Entertainment
services, Specialized services such as auctions
 Web-enabled services include personal banking, stock
trading, and education
 Matchmaking Services include Travel services, E-
employment and e-jobs

1. How do you find E-education to be better than the
traditional one?
2. What are the advantages of E banking?
3. How reliable is the E trading?
4. Explain B2B and C2B auction.

 

 (www.sf.net)
1.1 The standard port assigned to the https service (HTTP over 1.7The development of an online Supply Chain Integration
SSL) is: system would be best classified as:
a. Port 80 a. A B2C e-Commerce initiative
b. Port 25 b. A B2B e-Commerce initiative
c. Port 443 c. A B2E e-Commerce initiative
d. Port 8080 d. A B2C, B2B and B2E e-Commerce initiative
1.2 A domain name server (DNS) performs the following 1.8 An example of a B2E system is:
function(s): a. A Content Management System
a. Resolves IP Addresses into Domain Names b. A Supply Chain Integration System
b. Resolves Domain Names into IP Addresses c. A Web Search Engine
c. Both a. and b. d. A Knowledge Management System
d. Neither a. nor b. Answers:
1.3 The following digital internet links (or bearers) are listed in 1.1 C
order of increasing maximum capacity (or “bandwidth”) – 1.2 C
(smallest to largest):
1.3 A
a. PSTN (56k Dial-up), ISDN, ADSL, HDSL
1.4 A
b. ADSL, OC-3, HDSL, PAPL
1.5 B
e. ISDN, PSTN (56k Dial-up), ADSL, OC-3
1.6 A
f. PAPL, OC-3, HDSL, OC-12
1.7 B
1.4 The four phases of the Rational Unified Process (RUP) are:
1.8 D
a. Inception, Elaboration, Construction, Transition
b. Proposal, Planning, Construction, Transition
c. Inception, Elaboration, Transition, Release
d. Proposal, Construction, Transition, Inception
1.5Which of the following are all elements of a typical Project
Specification Document (PSD) produced in Phase 2 of the
simplified process (SP) ?
a. Project Description, Proposed Site Map, UML Diagrams,
Interface Definitions
b. Project Description, Actor Definition, Use Case Definition,
Proposed Site Map
c. Actor Definition, Use Case Definition, Detailed Test Cases,
UML Diagrams
d. Version Control, Project Description, Code Snippets,
Detailed Test Cases 1.6 From your knowledge of B2C
business models, a good example of a B2C Web

a. A search engine, such as Google (www.google.com)
b. An online newspaper, such as The Sydney Morning Herald
(www.smh.com.au)
c. An online community, such as Slashdot (www.slashdot.org)
d. A collaborative software development site, such as
SourceForge


 
 


 organizations that exchange data can, with relative ease, agree a
 Introduction format that meets their mutual needs. As the network of exchanges
 Technical elements of an EDI develops then the number of organizations needing to be party
to the agreement grows.
 EDI Standards
To illustrate this, assume a network of three customers (say
 Summary
supermarkets) ordering goods from four suppliers (food
 Exercise manufacturers), see Figure 8.1.

After this lecture the students will be able to:
 Understand details of the technical elements of an EDI
system:
 EDI Standards
EDI as discussed before stands for Electronic Data Interchange.
This is one of the applications of E Commerce which makes
Business to Business transactions possible over a network.
Electronic data interchange (EDI) is a technology poised for
explosive growth in use as the Internet provides an affordable
way for businesses to connect and exchange documents with
customers and suppliers of any size. EDI is the electronic exchange
of business documents, data, and other information in a public-
standard format. It cuts the cost of managing
business-to-business transactions by eliminating the need for
labor-intensive manual generation and processing of documents.
In this lecture we will discuss the EDI standards, the EDI networks
and the EDI software that interfaces these two elements and the
business applications. These elements together with the EDI
Agreement are covered in detail in this lecture.
Let’s start with EDI Standards.
 Fig. 8.1 Interchanges between Customers and Suppliers.
At the heart of any EDI application is the EDI standard. The The network in Figure 8.1 has 12 separate interchanges. It is unlikely
essence of EDI is the coding and structuring of the data into a that each of these exchanges would have its own format but it is
common and generally accepted format -anything less is perfectly possible that each customer would have developed its
nothing more than a system of file-transfers. Coding and own standards (giving each supplier three separate standards to
structuring the documents for business transactions is no easy cope with). It is also possible that new exchanges added to the
matter. There have been a number of EDI standards developed system will have requirements not envisaged when the data
in various industry sectors or within a specific country and there formats were originally agreed; this would require a change to the
are complex committee structures and procedures to support them. existing standard or the introduction of an additional standard.
The overall picture is one of unnecessary complexity and
Following on from the various sectorial and national EDI
incompatibility.
standards is the United Nations (UN) EDI Standard:
EDI standards overcome these difficulties. The EDI standard
EDIFACT. This is the standard that should be adopted for any
provides, or attempts to provide, a standard for data interchange
new EDI application.
that is:
Now the question arises why we require EDI standards? EDI
 Ready formulated and available for use;
provides an electronic linkage between two trading partners.
Business transactions are output from the sending  Comprehensive in its coverage of the data requirements for
any given transaction;
computer system, transmitted or transported in electronic format
and input into the second, receiving computer system. The  Independent of hardware and software;
computer systems that exchange data need a common format;  Independent of the special interest of any party in the
without a common format the data is meaningless. Two trading network.


 
EDI Standards provide a common language for the interchange
of standard transactions.
Most of the work on EDI standards has been concerned with the
interchange of trade documentation and financial transactions
but the principle applies to any interchange where the data can be
systematized and codified. EDI standards are used for the
interchange of information as diverse as weather station readings
and school exam results.
Now let’s see how the various standards evolve.

 Evolution of EDI Standards
The first EDI standards evolved from the formats used for
file transfer of data between computer applications. The
evolution of EDI standards can be seen as having three
stages (although in practice it was and is somewhat more
complex than that):
1. The first formats that might properly be called EDI were
developed by organizations that had to process data from a
large number of customer organizations. The data recipients
set the standard and the customers conformed to it.
2. The concept of EDI as an application independent
interchange standard evolved and several industry sector and
/ or national standards bodies developed EDI standards to
meet the needs of a specific user community.
3. The requirements of international and cross sector trade
meant that the sector and national standards were becoming
an impediment to the further development of electronic
trading. EDIFACT was developed, under the auspices of the
United Nations (UN), as a universal standard for commercial
EDI.

An example of an early EDI application in the UK was the BAGS
system:
BACS was and is a consortium of the major banks that provides
an automated clearing service for the transfer of money between
bank accounts. Many organisations that made a
significant number of payments (including the pay-roll) use this
service.
Users of the BAGS system recorded the information they would
have printed as cheques on a computer file in accordance with the
format required by BAGS. The data was then sent to BAGS where
the payments were processed without the delay, expense and risk
of paper documents and manual data input.
The use of the system was made much easier by the availability,
for most types of computer, of standard software that output
the payment data in the required format.
In the early days the computer file would be recorded on a magnetic
tape and couriered to the BAGS headquarters. Subsequently an
online submission facility was added to the service.

The use of EDI on systems such as BAGS and the more general
use of online systems demonstrated the potential of EDI for the
exchange of general business documents. A number of trade
sector organizations understood this potential and developed


EDI formats for use in their sector. Some of the more notable
examples are:

An EDI format developed for, and widely used in, the European
motor industry. ODETTE stands for the Organisation for Data
Exchange by Teletransmission in Europe. ODETTE was predated
by VGA, a standard developed, and still used, by the German
motor industry. The motor industry is planning to move from
VGA and ODETTE to EDIFACT when the standards are stable
and their requirements are fully met.
One problem they have is that the EDIFACT standard, with its
wider application and more bureaucratic procedures, is slower to
react to evolving needs than is the case with the sector based
ODETTE standard.

A UK EDI standard for general trade developed by the ANA
(Article Numbering Association) in 1982. TRADACOMS evolved
to become the predominate UK EDI standard with widespread
application in the retail and catering trades (this was in the late
1980’s / early 1990’s when Britain accounted for half the European
EDI activity). Other European countries also developed their own
standards for retail / general trade; examples of such standards
are SEDAS in Germany and GENCOD in France. TRADACOMS
and the other national standards mentioned here are looking to
evolve to, or convert to EDIFACT - a slow process given the
investment in the existing standards.
(The ANA is the body responsible for the allocation and
administration of the product codes used for the bar codes on
grocery and other items -product coding has an important role to
play in EDI systems).

EDI in North America developed with differing standards in the
various business sectors. Examples of such standards are UCS
for the grocery industry and ORDERNET for the
pharmaceutical trade (Sokol, 1989). Electronic trade had developed
rapidly in North America and the problems of cross sector trade
were becoming apparent. The problem was taken up by the
American National Standards Institute (ANSI) and X12 was
developed as a national standard with the aim of replacing the
various sector standards.

As already outlined, EDI developed in closed user communities
within trade sectors and / or national boundaries. The use of
sector and national standards for this type of trade was
satisfactory. However, as electronic trade developed to cover wider
trading relationships there is a growing problem of trade between
organisations using different EDI standards.
In addition to the problem of cross sector trade there is a desire to
use EDI for international trade. This (sensibly) requires a common
format for the exchange of the standard business forms (order,
invoice, etc.) between organisations in differing countries.
International trade also requires a great deal of additional
documentation for shipping, customs authorities, international
credit arrangements, etc. - all of this is potentially electronic and
obviously a common format is very desirable. To facilitate this

cross sector and international development of EDI the EDIFACT instance the order date or the buyers name and address. Each
standard has been, and is being, developed. EDIFACT message specifies a great number of data segments
EDIFACT is the United Nations standard of Electronic Data and individual data segments may be .components of a number
Interchange for Administration, Commerce and of messages. The users of the message select the data segments
Transport.The EDIFACT standard was born, in the mid-1980s that are applicable to their particular needs.
out of a United Nations Economic Commission for Europe Data segments are, in turn/made up of tag and a number of data
(UNECE) committee and is supported by the Commission of items. The tag identifies the data segment and the data elements
the European Union. give the codes and / or values required in the document (message).
Underlying the EDIFACT initiative are various UN attempts to The data elements include the codes and values for items such as
standardize on trade documentation. These specify, for example, date and address code but they are frequently used in combination
standards for the layouts of invoices (a provision of some with type or qualifier data items to specify the format of the data
importance for organisations processing many hundreds, of and its use; for instance a date could be the order date and be in
invoices from numerous sources). Notable amongst the standards eight digit century format. The requirement to use data elements
documentation is the UN Trade Data Element Directory, a subset together forms a composite data element. This structure of the
of which forms the EDIFACT Data Element Directory. EDIFACT message is shown in Figure 8.2. The function groups
have been omitted; these are an intermediary level between the
EDIFACT effectively assumed a world role when the Americans
interchange and the message but they are not normally
accepted it as the world standard (while retaining their own ANSI
implemented.
X12 standard for domestic use in the short term):
The acceptance by the North Americans of EDIFACT as the
international standard was somewhat surprising. ANSI had done
a lot of development work on the X12 standard and
EDIFACT was, at that time, essentially a European standard.
Since 1988 the use of EDI has been vigorously promoted by the
European Union (EU) through its TEDIS programme. TEDIS
has promoted EDI through sectorial organisations but has also
emphasised intersectorial trade. EDIFACT is seen as the common
standard and as vital for electronic trade within the ‘single market’
- funds have been made available for industry sectors to change
from their existing EDI standard to EDIFACT.
EDIFACT has been adopted as the EDI standard of choice by
countries and sectors new to EDI. In Europe, countries such as
the Netherlands, Denmark and Norway have been noted for their
recent development of EDI with EDIFACT as the predominate Fig. 8.2 EDIFACT Structure Chart (Simplified).
standard. Electronic trade is also developing outside Europe and

North America; Australia and Singapore have been much written
The EDI standard provides the common format for the message
about with EDIFACT being the standard of choice. The
but just as important is the ability to correctly interpret the data
importance of a single international standard has been recognised
held within that format. Data in computer systems normally has
by many sectors currently using their own EDI standards. Many
a code as a key. Computer systems have codes for customers,
sector and national standards are been replaced or are ‘evolving’
suppliers, products and so on. For EDI it is preferable to send the
towards the EDIFACT standard -included in this process are
codes rather than the associated names, addresses and descriptions.
ODETTE, TRADACOMS and ANSI X12, a development already
The use of codes cuts down the size of the transmitted message
mentioned above.
and, provided the codes are mutually agreed, they can be used to
 match the appropriate records in the receiving computer system.
The EDIFACT standard, like all other EDI standards, is about

the exchange of (electronic) documents - for EDIFACT each
For the grocery and general retail trade there are standard systems
document type is referred to as a message. For trade purposes the
of coding. These are used for bar codes on merchandise and to
documents include order, dispatch advice, invoice, payment order
identify address points within the participating organisations; they
and remittance advice.For transmission purposes EDIFACT
are also used in EDI messages. The two main systems are:
messages are sent in an electronic envelope known as an
interchange. Note this is the data standard and is separately defined  EAN European Article Number
from any enveloping requirement of the transmission protocol.  UPC Universal Product Code (American)
Within that interchange there may well be a number of messages. The coding systems are administered by the national Article
Messages equate to the trade documents and order and invoice are Numbering Associations (ANA). These organizations have also
prime examples. been closely involved in the development of EDI; the British
The messages themselves are made up of a series of data segments. ANA developed the Tradacom EDI standard that was discussed
Data segments encode a single aspect of the trade document, for earlier in this chapter.


 
The EAN and the UPC systems are similar. The EAN is a 13 digit
code with a two digit country code whereas the UPC is a 12 digit
code with only a single digit for the country. The makeup of the
EAN code is shown in Figure 8.3.
Fig. 8.3 EAN Coding System.
The check digit calculation, for the product code, uses a modulus
10 algorithm. This is calculated by multiplying alternative digits,
of the code, by 1 and 3 respectively. The results of these
multiplications are summed and the check digit is the difference
between that sum and the next highest multiple of 10, see Figure
8.4.
Fig. 8.4 EAN Checkdigit Calculation.
For very small items, eight digit (EAN-8) codes can be allocated.
This is so that the smaller bar code can be printed on individual
items.
The EAN code in the example above is a product code for a 420
gram tin of Heinz Baked Beans. Each Heinz product has the
same manufacturers’ prefix but a different item code allocated by
the company, for example:
Baked Beans - 420 gram tin: 50 00157 00171 9
Cream of Tomato Soup - 300 gram tin: 5000157 00207 5
Baked Beans - 205 gram tin: 50 00157 00023 1
In the EDI Order message these codes can be used in the order
line, e.g. the line: LIN+1++5000157001719:EN’ EAN address
point codes are used in EDI messages to identify the sender and
receiver of the message. Address point codes are similar to the
product code; the country and manufacturer’s prefix are the same
as for the companies products but the check digit calculation differs
for the two usages. The sender of the order may wish to specify a
number of locations, for instance an order, in addition to the
buyer and supplier, might identify: The Delivery Point - the


warehouse where the goods will be delivered; The Invoice Point -
the head office where the invoice is to be sent.
The EDIFACT order message provides for up to 20 name and
address segments (NAD) to be sent in an order.

EAN codes are appropriate for ordering branded products. They
are not applicable where the requirement is for a generic product.
This circumstance may not arise when baked beans are ordered
(we all tend to have our preferences for a particular brand) but the
order might be for:
 A generic product, e.g. red biros (any old red biros), or
 A commodity product, e.g. sheet steel or paper.
Product coding in these circumstances is either agreed between
customer and supplier or there is an agreement on an industry
sector basis. The paper and board trade is one such industry where
coding conventions have been agreed -to specify grams / sq. cm,
direction of fibre, size of sheet, etc. Coupled with such a convention
is the need for an understanding of the ‘pack quantity’. It is
unfortunate if an order for 1,000 sheets of paper is interpreted as
an order for 1,000 reams (and it has happened!).

 The essence of EDI is the coding and structuring of the data
into a common and generally accepted format -anything less
is nothing more than a system of file-transfers.
 The first EDI standards evolved from the formats used for
file transfer of data between computer applications.
 An example of an early EDI application in the UK was the
BAGS system
 To facilitate the cross sector and international development
of EDI the EDIFACT standard has been, and is being,
developed. EDIFACT is the United Nations standard of
Electronic Data Interchange for Administration, Commerce
and Transport

1. What do understand by EDI standards?
2. What are the full forms of the following:
 EDIFACT
 ODETTE
 ANA
 EAN
 UPC
3. Explain EDIFACT standard.

 


 Taking the trading network shown at Figure 12.1, the postbox
 Introduction and mailbox arrangement of the VADS would be as shown at
 EDI Network Figure 9.1.
 Summary
 Exercise

After this lecture the students will be able to:
 Understand details of the technical elements of an EDI
system:
 EDI Networks
After discussing about EDI standards and coding let’s see how
the transmission of electronic data takes place and what are the
requirements for this electronic transmission.

The EDI standard specifies the syntax for the coding of the
electronic document, it does not specify the method of
transmission. The transmission of the electronic document can
be: Fig. 9.1 VADS – Postbox and Mailbox Files.
 A magnetic tape or diskette that is posted or dispatched If Sava store, for example, needed to place orders for bread, meat
using a courier service. and vegetables then it formats an EDI interchange containing a
number of orders for those three suppliers. The sequence of
 A direct data communications link.
events would then be:
 A value added data service (VADS), also known as a value
 Sava Store establishes a com munication link to the VADS
added network (VAN).
system. Sava Store makes extensive use of the system and
The physical transfer of magnetic tape or diskette is one way of has a leased line communications link.
transmitting EDI messages. However, one of the advantages of
 The VADS computer system inspects postboxes, unpacks
EDI is speed of transmission and this is hardly facilitated by the
the interchanges, moves any available messages (orders in
physical transportation of the diskette or tape. For this, and other
this case) to the mailbox of the intended recipients and
reasons, this way of transmitting EDI is declining in popularity.
repackages them as new interchanges. The inspection of
The use of direct data communications links is the second postboxes is frequent and, to all intents and purposes, the
possibility. It can be appropriate for trading relationships where interchanges are immediately available to the recipient.
there are large data volumes or where there are only one or two
 The users of the system establishes a communication link
trading partners involved. It does, however, have a number of
to the VADS system at their convenience. Best Bread is the
complications. It presumes that the trading partners agree
first user of the system to come online, in this case the
transmission times, protocols and line speeds – requirements
communications link is a dial-up line.
that become complex when there are several trading partners, some
of them involved in a number of trading relationships. The final  Best Bread inspects its mailboxes for new interchanges. On
possibility is the use of a VADS. These can provide a number of finding the order from Sava Store (and possibly further
facilities but the essential is the use of postboxes and mailboxes interchanges from other customers) it causes them to be
to provide ‘time independence’ and ‘protocol independence’. The transmitted to its own order processing system.
facilities of a VADS are further discussed in the following sections. The EDI interchange is then available for processing in the user’s
application. See Figure 9.2 for a diagram of this interchange taking
 place.
The basic facility of a VADS is a post and forward network. This
network is centered on a computer system with communications
facilities. For each user of the system there are two files:
 The postbox - where outgoing messages are placed.
 The mailbox - where incoming messages can be picked up.


 

Fig. 9.2 VADS – Example Interchange.
The post-box / mailbox system is also referred to as a ‘store and
forward’ system. The two principle advantages of such a system
are:

The sending and receipt of the interchange are synchronous. The
two processes can be carried out at the convenience of the users
involved. The first user may send all its EDI transmissions, to all
its trading partners, in a single batch, at the end of its overnight
processing run. The individual interchange can then be picked up
by the trading partners, at their individual convenience.

The type of communications link to be used is an option available
to each user of the VADS system. Low volume users will probably
opt for a dial-up modern link whereas high volume users may
well use a leased line or a packet switching network. The VADS
supplier makes available a wide variety of communications facilities
and has the ability to handle a range of protocols. The transmission
protocol envelope is stripped off incoming interchanges leaving
just the EDI interchange. Interchanges are then re-enveloped with
the transmission protocol appropriate to the recipient when they
are retrieved from the mailbox.

A number of organizations have set out to provide VADS. The
basic and most important facility of the VADS is the postbox /
mailbox provision. There are, however, a number of further
facilities that can be made available; some or all of them may be
provided by any particular VADS provider.

An established EDI VADS will have a large number of clients all
with an interest in electronic trade. There is a tendency for
organisations in a particular trade sector to concentrate on one
particular VADS (there are instances of formal agreements between
a trade sector organisation and a VADS). Joining the appropriate
VADS can ease access to new electronic trading partners.

A VADS facilitates trade between partners that subscribe to the
same VADS but not between partners that might be using different
VADS services - not infrequently organisations have joined more
than one VADS to overcome this problem. A number of the


VADS have made inter-network agreements that provide for the
passing of interchanges between them.

Many VADS are nationally based with a single computer service
providing the switching service - a set-up that is appropriate for
domestic trade. A number of the VADS’s are part of international
organisations or have alliances with VADS’s in other countries
thus facilitating international trade.

A commonly expressed concern by EDI users is the privacy of the
system and the security of their messages (a concern that can seem
exaggerated given the relative insecurity of the postal system that
EDI might be replacing).Privacy provisions will normally include
user-id / password protection, of postboxes and mailboxes. The
setting up of a trading relationship can also be under user control
with both users required to enter the appropriate control message
before the exchange of message can take place. The EDI message
can also be encrypted or can include an electronic signature
(provisions that are not dependant on the VADS).
Security will be built into the VADS system - it is important to the
users and to the reputation of the VADS that messages are not
lost. The service must also be reliable - the VADS should have an
appropriate hardware and software configuration so that it can
ensure the continuous availability of its service.

Users of the VADS would normally have control over the retrieval
and retention of messages in their mailbox. New messages can be
called off selectively or in total. Once a message has been called off
it will be marked as no longer new but it can still be retained in the
mailbox (and it is worthwhile making use of this facility until the
message is secure in the users system).
As part of its service provision the VADS may well have a message
logging facilities. This provides an audit trail of when the message
arrived in the VADS, when the recipient retrieved it and when it
was eventually deleted. A useful provision should messages be
lost - the result of an enquiry is normally to prove a fault in one of
the users systems / procedures rather than any fault in the operation
of the VADS.

A number of VADS will provide a service that validates EDI
messages for conformance with the chosen EDI standard and
returns an invalid interchange. This service is optional and normally
incurs an extra charge.
 
VADS, despite their alternative name of Value Added Network
are message switching services, not network services. The cost of
the connection from the user to the VADS can be reduced by
using a local access node or a packet switching service. The time
independence provided by the VADS gives the user the option
of accessing the service when cheap rate telephone charges apply.

The VADS is a commercial organisation and charges for its services.
The charges tend to be a combination of :
Subscription A monthly or annual subscription.

Usage charge:A charge for the number of characters transmitted.
Differing VADS apply these charges in differing combinations - in
theory a user could select the VADS with the charging structure
that gave it most advantage - in practice users choose the VADS
already used by their trading partners. For the Pens and Things
example, the VADS that is most likely to be adopted is that already
used by Packaging Solutions.

Network providers tend to have considerable experience in EDI
and an interest in promoting its widespread adoption. Most
VADS providers supply (or sell) EDI software that provides for
easy access to their own network. These VADS providers will also
provide consultancy and training - the basic provision concerns
the use of the software and the network but there can also be
consultancy on the business use of EDI within the organisation.

 Electronic Data Interchange is one of the applications of E
Commerce which makes Business to Business transactions
possible over a network.
 EDI standards are required so that the computer systems
can exchange data in a common format.
 EDIFACT is the United Nations standard of Electronic
Data Interchange for Administration, Commerce and
Transport.
 VADS stands for Value Added Data Services. The basic
facility of a VADS is a post and forward network which is
Time and Protocol independent. VADS is also known as
VAN (Value Added Network).

1. What do you understand by the term VADS.
2. Discuss the security issues in EDI
3. What do you understand by the term EDI?
4. Write the full form of the following:
 EDI
 EDIFACT
 VADS
 VAN



 
 

Question 1 The choice of User Interface (UI) model is an b. Some suggested responses:
important element in defining the Human-Computer  Complex networks – not linear, not always uni-directional,
Interface between the user and the system. From materials quadratic linkages
presented in lectures and your own knowledge of the field;
 Variable Demand – forecasting not precise, build to order
a. Identify and describe three User Interface (UI) models. The (BTO) vs build to stock (BTS) approaches
models may be in widespread use, or may be emerging
technologies.  Production Processes Uncertain – labour market issues
 Supply Dependent on External Organisations – suppliers
b. Compare and contrast the three models you have identified.
as partners,preferential treatment issues
Focus upon the relative strengths and weaknesses of each
model. Describe whether any identified limitations can be  Organisation structure and its effects on Supply Chain
overcome. If so, how? Management (or SCM) – SCM cuts across the whole
organisation, but business often structured by departments
 (silo approach). Need to restructure to best support SCM.
User Interface (UI) Models
 Design for Manufacture – “postponing” or “deferring”
a. Look for:
customisation/product differentiation until last point in the
 Punch card interfaces (historical) manufacture cycle.
 Command Line Interfaces c. Integrated Supply Chain Management
 Menu-driven interfaces Key concept to look for is the idea of “addressing the efficiency of
 Graphical User Interfaces the whole supply chain, not just one component”, “improving
whole supply chain”.
 Object Oriented UI’s


“ISCM addresses the efficiency of the entire end-to-end supply
 Speech recognition systems chain, not just the efficiency of individual elements. By taking a
 Haptic interfaces “whole” rather than “sum of parts” approach (a systems level
 Immersive environments (or Virtual Reality, or Augmented approach) to the problem, ISCM can assist all organisations in the
Reality systems) supply chain with the issues of Strategic Planning, Demand
Planning, Supply Planning and Production Planning. ISCM brings
b Basic keywords to look for are:Quick, simple, low network
all organisations in the chain closer together and gives partner
bandwidth, low network latency, difficult for new/
organisations visibility to the manufacturing and timing horizons
inexperienced users, keystroke-intensive, emphasises/
of all elements in the supply chain, thereby allowing production
supports recognition over recall (Menu-driven and GUI
and throughput across the entire chain to be optimized to achieve
systems, not CLI), inefficient for repeated tasks, etc.
large efficiency gains”.
Question 2: Business to Business (B2B) e-Commerce systems
are now being adopted by businesses to reduce the cost of
procurement activities and to achieve more efficient supply
chain integration between suppliers and customers.
a. Define the term “supply chain” and explain the concept.
b. Identify and describe three challenges faced by businesses
attempting to manage their supply chains.
c. How does the “Integrated Supply Chain Management”
(ISCM) approach help businesses increase the efficiency of
the supply chain ?

Business to Business (B2B) Systems and SCM
a. A sample response:“A supply chain is a network of
companies that work together to design, produce,deliver and
service an end-product”.Look for “network” and “work
together” and words that indicate the whole cycle eg “design,
produce, deliver” etc


 
 


 Introduction
 EDI Implementation
 Summary
 Exercise

After this lecture the students will be able to:
 Understand details of the technical elements of an EDI
system:
 EDI Implementation
Now we will discuss the physical implementation of VADS. EDI
in the Internet.
Recently a number of organisations have started using the Internet
as an EDI VADS. Using the Internet provides the basic store and
forward facilities but not necessarily the other features of a VADS
service that are listed above. Security and reliability are two of the
major concerns, unlike the traditional VADS, the Internet does
not guarantee the safe delivery of any data you send into it. The
plus side of using the Internet is that it is cheaper than any of the
commercial networks that provide specific EDI VADS services.

The final technical element of the EDI system is the EDI software.
If a company is to send an order from its production control
system to Packaging Solutions it needs to code that order into the
agreed EDI standard and ‘squirt’ it into the chosen VADS. To
pick up the order at the other end, Packaging Solutions has a
similar need to extract the data from the network and to decode
the data from the EDI message into its order processing system.
The coding / decoding of the EDI message and the interfacing
with the VADS is normally achieved using EDI Software. The
overall picture is summarized in Figure 10.1.
Fig. 10.1 Sending an order using EDI Software.

The EDI software is normally bought in from a specialist supplier.
There are a number of software houses supplying EDI solutions
or the EDI software may come from: · A major trading partner -


the trading partner may supply the software or recommend a
third party supplier.
 The VADS supplier.
 As part of application package, e.g. packaged software for
production control, order processing or accounting may
include EDI software as an integral feature or as an optional
module.
 A third party. An example of this is that a number of banks
provide EDI solutions that include the collection of and
accounting for electronic payments. Obtaining EDI software
from an ‘interested’ party has both advantages and
disadvantages. If the software is, for example, bought from
the VADS supplier then, hopefully, there would not be any
problem interfacing with the chosen network but using an
additional VADS or switching to a new network supplier
may be more problematic.
The basic functions of the EDI Software are the two already
outlined, namely:
 Coding business transactions into the chosen EDI Standard;
 Interfacing with the VADS.
Many EDI software suppliers provide additional functions.These
may include:
 A trading partner database integrated into the EDI
Software.This can provide for code translation (e.g. internal
customer codes to a trade sector standard code) and / or for
the specification of the EDI requirements of each trading
partner;
 Support of multiple EDI Standards. The selection of the
appropriate standard may be determined by the trading
partner database;
 Sophisticated facilities to ease the formatting of internal
application data to and from the EDI Standard. ‘Drag and
drop’ interfaces are available for this purpose. Various EDI
Software suppliers have associations with the large suppliers
of business applications (production planning, order
processing, etc.) and provide standardised interfaces to those
packages;
 Facilities for transactions to be sent by fax or e-Mail to
customers that do not use EDI. The identification of such
customers may be determined by the trading partner
database;
 Interfacing with a variety of EDI VADS (including the
Internet). The selection of the appropriate VADS may be
determined by a trading partner database;
 The option to encrypt the EDI Message;
 Facilities for the automatic acknowledgement of the EDI
message;

 Message tracking and an audit trail of messages sent and
received;
 Direct input and printed output of EDI transactions
allowing free standing EDI Operation-in effect the EDI
system provides the service of a fax machine.
EDI Software is available on a variety of platforms from the basic
PC up to a mainframe system. As with all classes of software the
price varies: the basic PC packages starting at (say) 500 pounds
sterling / 800 US dollars and the price then goes up from there for
the larger machines, additional facilities and services such as
consultancy. For some EDI software the support of each standard
and / or VADS is an additional plugin that is paid for separately.
Yearly maintenance charges, that include updates as the new
versions of the EDI Standards are released, tend to be quite hefty.
At the top of the range is the concept of an EDI Corporate
Interface. This software, often mounted on its own, mid range,
machine acts as a central clearing house for all the e-Commerce
transactions of a large organisation. The external interfaces can
link to several EDI VADS’s and translate to a variety of EDI
Standards to meet the needs of a large number of trading partners.
The internal interfaces can link to a number of business systems
such as order processing and accounts payable, possibly systems
that are replicated across the various divisions of the organisation.
The system can also be used for intra organizational transactions
- if the interface for external customers and suppliers uses EDI,
why not use the same interfaces for trades between divisions of
the organisation.

EDI software will do its job well at a relatively modest price. What
pre-packaged EDI software cannot do is automatically integrate
with the business application and a comprehensive solution to
this requirement can take a lot of time and cost a lot of money.
The simple way to implement EDI is not to link the EDI software
and the applications - a set-up sometimes referred to as EDI-Fax
or EDInterruptus. This is, a course, followed by
many organisations when they first start and persisted with by
many small organisations who are only ‘doing EDI’ because a
large trading partner has told them to. In this mode of operation:
 Incoming EDI messages are printed out from the EDI
software and then manually keyed into the business
application that they are intended for;
 Outgoing EDI messages are extracted from the business
application and typed into the EDI software for formatting
and onward transmission.
The use of EDI in this way ensures that the transactions get
through quickly (hence the term EDI-Fax) but it rules out any of
the other advantages of using EDI. For full integration of the
business application and the EDI Software there needs to be an
interface to transfer data from the business application to the EDI
software and vis a versa. To ease this process, most EDI software
provides for a ‘flat file’ interface. If the data to be sent is (say) an
order then the business application can be modified so that:
 The supplier record in the order processing system has an
indicator to say that its orders are to be sent via EDI;


 The order print run is modified so that orders for EDI
capable suppliers are not printed;
 An additional run is included to take the orders from the
EDI capable suppliers and format the data onto the flat file;
 The flat file is accessed by the EDI software and, using user
supplied parameters, the order data is formatted into the
required EDI standard and posted into the VADS.
The reverse process is used for incoming EDI messages. This will
involve the creation of a batch input routine to run in parallel with
the online facilities utilized by most business
applications. The additional worry with incoming EDI messages
is validation. For orders, invoices and any other data manually
input into a business application there will be (or should be)
comprehensive primary and secondary validation built into the
system and there is a human operator there to deal with any
queries.
For EDI messages there will not be any input errors at the receiving
end but there is(normally) no guarantee that the data sent by the
trading partner is correct or acceptable. Arguably the EDI routines
taking input messages need all the same validation checks as the
equivalent manual input routines and there needs to be procedures
for correcting the problems or informing the trading partner and
getting them to transmit a corrected message.

Once the EDI system is set-up it, like any other data processing
systems, needs careful and systematic operation. A big difference
between electronic transactions and their paper equivalents is that
with electronic transactions there is no paperwork to fall back on
should anything go wrong. In these circumstances, therefore, it is
sensible to keep a security copy of all incoming transactions -
preferably in their EDI format as soon as they enter the system.
This then gives a fall-back position should any data be lost or
corrupted and is an aid to the diagnosis of any problems.
The second aspect to EDI operation is how often should the
system be run. EDI has been implemented, in part at least, to cut
down transaction cycle time and there is no point in reintroducing
unnecessary delays. For many organisations a daily download from
the mailbox and processing run is sufficient - however, this is not
entirely satisfactory if the daily run is timed for an hour before a
major trading partner sends out their daily orders. In some
circumstances, such as just-in-time manufacture in the vehicle
assembly business, cycle times can be as short as one hour and
obviously order processing needs to be very frequent / real-time.

WebLogic Integration provides an EDI sample application that
demonstrates how WebLogic Integration with the EDI Connect
for WebLogic Integration add-on can be used to exchange EDI
purchase-order information over a VAN. In the sample application,
a supplier trading partner uses the EDI integration functionality
of WebLogic Integration to connect to a buyer over a VAN.
The interactions between the buyer and supplier occur in the
following sequence:
1. A buyer trading partner submits an EDI purchase order,
over a VAN to the supplier.

2. The EDI-to-XML transformation engine bundled with
Power.Server! converts the purchase order to XML.
3. The XML document triggers a business process in the
supplier application. The business process generates an XML
purchase order acknowledgment.
4. The supplier forwards the acknowledgment to the
transformation engine which converts it to EDI, and then
forwards it over a VAN to the buyer.

 A number of organisations have started using the Internet
as an EDI VADS
 Unlike the traditional VADS, the Internet does not
guarantee the safe delivery of any data you send into it
 The plus side of using the Internet is that it is cheaper than
any of the commercial networks that provide specific EDI
VADS services.
 The coding / decoding of the EDI message and the
interfacing with the VADS is normally achieved using EDI
Software
 For full integration of the business application and the EDI
Software there needs to be an interface to transfer data from
the business application to the EDI software and vis a versa.
A big difference between electronic transactions and their paper
equivalents is that with electronic transactions there is no paperwork
to fall back on should anything go wrong. In these circumstances,
therefore, it is sensible to keep a security copy of all incoming
transactions

1. How do you achieve coding\decoding EDI messages in
VADS?
2. How secure is the EDI VADS in delivery of the data




 
 


 Introduction
 EDI Agreement
 EDI security issues
 Summary
 Exercise

After this lecture the students will be able to:
 Understand details of the technical elements of an EDI
system:
 EDI Agreements
 EDI Security
After discussing how the EDI is being implemented it is clear that
a large organization that processes many electronic transactions is
going to need its own EDI set-up. There are, however, many
small companies that are dragged into EDI trade by a large trading
partner but for who the set-up and running costs of an EDI
facility would outweigh the benefits. For these organizations there
are a number of alternatives as discussed below:

 The low cost, PC based, free-standing EDI facility.
 Making use of an EDI clearing house. To do this the
company contract for their EDI messages to be sent to a
clearing house who decode them, print them out and then
post or fax them on. The British Post Office is an example
of an organisation that provides this service.
 Internet access via a clearing house. This is an update on the
EDI-Post service outlined above where a clearing house is
used but the inward and outward transactions are
transmitted between the end user and the clearing house and
accessed by the client using a standard web browser.
As you know setting up an EDI system requires a lot of discussion
with trading partners. Manual systems rely a lot on the
understanding of the people involved; when these interchanges
are automated there is no understanding between the machines -
they just do what they are told (well they do on a good day!).
The introduction of EDI may also be part of a wider process of
business processing re-engineering that makes the effective
operation of the supply chain much more crucial to successful
business operation. Traditional logistics had buffer stocks in the
factory’s parts warehouse or the retailer’s regional depot and stock
room. In just-in-time manufacture and quick response supply
these buffer stocks are eliminated - this reduces the capital
employed and avoids the need to double handle goods. Without
these buffer stocks the EDI systems become crucial -the orders
need to be delivered on time or cars will be made


with missing wheels and there will be no cornflakes on the shelves
in the supermarket. Hence to achieve a successful, electronically
controlled supply chain, businesses have to talk. They need to
agree the nature of the business that is to be done electronically,
the technical details of how it is to be undertaken and the procedures
for resolving any disputes that arise.

The appropriate way to document the details of a trading
arrangement between electronic trading partners is an EDI
Interchange Agreement. The agreement makes clear the trading
intentions of both parties, the technical framework for the
transactions and the procedures to be followed in the event of a
dispute. The EDI Agreement is a document, normally on paper,
and signed by both trading partners before electronic trading
begins. The first requirement of the agreement is to establish the
legal framework. This has a special significance as most business
law relates to paper based trading and how that law should apply
to the less tangible form of an electronic message is not always
clear (although a number of countries are updating their legal
provisions to take account of electronic trade). This point is made
in the commentary that is included in the European


‘For EDI to be a successful alternative to paper trading, it is essential
that messages are accorded a comparable legal value as their paper
equivalent when the functions effected in an electronic environment
are similar to those effected in a paper environment, and where all
appropriate measures have been taken to secure and store the
data.’


The parties, intending to be legally bound by the Agreement,
expressly waive any right to contest the validity of a contract
effected by the use of EDI in accordance with the terms and
conditions of the Agreement on the sole grounds that it was
effected by EDI.’And the agreement also specifies:
 The point in its transmission and processing at which a
message will be deemed to be legally binding - the usually
accepted standard is that the ‘document’ achieves legal status
when it arrives at the receiving party, the ‘reception rule’.
 The timescale for processing EDI massages. One purpose
of EDI is to speed up the trade cycle and this is not achieved
if messages are not reliably processed within an agreed
timescale.
 The time that copies of the message will be retained (a
default of three years is provided for by the EU-IA but
many member states require longer periods, e.g. seven or ten
years).

 The procedure for settling any disputes. The EU-IA
suggests a choice between arbitration by a named
organisation, e.g. a chamber of commerce appointed
arbitration chamber, or by recourse to the judicial process.
 The legal jurisdiction in which, any disputes should be
settled. In addition to the legal (or legalistic) aspects of the
agreement it is important to specify the technical
requirements. These requirements include:
 The coding systems that will be used for identifying entities
such as organisations and products and attributes such as
quantities.
 The EDI standard that is to be employed and, within that,
the messages and data segments that will be used. Updating
of message standards as new versions are released is an issue
that also needs to be covered.
 The network that is to be used - including details of
scheduling and protocol where a post and forward network
is not to be employed.
Model agreements are available from various parties, including
trade organisations, and references to example agreements can be
found on the web pages that accompany this book.
Another major issue of concern is the privacy and security of the
messages and their exchange. Let’s discuss how to protect the data
while it is being transferred from one place to another.

The first point is to ensure that interchange of messages is reliable.
In the first instance this is a matter of procedures at both ends of
the trading agreements. Procedures, rigid procedures, are required
to ensure that all the processes are run and that they reach their
successful conclusion - an old-fashioned requirement called ‘data
processing standards’. Procedures are particularly important where
operations are manual (as opposed to being controlled by job
control programs (JCP) run under the appropriate operating
system). Particular attention is needed if the EDI software is run
on a separate machine (say a PC) and the application software
operates in a mainframe or similar environment; it is vital that all
the data received on the EDI machine is passed to and processed
(once only!) on the mainframe and that outgoing data is reliably
processed in the reverse direction.


EDI Standards include controls designed to protect against errors
in, and corruption of, the message. The sort of thing that is
provided is for segment counts in the message and message counts
in the interchange.

Transmission protocols include protection, such as longitudinal
control totals, to detect any data corruption that occurs during
transmission. Where corruption is detected the network system
occasions a retransmission without the need for outside
intervention.



Where there-is concern that the transmission might be intercepted
and modified it can be protected by a digital signature. This is
designed to ensure that the message received is exactly the same as
the message sent and that the source of the message is an
authorized trading partner.

Where the contents of the message are considered sensitive the
privacy of the message can be protected, during transmission, by
encrypting the data.

One potential problem is that the recipient of the message might
deny having received it; the electronic equivalent of the idea that
the unpaid invoice must have got ‘lost in the post’.
One way out of this is to use the receipt acknowledgement
messages (see below) but the other alternative is a ‘trusted third
party’. The ‘trusted third party’ can be the VADS supplier or, if
you don’t trust them, some other organisation. The role of the
third party is to audit trail all transactions (a role the VADS provider
is ideally positioned to fulfill) and to settle any dispute about
what messages were sent and what messages were received.
One aspect of security provided for by the EDI standard is the
receipt acknowledgement message. This is a transaction specific
message sent out by the receiving system to acknowledge each
message, order or whatever. Trading partners that use receipt
acknowledgement messages need to be clear about the level of
security (guarantee) implied by the receipt of the acknowledgement.
The EDI acknowledgement message can be:
 Automatically generated by the EDI Software (Physical
Acknowledgement). It informs the sender that the message
has arrived but there is no guarantee that it is passed to the
application for processing or that it is a valid transaction
within the application.
 Coded into the application to confirm that it is in the system
for processing.
 Produced by the application once the message is processed to
confirm that the message was valid and possibly to give
additional information such as stock allocation and expected
delivery date (Logical Acknowledgement).
The need for security in an EDI system needs to be kept in
proportion; after all EDI is very probably replacing a paper based
system where computer output orders, without signatures, were
bunged in the post and eventually manually keyed in by an order
entry clerk. Transmission and EDI message controls are automatic.
Checks over and above that all come at a cost; encryption and
digital signatures both require extra software and procedures;
message acknowledgements require additional software to generate
the message and to match it to the original transaction on the
other side of the trading relationship. EDI orders and invoices
for regular transaction of relatively low cost supplies do not justify
too heavy an investment in privacy and security – if an extra load
of cornflakes arrives at the supermarket distribution centre it ca be
sorted out on the phone and the error will probably be in the
warehouse, not the EDI system (whatever the supplier tells the
customer!).

EDI payments require more care; normally the payment transaction 5. What are the required features of a desirable B2B EC
is sent to a bank (with its own procedures) with the payment platform?
advice being sent to the trading partner. The overall facilities for 6. To what extent, do current B2B solutions meet the required
EDI privacy and security are summed up in Figure 11.1
features?



Fig. 11.1 EDI Privacy and Security

The overall EDI technical setup is summarized in fig 11.2

Fig 11.2 EDI summary


 There are number of alternatives instead of setting own
EDI setup like the low cost, PC based, free-standing EDI
facility, making use of an EDI clearing house, Internet access
via a clearing house.
 The appropriate way to document the details of a trading
arrangement between electronic trading partners is an EDI
Interchange Agreement
 The security aspects in EDI are Controls in the EDI
Standards, Controls in the Transmission Protocol,
Protection against Tampering, Privacy of Message,
Nonrepudiation

1. List four elements of an EDI system
2. List the transaction types that take place between trading
partners that seem suitable for EDI implementation.
Suggest some communications that would not be suitable
for this technology.
3. Describe the advantage of Internet-based EDI over
traditional EDI.
4. How do companies eliminate the potential limitations and
risks associated with Internet-based EDI


 
 


  Home banking (e.g., bill payment)

 Introduction 
 Types of Electronic Payment Systems
 Credit cards (e.g., VISA or MasterCard)
 Types of digital tokens
 Private label credit/debit cards (e.g., J.C. Penney Card)
 Discuss E-Cash
 Charge cards (e.g., American Express)
 Summary

 Exercise
 Token-based payment systems
 Electronic cash (e.g., DigiCash)
After this lecture the students will be able to:
Electronic checks (e.g., NetCheque)
 Understand what is an Electronic Payment System
Smart cards or debit cards (e.g., Mondex Electronic Currency Card)
 Describe e-cash as one of the Electronic Payment Systems
 Credit card-based payment systems
All of you might have heard the term “ Electronic Payment”. As
the name is suggesting it means making payments electronically Encrypted credit cards (e.g., World Wide Web formbased
i.e. through computer and telecommunication components. encryption) Third-party authorization numbers (e.g., First Virtual)

 
700BC Earliest coins produced in western Turkey to pay

mercenaries or taxes.
Electronic payment systems are proliferating in banking, retail,
health care, on-line markets, and even government-in fact, anywhere 1400 First banks open, in Italy and Catalonia, honoring
money needs to change hands. Organizations are motivated by checks against cash reserves.
the need to deliver products and services more cost effectively and 1694 The Bank of England opens, creating deposits on the
to provide a higher quality of service to customers. This section - principle that not all deposit receipts will be presented
will briefly describe the pertinent developments in various for redemption simultaneously. The bank
industries to provide an overall picture of electronic payment monopolizes the issuing of bank notes.
systems of the past and present. A timeline showing the evolution
1865 A sample of payments into British banks shows, that
of payment systems is presented in Table 12.1.
97 percent are made by check.
Research into electronic payment systems for consumers can be
1887 The phrase credit card is coined in Looking Backward, a
traced back to the 1940s, and the first applications-credit cards-
novel by Edward Bellamy.
appeared soon after. In the early 1970s, the emerging electronic
payment technology was labeled electronic funds transfer (EFT). 1880-1914 Heyday of the gold standard as major currencies are
EFT is defined as “any transfer of funds initiated through an pegged to gold at fixed rates.
electronic terminal, telephonic instrument, or computer or magnetic 1945 Bretton Woods agreement links currencies to gold via
tape so as to order, instruct, or authorize a financial institution to their fixed parities with the U.S. dollar.
debit or credit an account.” EFT utilizes computer and 1947 Flatbush National Bank issues first general purpose
telecommunication components both to supply and to transfer credit card, for use in select New York shops.
money or financial assets.
1950 Diners Club Charge Card introduced mid 1950s The
Transfer is information-based and intangible. Thus EFT stands development of magnetic ink character recognition
in marked contrast to conventional money and payment modes (MICR), facilitating more timely processing of checks,
that rely on physical delivery of cash or checks (or other paper sealed the check’s standing as the preferred noncash
orders to pay) by truck, train, or airplane. Work on EFT can be payment option.
segmented into three broad categories:
1958 BankAmerica, in Fresno, California, executes the first
 mass mailing of credit cards.
 Large-scale or wholesale payments (e.g., bank-to-bank 1967 Westminster Bank installs first automated teller
transfer) machine at Victoria, London, branch.
 Small-scale or retail payments (e.g., automated teller machines 1970 The New York Clearing House launches CHIPS the
and cash dispensers) Clearing House Interbank Payments System-which
provides U.S.-dollar funds-transfer and transaction
settlements on-line and in real time.


 
late 1970s Chemical Bank launches its Pronto system providing
3000 computer terminals to customers’ homes linked
to its central computers bv telephone.
It offers a range of facilities: balance inquiries, money transfers
between Chemical Bank accounts, jind bill payments to selected
local stores.The stumbling block for first-generation home
banking systems in general was who is to pay for the terminals at
home.
1985 Electronic data interchange (EDI) extensively used in
bank-to-bank payment systems.
1994 Digital cash trials by DigiCash of Holland conducted
on-line.
1995 Mondex electronic currency trials begin in Swindon,
England.
Table 12.1 Timeline of Innovations in Payment Systems
Let’s discuss various types of Electronic payment systems.
Firstly we will have a look on “Electronic Tokens”.
Digital Token-Based Electronic Payment Systems
None of the banking or retailing payment methods are completely
adequate in their present form for the consumer oriented e-
commerce environment. Their deficiency is their assumption that
the parties will at some time or other be in each other’s physical
presence or that there will be a sufficient delay in the payment
process for frauds, overdrafts, and other undesirables to be
identified and corrected. These assumptions may not hold for e-
commerce and so many of these payment mechanisms are being
modified and adapted for the conduct of business over networks.
Entirely new forms of financial instruments are also being
developed. One such new financial instrument is “electronic
tokens” in the form of electronic cash/money or checks.
Electronic tokens are designed as electronic analogs of various
forms of payment backed by a bank or financial institution. Simply
stated, electronic tokens are equivalent to cash that is backed by a
bank.

1. Cash or real-time. Transactions are settled with the
exchange of electronic currency. An example of on-line
currency exchange is electronic cash (e-cash).
2. Debit or prepaid. Users pay in advance for the privilege of
getting information. Examples of prepaid payment
mechanisms are stored in smart cards and electronic purses
that store electronic money.
3. Credit or postpaid. The server authenticates the customers
and verifies with the bank that funds are adequate before
purchase. Examples of postpaid mechanisms are credit/
debit cards and electronic checks.
The following sections examine these methods of on-line
payment. But we must first understand the different viewpoints
that these payment instruments bring to electronic commerce.
Here are four dimensions that are useful for analyzing the different
initiatives.
1. The nature of the transaction for which the instrument is
designed, Some-tokens are-specifically designed to handle


micro payments, that is, payments for small snippets of
information. Others are designed for more traditional
products. Some systems target specific niche transactions;
others seek more general transactions. The key is-to identify
the parties involved, the average amounts, and the purchase
interaction.
2. The means of settlement used. Tokens must be backed by
cash, credit, elec-tronic bill payments (prearranged and
spontaneous), cashier’s checks, lOUs, letters and lines of
credit, and wire transfers, to name a few. Each option incurs
trade-offs among transaction speed, risk, and cost. Most
transaction settlement methods use Credit cards, while
others use other proxies for value, effectively creating
currencies of dubious liquidity and with interesting tax, risk,
and float implications.
3. Approach to security, anonymity, and authentication.
Electronic tokens vary in the protection of privacy and
confidentiality of the transactions. Some may be more open
to potentially prying eyes-or even to the participants
themselves. Encryption can help with authentication, non
reputability, and asset management.
4. The question of risk. Who assumes what kind of risk at
what time? The tokens might suddenly become worthless
and the customers might have the currency that nobody will
accept. If the system stores value in a smart card, consumers
may be exposed to risk as they hold static assets. Also
electronic tokens might be subject to discounting or
arbitrage. Risk also arises if the transaction has long lag times
between product delivery and payments to merchants. This
exposes merchants to the risk that buyers don’t pay-or vice
versa that the vendor doesn’t deliver.
Let’s discus Electronic cash (e-cash) which is a new concept in on-
line payment systems because it combines computerized
convenience with security and privacy that improve on paper cash.
Its versatility opens up a host of new markets and applications.
E-cash
presents some interesting characteristics that should make it an
attractive alternative for payment over the Internet.

E-cash focuses on replacing cash as the principal, payment vehicle
in consumer-oriented electronic payments. Although it may be
surprising to some, cash is still the most prevalent consumer
payment instrument even after thirty years of continuous
developments in electronic payment systems.
Cash remains the dominant form of payment for three
reasons:
(1) lack of trust in the banking system,
(2) inefficient clearing and settlement of non-cash transactions,
arid
(3) negative real interest rates paid on bank deposits.
These reasons seem like issues seen primarily in developing
countries. Not true. Even in the most industrialized countries,
the ratio of notes and coins in circulation per capita is quite large
and is estimated to range from $446 to $2748. Consider the
situation in two of the most industrialized nations in world: the

United States and the United Kingdom. In the United States,
there supposedly was about $300 billion of notes and coins in
circulation in 1992. Interestingly, this .number is not shrinking
but growing at approximately 8 percent per year. Deposits by
check are growing by only 6 percent per year. It has been reported
that in the United Kingdom about a quarter of all “spontaneous”
payments over 100 pounds sterling are still made with cash. For
payments under five pounds sterling, the percentage is 98 percent
. The predominance of cash indicates an opportunity for innovative
business practice that revamps the purchasing process where
consumers are heavy users of cash. To really displace cash, the
electronic payment systems need to have some qualities of cash
that current credit and debit cards lack. For example, cash is
negotiable, meaning it can be given or traded to some-one else.
Cash is legal tender, meaning the payee is obligated to take it. Cash
is a bearer instrument, meaning that possession is prima facie
proof of ownership. Also, cash can be held and used by anyone
even those who don’t have a bank account, and cash places no risk
on the part of the acceptor that the medium of exchange may not
be good.
Now compare cash to credit and debit cards. First, they can’t be
given away because, technically, they are identification cards owned
by the issuer and restricted to one user. Credit and debit cards are
not legal tender, given that merchants have the right to refuse to
accept them. Nor are credit and debit cards bearer instruments;
their usage requires an account relationship and authorization
system. Similarly, checks require either personal
knowledge of the payer or a check guarantee system. Hence, to
really create a novel electronic payment method, we need to do
more than recreate the convenience that is offered by credit and
debit cards. We need to develop e-cash that has some of the
properties of cash.

Of the many ways that exist for implementing an e-cash system,
all must incorporate a few common features. Specifically, e-cash
must have the following four properties: monetary value,
interoperability, irretrievability, and security.
E-cash must have a monetary value, bank authorized credit, or
a bank-certified cashier’s check. When e-cash created by one bank is
accepted by others, reconciliation must occur without any problems.
Stated, another way, e-cash without proper bank certification carries
the risk that when deposited, it might be returned for insufficient
funds.
E-cash must be interoperable-that is, exchangeable as payment
for other e-cash, paper cash, goods or services, lines of credit,
deposits in banking accounts, bank notes or obligations, electronic
benefits transfers, and the like. Most e-cash proposals use a single
bank. In practice, multiple banks are required with an international
clearinghouse that handles the exchange-ability issues because all
customers are not going to be using the same bank or even be in
the same country.
E-cash must be storable and retrievable. Remote storage and
retrieval (e.g., from a telephone or personal communications
device) would allow users to exchange e-cash (e.g., withdraw from
and deposit into banking accounts) from home or office or while
traveling. The cash could be stored on a remote computer’s memory,


in smart cards, or in other easily transported standard or special-
purpose devices. Because it might be easy to create counterfeit cash
that is stored in a computer, it might be preferable to store cash on
a dedicated device that cannot be altered. This device should have
a suitable interface to facilitate personal authentication using
passwords or other means and a display so that the user can view
the card’s contents. One example of a device that can store e-cash
is the Mondex card-a pocket-sized electronic wallet.
E-cash should not be easy to copy or tamper with while being
exchanged; this includes preventing or detecting duplication and
double-spending. Counterfeiting poses a particular problem, since
a counterfeiter may, in the Internet environment, be anywhere in
the world and consequently be difficult to catch without
appropriate international agreements.
Detection is essential in order to audit whether prevention is
working. Then there is the tricky issue of double spending. For
instance, you could use your e-cash simultaneously to buy
something in Japan, India, and England. Preventing double
spending from occurring is extremely difficult if multiple banks
are involved in the transaction. For this reason, most systems rely
on post-fact detection and punishment. Now we will see the
concept of Electronic Cash actually works.

Electronic cash is based on cryptographic systems called “digital
signatures”. This method involves a pair of numeric keys (very
large integers or numbers) that work in tandem: one for locking
(or encoding) and the other for unlocking (or decoding). Messages
encoded with one numeric key can only be decoded with the other
numeric key and none other. The encoding key is kept private and
the decoding key is made public. By supplying all customers (buyers
and sellers) with its public key, a bank enables customers to decode
any message (or currency) encoded with the bank’s private key. If
decoding by a customer yields a recognizable message;” the
customer can be fairly confident that only the bank could have
encoded it. These digital signatures are as secure as the mathematics
involved and have proved over .the past two decades to be more
resistant to forgery than handwritten signatures. Before e-cash can
be used to buy products or ser-vices, it must be procured from a
currency server.

The purchase of e cash from an on-line currency server (or bank)
involves two steps:
(1) establishment of an account and
(2) maintaining enough money in the account to back the
purchase.
Some customers might prefer to purchase e-cash with paper
currency, either to maintain anonymity or because they don’t have
a bank account. Currently, in most e-cash trials all customers must
have an account with a central on-line bank. This is overly restrictive
for international use and multi-currency transactions, for customers
should be able to access and pay for foreign services as well as local
services. To support this access, e-cash must be available in multiple
currencies backed by several banks. A service provider in one country
could then accept tokens of various currencies from users in many
different countries, redeem them with their issuers, and have the
funds transferred back to banks in the local country. A possible

solution is to use an association of digital banks similar to 2. On receiving the currency, the customer divides out the
organizations like VISA to serve as a clearinghouse for many blinding factor: (RXD)/R = XD (mod PQ).
credit card issuing banks. 3. The customer stores XD, the signed note that is used to pay
And finally, consumers use the e-cash software on the computer for the purchase of products or services. Since R is random,
to generate a random number, which serves as the “note.” In the bank cannot deter-mine X and thus cannot connect the
exchange for money debited from the customer’s account, the signing with the subsequent payment. While blinding works
bank uses its private key to digitally sign the note for the amount in theory, it remains to be seen how it will be used in the real
requested and transmits the note back to the customer.The network business world.
currency server, in effect, is issuing a “bank note,” with a serial

number and a dollar amount. By digitally signing it, the bank is
committing itself to back that note with its face value in real  Electronic payment means making payments electronically i.e.
dollars.This method of note generation is very secure, as neither through computer and telecommunication components.
the customer (payer) nor the merchant (payee) can counterfeit the  Electronic tokens are designed as electronic analogs of
bank’s digital signature (analogous to the watermark in paper various forms of payment backed by a bank or financial
currency). Payer and payee can verify that the payment is valid, since institution.
each knows the bank’s public key. The bank is protected against  Electronic tokens are of three types: Cash or real-time,
forgery, the payee against the bank’s refusal to honor a legitimate Debit or prepaid and Credit or postpaid.
note, and the user against false accusations and invasion of privacy.  Electronic cash is based on cryptographic systems called
 “digital signatures”.
In the case of DigiCash, every person using e-cash has an e-cash 
account at a digital bank (First Digital Bank) on the Internet.
Using that account, people can withdraw and deposit e-cash. When 1. How debit card is different from credit card?
an e-cash withdrawal is made, the PC of the e-cash user calculates 2. Discuss the various Electronic Payment Systems.
how many digital coins of what denominations are needed to
withdraw the requested amount. Next, random serial numbers
for those coins will be generated and the blinding (random 
number) factor will be included. The ‘ “ result of these calculations
will be sent to the digital bank. The bank will encode the blinded
numbers with its secret key (digital signature) and at the same
time debit the account of the client for the same amount. The
authenticated coins are sent back to the user and finally the user
will take out the blinding factor that he or she introduced earlier.
The serial numbers-plus their signatures are now digital coins;
their value is guaranteed by the bank. Electronic cash can be
completely anonymous. Anonymity allows free-dom of usage—
to buy illegal products such as drugs or pornographic material or
to buy legal product and services. This is accomplished in the
following manner. When the e-cash software generates a note, it
masks the original number or “blinds” the note using a random
number and transmits it to a bank. The “blinding” carried out by
the customer’s software makes it impossible for anyone to link
payment to payer. Even the bank can’t connect the signing with
the payment, since the customer’s original note number was
blinded when it was signed. In other words, it is a way of creating
anonymous, untraceable currency. What makes it even more
interesting is that users can prove unequivocally that they did or
did not make a particular payment. This allows the bank to sign
the “note” without ever actually knowing how the issued currency
will be used. For those readers who are mathematically inclined,
the protocol behind blind signatures is presented.
The customer’s software chooses a blinding factor, R,
independently and uniformly at random and presents the bank
with (XR)E (mod PQ),where X is the note number to be signed
and £ is the bank’s public key.
1. The bank signs it: (XRE)D = RXD (mod PQ). D is the
bank’s private key.


 
 


 have to carry added overhead because of the constant checking

 Introduction and auditing logs. (fig 13.1) Double spending would not be a
 Digital currency major problem if the need for anonymity were relaxed. In such
situations, when the consumer is issued a bank note, it is issued
 Limitations of E-cash
to that person’s unique license. When he or she gives it to some-
 Summary body else, it is transferred specifically to that other person’s license.
 Exercise Each time the money changes hands, the old owner adds a tiny bit
of information to the bank note based on the bank note’s serial

number and his or her license. If somebody attempts to spend
After this lecture the students will be able to:
money twice, the bank will now be able to use the two bank notes
 Understand how to use e-cash to determine who the cheater is. Even if the bank notes pass
 Describe the various issues that may arise in the organization through many different people’s hands, whoever cheated will get
due to the use of e-cash caught, and none of the other people will ever have to know. The
Let’s purchase something on the Internet using Digital Currency. downside is that the bank can tell precisely what your buying
habits are since it can check the numbers on the e-cash and the
 various merchant accounts that are being credited. Many people
Once the tokens are purchased, the e-cash software on the customer’s would feel uncomfortable letting others know this personal
PC stores digital money undersigned by a bank. The user tan information.
spend the digital-money of any shop accepting e-cash, without
having to open an account there first or-having to transmit credit
card numbers. As soon as the customer wants to make a payment,
the software collects the necessary amount from the stored tokens.


Typically, transactions involving cash are bilateral or two-party
(buyer and seller) transactions, whereby the merchant checks the
veracity of the note’s digital signature by using the bank’s public
key. If satisfied with the payment, the merchant stores the digital
currency on his machine and deposits it later in the bank to redeem
the face value of the note. Transactions involving financial
instruments other than cash are usually trilateral or three-party
(buyer, seller, and bank) transactions, whereby the “notes” are
sent to the merchant, who immediately sends them directly to the
digital bank. The bank verifies the
validity of these “notes” and that they have not been spent before.
The account of the merchant is credited. In this case, every “note”
Figure 13.1 Detection of double spending
can be used only once. In many business situations, the bilateral
transaction is not feasible because of the potential for double 
spending, which is equivalent to bouncing a check. Double One drawback of e-cash is its inability to be easily divided into
spending becomes possible because it is very easy to make copies smaller amounts. It is often necessary to get small denomination
of the e-cash, forcing banks and merchants to take extra change in business transactions. A number of variations have
precautions. To uncover double spending, banks must compare been developed for dealing with the “change” problem. For the
the note passed to it by the merchant against a database of spent bank to issue users with enough separate electronic “coins” of
notes .Just as paper currency is identified with a unique serial various denominations would be cumbersome in communication
number, digital cash can also be protected. The ability to detect and storage. So would a method that required payees to return
double spending has to involve some form of registration so extra change. To sidestep such costs, customers are issued a single
that all “notes” issued globally can be uniquely identified. However, number called an “open check” that contains multiple
this method of matching notes with a central registry has problems denomination values sufficient for transactions up to a prescribed
in the on-line world. For most systems, which handle high volumes limit. At payment time, the e-cash software on the client’s computer
of micro payments, this method would simply be too expensive. would create a note of the transaction value from the “open check.”
In addition, the problem of double spending means that banks


 
 Let’s see how the business organizations gain from e-cash and
how sometimes it can create problems.

Electronic cash fulfills two main functions: as a medium of
exchange and as a store of value. Digital money is a perfect medium
of exchange. By moving monetary claims quickly and by effecting
instant settlement of transactions, e-cash may help simplify the
complex interlocking credit and liabilities that characterize today’s
commerce. For instance, small businesses that spend months
waiting for big customers to pay their bills would benefit hugely
from a digital system in which instant settlement is the norm.
Instant settlement of micro payments is also a tantalizing
proposition.
The controversial aspects of e-cash are those that relate to the
other role, as a store of value. Human needs tend to require that
money take a tangible form and be widely accepted, or “legal tender”.
In most countries, a creditor by law cannot refuse cash as settlement
for a debt. With the acceptability of cash guaranteed by law, most
people are willing to bank their money and settle many of their
bills by checks and debits, confident that, barring a catastrophe,
they can obtain legal tender (cash) on demand. If e-cash had to be
convertible into legal tender on demand, then for every unit there
would have to be a
unit of cash reserved in the real economy: or, to look at it the
other way round, there would be cash in the real world for which
digital proxies were created and made available. This creates
problems, because in an efficient system, if each e-cash unit
represents a unit of real cash, then positive balances of e-cash will
earn no interest; for the interest they might earn would be offset
by the interest foregone on the real cash that is backing them.
The enormous currency fluctuations in international finance
pose another problem. On the Internet, the buyer could be in
Mexico and the seller in the United States. How doyou check-that
the party in Mexico is giving a valid electronic currency that has
suitable backing? Even if it were valid today, what would happen
if a sudden devaluation occurs such as the one in December 1994
where the peso was devalued 30 percent overnight. Who holds
the liability, the buyer or the seller? These are not technological
issues but business issues that must be addressed for large-scale
bilateral transactions to occur. Unless, we have one central bank
offering one type of electronic currency, it is very difficult to see e-
cash being very prominent except in narrow application domains.
From a banker’s point of view, e-cash would be a mixed blessing.
Because they could not create new money via lending in the digital
world, banks would see electronic money as unproductive. They
might charge for converting it, or take a transaction fee for issuing
it, but on-line competition would surely make this a low-profit
affair. In the short term, banks would probably make less from
this new business than they would lose from the drift of customers
away from traditional services. It seems unlikely that e-cash would
be allowed to realize its potential for bypassing the transaction
costs of the foreign exchange market. If you pay yen for e-cash in
Osaka and buy something from a merchant based in New York
who cashes them for francs, a currency conversion has taken place.
That, however, is an activity toward which most governments feel
highly defensive; and if e-cash started to bypass regulated foreign
exchange markets by developing its own gray market for settlement,


then governments might be provoked into trying to clamp down
on it. Because of these obstacles, e-cash in its early forms may be
denominated in single currencies and exchanged at conventional
market rates.
Next we will see the risks involved while doing the transactions
involving the use of e-cash.

Operational risk associated with e-cash can be mitigated by
imposing constraints, such as limits on
(1) the time over which a given electronic money is valid,
(2) how much can be stored on and transferred by electronic
money
(3) the number of exchanges that can take place before a money
needs to be redeposit with a bank or financial institution,
and
(4) the number of such transactions that can be made during a
given period of time.
These constraints introduce a whole new set of
implementation issues For example, time limits could be set
beyond which the electronic money, would expire and become
worthless. The customer would have to redeem or exchange the
money prior to the expiration deadline. For this feature to work;
electronic money would have to be time-stamped, and time would
have to be synchronized across the network to some degree of
precision. The objective of imposing constraints is to limit the
issuer’s liability. A maximum upper limit could be imposed on
the value that could be assigned to any single transaction or that
could be transferred to the same vendor within a given period of
time. Since the user’s computer could be programmed to execute
small transactions continuously at a high rate over the network, a
strategy of reporting transactions over a certain amount would be
ineffective for law enforcement. However, a well-designed system
could enforce a policy involving both transaction size and value
with time. For example, an “anonymous coin-purse” feature might
be capable of receiving or spending no more than $500 in any
twenty-four hour period. Alternatively, the “rate ceiling” for the
next twenty-four hours could be made dependent on the rate of
use or on the number of exchanges that could be permitted before
any electronic money would have to be redeposit in a bank or
financial institution and reissued.
Finally, exchanges could also be restricted to a class of services or
goods (e.g., electronic benefits could be used only for food,
clothing, shelter, or educational purposes). The exchange process
should allow payment to be withheld from the seller upon the
buyer’s instructions until the goods, or services are delivered within
a specified time in the future.
Conversely, it should allow delivery to be withheld upon the seller’s
instructions until payment is received. The next section deals with
the legal aspects of e-cash and the impact of e-cash on taxation.

Electronic cash will force bankers and regulators to make tough
choices that will shape the form of lawful commercial activity
related to electronic commerce. As a result of the very features that
make it so attractive to many, cash occupied an unstable and
uncomfortable place within the existing taxation and law

enforcement systems. Anonymous and virtually untraceable, cash
transactions today occupy a place in a kind of underground
economy. This underground economy is generally confined to
relatively small scale transactions because paper money in large 
quantities is cumbersome to use and manipulate-organized crime  One drawback of e-cash is its inability to be easily divided
being the obvious exception. As long as the transactions fare into smaller amounts.
small in monetary value, they are tolerated by the government as  One of the business issues while using Electronic Cash is
an unfortunate but largely insignificant by-product of the modern that it can’t take tangible form.
commercial .state. As transactions get larger the government
 The enormous currency fluctuations in international finance
becomes more suspicious and enlists the aid of the banks, through
pose another problem in business while using e-cash
the various currency reporting laws, in reporting large
disbursements of cash so that additional oversight can be ordered.  Operational risk associated with e-cash can be mitigated by
imposing constraints, such as limits on

Transaction based taxes (e.g., sales taxes) account for a significant (1)the time over which a given electronic money is valid,
portion of state and local government revenue. But if e-cash really (2) how much can be stored on and transferred by
is made to function the way that paper money does, payments we electronic money
would never think of making in cash-to buy a new car, say, or as (3)the number of exchanges that can take place before a
the down payment on a house-could be made in this new form money needs to be redeposit with a bank or financial
of currency because there would be no problem of bulk and no institution, and
risk of robbery. The threat to the government’s revenue flow is a (4)the number of such transactions that can be made
very real one, and officials in government are starting to take during a given period of time.
cognizance of this development and to prepare their responses.
 The use of e-cash can cause threat to the government’s
To prevent an underground economy, the government through revenue flow.
law may prevent a truly anonymous and untraceable e-cash system
from developing. But that raises its own problems because the 
vision of “Big Brother” rears its ugly head. Just as powerful 1. What all are the risk factors associated with E-cash?
encryption schemes permit the design of untraceable e-cash 2. What are bilateral and trilateral transactions?
systems, so, too, do powerful electronic record-keeping tools permit
3. How e-cash effect the government revenues?
the design of traceable systems-systems in which
all financial transactions are duly recorded in some database,
allowing those with access to know more about an individual
than anyone could know today.Anything that makes cash
substantially easier to use in a broader range of transactions holds
the potential to expand this underground economy to pro-
portions posing ever more serious threats to the existing legal
order. Under the most ambitious visions of e-cash, we would see
a new form of currency that could be freely passed off from one
computer to another with no record, yet incapable of being forged.
A consumer could draw such e-cash electronically from his or her
bank. The bank would have a record of that transaction, just as a
withdrawal or check is recorded now. But after that, the encrypted
e-cash file could be handed off without the knowledge of anyone
but the par-ties to the transaction.
However, as the politics and business play out, the technology is
forcing legal, as issues to be reconsidered. The question e-cash
poses is not, “Should the law take notice of this development?”but
rather, “How can it not?”
By impacting revenue-raising capabilities, e-cash cannot escape
government scrutiny and regulation; but it is going to take some
serious thinking to design a regulatory scheme that balances
personal privacy, speed of execution, and ease of use. Without a
functioning system, what the government will do remains a mystery.
Moreover, it is not even clear yet that the market as a whole will
adopt an anonymous e-cash standard. For now, we are mainly
watching and trying to educate ourselves about the likely path of
the transition to electronic cash.


 
 


 Introduction
 Discuss Electronic cheque, smart card, Credit Cards
 Advantages of Electronics cheques
 Electronic Purses and Debit Cards
 Summary
 Exercise

After this lecture the students will be able to:
 Understand what is an “Electronic Check”
 Describe the use of Smart cards and Credit cards
Another type of Electronic Payment scheme that we are going to
discuss today is “Electronic Checks”. This scheme is basically for
those people who don’t prefer to pay by cash.

Electronic checks are another form of electronic tokens. They are
designed to accommodate the many individuals and entities that
might prefer to pay on credit or through some mechanism other
than cash. In the model shown in Fig. 14.1, buyers must
register with a third-party account server before they are able to
write electronic checks. The account server also acts as a billing
service. The registration procedure can vary depending on the
particular account server and may require a credit card or a bank
account to back the checks. Once registered, a buyer can then contact
sellers of goods and
services. To complete a transaction, the buyer sends a check to the
seller for a certain amount of money. These checks may be sent
using e-mail or other transport methods. When deposited, the
check authorizes the transfer of account balances from the account
against which the check was drawn to the account to which the
check was deposited. The e-check method was deliberately created
to work in much the same way as a conventional paper check. An
account holder will issue an electronic document that contains the
name of the payer, the name of the financial institution, the
payer’s account number, the name of the payee and amount of
the check. Most of the information is in uncoded form. Like a
paper check, an e-check will bear the digital equivalent of a signature:
a computed number that authenticates the check as coming from
the owner of the account. And, again like a paper check, an e-check
will need to be endorsed by the payee, using another electronic
signature, before the check can be paid. Properly signed and
endorsed checks can be electronically exchanged between financial
institutions through electronic clearinghouses, with the
institutions using these endorsed checks as tender to settle accounts.
The specifics of the technology work in the following manner:
On receiving the check, the seller presents it to the accounting
server for verification and payment. The accounting server verifies
the digital signature on the check using any authentication scheme.


A user’s digital “signature” is used to create one ticket-a check-
which the seller’s digital “endorsement” transforms into
another-an order to a bank computer for fund transfer. Subsequent
endorsers add successive layers of information onto the tickets,
precisely as a large number of banks may wind up stamping the
back of a check along its journey through the system.
Figure 14.1 Payment transaction sequence in an electronic check
system
Let’s see the advantages of Electronic checks.
Electronic checks have the following advantages:
 They work in the same way as traditional checks, thus
simplifying customer education.
 Electronic checks are well suited for clearing micro payments;
their use of conventional cryptography makes it much faster
than systems based on public-key cryptography e-cash).
 Electronic checks create float and the availability of float is an
important requirement for commerce. The third-party
accounting server can make money by charging the buyer or
seller a transaction fee or a flat rate fee, or if can act as a bank
and provide deposit accounts and make money on the
deposit account pool.
 Financial risk is assumed by the accounting server and may
result in easier acceptance. Reliability and scalability are
provided by using multiple accounting servers. There can be
an inter account server protocol to allow buyer and seller to
“belong” to different domains, regions, or countries. You
all must agree that the major issue of concern while doing
paying is security. In the next section we will discuss one of
the Electronic Payment Systems that is more secure as
compared to the above discussed schemes.


The enormous potential of electronic tokens is currently stunted
by the lack of a widely accepted and secure means of transferring
money on-line. In spite of the many prototypes developed, we
are a long way from a universal payment system because merchants

and banks have to be signed up and a means has to be developed
to transfer money. Such a system moreover must be robust and
capable of handling a large number of transactions and will require
extensive testing and usage to iron out all the bugs.
In the meantime, thousands of would-be sellers of electronic
commerce services have to pay one another and are actively looking
for payment substitutes. One such substitute is the smart card.
Smart cards have been in existence since the early 1980s and hold
promise for secure transactions using existing infrastructure. Smart
cards are credit and debit cards and other card products enhanced
with microprocessors capable of holding more information than
the traditional magnetic stripe. The chip, at its current state of
development, can store significantly greater amounts of data,
estimated to be 80 times more than a magnetic stripe. Industry
observers have predicted that, by the year 2000, one-half of all
payment cards issued in the world will have embedded
microprocessors rather than the simple magnetic stripe.
The smart card technology is widely used in countries such as
France, Germany, Japan, and Singapore to pay for public phone
calls, transportation/ and shopper loyalty programs. The idea has
taken longer to catch on in the United States, since a highly reliable
and fairly inexpensive telecommunications system has favored
the use of credit and debit cards. Smart cards are basically of two
types:
 Relationship-based smart credit cards
 Electronic purses. Electronic purses, which replace money,
are also known as debit cards and electronic money.

Financial institutions worldwide are developing new methods to
maintain and expand their services to meet the needs of increasingly
sophisticated and technically smart customers, as well as to meet
the emerging payment needs of electronic commerce. Traditional
credit cards are fast evolving into smart cards as consumers demand
payment and financial services products that are user-friendly,
convenient, and reliable.
A relationship-based smart card is an enhancement of existing
card ser-vices and/or the addition of new services that a financial
institution delivers to its customers via a chip-based card or other
device. These new services may include access to multiple financial
accounts, value-added marketing programs, or other information
cardholders may want to store on their card. The chip-based card
is but one tool that will help alter mass marketing techniques to
address each individual’s specific financial and personal
requirements. Enhanced credit cards store cardholder information
including name, birth date, personal shopping preferences, and
actual purchase records.
This information will enable merchants to accurately track consumer
behavior and develop promotional programs designed to increase
shopper loyalty.Relationship-based products are expected to offer
consumers far greater options, including the following:
 Access to multiple accounts, such as debit, credit,
investments or stored value for e-cash, on one card or an
electronic device
 A variety of functions, such as cash access, bill payment,
balance inquiry, or funds transfer for selected accounts


 Multiple access options at multiple locations using multiple
device types, such as an automated teller machine, a screen
phone, a personal computer, a personal digital assistant
(PDA), or interactive TVs Companies are trying to
incorporate these services into a personalized banking
relationship for each customer. They can package financial
and non financial services with value-added programs to
enhance convenience, build loyalty and retention, and attract
new customers. Banks are also attempting to customize
services on smart cards, offering a menu of services similar
to those that come up on ATM screens. As with credit
cards/banks may link up with health care
providers,telephone companies, retailers, and airlines to offer
frequent shopping and flyer programs and other services.

Despite their increasing flexibility, relationship-based cards are credit
based and settlement occurs at the end of the billing cycle. There
remains a need for a financial instrument to replace cash. To meet
this need, banks, credit card companies, and even government
institutions are racing to introduce “electronic purses,” wallet-
sized smart cards embedded with programmable microchips that
store sums of money for people to use instead of cash for
everything from buying food, to making photocopies, to paying
subway fares.


After the purse is loaded with money, at an ATM or through the
use of an inexpensive special telephone, it can be used to pay for,
say, candy in a vending machine equipped with a card reader. The
vending machine need only verify that a card is authentic and there
is enough money available for a chocolate bar. In one second, the
value of the purchase is deducted from the balance on the card
and added to an e-cash box in the vending machine. The remaining
balance on the card is displayed by the vending machine or can be
checked at an ATM or with a balance-reading device. Electronic
purses would virtually eliminate fumbling for change or small
bills in a busy store or rush-hour toll booth, and waiting for a
credit card purchase to be approved. This allows customers to pay
for rides and calls with a prepaid card that “remembers” each
transaction. And when the balance on an electronic purse is
depleted, the purse can be recharged with more money. As for the
vendor, the receipts can be collected periodically in person—or,
more likely, by telephone and transferred to a bank account. While
the technology has been available for a decade, the cards have been
relatively expensive, from $5 to $10. Today the cards cost $1, and
special telephones that consumers could install at home to recharge
the cards are projected to cost as little as $50. A simple card reader
would cost a merchant less than $200.

 Electronic checks are another form of electronic tokens. They
are designed to accommodate the many individuals and
entities that might prefer to pay on credit or through some
mechanism other than cash.
 Electronic checks are well suited for clearing micro payments;
their use of conventional cryptography makes it much faster
than systems based on public-key cryptography

 Electronic checks create float and the availability of float is an
important requirement for commerce
 Smart cards are credit and debit cards and other card products
enhanced with microprocessors capable of holding more
information than the traditional magnetic stripe
 Smart cards are basically of two types:
Relationship-based smart credit cards and Electronic purses

1. What are electronic cheques ? How they are different from
traditional cheques?
2. How electronic purses work?



 
 


 Introduction
 Credit Card-Based Electronic Payment Systems
 Encryption in Credit Cards
 Summary
 Exercise

After this lecture the students will be able to:
 Understand why payment by Credit card is more secure than
other Electronic Payment Systems
To avoid the complexity associated with digital cash and electronic
checks, consumers and vendors are also looking at credit card
payments on the Internet as one possible time-tested alternative.
Let’s discuss how the payment is made online using credit cards.


There is nothing new in the basic process. If consumers want to
purchase a product or service, they simply send their credit card
details to the service provider involved and the credit card
organization will handle this payment like any other.
We can break credit card payment on on-line networks into
three basic categories:
1. Payments using plain credit card details. The easiest
method of payment is the exchange of unencrypted credit
cards over a public network such as telephone lines or the
Internet. The low level of security inherent in the design of
the Internet makes this method problematic (any snooper
can read a credit card number, and programs can be created to
scan the Internet traffic for credit card numbers and send the
numbers to its master). Authentication is also a significant
problem, and the vendor is usually responsible to ensure
that the person using the credit card is its owner. Without
encryption there is no way to do this.
2. Payments using encrypted credit card details. It would
make sense to encrypt your credit card details before sending
them out, but even then there are certain factors to consider.
One would be the cost of a credit card transaction itself. Such
cost would prohibit low-value payments (micro payments)
by adding costs to the transactions.
3. Payments using third-party verification. One solution to
security and verification problems is the introduction of a
third party: a company that collects and approves payments
from one client to another. After a certain period of time,
one credit card transaction for the total accumulated amount
is completed.
First Virtual Holdings:San Diego-based start-up offers an
Internet payment system to process credit card transactions
on the Internet. It’s allied with ED& for data processing and


First USA Merchant Services in Dallas for card processing
services.
Interactive Transactions Partners Joint venture of EDS,
France Telecom, USWest, and H&R Block for home banking and
electronic payment services.
MasterBanking A home banking service started by MasterCard
and Checkfree Corp., an on-line payments processor.
VISA :Interactive VISA International acquired US Order, a
screen phone manufacturer. VISA Interactive has signed up more
than 30 banks, including NationsBank.
Block Financial :This H&R Block unit owns Managing Your
Money personal-finance software and CompuServe. Provides
electronic-banking services for VISA member banks.
Prodigy Teaming up with Meridian Bank and others to offer PC-
based home banking via its online service.
Table 15.1 Players in On-Line Credit Card Transaction Processing
Let’s see how the payment by credit card is more secure as compared
to other schemes.

Encryption is instantiated when credit card information is entered
into a browser or other electronic commerce device and sent securely
over the net-work from buyer to seller as an encrypted message.
This practice, however, does not meet important requirements
for an adequate financial system, such as non refutability, speed,
safety, privacy, and security. To make a credit card transaction truly
secure and nonrefutable, the following sequence of steps must
occur before actual goods, services, or funds flow:
1. A customer presents his or her credit card information (along
with an authenticity signature or other information such as
mother’s maiden name) securely to the merchant.
2. The merchant validates the customer’s identity as the owner
of the cred-it card account.
3. The merchant relays the credit card charge information and
signature to its bank or on-line credit card processors.
4. The bank or processing party relays the information tot the
customer’s; bank for authorization approval.
5. The customer’s bank returns the credit card data, charge
authentication, and authorization to the merchant.
In this scheme, each consumer and each vendor generates a public
key and a secret key. The public key is sent to the credit card company
and put on its public key server. The secret key is reencrypted with
a password, and the unencrypted version is erased. To steal a credit
card, a thief would have to get access to both a consumer’s encrypted
secret key and password. The credit card company sends the
consumer a credit card number and a
credit limit. To buy something from vendor X, the consumer
sends vendor X the message, ‘It is now time T. I am paying Y

dollars to X for item Z,” then the consumer uses his or her
password to sign the message with the public key. The vendor will
then sign the message with its own secret key and send it to the
credit card company, which will bill the consumer for Y dollars
and give the same amount (less a fee) to X. (See Fig.15.1)
Nobody can cheat this system. The consumer can’t claim that he
didn’t agree to the transaction, because he signed it (as in everyday
life). The vendor can’t invent fake charges, because he doesn’t have
access to the consumer’s key. He can’t submit the same charge
twice, because the consumer included the precise time in the
message. To become useful, credit Card systems will have to
develop distributed key servers and card checkers.
Otherwise, a con-centrated attack on these sites could bring the
system to a halt.
Support for Privacy Enhanced Mail (PEM) and Pretty Good Privacy
(PGP) encryption has been built into several browsers. Both of
these schemes can be substantially bolstered with the addition of
encryption to defeat snooping attacks. Now any vendor can create
a secure system that accepts credit card numbers in about an hour.
Figure 15.1 Processing payments using encrypted credit cards

In third-party processing, consumers register with a third party on
the Internet to verify electronic micro transactions. Verification
mechanisms can be designed with many of the
attributes of electronic tokens, including anonymity. They differ
from electronic token systems in that
(1) they depend on existing financial instruments and
(2) they require the on-line involve-ment of at least one
additional party and, in some cases, multiple parties to
ensure extra security. However, requiring an on-line third-
party connection for each transaction to different banks could
lead to processing bottlenecks that could undermine the goal
of reliable use. Companies that are already providing third-
party payment are referred to as on-line third-party processors
(OTPPs) since both methods are fairly similar in
nature.OTPPs have created a six-step process that they


believe will be a fast and efficient way to buy information on-
line:
1. The consumer acquires an OTPP account
number by filling out a registration form.
This will give the OTPP a customer
information profile that is backed by a
traditional financial instrument such as a
credit card.
2. To purchase an article, software, or other
information online, the consumer requests
the item from the merchant by quoting her
OTPP account number. The purchase can
take place in one of two ways: The consumer
can automatically authorize the “merchant”
via browser settings to access her OTPP
account and bill her, or she can type in the
account information.
3. The merchant contacts the OTPP payment
server with the customer’s account number.
4. The OTPP payment server verifies the
customer’s account number of; the vendor
and checks for sufficient funds.
5. The OTPP payment server sends an electronic
message to the buyer. This message could be
an automatic WWW form that is sent by the
OTPP server or could be a simple e-mail.
The buyer responds to the form or e-mail in
one of three ways: Yes, I agree to pay; No, I
will not pay; or Fraud, I never asked for this.
6. If the OTPP payment server gets a Yes from
the customer, the merchant is informed and
the customer is allowed to download the
material immediately.
7. The OTPP will not debit the buyer’s account
until it receives confirmation of purchase
completion. Abuse by buyers who receive
information or a product and decline to pay
can result in account suspension.To use this
system, both customers and merchant must
be registered with the OTPP. An on-line
environment suitable for micro transactions
will require that many of the preceding steps
be automated. World Wide Web browsers
capable of encryption can serve this purpose.
Here the two key servers are merchant server
and payment server (see Fig. 15.2). Users first
establish an account with the payment server.
Then, using a client browser, a user makes a
purchase from a merchant server by clicking
on a payment URL (hyper-Links), which is
attached to the product on a WWW page.
Unknown to the customer, the payment
URL encodes the following details of
purchase: price of item, target URL (for hard
goods, this URL is usually an order status
page; for information goods, this URL

 points to the information customers are
purchasing), and duration (for information
goods, it specifies how long customers can
get access to the target URL).
Payment URLs send the encoded information to the payment
server. In other words, the payment URL directs the customer’s
browser to the payment server, which authenticates the user by
asking her for the account number and other identification
information. If the information entered by the customer is valid
and funds are available, the payment server processes the payment
transaction. The payment server then redirects the user’s browser
(using an HTTP redirect operation) to the purchased item with an
access URL, which encodes the details of the payment transaction
(the amount, what was purchased, and duration). The access URL
is effectively-a digital invoice that has been stamped “paid” by the
payment server. It provides evidence to the merchant that the user
has paid for the information and provides a receipt that grants the
user access. The access URL is the original target URL sent by the
merchant’s server, with additional fields that contain details of
the access: expiration time (optional), user’s address (to prevent
sharing). The merchant runs an HTTP server that is modified to
process access URLs (HTTP redirects). The server checks the
validity of the URL and grants access if the expiration time has
not passed. If access has expired, the server returns a page that
may give the user an opportunity to repurchase the item. The Figure 15.2 On-line payment process using a third-party processor
payment system can also generate access URLs in a format that can
be parsed by CGI scripts running on an unmodified HTTP server. 
Once a customer is authenticated, the payment is automatically  Electronic checks are another form of electronic tokens. They
processed. The payment server implements a modular payment are designed to accommodate the many individuals and
architecture where accounts can be backed by different types of entities that might prefer to pay on credit or through some
financial instruments, credit card accounts, prepaid accounts, billed mechanism other than cash.
accounts, debit cards, and other payment mechanisms. For credit  The enormous potential of electronic tokens is currently
card accounts, the payment system has a real-time connection to stunted by the lack of a widely accepted and secure means of
the credit card clearing network. The system can authorize payment transferring money on-line.
in real time based on the profile of the transaction and the user.  Smart cards are credit and debit cards and other card products
The system supports small transactions by accumulating them enhanced with microprocessors capable of holding more
and settling them in information than the traditional magnetic stripe.
aggregate. All transactions are recorded in a user’s on-line statement.  Smart cards are basically of two types: Relationship-based
The statement is a summary of recent purchases, and each smart credit cards and Electronic purses.
summary line is a hypertext link. For information
 Encryption is instantiated when credit card information is
goods, this is a link back to the purchased item. If access has entered into a browser or other electronic commerce device
expired, the merchant’s server will give the user the opportunity and sent securely over the net-work from buyer to seller as an
to repurchase the item. For non information goods, the link may encrypted message.
point to an order status or summary page.

1. What are smart cards?
2. How electronic checks are differ from credit card?
3. How On-line third-party processors (OTPPs) differ from
electronic token system?


 
 


 Introduction
 Advantages and disadvantages of Credit Cards
 Managing Credit Risk
 Summary
 Exercise

After this lecture the students will be able to:
 Understand the advantages and disadvantages if using
Credit cards
 Describe the infrastructure required to support Credit Card
Processing
In the previous lectures we have learnt a lot about the use of
Credit cards. Also we have seen the security aspect of using the
credit cards. Today we will take a look at what are the Business
Pros and Cons of Credit Card-Based Payment.
Third-party processing for credit cards, entails a number of pros
as well as cons These companies are chartered to give credit accounts
to individuals and act as bill collection agencies for businesses.
Consumers use credit cards by presenting them for payment and
then paying an aggregate bill once a month. Consumers pay either
by flat fee or individual transaction charges for this service.
Merchants get paid for the credit card drafts that they submit to
the credit card company. Businesses get charged a transaction charge
ranging from 1 percent to 3 percent for each draft submitted.
Credit cards have advantages over checks in that the credit card
company assumes a larger share of financial risk for both buyer
and seller in a transaction. Buyers can sometimes dispute a charge
retroactively and have the credit card company act on their behalf.
Sellers are ensured that they will be paid for all their sales-they
needn’t worry about fraud. This translates into a convenience for
the buyer, in that credit card transactions are usually quicker and
easier than check (and sometimes even cash) transactions.
One disadvantage to credit cards is that their transactions are not
anonymous, and credit card companies do in fact compile valuable
data about spending habits.
Record keeping with credit cards is one of the features
consumers value most because of disputes and mistakes in
billing. Disputes may arise because different services may have
different policies. For example, an information provider might
charge for partial delivery of a file (the user may have abandoned
the session after reading part of the file), and a movie distributor
might charge depending on how much of the video
had been downloaded. The cause of interrupted delivery needs to
be considered in resolving disputes (e.g., intentional customer
action versus a problem in the network or provider’s equipment).
In general, implementing payment policies will be simpler when
payment is made by credit rather than with cash.


The complexity of credit card processing takes place in the
verification phase, a potential bottleneck. If there is a lapse in
time between the charging and the delivery of goods or services
(for example, when an airline ticket is purchased well in advance
of the date of travel), the customer verification process is simple
because it does not have to be done in real time. In fact, all the
relaying and authorizations can occur after the customer-merchant
transaction is completed, unless the authorization request is denied.
If the customer wants a report (or even a digital airline ticket),
which would be downloaded into a PC or other information
appliance immediately at the time of purchase, however, many
message relays and authorizations take place in real time while the
customer waits. Such exchanges may require many sequence-specific
operations such as staged encryption and decrying and exchanges
of cryptographic keys.
Encryption and transaction speed must be balanced,however,
as research has show that on-line users get very impatient and
typically wait for 20 seconds before pursuing other actions. Hence,
on-line credit card users must find the process to be accessible,
simple, and fast. Speed will have design and cost implications, as
it is a function of network capabilities, computing power, available
at every server, and the specific form of the transaction. The
infrastructure supporting the exchange must be reliable. The user
must feel confident that the supporting payment infrastructure
will be available on demand and that the system will operate
reasonably well regardless of component failures or system load
conditions. The builders and providers of this infrastructure are
aware of customer requirements and are in fierce competition to
fulfill those needs.
There is also no question that banks and other financial institutions
must resolve many key issues before offering on-line processing
services in e-com-merce markets. Should they go it alone or form
a partnership- and with whom? What technology to use? What
services to offer?Which consumers are interested and who should
be targeted? A wide variety of organizations are jumping into the
fray. Regional electronic funds transfer (EFT) networks, credit card
associations, equipment vendors, data processors, software
developers, bill payment companies, and telecommunications
providers are all wooing banks with the goal of building the
transaction processing infra-structure on the Internet .

Competition among these players is based on service quality, price,
processing system speed, customer support, and reliability. Most
third-party processors market their servicesdirectly to large regional
or national merchants rather than through financial institutions
or independent sales organizations.

(1) large initial capital requirements,

(2) ongoing expenses related to establishing and maintaining an
electronic transaction processing network,
(3) the ability to obtain competitively priced access to an existing
network, and
(4) the reluctance of merchants to change processors. What
exactly is at stake here? A lot. In the emerging world of
ecommerce,, the companies that own the transaction
infrastructure will be able to charge a fee, much as banks do
today with ATMs. This could be extremely profitable.
Microsoft, VISA, and other companies understand that they
have to do something. If they wait for a clear path to emerge,
it will be “too little too late.” They know all too well that
ecommerce transaction architectures (similar to MS-DOS or
Windows) on which other e-commerce applications are
developed will be very profitable.
Many companies are developing advanced electronic services for
home-based financial transactions, and software companies are
increasingly allying with banks to sell home banking. Eventually,
the goal would be to offer everything from mutual funds to
brokerage services over the network. Many banks are concerned
about this prospect and view it as an encroachment on their turf.
After years of dabbling, mostly unsuccessfully, with remote
banking, banking is receiving a jarring message: Get wired or lose
customers.
The traditional roles are most definitely being reshuffled, and
electronic payment on the Internet can have a substantial effect on
transaction processing in the “real” (non electronic) world.
According to some estimates, trans-action processing services
account, for as much as 25 percent of non interest income for
banks, so banks clearly stand to lose business. Why banks are on
the defensive is obvious if we look at banking in the last ten years.
A decade ago, banks processed 90 percent of all bank card
transactions, such as VISA and MasterCard. Today, 70 percent of
those transactions are processed by nonbanks such as First Data
Resources. If software companies and other interlopers become
electronic toll-takers, banks could become mere homes for deposits,
not the providers of lucrative value-added services.
Even more worrisome, banks could lose the all-important direct
link to be the customer’s primary provider of financial services
that lets them hawk profitable services. The effect of electronic
commerce on the banking industry has been one of total
confusion. To be fair, things are happening so fast in this area that
it’s hard to keep up with it all. Let’s see some of the risks involved
in the Electronic Payment System.


Virtually all electronic payment systems need some ability to keep
automatic records, for obvious reasons. From a technical
standpoint, this is no problem for electronic systems. Credit and
debit cards have them and even the paper-based check creates an
automatic record. Once information has been captured
electronically, it is easy and inexpensive to keep (it might even cost
more to throw it away than to keep it). For example, in many
transaction processing systems, old or blocked accounts are never
purged and old transaction histories can be kept forever on


magnetic tape. Given the intangible nature of electronic transactions
and dispute resolution relying solely on records, a general law of
payment dynamics and banking technology might be: No data
need ever be discarded. The record feature is an after-the-fact
transcription of what happened, created without any explicit effort
by the transaction parties. Features of these automatic records
include
(1) permanent storage;
(2) accessibility and traceability;
(3) a pay-ment system database; and
(4) data transfer to payment maker, bank, or monetary
authorities.
The need for record keeping for purposes of risk management
conflicts with the transaction anonymity of cash. One can say that
anonymity exists today only because cash is a very old concept,
invented long before the computer and networks gave us the
ability to track everything. Although a segment of the payment-
making public will always desire transaction anonymity, many
believe that anonymity runs counter to the public welfare because
too many tax, smuggling, and/or money laundering possibilities
exist. The anonymity issue raises the question: Can electronic
payments hap-pen without an automatic record feature?
Many recent payment systems seem to be ambivalent on this
point. For instance, the Mondex electronic purse touts equivalence
with cash, but its electronic wallets are designed to hold automatic
records of the card’s last twenty transactions with a statement
built in. Obviously, the card-reading terminals, machines, or
telephones could all maintain records of all transactions and they
probably ultimately will. With these records, the balance on any
smart card could be reconstructed after the fact, thus allowing for
additional protection against loss or theft. This would certainly
add some value versus cash. In sum, anonymity is an issue that
will have to be addressed through regulation covering consumer
protection in electronic transactions. There is considerable debate
on this point. An anonymous payment system without automatic
record keeping will be difficult for bankers and governments to
accept. Were the regulation to apply, each transaction would have
to be reported, meaning it would appear on an account statement
making mistakes and disputes easier to resolve. However,
customers might feel that all this record keeping is an invasion of
privacy resulting in slower than expected adoption of electronic
payment systems. The next risk involved is the privacy of the
customer making a purchase.

The electronic payment system must ensure and maintain privacy.
Every time one purchases goods using a credit card, subscribes to
a magazine or accesses a server, that information goes into, a
database somewhere. Furthermore, all these records can be linked
so that they constitute in effect a single dossier.This dossier would
reflect what items were bought and where and when. This violates
one the unspoken laws of doing business: that the privacy of
customers should be protected as much as possible. All details of
a consumer’s payments can be easily be aggregated: Where, when,
and sometimes what the consumer buys is stored. This collection
of data tells much about the person and as such can conflict with
the individual’s right to privacy. Users must be assured that

knowledge of transactions will be confidential, limited only to the
parties involved and their designated agents (if any).Privacy must
be maintained against eavesdroppers on the network and against
unauthorized insiders. The users must be assured that they cannot
be easily duped, swindled, or falsely implicated in a fraudulent
transaction. This protection must apply throughout the whole
transaction protocol by which a good or service is purchased and
delivered. This implies that, for many types of transactions, trusted
third-party agents will be needed to vouch for the authenticity and
good faith of the involved parties..

Credit or systemic risk is a major concern in net settlement systems
because a bank’s failure to settle its net position could lead to a
chain reaction of bank failures. The digital central bank must
develop policies to deal with this possibility. Various alternatives
exist, each with advantages and disadvantages. A digital central
bank guarantee on settlement removes the insolvency test from
the system because banks will more readily assume credit risks
from other banks. Without such guarantees the development of
clearing and
settlement systems and money markets-may be impeded. A
middle road is also possible, for example, setting controls on
bank exposures (bilateral or multilateral) and requiring collateral.
If the central bank does not guarantee settlement, it must define,
at least internally, the conditions and terms for extending liquidity
to banks in connection with settlement.
Despite cost and efficiency gains, many hurdles remain to the
spread of electronic payment systems. These include several factors,
many non technical in nature, that must be addressed before any
new payment method can be successful. Let’s see what are the
hurdles we have to pass for successful implementation of
Electronic Payment Systems.

 Privacy. A user expects to trust in a secure system; just as the
telephone is a safe and private medium free of wiretaps and
hackers, electronic communication must merit equal trust.
 Security. A secure system verifies the identity of two-party
transactions through “user authentication” and reserves
flexibility to restrict information/services through access
control. Tomorrow’s bank robbers will need no getaway cars
just a computer terminal, the price of a telephone call, and a
little ingenuity. Millions of dollars have been embezzled by
computer fraud. No systems are yet fool-proof, although
designers are concentrating closely on security.
 Intuitive interfaces. The payment interface must be as easy to
use as a telephone. Generally speaking, users value
convenience more than anything.
 Database integration. With home banking, for example, a
customer wants to play with all his accounts. To date,
separate accounts have been stored on separate databases.
The challenge before banks is to tie these databases together
and to allow customers access to any of them while keeping
the data up-to-date and error free.


 Brokers. A “network banker”-someone to broker goods and
services, settle conflicts, and facilitate financial transactions
electronically-must be in place.
 One fundamental issue is how to price payment system
service. For example, should subsidies be used to encourage
users to shift from one form of payment to another, from
cash to bank payments, from paper-’based to e-cash. The
problem with subsidies is the potential waste of resources,
as money may be invested in systems that will not be used.
Thus investment in systems not only might not be recovered but
substantial ongoing operational subsidies will also be necessary.
On the other hand, it must be recognized that
without subsidies, it is difficult to price all services affordably. ·
Standards. Without standards, the welding of different payment
users into different networks and different systems is impossible.
Standards enable interoperability, giving users the ability to buy
and receive information, regardless of which bank is managing
their money. None of these hurdles are insurmountable. Most
will be jumped within the next few years. These technical problems,
experts hope, will be solved as technology is improved and
experience is gained. The biggest question concerns how customers
will take to a paperless and (if not cashless) less-cash world.

 Credit cards have advantages over checks in that the credit
card company assumes a larger share of financial risk for
both buyer and seller in a transaction.
 One disadvantage to credit cards is that their transactions are
not anonymous, and credit card companies do in fact
compile valuable data about spending habits.
 Record keeping with credit cards is one of the features
consumers value most because of disputes and mistakes in
billing.
 The electronic payment system must ensure and maintain
privacy, security, Intuitive interfaces, Brokers and Standards.

1. What are the pros and cons of using Credit Cards for
electronic payment?
2. How can you ensure and maintain privacy, security in
electronic payment.

 


 Introduction
 SSL protocol
 Summary
 Exercise

After this lecture the students will be able to:
 Describe the SSL protocol used in Electronic Payment
System
Today we will discuss the protocols used by various Electronic
Payment systems. You all must agree that the most common
Internet payment method for the B2C EC is credit cards.However,
a concern for customers is security while sending over the Internet,
credit card information, including name, card number, and
expiration date. Buyers also are concerned with privacy. They do
not want others to know who they are, or what they buy. They
also want to be sure that no one will change their order and that
they are connected to the real vendor and not to an imposter.
At present most companies use SSL (Secure Socket Layer) protocol
to provide, security and privacy. This protocol allows customers
to encrypt their order at their PC. However, this protocol does not
provide customers all the protection they could have. Visa and
MasterCard have jointly developed a more secure protocol, called
SET (Secure Electronic Transaction).
Theoretically, it is a perfect protocol. For example, a typical difference
between SET and the widely used SSL is that SSL does not include
customer certificate requiring special software (called digital wallet)
at the client site. SSL is built into the browser, so no special software
is needed. The Visa and Master-Card plan was to accept messages
only if they conformed to SET protocol. However, SET did not
propagate as fast as most people expected because of its
complexity, slow response time, and the need to install the digital
wallet in the customer’s computer.
Most cyber banks and e-stores stayed with SSL protocol, even
though some e-stores, like Wal-Mart Online, support both SSL
and SET protocols. Moreover, according to a survey by Forrest
Research, only 1 percent of electronic businesses plans to migrate
to SET by 1999.
MasterCard said that the digital wallet would be distributed as
embedded soft-ware in the next version of Windows. However,
Visa decided not to wait. Thus, Visa agreed to offer a credit card
processing gateway embedded in the barebones SSL encryption
protocol. Wells Fargo, one of the largest Web banking companies
uses a SET-free payment processing service that adds certificates
to SSL data encryption. The certificates are stored in smart cards
that can be slipped into a special keyboard with a built-in slot.Is
SET a failure? Or should we just wait a little longer until the
digital wallet in the smart card is more widely used and SET
becomes easier for us?



Security schemes are adopted in protocols like SSL and SET. This
section explains the general-purpose protocol SSL. SET, tailored
to credit card payment on the Internet, will be explained in the
next section. Since SET is established on top of SSL, under-
standing SSL is the foundation for understanding SET. The
protocol Secure-HTTP (S-HTTP) applies SSL between Web servers
and browsers, which communicate by HTTP protocol.
The SSL protocol performs message exchanges as shown in Fig
17.1. Assume that the sender is Sally, and the receiver is Richard .
The steps of the process correspond to the numbers in Figure
17.1.
1. At Sally’s site, the message to be sent is hashed to a
previously fixed length for message digest.
2. The message digest is encrypted with Sally’s private signature
key using an RSA algorithm, and the output is a digital
signature.
3. The digital signature and Sally’s certificate are attached to the
original message. In the meantime, a secret key using the
DES algorithm at Sally’s computer encrypts the bundle with
the key.
4. The symmetric key is encrypted with Richard’s public key,
which resides in Richard’s certificate, received in advance. The
result is a digital envelope.
5. The encrypted message and digital envelope are transmitted
to Richard’s computer over the Internet.
6. The digital envelope is decrypted with Richard’s private
exchange key.
7. Using the restored secret key, the delivered message is
decrypted to the message, digital signature, and Sally’s
certificate.
8. To confirm the integrity, the digital signature is decrypted by
Sally’s public key (that resides in Sally’s certificate), obtaining
the message digest.
9. The delivered message is hashed to generate a message digest.
10. The message digests obtained by steps 8 and 9, respectively,
are compared to confirm whether there was any change
during the transmission. This step confirms the integrity.

 2. The cardholder shows the card to a merchant whenever he or
she needs to pay for a product or service.
3. The merchant then asks for approval from the brand
company, and the transaction is paid by credit. The merchant
keeps a sales slip.
4. The merchant sells the slip to the acquiring bank and pays a
fee for the service. This is called a capturing process.
5. The acquiring bank requests the brand to clear for the credit
amount and gets paid. Then the brand asks for clearance to
the issuer bank.
6. The amount is transferred from issuer to brand. The same
amount is de-ducted from the cardholder’s account in the
issuing bank.

Fig 17.1 Electronic Credit Card System on the Internet

Credit cards are the most popular payment method for cyberspace
consumer shopping today.

Before exploring the process of using credit cards online, let’s
identify the players in the credit card system. They are:
1. The cardholder: a consumer or a corporate purchaser who
uses credit cards to pay merchants.
2. The merchant: the entity that accepts credit cards and offers
goods or services in exchange for payments.
3. The card issuer: a financial institution (usually a bank) that Fig 17.2 Credit Card procedure
establishes ac-counts for cardholders and issues credit cards. . In the conventional credit card system, the process just described
4. The acquirer: a financial institution (usually a bank) that is only partially automated, in the sen se that the disqualified card
establishes an ac-count for merchants and acquires the information is transmitted to the merchants on printed paper
vouchers of authorized sales slips. and requests for authorization are sometimes made by telephone
(in many countries). Moreover, merchants have to mail the paper
5. The card brand: bank card associations of issuers and
sales slips to the acquirer bank for capturing. However, the entire
acquirers (like Visa and MasterCard), which are created to
process must be fully auto-mated on the Internet in a secure
protect and advertise the card brand, establish and enforce
manner. That is why SET protocol was devised.
rules for use and acceptance of their bank cards, and provide
networks to connect the involved financial institutions. The 
brand authorizes the credit-based transaction and guarantees  At present most companies use SSL (Secure Socket Layer)
the payment to merchants. Sometimes, the issuing bank protocol to provide, security and privacy.
performs the business of the brand.
 SSL is built into the browser, so no special software is
 needed.
A typical process of using credit cards is shown in Figure 17.2. The  SET (Secure Electronic Transaction) is established on
procedure varies depending upon the agreement among the brand, top of SSL, under-standing SSL is the foundation for
issuer, and acquirer. The major steps in the process are: y I understanding SET.
1. Issue a credit card to a potential cardholder  A typical difference between SET and the widely used SSL is
 A potential cardholder requests an issuing bank, from in that SSL does not include customer certificate requiring
which the cardholder may have an account, the issuance of a special software (called digital wallet) at the client site.
card brand (like Visa or MasterCard).

 The issuing bank approves (or denies) the application.
1. Differentiate between SET and SSL.
 If approved, a plastic card is physically delivered to the
2. How the SSL protocol is used in electronic payment system?
customer’s address by mail.
 The card is activated as soon as the cardholder calls the bank
or initiation and signs the back of the card.


 
 


 Net travel is the largest retail e-commerce category
 The online travel market is projected to grow from $7.8
billion in 1999 to $32.1 billion by 2004
 Combined travel sales for the two companies –
Travelocity.com & Preview Travel – in the first half of 1999
was over $467 million
So here are some Leaders in Travel Industry…………..
 No.1- Travelocity.com
Sabre Holdings Corp.’s Travelocity site will merge with
another online travel leader Preview Travel to form the largest
online travel company.The new company, known as
Travelocity.com, will have 17 million members and more
than $1 billion in projected 1999 travel sales.
 No. 2 – Expedia of Microsoft Corp.
 Others
 Priceline : http://www.priceline.com
 Internet Travel Network : http://www.itn.com
 CheapTickets: http://www.cheaptickets.com
Following are the Services Provided Online by
Travelocity.com :
 Ticket Booking
 Airplane ticket, Train ticket, Cruise ticket…
 More choices
 Better deals
 Greater convenience
 Car Rental
 Accommodation Reservation
 Coach Service
 Provides transportation from airport/railroad station to
hotel, or hotel to airport/railroad station, or hotel to
meeting place
 Destination Information
 Weather
 History & Culture
 Famous Scenes …
 Destination Activities
 Ongoing activities information & ticket booking,
including sports & entertainment
 Scenes ticket booking (e.g. zoo entry ticket)
 Currency Exchange (International Travel)
 Law Consulting (International Travel)
 Country-specific Travel Information Reports


 Travel Advisory Reports, indicating countries which are
unsafe for travel
 Weekly Travel Bulletins, highlighting particularly dangerous
situations
 What should you do, e.g. keep a photocopy of your
passport’s identification page with you
 What should you bring with you, e.g. passport

 Cheaper
 Less physical entities => less cost
 Less employees => less salary expense
 A survey by E-Travel reveals that companies that
adopt online-booking software can reduce travel costs
by as much as 20 percent
 More Choices
 By comparison, you can always have the lowest price
 More Convenient
 Stay at home and get everything settled
 n Less Misleading !!!
 Have your judgment objectively & independently
 No misleading by the customer assistance of the travel
agencies
 Choose the best one by comparison

 31% of 5,300 Internet users surveyed this year made online
reservations at travel-related Web sites, according to NPD
Online Research
 Airline, hotel and car rental sites are seeing more bookings
online than ever before
 “Heavy bookers”, those who tend to travel more frequently
for business and pleasure and have over two years of online
experience, more prefer to travel online
Nevertheless
 Travel agents still have a lot more business than their online
counterparts in 1998
 $128 billions vs. $2 billions
 In addition, 80% of all airline bookings and 98% of all
cruise bookings are made through travel agents

 People will go to an expert’s opinion before making decision,
so 56% of the purchasers completed travel reservations with
their agent after visiting a travel-related web site
 Meanwhile, the agents’ members use the Internet to provide
better advice for customers

 Travel agents are going away from having a storefront to
doing business via the Web, e-mail, fax and 800 numbers
– Holding tightly the customers by all means
 Security & Privacy concerning discourages some new
Internet users from booking travel online
 Need for human contact and ensuring travel information
is correct prevent some more experienced users from
reserving on the Web
 Some Web sites are hard to navigate
 Services are sometimes not reliable

 Travel suppliers are bypassing the online travel companies
to provide travel booking directly
 48% of the almost $1 billion in online travel purchases in
1997 were booked through travel suppliers, primarily the
airlines
 Airlines steadily cutting commissions to intermediaries
like Preview and Expedia

 The major online booking sites remain optimistic, seeing
hefty profits in keeping a sizable piece of a rapidly
growing pie
 1997’s $911 million online sales is projected to grow to
$11.7 billion by 2002 – a 12-fold increase

 To hang on to their market share, the key players are
making business with the most popular web sites
Popular Web Site Online Travel Player
Yahoo, Netscape Travelocity
AOL, Excite, Lycos Preview Travel
Microsoft, Inforseek, MSN.com Expedia
Alta Vista The Trip

 Web-based travel is the largest retail eCommerce category
 Have an encouraging predict
 But not increase as fast as hoped
 Now being slower to capture business from offline
agents than some observers had imagined
 But they’re making progress & still have encouraging
prospects


 
 


 Introduction
 SET protocol
 Difference between SSL & SET protocol
 Summary
 Exercise

After this lecture the students will be able to:
 Describe SET protocol used in Electronic Payment System
 Compare SSL and SET protocols for Electronic Payment

SET protocol was initially designed by Visa and MasterCard in
1997 and has evolved since then. SET protocol meets the four
security requirements for EC as SSL does: authentication,
encryption, integrity, and non repudiation. In addition, SET
defines the message format, certificate format, and procedure of
message exchange as depicted in Figure 18.1. In SET protocol,
there are four entities: cardholder, merchant, CA, and payment
gateway, as depicted in Figure 18.2. The roles of issuer, acquirer,
and brand are beyond SET protocol specifications. The role of
payment gateway is to connect the Internet and proprietary
networks of banks. Each participating entity needs its own
certificate. To keep the consumer’s certificate in his or her personal
computer or IC card, software called the electronic wallet, or digital
wallet, is necessary. To connect the dig-ital wallet with various
merchants, interoperability is a very important characteristic to
meet.
Fig 18.1 Overview of main messages in SET



Now the question is where to store the electronic wallet. To achieve
perfect security, the electronic wallet has to be downloaded into
the buyer’s personal computer. Since I the
interoperability of the cardholder’s digital walle t with any
merchant’s software is essential, a consortium of companies (Visa,
MasterCard, JCB, and American Express) I has established a
company called SETCo (Secure Electronic Transaction LLC 1999).
This company performs the interoperability test and issues a SET
Mark as a confirmation of interoperability. IBM, Netscape,
Microsoft, VeriSign, Tandem, and MetaLand provide such
interoperable digital wallets.

If the private key and corresponding public key in a certificate are
physically stored in I the customer’s personal computer, the
customer can use the certificate only at the I computer. However,
if the certificate is stored in an IC card, the wallet can work if the IC
card is inserted into a card reader attached to a computer. Therefore,
storing I the certificate in IC card seems to be the safest method.
The initial SET 1.0 an- I nounced in May 1997 did not include
standards about integrating with IC cards.
SET 1.0 may include standards for integration with IC cards. C-
SET (Chip-SET) protocol attempts to integrate SET protocol
with the EMV (Europay, MasterCard, and Visa 1999) standard
developed for e-cash on the IC card (Europay International 1999).

 4. What are the primary difference between the SSL and SET
protocol?
5. Name the most important functions of a digital wallet?
What are the major advantages a digital wallet provides.
6. Compare and contrast smart card and traditional credit cards.
7. Name two of the conditions that must be present in order
for a payment system to become widely accepted.



Fig 18.2 Entities of SET protocol on cyber shopping

The International Center for Electronic Commerce (ICEC 1999)
has developed a system named Smart-SET, which integrates SET
protocol with an IC card that can store multiple certificates.
Secure socket layer protocol for electronic payment
Even though SET is a perfect solution for secure electronic
payments, a relatively simple version of SSL is currently widely
adopted. This is because SET protocol is complex and
certificates are not widely distributed in a stable manner.
Theoretically, the SSL protocol may use a certificate but it does not
include the concept of a payment gateway. Merchants need to
receive both ordering information and credit card information
because the capturing process initiated by the merchant.
The SET protocol, on the other hand, hides the customer’s credit
card information from merchants and also hides the order
information from banks to protect privacy. This scheme is called
dual signature. Until SET becomes popular, a simple version of
SSL is a very viable alternative.

 At present most companies use SSL (Secure Socket Layer)
protocol to provide, security and privacy. However, this
protocol does not provide customers all the protection they
could have.
 Visa and MasterCard have jointly developed a more secure
protocol, called SET (Secure Electronic Transaction).
Theoretically, it is a perfect protocol.
 Even though SET is a perfect solution for secure electronic
payments, a relatively simple version of SSL is currently
widely adopted. This is because SET protocol is complex
and certificates are not widely distributed in a stable manner.

1. List advantages and disadvantages of using cash as a form of
payment.
2. Briefly discuss the disadvantages of credit cards as the
standard for online payments. How does requiring a credit
card for payment discriminate against some consumers?
3. Describe the major steps involved in an online credit card
transaction.


 
 


 Introduction
 Various Threats to computer
 Various virus, Methods to detect and bug them
 Summary
 Exercise

After this lecture the students will be able to:
 Understand the various threats to the Computer Systems
used in Business organizations
Computer systems play such a critical role in business, government,
and daily life that organizations must take special steps to protect
their Computer systems and to ensure that they are accurate and
reliable. Today we will discuss what are the various threats to
Computer Systems.

When large amounts of data are stored in electronic form they are
vulnerable to many more kinds of threats than when they exist in
manual form. Table 19.1 list the most common threats to
Computer System. They can stem from technical, organizational,
and environmental factors compounded by poor management
decisions. Advances in telecommunications and computer
software have magnified these vulnerabilities. Through
telecommunications networks, Computer systems in different
locations can be interconnected. The potential for unauthorized
access, abuse, or fraud is not limited to a single location but can
occur at any access point in the network.
Additionally, more complex and diverse hardware, software,
organizational, and personnel arrangements are required for
telecommunications networks, creating new areas and
opportunities for penetration and manipulation. Wireless
networks using radio-based technology are even more vulnerable
to penetration, because radio frequency bands are easy to scan.
Wireless devices can form ad hoc networks that can be exploited
by malicious entities to disrupt service, collect confidential
information, and disseminate false information. Because wireless
devices roam in and out of wireless zones, such attacks can be
difficult to trace. The Internet poses special problems, because it
was explicitly designed to be accessed easily by people on different
computer systems.
 Hardware failure Fire
 Software failure Electrical problems
 Personnel actions User errors
 Terminal access penetration Programs changes
 Theft of data, services, Telecommunications
or equipments problems
Table 19.1 Threats to Computer Systems


Among the various threats to Information System the most
common threat is computer virus! I thing all of you will agree on
this.

Alarm has risen over hackers propagating computer viruses, rogue
software programs that spread rampantly from system to system,
clogging computer memory or destroying programs or data. Many
thousands of viruses are known to exist, with 200 or more new
viruses created each month. Table 19.2 describes the characteristics
of the most common viruses. Many viruses today are spread
through the Internet from files of downloaded software or from
files attached to e-mail transmissions. Viruses can also invade
computerized information systems from other computer networks
as well as from “infected” diskettes from an outside source or
infected machines.
The potential for massive damage and loss from future computer
viruses remains. The Chernobyl, Melissa, and ILOVEYOU viruses
caused extensive PC damage worldwide
after spreading around the world through infected e-mail. Now
viruses are spreading to wireless computing devices. Mobile device
viruses could pose a serious threat to enterprise computing because
so many wireless devices are now linked to corporate information
systems. Organizations can use antivirus software and screening
procedure
to reduce the chances of infection. Antivirus software is special
software designed to check computer systems and disks for the
presence of various computer viruses. Often the software can
eliminate the virus from the infected area. However, most antivirus
software is only effective against viruses already known when the
software is written- to protect their systems, management must
continually update their antivirus software.
Virus Name Description oncept,Melissa
Macro viruses that exist inside
executable programs called macros,
which provide functions within
programs such as Microsoft Word.
Can be spread when Word
documents are attached to e-mail.
Can copy from one document to
another and delete files. Form Makes
a clicking sound with each keystroke
but only on the eighteenth day of
the months. May corrupt data on the
floppy disks it infects.
Explore.exe “Worm” type virus that arrives
attached to email.When launched tries
to e-mail itself to other PCs and to
destroy certain Microsoft Office and
programmer files.

Monkey Makes the hard disk seem as if it has failed,
because Windows will not run.
Chernobyl Erases a computer’s had drive and ROM
BIOS (Basic Input/Output System).
Junkie A “multipartie” virus that can infect files as
well as the boot sector of the hard drive (the
section of a PC hard drive that the PC first
reads when it boots up). May cause memory
conflicts.
Table 19.2 Example Of Computer Viruses
Another threat to Computer Systems is natural disaster, which
comes without informing. Let’s discuss what measures should
we take to make the loss as minimum as possible.

Computer hardware, programs, data files, and other equipment
can be destroyed by files, power failures, or other disasters. It may
take many years and millions of dollars to reconstruct destroyed
data files and computer programs, and some may not be replaceable.
If an organization needs them to function on a day-to-day basis,
it will no longer be able to operate. This why companies such as
VISA USA Inc. and National Trust employ elaborate emergency
backup facilities. VISA USA Inc. has duplicate mainframes,
duplicate network pathways, duplicate terminals, and duplicate
power supplies. VISA even uses a duplicate data center in McLean,
Virginia, to handle half of its transactions and to serve as an
emergency backup to its primary data center in San Mateo,
California. National Trust, a large bank in Ontario, Canada, uses
uninterruptible power supply technology provided by
International Power Machines (IPM), because electrical power at
its Mississauga location fluctuates frequently. Rather than build
their own backup facilities. Many firms contract with disaster
recovery firms, such as Comdisco Disaster
Recovery Services in Rosemont, Illinois, and Sungard Recovery
Services headquartered in Wayne, Pennsylvania. These disaster
recovery firms provide hot sites critical applications in an emergency.
Disaster recovery services offer backup for client/ serve systems as
well as traditional mainframe applications. As firms become
increasingly digital and depend on systems that must be constantly
available, disaster recovery planning has taken on new importance.
A disaster recovery plan includes establishing a chain of
command for running the business in the event of a computer
outage as well as identification of critical computer processing
tasks and backup database, storage, and processing capabilities. In
addition to disasters, viruses, and security breaches, defective
software and data pose a constant threat to information systems,
causing untold losses in productivity. An undiscovered error in a
company’s credit software or erroneous financial data can result in
millions of dollars of looses. A hidden software problem in
AT&T’s long distance system brought down that system, bringing
the new York-based financial exchanges to a halt and interfering
with billions of dollars of business around the country for a
number of hours. Modern passenger and commercial vehicles are
increasingly dependent on computer programs for critical
functions. A hidden software defect in a braking system could
result in the loss of lives.



A major problem with software is the presence of hiddenbugs or
program code defects. Studies have shown that it is virtually
impossible to eliminate all bugs from large programs. The main
source of bugs is the complexity of decision-making code. Even
a relatively small program of several hundred lines will contain
tens of decisions leading to hundreds or even thousand of different
paths. Important programs within most corporations are usually
much larger, containing tens of thousands or even millions of
lines of code, each with many times the choices and paths of the
smaller programs. Such complexity is difficult to document and
design-designers document some reactions wrongly or fail to
consider other possibilities. Studies show that about 60 percent
of errors discovered during testing are a result of specifications in
the design documentation that were missing, ambiguous, in error,
or in conflict. Zero defects, a goal of the total quality management
movement,cannot be achieved in larger programs. Complete testing
simply is not possible. Fully testing programs that contain
thousands of choices and millions of paths would require
thousands of years. Eliminating software bugs is an exercise in
diminishing returns, because it would take proportionately longer
testing to detect and eliminate obscure residual bugs. Even with
rigorous testing, one could not know for sure that a piece of
software was dependable until the product proved itself after
much operational use the message? We cannot eliminate all bugs,
and we cannot know with certainty the seriousness of the bugs
that do remain.

Another reason that systems are unreliable is that computer
software traditionally has been a nightmare to maintain.
Maintenance, the process of modifying a system in production
use, is the most expensive phase of the systems development
process. In most organizations nearly half of information systems
staff time is spent in the maintenance of existing systems.
Why are maintenance costs so high? One major reason is
organizational change. The firm may experience large internal
changes in structure or leadership, or change may come from its
surrounding environment. These organizational changes affect
information requirements. Anther reason appears to be software
complexity, as measured by the number and size of interrelated
software programs and subprograms and the complexity of the
flow of program logic between them. A third common cause of
long-term maintenance problems is faulty systems analysis and
design, especially information requirement analysis.
If errors are detected early, during analysis and design, the cost to
the systems development effort is small. But if they are not
discovered until after programming, testing, or conversion have
been completed, the costs can soar astronomically. A minor
logic error, for example, that could take one hour to correct during
the analysis and design stage could take 10, 40, and 90 times as
long to correct during programming, conversion, and post
implementation, respectively.
Cyber crime is becoming one of the Net’s growth businesses.
Today, criminals are doing everything from stealing intellectual
property and committing fraud to unleashing viruses and
committing acts of cyber terrorism.

Computer crime is a growing threat to society caused by the criminal files, but neither steals nor damages anything. This situation is
or irresponsible actions of individual who are taking advantage common in computer crime cases that are prosecuted. In several
of the widespread use and vulnerability of computers and the states, courts have found that the typical computer crime statute
Internet and other networks. It thus presents a major challenge to language prohibiting malicious access to a computer system did
the ethical use of information technologies. Computer crime poses apply to anyone gaining unauthorized access to another’s
serious threats to the integrity, safety, and survival of most E- computer networks. See table 19.3. Hackers can monitor E-mail,
business systems, and thus makes the development of effective Web server access, or file transfers to extract pass words of steal
security methods a top priority. network files, or to plant data that will cause a system to welcome
Computer crime is defined by the Association of Information intruders. A hacker may also use
Technology Professional (AITP) as including remote services that allow one computer on a network to execute
(1) the unauthorized use, access, modification, and destruction programs on another computer to gain privileged access within a
of hardware, software, data, or network resources; network. Telnet, an Internet tool for interactive use of remote
computers, can help hackers discover information to plan other
(2) the unauthorized release of information;
attacks. Hackers have used Tel net to access a computer’s E-mail
(3) the unauthorized copying of software; port, for example, to monitor E-mail messages for passwords
(4) denying an end user access to his or her own hardware, and other information about privileged user accounts and network
software, data, or network resources; and resources. These are just some of the typical types of computer
(5) Using or conspiring to use computer or network resources crimes that hackers commit on the Internet on a regular basis.
to illegally obtain information or tangible property. This That’s why Internet security measures like encryption and fire walls,
as discussed in the next section, are so vital to the success of
definition was promoted by the AITP in a Model Computer
electronic commerce and other E-business applications.
Crime Act, and is reflected in many computer crime laws.


First in was Yahoo! Inc. The portal giant was shut down for three
hours. Then retailer Buy.com Inc. was hit the next day, hours after
going public. By that evening, eBay, Amazon.com,and CNN had
gone dark. And in the morning, the mayhem continued with
online broker E*Trade and others having traffic to their sites
virtually choked off. Gridlock. For all the sophisticated work on
fire walls, intrusion detection systems, encryption and computer
security, E-businesses are at risk from denial of service (DOS)
attacks, a relatively simple technique that’s akin to dialing a telephone
number repeatedly so that everyone else trying to get through will
hear a busy signal. Cyber crime on the Internet is on the rise.
Consider just a quick smattering of recent events: In December,
1999, 300,000 credit card numbers were snatched from online
music retailer CD Universe. In March, the Melissa virus caused an
estimated $80 million in damage when it swept around the world,
paralyzing E-mail systems. That same month, hackers-for-hire
pleaded guilty to breaking into phone giants AT&T , GTE, and
Sprint, among others, for calling card numbers that eventually
made their way to organized crime gangs in Italy. According to the
FBI, the phone companies were hit for an estimated $2 million.
But one good thing: Such events are delivering a walk-up call to
business that they need to spend as much time protecting their
websites and networks as they do linking them with customers,
suppliers, contractors –and you.

Cyber thieves have at their fingertips a dozen dangerous tools,
from “scans” that ferret out weaknesses in website program to
“sniffers” that snatch passwords. Hacking, in computerese, is
the obsessive use of computers, or the unauthorized access and
use of networked computer systems. Illegal hackers (also called
crackers) frequently assault the Internet and other networks to
steal or damage data and programs. One of the issues in hacking
is what to do about a hacker who commits only electronic breaking
and entering; that is gets access to a computer system, reads some


 

Table 19.3

 Advances in telecommunications and computer software
have magnified the vulnerabilities to data.
 Among the various threats to Information System the most
common threat is computer virus.
 Computer hardware, programs, data files, and other
equipment can be destroyed by files, power failures, or other
disasters.
 A major problem with software is the presence of hidden
bugs or program code defects..
 Hacking, in computerese, is the obsessive use of computers,
or the unauthorized access and use of networked computer
systems.

Denial of Service This is becoming a common networking prank.
By hammering a website’s equipment with too many requests for
information, an attacker can effectively clog the system, slowing
performance or even crashing the site. This method of overloading
computers is sometimes used to cover up an attack.


Sniffer Programs that covertly search individual packers of data
as they pass through the Internet, capturing passwords or the
entire contents
Scan Widespread probes of the Internet to determine types of
computers, services and connections. That way the bad guys can
take advantage of weaknesses in a particular make of computer or
software program.
Spoofing Faking an E-mail address or Web page to trick users
into passing along critical information like passwords or credit
card numbers.
Back Doors In case the original entry point has been detected,
having a few hidden ways back makes reentry easy-and difficult to
detect.
Trojan Horse A program that, unknown to the user, contains
instructions that exploit a known vulnerability in some software.
Malicious Applets Tiny programs, sometimes written in the
popular Java computer language, that misuse your computer’s
resources, modify files on the hard disk, send fake Email, or steal
passwords.
Logic Bombs An instruction in a computer program that triggers
a malicious act
War Dialing Programs that automatically dial thousands of
telephone numbers in search of a way in through a modern
connection.
Buffer Overflow A technique for crashing or gaining control of
a computer by sending too much data to the buffer in a computer’s
memory.
Dumpster Diving Sifting through a company’s garbage to find
information to help break into their computers. Sometimes the
information is used to make a stab at social engineering more
credible.
Password Crackers Software that can guess passwords.
Social Engineering A tactic used to gain access to computer
systems by talking unsuspecting company employees out of
valuable information such as passwords.

1. What do understand by hacking? Explain Ethical & Non-
ethical hacking.
2. What is virus? How it can effect your system?
3. How can we recover if our system effect by any virus?





 Introduction
 Various preventive measures for computer
 Cryptography
 Data Encryption Standard (DES)
 Summary
 Exercise

After this lecture the students will be able to:
 Describe some security measures to prevent the Computer
Systems from various threats in a network .
The incredible growth of the Internet has excited businesses and
consumers alike with its promise of changing the way we live and
work. But a major concern has been just how secure the Internet
is, especially when you’re sending sensitive information through
it.
Let’s face it, there’s a whole lot of information that we don’t want
other people to see, such as:
 Credit-card information
 Social Security numbers
 Private correspondence
 Personal details
 Sensitive company information
 Bank-account information
Information security is provided on computers and over the
Internet by a variety of methods. A simple but straightforward
security method is to only keep sensitive information on removable
storage media like floppy disks. But the most popular forms of
security all rely on encryption , the process of encoding
information in such a way that only the person (or computer)
with the key can decode it.

Computer encryption is based on the science of cryptography,
which has been used throughout history. Before the digital age,
the biggest users of cryptography were governments, particularly
for military purposes. The existence of coded messages has been
verified as far back as the Roman Empire. But most forms of
cryptography in use these days rely on computers, simply because
a human-based code is too easy for a computer to crack.
Most computer encryption systems belong in one of two
categories. Broadly speaking, there are two types of encryption
methods:
 Secret-key cryptography
 Public-key cryptography





Secret-key cryptography the use of a shared key for both encryption
by the transmitter and decryption by the receiver. Shared-key
techniques suffer from the problem of key distribution, since
shared keys must be securely’ distributed to each pair of
communicating parties. Secure-key distribution becomes
cumbersome in large networks.
To illustrate secret key cryptography, A encrypts a message with a
secret key and e-mails the encryption message to B. On receiving
the message, B checks the header to identify the sender, then
unlocks his electronic key storage area and takes out the duplicate
of the secret key. B then uses the secret key to decrypt the message.
The Achilles heel of secret-key cryptography is getting the sender
and receiver to agree on the secret key without a third party finding
out. This is difficult because if A and B are in separate sites, they
must trust not being overheard during face-to-face meetings or
over a public messaging system (a phone system, a postal service)
when the secret key is being exchanged. Anyone who overhears or
intercepts the key in transit can later read all encrypted messages
using that key. The generation, transmission, and storage of keys
is called key management; all cryptosystems must deal with key
management issues. Although the secret-key method is quite
feasible and protocol for one-on-one document interchange, it
does not scale. In a business environment where a company deals
with thousands of on-line customers, it is impractical to assume
that key management will be flawless. Hence, we can safely assume
that secret-key cryptography will not be a dominant player in E-
Commerce given its difficulty providing secure key management.

A widely-adopted implementation of secret-key cryptography is
Data Encryption Standard (DES). The actual software to perform
DES is readily available at no cost to anyone who has access to the
Internet. DES was introduced in 1975 by IBM, the National Security
Agency (NSA), and the National Bureau of Standards (NBS) (which
is now called NIST). DES has been extensively researched and
studied over the last twenty years
and is definitely the most well-known and widely used
cryptosystem in the world. DES is secret-key, symmetric
cryptosystem: When used for communication, both sender and
receiver must know the same secret key, which is used both to
encrypt and decrypt the message. DES can also be used for single
user encryption, for example, to store files on a hard disk in
encrypted form. In a multiuser environment, however, secure-key
distribution becomes difficult; public-key cryptography, discussed
in the next subsection, was developed to solve this problem.
DES operates on 64-bit blocks with a 56-bit secret key. Designed
for hardware implementation, it operation is relatively fast and
works well for large bulk documents or encryption. Instead of
defining just one encryption algorithm, DES defines a whole
family of them. With a few exceptions, a different algorithm is

generated for each secret key. This means that everybody can be
told about the algorithm and your message will still be secure.
You just need to tell others your secret key a number less than 256.
The number 256 is also large enough to make it difficult to break
the code using a brute force attack (trying to break the cipher by
using all possible keys).
DES has withstood the test of time. Despite the fact that its
algorithm is well known, it is impossible to break the cipher without
using tremendous amounts of computing power. A new
technique for improving the security of DES is triple encryption
(Triple DES), that is, encrypting each message block using three
different keys in succession. Triple DES, thought to be equivalent
to doubling the key size of DES, to 112 bits, should prevent
decryption by a third party capable of single-key exhaustive search.
Of course, using triple-encryption takes three times as long as
single-encryption DES. If you use DES three times on the same
message with different secret keys, it is virtually impossible to
break it using existing algorithms.. Over the past few years several
new, faster symmetric algorithms have been developed, but DES
remains the most frequently used.

A more powerful form of cryptography involves the use of public
keys. Public-key techniques involve a pair of keys; a private key and
a public key associated with each user. Information encrypted by
the private key can be decrypted only using the corresponding
public key. The private key, used to encrypt transmitted information
by the user, is kept secret. The public key is used to decrypt
information at the receiver and is not kept secret. Since only the
bona fide author of an encrypted message has knowledge of the
private key, a successful decryption using the corresponding public
key verifies the identity of the author and ensures message integrity.
Public keys can be maintained in some central repository and
retrieved to decode or encode information. Public key techniques
alleviate the problem of distribution of keys

Each party to a public-key pairing receives a pair of keys, the public
key and the private key. When A wishes to send a message to B, A
looks up B’s public key in a directory, A then uses the public key to
encrypt the message and mail it to B. B uses the secret private key
to decrypt the message and read it. Anyone can send an encrypted
message to B but only B can read it. Unless, a third party, say C, has
access to B’s private key, it is impossible to decrypt the message
sent by A. This ensure confidentiality.
Clearly, one advantage of public key cryptography is that no one
can figure out the private key from the corresponding public key.
Hence, the key management problem is mostly confined to the
management of private keys. The need for sender and receiver to
share secret information over’ public channels is completely
eliminated: All transactions involve only public keys, and no private
key is ever transmitted or shared; The secret key never leaves the
user’s Pc. Thus a sender can send, a confidential message merely by
using public information and that message can be decrypted only
with a private key in the sole possession of the intended recipient.
Furthermore, public-key cryptography can be used for sender
authentication, known as digital signatures. Here’s how
authentication is achieved using public-key cryptography: A, to


digitally sign a document, puts his private key and the document
together and performs a computation on the composite (key +
document) to generate a unique number called the digital signature.
For instance, when an electronic document, such as anorder form
with a credit card number, is run through the method, the output
is a unique “fingerprint” of the document. This “fingerprint” is
attached to the original message and further encrypted with the
signer A’s private key. The result of the second encryption is then
sent to B, who then first decrypts the document using Ks public
key. B checks whether the message has been tampered with or is
coming from a third party C, posing as A.
To verify the signature, B does some further computation
involving the original document, the purported signature, and
Ks public key. If the results of the computation generate a
matching “finger-print” of the document, the digital signature is
verified as genuine; otherwise, the signature may be fraudulent or
the message altered, and they are discarded. This method is the
basis for secure e-Commerce, variations of which are being
explored by several companies.
Several implementations of these popular encryption techniques
are currently employed. In public-key encryption, the RSA
implementation dominates and is considered very secure, but
using it for overseas traffic conflicts With the US government’s
position on export of munitions technology of military
importance. Clearly, the government has not reckoned with the
Internet data flow.

 The most popular forms of security all rely on encryption,
the process of encoding information in such a way that only
the person (or computer) with the key can decode it.
 There are two types of encryption methods:
Secret-key cryptography and Public-key cryptography
 Secret-key cryptography the use of a shared key for both
encryption by the transmitter and decryption by the receiver
 A widely-adopted implementation of secret-key
cryptography is Data Encryption Standard (DES)
 A more powerful form of cryptography involves the use of
public keys. Public-key techniques involve a pair of keys; a
private key and a public key associated with each user.
Information encrypted by the private key can be decrypted
only using the corresponding public key

1. How do you make your credits cards information secure.
2. How do you differentiate Secret-key cryptography and Public-
key cryptography.
3. Why Data Encryption Standard (DES) is so popular?

 


 Introduction
 RSA
 Clipper Technology
 Summary
 Exercise

After this lecture the students will be able to:
 Describe some security measures to prevent the Computer
Systems from various threats in a network In the previous
lecture we discussed about the two types of encryption
schemes that we use to encrypt the data while sending the
data from on place to another. In this lecture we will further
discuss these two schemes.

RSA is a public-key cryptosystem for both encryption and
authentication developed in 1977 by Ron Rivest, Adi Shamir, and
Leonard Adleman. RSA system uses a matched pair of encryption
and decryption keys, each, per-forming a one way transformation
of the data. RSA is also developing digital signatures, which are
mathematical algorithms that encrypt an entire document. The
security of RSA is predicated on the fact that it is extremely difficult
even for the-fastest computers-to factor large numbers that are
the products of two prime numbers (keys), each greater than
2112. RSA is important because it enables digital Signatures, which
can be used to authenticate electronic documents the same way
handwritten signatures are used to authenticate paper documents.
Here’s how. a digital signature works for an electronic document
to be sent from the sender X to the receiver Y: X runs a: program
that uses a hash algorithm to generate a digital fingerprint-a pattern
of bits that uniquely identifies a much larger pattern of bits-for
the document and encrypts the fingerprint with his private key.
This is X’s digital signature, which is transmitted along with the
data. Y decrypts the signature with X’s public key and runs the
same hash program on the document. If the digital fingerprint
output by the hash program does not match the fingerprint sent
by X (after that has been decrypted), then the signature is invalid.
If the fingerprints do match, however, then Y can be quite sure
that the digital signature is authentic. If the document were altered
en route, the fingerprints will not match (the output from the
hash programs will be different) and the receiver will know that
data tampering occurred. If the sender’s
signature has been forged (encrypted with the wrong private key),
the fingerprints’ won’t match either. Therefore the digital signature
verifies both the identity of the sender and the authenticity of the
data in the document.
The use of RSA is undergoing a period of rapid expansion and
may bec0me ubiquitous. It is currently used in a wide variety of


products, plat-forms, and industries around the world. It is being
incorporated into the World Wide Web browsers such as NetScape,
giving it a wider audience. In hardware, RSA can be found in
secure telephones, on Ethernet network cards, and on smart cards.
Adoption of RSA seems to be proceeding more quickly for
authentication (digital signatures) than for privacy (encryption),
Perhaps in part because products for authentication are easier to
export than those for privacy.

 RSA allows two important functions not provided by DES:
 Secure key exchange without prior exchange of keys, and
 Digital signatures.
 For encrypting messages, RSA and DES are usually
combined as follows:
 first the message is encrypted with a random DES key, then,
before being sent over an insecure communications channel,
the DES key is encrypted with RSA.
 Together, the DES-encrypted message and the RSA-
encrypted DES key are sent. This protocol is known as an
RSA digital envelope.
Why not just use RSA to encrypt the whole message and not use
DES at all? Although RSA may be fine for small messages, DES
(or another cipher) is preferable for larger messages due to its
greater speed. In some situations, RSA is not necessary and DES-
key agreement can take place (the two-user environment; for
example, if you want to keep your personal files encrypted, just
do so with DES using, say, a password as the DES key.
RSA, and public key cryptography in general, is best suited for a
multiuser environment. Also, any system in which digital
signatures are desired needs RSA or some other public-key system.

The most difficult aspect of creating an effective multiparty
transaction sys-tem is the distribution of public keys. Because the
keys are intended to. be public and widely distributed, secrecy is
not a concern; anyone should be able to get a copy of a public key.
Rather, the primary concern is authenticity. An impostor could
easily create a private / public key pair and distribute the public key,
claiming it belonged to someone else.
For instance, if A in England is doing business with B in Canada
and wants to encrypt information so that only B can read it, A
must first get the public key of B from a key directory.
That’s where the problem lies. There is nothing that says that this
public key information is valid and not a forgery put there by C
impersonating B. One solution to this problem is a public-key
certificate. A public-key certificate is a data structure, digitally signed
by a certification authority (also known as the certificate issuer),
that binds a public-key value to the identity of the entity holding
the corresponding private key. The latter entity is known as the

subject of the certificate. In essence, a certificate is a copy of a  A public-key certificate is a data structure, digitally signed by a
public key and an identifier (number), digitally signed by a trusted certification authority (also known as the certificate issuer),
party. The problem is then transformed into finding a trusted that binds a public-key value to the identity of the entity
third party to create these certificates. A public-key user needs to holding the corresponding private key
obtain and validate a certificate containing the required public key.  The idea behind the clipper is that communications would
This is where it gets complicated. If the public-key user does not be encrypted with a secure algorithm, but the keys would be
already have a copy of the public key of the trusted party that kept by one or more third parties (the “escrow agencies”) and
signed by one certificate, then the user may need an additional made available to law enforcement agencies when authorized
certificate to get that public key- In such cases, a chain of multiple by a court-issued warrant
certificates may be needed, comprising a certificate of the public-
key owner signed by one certification authority. and additional 
certificates of certification authorities signed by other certification 1. What are the various preventive measure for network threats.
authorities. 2. Discuss Clipper technology for encryption.
 3. How digital signatures are used for authentication.
Clipper is an encryption chip developed as part of the Capstone
project. Announced by the White House in April 1993, Clipper
was designed to balance the competing concerns of federal law 
enforcement agencies with those of private citizens and industry.
Law enforcement agencies wish to have access-for example, by
wire-tapping-to the communications of suspected criminals, and
these needs are threatened by secure cryptography. Clipper
technology attempts to balance these needs by using escrowed
keys. The idea is that communications would be encrypted with a
secure algorithm, but the keys would be kept by one or more third
parties (the “escrow agencies”) and made available to law
enforcement agencies when authorized by a court-issued warrant.
Thus, for example, personal communications would be
impervious to recreational eavesdroppers and commercial
communications would be impervious to industrial espionage,
and yet the FBI could listen in on suspected terrorists or gangsters.
Skipjack, designed by the NSA, is the encryption algorithm
contained in, the clipper chip. It uses One 80-bit key to encrypt and
decrypt 64-bit blocks of data. Skipjack can be used in the same way
as DES and may be more secure than , DES, since it uses 80-bit
keys and scrambles the data for 32 steps, or “rounds”; by contrast,
DES uses 56-bit keys and scrambles the data for only 16 rounds.
The details of Skipjack are classified .The decision not to make the
details of the algorithm publicly available has been widely criticized,
and many are suspicious that Skipjack is not secure, either due to
design oversight or to deliberate introduction of a secret trapdoor.
By contrast, the many failed attempts to find weaknesses in DES
over the years have made people confident in the security of DES.
Since Skipjack is not public, the same scrutiny cannot be applied,
and thus a corresponding level of confidence may not arise.
Aware of such criticism, the government invited a small group of
independent cryptographers to examine the Skiplack algorithm.
Their report stated that, although their study was too limited to
reach a definitive conclusion, they nevertheless believe that Skipjack
is secure. Another consequence of Skipjack’s classified status is
that it cannot be implemented in software, but only in hardware
by government-authorized chip manufacturers.

 RSA is a public-key cryptosystem for both encryption and
authentication developed in 1977 by Ron Rivest, Adi Shamir,
and Leonard Adleman.


 
 


 Introduction
 Firewall
 Various Anti Viruses
 Summary
 Exercise

After this lecture the students will be able to:
 Describe some security measures to prevent the Computer
Systems from various threats in a network
In the previous lecture we discussed Cryptography technique to
provide security of data in a network. Today we will take a look on
other techniques which can further enhance the security.

If you have been using the Internet for any length of time, and
especially if you work at a larger company and browse the Web
while you are at work, you have probably heard the term firewall
used. For example, you often hear people in companies say things
like, “I can’t use that site because they won’t let it through the
firewall.”
If you have a fast Internet connection into your home (either a
DSL connection or a cable modem), you may have found yourself
hearing about firewalls for your home network as well. It turns
out that a small home network has many of the same security
issues that a large corporate network does. You can use a firewall
to protect your home network and family from offensive Web
sites and potential hackers.
Basically, a firewall is a barrier to keep destructive forces away from
your property. In fact, that’s why its called a firewall. Its job is
similar to a physical firewall that keeps a fire from spreading from
one area to the next. As you read through this article, you will learn
more about firewalls, how they work and what kinds of threats
they can protect you from.

A firewall is simply a program or hardware device that filters the
information coming through the Internet connection into your
private network or computer system. If an incoming packet of
information is flagged by the filters, it is not allowed through.
Let’s say that you work at a company with 500 employees. The
company will therefore have hundreds of computers that all have
network cards connecting them together.
In addition, the company will have one or more connections to
the Internet through something like T1 or T3 lines. Without a
firewall in place, all of those hundreds of computers are directly
accessible to anyone on the Internet. A person who knows what
he or she is doing can probe those computers, try to make FTP
connections to them, try to make telnet connections to them and


so on. If one employee makes a mistake and leaves a security hole,
hackers can get to the machine and exploit the hole.
With a firewall in place, the landscape is much different. A company
will place a firewall at every connection to the Internet (for example,
at every T1 line coming into the company). The firewall can
implement security rules. For example, one of the security rules
inside the company might be:
Out of the 500 computers inside this company, only one of them
is permitted to receive public FTP traffic. Allow FTP connections
only to that one computer and prevent them on all others. A
company can set up rules like this for FTP servers, Web servers,
Telnet servers and so on. In addition, the company can control
how employees connect to Web sites, whether files are allowed to
leave the company over the network and so on. A firewall gives a
company tremendous control over how people use the network.
Firewalls use one or more of three methods to control traffic
flowing in and out of the network:
 Packet filtering - Packets (small chunks of data) are
analyzed against a set of filters. Packets that make it through
the filters are sent to the requesting system and all others are
discarded.
 Proxy service - Information from the Internet is retrieved
by the firewall and then sent to the requesting system and
vice versa.
 Stateful inspection - A newer method that doesn’t examine
the contents of each packet but instead compares certain key
parts of the packet to a database of trusted information.
Information traveling from inside the firewall to the outside is
monitored for specific defining characteristics, then incoming
information is compared to these characteristics. If the comparison
yields a reasonable match, the information is allowed through.
Otherwise it is discarded

There are many creative ways that unscrupulous people use to
access or abuse unprotected computers:
 Remote login - When someone is able to connect to your
computer and control it in some form. This can range from
being able to view or access your files to actually running
programs on your computer.
 Application backdoors - Some programs have special
features that allow for remote access. Others contain bugs
that provide a backdoor, or hidden access, that provides
some level of control of the program.
 SMTP session hijacking - SMTP is the most common
method of sending e-mail over the Internet. By gaining
access to a list of e-mail addresses, a person can send
unsolicited junk e-mail (spam) to thousands of users. This
is done quite often by redirecting the e-mail through the

 SMTP server of an unsuspecting host, making the actual
sender of the spam difficult to trace.
 Operating system bugs - Like applications, some operating
systems have backdoors. Others provide remote access with
insufficient security controls or have bugs that an experienced
hacker can take advantage of.
 Denial of service - You have probably heard this phrase
used in news reports on the attacks on major Web sites. This
type of attack is nearly impossible to counter. What happens
is that the hacker sends a request to the server to connect to
it. When the server responds with an acknowledgement and
tries to establish a session, it cannot find the system that
made the request. By inundating a server with these
unanswerable session requests, a hacker causes the server to
slow to a crawl or eventually crash.
 E-mail bombs - An e-mail bomb is usually a personal
attack. Someone sends you the same e-mail hundreds or
thousands of times until your e-mail system cannot accept
any more messages.
 Macros - To simplify complicated procedures, many
applications allow you to create a script of commands that
the application can run. This script is known as a macro.
Hackers have taken advantage of this to create their own
macros that, depending on the application, can destroy your
data or crash your computer.
 Viruses - Probably the most well-known threat is computer
viruses. A virus is a small program that can copy itself to
other computers. This way it can spread quickly from one
system to the next. Viruses range from harmless messages to
erasing all of your data.
 Spam-Typically harmless but always annoying, spam is the
electronic equivalent of junk mail. Spam can be dangerous
though. Quite often it contains links to Web sites. Be careful
of clicking on these because you may accidentally accept a
cookie that provides a backdoor to your computer.
 Redirect bombs - Hackers can use ICMP to change (redirect)
the path information takes by sending it to a different router.
This is one of the ways that a denial of service attack is set
up.
 Source routing - In most cases, the path a packet travels
over the Internet (or any other network) is determined by the
routers along that path. But the source providing the packet
can arbitrarily specify the route that the packet should travel.
Hackers sometimes take advantage of this to make
information appear to come from a trusted source or even
from inside the network! Most firewall products disable
source routing by default.
Some of the items in the list above are hard, if not impossible, to
filter using a firewall. While some firewalls offer virus protection,
it is worth the investment to install anti-virus software on each
computer. And, even though it is annoying, some spam is going
to get through your firewall as long as you accept e-mail.
The level of security you establish will determine how many of
these threats can be stopped by your firewall. The highest level of
security would be to simply block everything. Obviously that defeats
the purpose of having an Internet connection. But a common


rule of thumb is to block everything, then begin to select what
types of traffic you will allow. You can also restrict traffic that
travels through the firewall so that only certain types of
information, such as e-mail, can get through. This is a good rule
for businesses that have an experienced network administrator
that understands what the needs are and knows exactly what traffic
to allow through. For most of us, it is probably better to work
with the defaults provided by the firewall developer unless there is
a specific reason to change it. One of the best things about a
firewall from a security standpoint is that it stops anyone on the
outside from logging onto a computer in your private network.
While this is a big deal for businesses, most home networks will
probably not be threatened in this manner. Still, putting a firewall
in place provides some peace of mind.

A proxy application gateway is a special server that typically runs
on a firewall machine. Their primary use is access to applications
such as the World. Wide Web from within a secure perimeter (Fig
22.1) Instead of talking directly to external WWW servers, each
request from the client would be routed Wed to a proxy on the
firewall that is defined by the user. The proxy knows how to get
through the firewall. An application level proxy makes a firewall
safely permeable for users in an organization, without creating a
potential security hole through which hackers can get into corporate
networks. The proxy waits for a request from inside the firewall,
forwards the request to the remote server
outside the firewall, reads the response, and then returns it to the
client. In the usual case, all clients within a given subnet use the
same proxy. This makes it possible for the proxy to execute efficient
caching of documents that are requested by a number of clients.
Proxy gateways have several advantages. They allow browser
programmers to ignore the complex networking code necessary
to support every firewall protocol and concentrate on important
client issues. For instance, by using HTTP between the client and
proxy, no protocol functionality is lost, since FTP, Gopher, and
other Web Protocols map well into HTTP methods. This feature
is invaluable, for users needn’t have separate, specially modified
FTP, Gopher, and WAIS clients to get through a firewall-– a single
Web client with a proxy server handles all of these cases.
Proxies can manage network functions. Proxying allows for creating
audit trails of client transactions/including client IP address, date
and time, byte count, and success code. Any regular fields and
meta-information fields in a transaction are candidates for logging.
The proxy also can control access to services for individual
methods, host and domain, and the like. Given this firewall design
in which the proxy acts as an intermediary, it is natural to design
security-relevant mediation within the proxy. Proxy mediation
helps mitigate security concerns by
(1) limiting dangerous subsets of the HTTP protocol (a site’s
security policy may prohibit the use of some of HTTP’s
methods);
(2) enforcing client and/or server access to designated hosts (an
organization should have the capability to specify acceptable
web sites);

(3) implementing access control for network services that is lost
when the proxy is installed (to restore the security policy
enforced by the firewall); and
(4) checking various protocols for well-formed commands. A
bug existed in a previous version of the Mosaic browser that
permitted servers to download a “Trojan horse” URL to the
client that would cause the client to run an arbitrary program.
The proxy must be in a position to filter dangerous URLs and
malformed commands.
Fig 22.1 Proxy servers on the World Wide Web

Antivirus software is a program that either comes installed on
your computer or that you purchase and install yourself. It helps
protect your computer against most viruses, worms, Trojans, and
other unwanted invaders that can make your computer “sick.”
Viruses, worms, and the like often perform malicious acts, such as
deleting files, accessing personal data, or using your computer to
attack other computers.

You can help keep your computer healthy by using antivirus
software. Remember to update your antivirus software regularly.
These updates are generally available through a subscription from
your antivirus vendor.
Q. How do I tell if I already have antivirus software on my
computer?
A. Check the Programs list on the Start menu and look for an
antivirus program. Many major computer manufacturers include
at least a trial version of a popular antivirus software package, such
as McAfee, Symantec, or Norton. But just because the software is
installed, doesn’t mean it’s “turned on,” or being updated regularly.


 
This poster reminds each computer user of their responsibility to
make regular backups to protect their computer data. The task of
backing up the data found on your computer is often the most
overlooked and “hardly ever done until its too late” action within
the computer end-user community. With the software tools now
available, it no longer is the arduous task that is once was a few
years ago... There is no excuse not to backup your data - do it now,
don’t wait until its too late! Once your system is in use, your next
consideration should be to back up the file systems, directories,
and files. Files and
directories represent a significant investment of time and effort.
At the same time, all computer files are potentially easy to change
or erase, either intentionally or by accident. If you take a careful
and methodical approach to backing up your file systems, you
should always be able to restore recent versions of files or file
systems with little difficulty.
Note: When a hard disk crashes, the information contained on
that disk is destroyed. The only way to recover the destroyed data
is to retrieve the information from your backup copy.
There are several different methods of backing up. The most
frequently used method is a regular backup, which is a copy of a
file system, directory, or file that is kept for file transfer or in case
the original data is unintentionally changed or destroyed. Another
form of backing up is the archive backup; this method is used for
a copy of one or more files, or an entire database that is saved for
future reference, historical purposes, or for recovery if the original
data is damaged or lost. Usually an archive is used when that
specific data is removed from the system.

A firewall is simply a program or hardware device that filters the
information coming through the Internet connection into your
private network or computer system. If an incoming packet of
information is flagged by the filters, it is not allowed through.
Firewalls use one or more of three methods to control traffic
flowing in and out of the network: Packet filtering, Proxy
service, Stateful inspection
 Firewall protects from Remote login, Application
backdoors, Operating system bugs, Denial of service,E-
mail bombs, Virus

 A proxy application gateway is a special server that typically
runs on a firewall machine. Instead of talking directly to
external WWW servers, each request from the client would
be routed Wed to a proxy on the firewall that is defined by
the user. The proxy knows how to get through the firewall.
 Antivirus software is a program that either comes installed
on your computer or that you purchase and install yourself.
It helps protect your computer against most viruses, worms,
Trojans, and other unwanted invaders that can make your
computer “sick.”

1. Explain how Internet security measures can actually create
opportunities for criminals to steal rather than preventing
them.
2. Discuss why new and improved are not enough to stop
online crime . What is the missing ingredient?
3. Name the major points of vulnerability in a typical online
transaction.
4. How does spoofing threaten a Web Site’s operations?
5. Briefly explain how public key cryptography works? Why is
encryption not as secure today as it was earlier in the century?
6. Compare and contrast firewalls and proxy servers and their
security functions.
7. Is a computer with anti-virus software protected from
viruses? Why or why not?
8. Imagine you are the owner of an e-commerce web site. What
are some of the signs that your site has been hacked?
Discuss the major types of attacks you could expect to
experience and the resulting damage to your site.



 
 


 crime and very little federal jurisdiction over crime. Likewise with
 Introduction the Internet: Before the Internet, there was very little “cyber crime.”
 Ethical, Social, and Political issues in ECommerce Many business firms and individuals are benefiting from the
commercial development of the Internet, but this development
 Summary
also exacts a price from individuals, organizations, and
 Exercise societies.These costs and benefits must be carefully considered by
 those seeking to make ethical and socially responsible decisions in
After this lecture the students will be able to: this new environment. The question is: how can you as a manager
make reasoned judgments above what your firm should do in a
 Understand Ethical, Social, and Political issues in
number of e-commerce areas- from securing the privacy of your
ECommerce
customer’s click stream to ensuring the integrity of your company
Defining the rights of people to express their ideas and the domain name?
property rights of copyright owners are just two of many ethical,
The major ethical, social, and political issues that have developed
social, and political issues raised by the rapid evolution of e-
around e-commerce over the past seven to eight years can be loosely
commerce. These questions are not just ethical questions that we
categorized into four major dimensions: information rights,
as individuals have to answer; they also involve social Institutions
property rights, governance, and public safety and welfare as shown
such as family, schools, and business firms. And these questions
in Fig 23.1Some of the ethical, social, and political issues raised in
have obvious political dimensions because they involve collective
each of these areas include the following:
choices about how we should live and what laws we would like to
live under.  Information rights: What rights to their own personal
information do individuals have in a public marketplace, or
In this lecture we discuss the ethical, social, and political issues
in their private homes, when Internet technology make
raised in e-commerce, provide a framework for organizing the
information collection so pervasive and efficient? What
issues, and make recommendations for managers who are given
rights do individuals have to access information about
the responsibility of operating e-commerce companies within
business firms and other organizations?
commonly accepted standards of appropriateness.
 Property rights: How can traditional intellectual property
Understanding Ethical, Social, And Political Issues In E-Commerce
rights be enforced in an internet world where perfect copies
Internet and its use in e-commerce have raised pervasive ethical, of protected works can be made and easily distributed
social and political issues on a scale unprecedented for computer worldwide in seconds?
technology. Entire sections of daily newspapers and weekly
 Governance: Should the Internet and e-commerce be
magazines are devoted to the social impact of the Internet. Why is
subject to public laws? And if so, what law-making bodies
this so? Why is the Internet at the root of so many contemporary
have jurisdiction - state, federal, and/or international?
controversies? Part of the answer lies in the underlying features of
Internet technology and the ways in which it has been exploited  Public safety and welfare: What efforts should be
by business firms. Internet technology and its use in e-commerce undertaken to ensure equitable access to the Internet and
disrupts existing social and business relationships and ecommerce channels? Should governments be responsible
understandings. for ensuring that schools and colleges have access to the
Internet? Is certain online content and activities - such as
Instead of considering the business consequences of each unique
pornography and gambling - a threat to public safety and
feature, here we examine the actual or potential ethical, social,
welfare? Should mobile commerce be allowed from moving
and/or political consequences of the technology (see Table 23.1).
vehicles?
We live in an “information society,” where power and wealth
To illustrate, imagine that at any given moment society and
increasingly depend on information and knowledge as central
individuals are more or less in an ethical equilibrium brought
assets. Controversies over information are often in fact
about by a delicate balancing of individuals, social organizations,
disagreements over power, wealth, influence, and other things
and political institutions. Individuals know what is expected of
thought to be valuable. Like other technologies such as steam,
them, social organizations such as business firms know their
electricity, telephones, and television, the Internet and e-commerce
limits, capabilities, and roles and political institutions provide a
can be used to achieve social progress, and for the most part, this
supportive framework of market regulation, banking and
has occurred. However, the same technologies can be used to
commercial law that provides sanctions against violators.Now,
commit crimes, despoil the environment, and threaten cherished
imagine we drop into the middle of this calm setting a powerful
social values. Before automobiles, there was very little interstate
new technology such as the Internet and e-commerce.


 
Suddenly individuals, business firms, and political institutions
are confronted by new possibilities of behavior. For instance,
individuals discover that they can download perfect digital copies
of music tracks, something which, under the old technology of
CDs, would have been impossible. This can be done, despite the
fact that these music tracks still “belong” as a legal matter to the
owners of the copyright - musicians and record label companies.
The introduction of the Internet and e-commerce impacts
individuals, societies, and political institutions. These impacts can
be classified into four moral dimensions: property rights,
information rights, governance, and public safety and welfare Then
business firms discover that they can make a business out of
aggregating these musical tracks - or creating a mechanism for
sharing musical tracks- even though they do not “own” them in
the traditional sense. The record companies, courts, and Congress
were not prepared at first to cope with the onslaught of online
digital copying. Courts and legislative bodies will have to make
new laws and reach new judgments about who owns digital
copies of copyrighted works and under what conditions such
works can be “shared.” It may take years to develop new
understandings, laws, and acceptable behavior in just this one area
of social impact. In the meantime, as an individual and a manager,
you will have to decide what you and your firm should do in legal
“grey”- areas, where there is conflict between ethical principles, but
no c1ear-cutural guidelines. How can you make good decisions in
this type of situation?
Before reviewing the four moral dimensions of e-commerce in
greater depth, we will briefly review some basic concepts of ethical
reasoning that you can use as a guide to ethical decision making,
and provide general reasoning principles about social political
issues of the Internet that you will face in the future.
Fig 23.1 The Moral Dimensions of an Internet Society
Let’s take a look on what are Ethics, What is an Ethical dilemma
and what are the Ethical principles which we can follow in order to
come out of the ethical dilemma.




Ethics is at the heart of social and political debates about the
Internet. Ethics is the study of principles that individuals and
organizations can use to determine right and wrong courses of
action. It is assumed in ethics that individuals are free moral agents
who are in
a position to make choices. When faced with alternative courses
of action, what is the correct moral choice?
Extending ethics from individuals to business firms and even
entire societies can be difficult, but it is not impossible. As long as
there is a decision-making body or individual (such as a Board of
Directors or CEO in a business firm or a governmental body in a
society), their decisions can be judged against a variety of ethical
principles. If you understand some basic ethical principles, your
ability to reason about larger social and political debates will be
improved. In western culture, there are ability and liability principles
that all ethical schools of thought share: responsibility, account-
liability. Respons1nility means that as free moral agents, individuals,
organizations and societies are responsible for the actions they
take. Accountability means that individuals, organizations, and
societies should be held accountable to others for the consequences
of their actions. The third principle -liability - extends the concepts
of responsibility and accountability to the area of law. Liability is a
feature of political systems in which a body of law is in place that
permits individuals to recover the damages done to them by other
actors, systems, or organizations. Due process is a feature of law-
governed societies and refers to a process in which laws are known
and understood and there is an ability to appeal to higher authorities
to ensure that the laws have been applied correctly.

Ethical, social, and political controversies usually present themselves
as dilemmas. A dilemma is a situation in which there are at least
two diametrically opposed actions, each of which supports a
desirable outcome. When confronted with a situation that seems
to present ethical dilemmas, how can you analyze and reason
about the situation? The following is a fivestep process that should
help.
1. Identify and describe clearly the facts. Find out who did
what to whom, and where, when, and how. In many
instances, you will be surprised at the errors in the initially
reported facts, and often you will find that simply getting the
facts straight helps define the solution. It also helps to get
the opposing parties involved in an ethical dilemma to agree
on the facts.
2. Define the conflict or dilemma and identify the higher
order value involved. Ethical, social, and political issues
always reference higher values. Otherwise, there would be no
debate. The parties to a dispute all claim to be pursuing
higher values (e.g., freedom, privacy, protection of property,
and the -enterprise system). For example, DoubleClick and
its supporters argue that their tracking of consumer
movements on the Web increases market efficiency and the
wealth of the entire society. Opponents argue this claimed
efficiency comes at the expense of individual privacy, and
DoubleClick should cease its or offer Web users the option
of not participating in such tracking.

3. Identify the stakeholders. Every ethical, social, and political
issue has stakeholders: players in the game who have an
interest in the outcome, who have its vested in the situation,
and usually who have vocal opinions. Find out the identity
of these groups and what they want. This will be useful later
when designing a solution.
4. Identity the options that you can reasonably take. You
may find that none of the options satisfies all the interests
involved, but that some options do a better job than others.
Sometimes, arriving at a “good” or ethical solution may not,
always be a balancing of consequences to stakeholders.
5. Identify the potential consequences of your
options.Some options may be ethically correct, but
disastrous from other points of view. Other options may
work in this one instance, but not in other similar instances.
Always ask yourself, “what if I choose this option
consistently over time?” Once your analysis is complete, you
can refer to the following well established ethical principle to
help decide the matter.

Although you are the only one who can decide which among
many ethical principles you will follow and how you will prioritize
them, it is helpful to consider some ethical principles with deep
roots in many cultures that have survived throughout recorded
history.
 The Golden Rule: Do unto others as you would have them
do unto you. Putting yourself into the place of others and
thinking of yourself as the object of the decision can help
you think about fairness in decision making.
 Universalism: If an action is not right for all situations,
then it is not right for any specific situation (Immanuel
Kant’s categorical imperative). Ask yourself, “If we adopted
this rule in every case, could the organization, or society,
survive?”
 Slippery Slope: If an action cannot be taken repeatedly, then
it is not right to take at all (Descartes’ rule of change). An
action may appear to work in one instance to solve a
problem, but if repeated, would result in a negative
outcome. In plain English, this rule might be stated as “once
started down a slippery path, you may not be able to stop.”
 Collective Utilitarian Principle: Take the action that
achieves the greater value for all of society. This rule assumes
you can prioritize values in a rank order and understand the
consequences of various courses of action.
 Risk Aversion: Take the action that produces the least harm,
or the least potential cost. Some actions have extremely high
failure costs of very low probability e.g., building a nuclear
generating facility in an urban area) or extremely high failure
costs of moderate probability (speeding and automobile
accidents). Avoid the high-failure cost actions and choose
those actions whose consequences would not be
catastrophic, even if there were a failure.
 No Free Lunch: Assume that virtually all tangible and
intangible objects are owned by someone else unless there is
a specific declaration otherwise. (This is the ethical “no free
lunch” rule.) If something someone else has created is useful


to you, it has value and you should assume the creator wants
compensation for this work.
 The New York Times Test (Perfect Information Rule):
Assume that the result of your decision on a matter will be
the subject of the lead article in the New York Times the next
day. Will the reaction of readers be positive or negative?
Would your parents, friends, and children be proud of your
decision? Most criminals and unethical actors assume
imperfect information, and therefore they assume the
decisions and actions will never be revealed. When making
decisions involving ethical dilemmas, it is wise to assume
perfect information markets.
 The Social Contract Rule: Would you like to live in a
society where the principle you are supporting would become
an organizing principle of the entire society? For instance,
you might think it is wonderful to download illegal copies
of music tracks, but you might not want to live in a society
that did not respect proper:’ rights, such as your property
rights to the car in your driveway, or your rights to a term
paper or original art. None of these rules is an absolute
guide, and there are exceptions and logical difficulties with all
these rules. Nevertheless, actions that do not easily pass these
guide-lines deserve some very close attention and a great deal
of caution because the appearance of unethical behavior may
do as much harm to you and your company as the actual
behavior.
Now that you have an understanding of some basic ethical
reasoning concept, let’s take a closer look at each of the major
types of ethical, social, and political debates that have arisen in e-
commerce.

The Internet and the Web provide an ideal environment for
invading the personal pri-vacy of millions of users on a scale
unprecedented in history. Perhaps no other recent -issue has raised
as much widespread social and political concern as protecting the
privacy of over 160 million Web users in the United States alone.
The major ethical issues related to ecommerce and privacy includes
the following: Under what conditions should we invade the privacy
of others? What legitimates intruding into others lives through
unobtrusive surveillance, market research, or other means? The
major social issues related to e-commerce and privacy concern the
development of “exception of privacy” or privacy norms, as well
as public attitudes. In what areas of should we as a society encourage
people to think they are in “private territory” as opposed to public
view? The major political issues related to ecommerce and privacy
concern the development of statutes that govern the relations
between record keepers and individuals.
How should organizations - public and private –who are reluctant
to remit the advantages that come from the unfettered flow of
information on individuals - be restrained, if at all? In the following
section, we will look first at the various practices of e-commerce
companies that pose a threat to privacy.



Almost all (97%) Web sites collect personally identifiable
information and use cookies to track the click stream behavior of
visitors on the site.
Personally identifiable information (PH) is any data that can
be used to identify, locate, or contact an individual. As describe
below, advertising networks track the behavior of consumers across
thousands of popular sites, not just at one site. In addition,
most sites collect anonymous information composed of
demographic and behavioral information that does not include
any personal identifiers. For instance, sites collect Information
about age, occupation, income, zip code, ethnicity, and other data
that place a cookie on your hard drive to identify you by number-
but not by name.
Table 23.1 lists many of the personal identifiers routinely
collected by online e-commerce sites. Table 23.2 illustrates some
of the major ways online firms gather information about
consumers.
Table 23.1 Personal Information Collected by E Commerce
Sites
Fig 23.2 The Internet’s major Personally identifiable


A majority (57 %) of all Web sites, and 78 % of the most popular
100 sites allow third parties-including advertising networks such
as Adforce, Avenue A, DoubleClick, Engage, L90, MatchLogic,
and 24/7 Media (these firms constitute about 90 % of the network
advertising industry)- to place cookies on a visitor’s hard drive in
order to engage in profiling.
Profiling is the creation of digital im ages that characterize online
individual and group behavior. An advertising network such as
24/7 Media maintains over 60 million anonymous profiles and
more than 20 million personal profiles. DoubleClick maintains
over 100 million anonymous profiles.


Anonymous profiles identify people as belonging to highly
specific and targeted groups, for example, 20-30-year-old males,
with college degrees and incomes greater than $30,000 a year, and
interested in high fashion clothing.
Personal profiles add a personal e-mail address, postal address,
and/or phone number to behavioral data. Increasingly, online
firms are attempting to link their online profiles to offline
consumer data collected by the established retail and catalog firms.
In the past, individual stores collected data on customer movement
through a single store in order to understand consumer behavior
and alter the design of stores accordingly. Also, purchase and
expenditure data was gathered on consumers purchasing from
multiple stores - usually long after the purchases were made - the
data was used to target direct mail
and in-store campaigns, and mass media advertising. The online
advertising networks have added several new dimensions to
established offline marketing techniques. First, they have the ability
to precisely track not just consumer purchases but all browsing
behavior on the Web at thousands of most popular member sites,
including browsing book lists, filling out preference forms, and
viewing content pages. Second, they create the ability to dynamically
-adjust what the shopper sees on screen - including prices. Third,
they create the ability to build and continually refresh high-
resolution data images or behavioral profiles of consumers . What’s
different about advertising networks is the scope and- intensity
of the data dragnet, and the ability to manipulate the shopping
environment to the advantage of the merchant. Most of this
activity occurs in the background without the knowledge of the
shopper, and it occurs dynamically online in less than a second.
Online consumer Joe Smith goes to a Web site that sells sporting
goods. He clicks on the pages for golf bags. While there, he see a
banner ad, which he ignores as it does not interest him. The ad
was placed by USA and Network. He then goes to a travel site and
enters a search on “Hawaii” the USAad Networks serves ads on
this site, and Joe sees an ad for rental cars there. Joe then visits an
online bookstore and browses through books about he worlds
best golf courses. USAad Network serves ads there as well. A
week later, Joe visits his favorite online news site, and notices an
ad for golf vacation packages in Hawaii. Delighted, he clicks on the
ad, which was served by USAad Network. Later, Joe begins to
wonder whether it was a coincidence that this particular ad appeared
and, if not, how it happened. The sample online profile illustrates
several features of such profiles.
First, the profile created for Joe Smith was completely anonymous
and did not require any per-sonal information such as a name, e-
mail address, or social security number. Obviously, this profile
would be more valuable if the system did have personal
information because men Joe could be sent e-mail marketing.
Second, ad networks do not know who is operating the browser.
If other members of Joe’s family used the same computer to
shop the Web, they would be exposed to golf vacation ads, and
Joe could be exposed to ads more appropriate to his wife or
children. Third, profiles are usually very imprecise, the result of
“best guesses” and just plain guesses. Profiles are built using a
product/service scoring system that is not very detailed, and as a
result the profiles are crude.

In the above example, Joe is obviously interested in golf and
travel because he intentionally expressed these interests. However,
he may have wanted to scuba dive in Hawaii, or visit old friends,
not play golf. The profiling system in the example took a leap of
faith that a golf vacation in Hawaii is what Joe really wants.
Sometimes these guesses work, but there is considerable evidence
to suggest that simply knowing Joe made an inquiry about Hawaii
would be sufficient to sell him a trip to Hawaii for any of several
activities and the USAad Network provided little additional value.
As a result of the crudeness of the profiles, marketers have been
unwilling to pay premium prices for highly targeted, profile-based
ads, preferring instead to use more obvious and less expensive
techniques such as placing travel ads on travel sites and golf ads
on golf sites.
Network advertising firms argue that Web profiling benefits both
consumers and businesses. Profiling permits targeting of ads,
ensuring that consumers see advertising mostly for products and
services in which they are actually interested. Business benefit by
not paying for wasted advertising sent to consumers who have no
interest in their product or service. The industry argues that by
increasing the effectiveness of advertising, more advertising
revenues go to the Internet, which in turn subsidizes free content
on the Internet. Last, product designers and entrepreneurs benefit
by sensing demand for new products and services by examining
user searches and profiles.
Critics argue that profiling undermines the expectation of
anonymity and privacy that most people have when using the
Internet, and change what should be a private experience into one
where an individual’s every move is recorded. As people become
aware that their every move is being watched, they will be far less
likely to explore -sensitive topics, browse pages, or read about
controversial issues. In most cases, the profiling is invisible to
users, and even hidden. Consumers are not notified that profiling
is occurring. Prof1ling permits aggregating data on hundreds or
even thousands of unrelated sites on the Web.
The cookies placed by ad networks are persistent. Their tracking
occurs over an extended period of time and resumes each time the
individual on to the Internet. This click stream data is used to
create profiles that can include hundreds of distinct data fields for
each consumer. Associating so-called anonymous profiles with
personal information is fairly easy, and companies can change
policies quickly without informing the consumer.
Some critics believe profiling permitsweblining – charging some
customers more money for products services based on their
prof1les.
Although the information gathered by network advertisers is often
anonymous, in many cases, the profiles derived from tracking
consumers’ activities on the Web are linked or merged with
personally identifiable information. DoubleClick and other
advertising network firms have attempted to purchase offline
marketing firms that collect offline consumer data for the purpose
of matching offline and online behavioral data at the individual
level. However, public reaction was so negative that no network
advertising firms publicly admit to matching offline PH with online
profile data. Nevertheless, client Web sites encourage visitors to
register for prizes, benefits, or content access in order to capture
personal information such as e-mail addresses. Anonymous


behavioral data is far more valuable if it can be linked with offline
consumer behavior, e-mail addresses, and postal addresses. This
consumer data can also be combined with data on the consumers’
offline purchases, or information collected directly from consumers
through surveys and registration forms.
As the technology of connection to the Internet for consumers
moves away from telephone modems where IP addresses are
assigned dynamically, and toward static assigned IP addresses used
by DSL and cable modems, then connecting anonymous prof1les
to personal names and e-mail addresses will become easier and
more prevalent.
From a privacy protection perspective, the advertising network
raise issues about who will see and use the information held by
private companies, the absence of consumer control over the use
of the information, the lack of consumer choice, the notice, and
the lack of review and amendment procedures. The pervasive and
largely unregulated collection of personal information online fears
and opposition among consumers. In recent surveys, 92%oeholds
said they do not trust online companies to keep their personal
information confidential, and 82 % agreed that the government
should regulate how online companies use personal information.
One result of the lack of trust toward online firms specific fears
of privacy invasion is a reduction in online purchases. An estimated
$3 billion was lost in 2000 sales, and $18 billion will be lost in
2002 online sales if nothing is done to allay consumer fears.
Concerns about online privacy have led to two types of regulatory
efforts: governmental regulation by federal and state agencies and
private self-regulation efforts led by industry groups. But before
considering these efforts to preserve and maintain privacy, we
should first take a more in-depth look at the concept of privacy.

Privacy is the moral right of individuals to be left alone, free from
surveillance or interference from other individuals or organizations,
including the state. Privacy is a girder supporting freedom: Without
the privacy required to think, write, plan, and associate
independently and without fear, social and political freedom is
weakened, and perhaps destroyed. Information privacy is a subset
of privacy. The right to information privacy includes both the
claim that certain information should not be collected at all by
governments or business firms, and the claim of individuals to
control over personal of whatever information that is collected
about them. Individual control over personal information is at
the core of the privacy concept.
Due process also plays an important role in defining privacy. The
best statement of due process in record keeping is given by the
Fair Information Practices doctrine developed in the early 1970s
and extended to the online privacy debate in the late 1990s
(described below).
Privacy claims-and thinking about privacy - mushroomed in,
the United States at the end of the nineteenth century as the
technology of photography and tabloid claim of individuals to
journalism enabled the invasion of the heretofore private lives of
wealthy industrialists. For most of the twentieth century, however,
privacy thinking and legislation focused on restraining the
government from collecting and using personal information.With
the explosion in the collection of private personal information by

Web-based marketing firms since 1995, privacy concerns are
increasingly directed toward restraining the activities of private
firms in the collection and use of in forma-tion on the

Millions of employees are subject to various forms of electronic
surveillance that in many cases is enhanced by firm Intranets and
Web technologies. For instance, 38% o f employers monitor
employee e-mail, and 30% monitor employee computer files.

In the United States, Canada, and Germany, rights to privacy are
explicitly granted in or can be derived from, founding documents
such as constitutions, as well as in specific statutes. In England
and the United States, there is also protection of privacy in the
common law, a body of court decisions involving torts or personal
injuries. For instance, in the United States, four privacy-related
torts have been defined in court decisions involving claims of
injury to individuals caused by other private parties intrusion on
solitude, public disclosure of private facts, publicity placing a
person in a false light, and appropriation of a person’s name or
likeness (mostly concerning celebrities) for a commercial purpose.
In the United States, the claim to privacy against government
intrusion is protected primarily by the First Amendment
guarantees of freedom of speech and association and the Fourth:
Amendment protections against unreasonable search and seizure
of one’s personal documents or home, and the Fourteenth
Amendment’s guarantee of due process.
In addition to common law and the Constitution, there are both
federal laws and state laws that protect individuals against
government intrusion and in some cases define privacy rights vis-
a-vis private organizations such as financial, education~, and media
institutions (cable television and video rentals) (see Table 23.3).


 

Table 23.3 Federal Privacy Laws

 Internet and its use in e-commerce have raised pervasive
ethical, social and political issues on a scale unprecedented for
computer technology.
 The major ethical, social, and political issues that have
developed around e-commerce over the past seven to eight
years can be loosely categorized into four major dimensions:
information rights, property rights, governance, and public
safety and welfare.
 Ethics is at the heart of social and political debates about the
Internet. Ethics is the study of principles that individuals
and organizations can use to determine right and wrong
courses of action


 A dilemma is a situation in which there are at least two
diametrically opposed actions, each of which supports a
desirable outcome. When confronted with a situation that
seems to present ethical dilemmas we can analyze and reason
about the situation using a five-step process.
 There are certain ethical principles which we can follow while
taking a decision in an ethical dilemma

1. What are the ethical principles which we has to be follow in
an ethical dilemma?
2. How do you categorize the various ethical issues for
developing an E commerce?

 

1. Identify and discuss two new business models (be creative) b. Perform encryption using the RSA algorithm for the
conforming to the definition of the new enterprise following:
For the two new business models that you identified: p = 7; q = 11; e = 17; M = 8
a. Create business value propositions and link them to c. The following encrypted message was obtained by applying
information security strategy. two of the following four twisted ciphers in sequence. Please
find the original message (It should be meaningful!).
b. Create a strategic plan assuming a fictional enterprise
specifically identifying and focusing on those elements that #SNSEI*E-STN+AGAMYNA
are affected by the new business models. Please list the
people, processes, and information assets that are involved.
c. Discuss one security related project that might emanate from
the strategic plan and examine the advantages of a top-down
approach and a SDLC process for implementing that project.
2. Give an example of each of the following in the context of
CRM (Customer Relationship Management) and explain
clearly the potential dangers.
a. A violation of the confidentiality of the data
b. A violation of the integrity of data
c. A violation of the availability of data
d. Improper authentication of users
e. Improper protection of the privacy of users
3. ”Globalization is considered to be one of the great benefits
of E-Commerce. Computer hacking and cyber terrorism,
however, are real threats to Global E-Commerce.”
Discuss further with focus on the ‘global’ dimension.
Please address the following in addition to the answer to the
question above:
a. Three recent security incidents (which occurred in 2004) that
compromise Global E-Commerce
b. What are the possible counter measures to these recent
incidents?
c. What shortcomings are there in Government and
International efforts to enact legislation and pacts?
4.
a. Please discuss six critical success factors for PKI deployment
clearly providing examples of each.
b. What are the obstacles to Digital Signatures becoming
universally acceptable - List and discuss at least five.
c. Discuss the strengths and weaknesses of Elliptic Curve
Cryptography.
d. Do you think it is necessary for PKI standards to incorporate
multiple cryptosystems? Explain.
5. Please answer the following questions.
a. Perform decryption using the RSA algorithm for the
following:
p = 3; q = 11; d = 7; M = 5


 
 


This paper presents a case study highlighting the best practices for
designing and developing a B2B ecommerce system. We developed
a remote order-anddelivery web-based system for an auto-parts
manufacturing company. The system requirements were
determined by interviewing employee stakeholders. An initial
scenario of the system was prototyped and refined untill the users
and developers were satisfied. A formalized specification of the
requirements employing Use-Case Diagrams and based on event
flow was developed and coded using XML. This helped keep the
documentation simple and clear. Testing was performed at the
component level allowing for feedback to previous
steps when errors appeared. Digital signatures were employed for
implementing security. The end product enabled a reduction in
the processing time of transactions, reduced processing cost,
improved accuracy, efficiency, reliability, and security of transmitted
data; and our strategy shortened the System Development Life
Cycle

The Internet has completely changed the way most businesses
operate today. E-commerce uses internet worked computers to
create and transform business relationships. Web applications
provide business solutions that improve the quality of goods
and services, increase the speed of service delivery, and reduce the
cost of business operations. However, many ventures into web
application development fail because the systems are very complex
and the users’ requirements are continuously changing. Inefficient
communication between the end user and the developer is another
contributing factor. To successfully accomplish the development
of a web application, one needs to visually model the system’s
architecture. A visual model helps in coherently grasping
the changing user requirements and effectively communicates them
to the development team. Requirements analysis along with
abstraction (i.e., removing unnecessary details) are critical factors
in web application development. It is easier and more cost effective
to correct an error at the requirement or design stage than at the
implementation or maintenance stage.
Further, formal (rigorous) specification provides unambiguous,
precise and correct understanding of the user’s requirements.
Traditional requirement analysis consists of identifying relevant
data functions that a software system would support. The data to
be handled by the system might be described in terms of entity
relationship diagrams, while the functions might be described in
terms of data flows. Indeed, object oriented analysis techniques
offer Class, Use-Case, State Chart, and Sequence diagrams along
with other
diagrammatic notations for modeling. They presents a method
that performs requirements gathering for conceptual and
navigational design of Web applications based on Scenarios, Use-
Case and User Interaction Diagrams (UIDs). Scenarios are used to
validate the requirements and are automatically generated from


the Use-Cases obtained from the users.They are also used to
describe interface and navigational aspects, especially in the redesign
of an existing web site.
This paper describes the development of a B2B ecommerce system
using Use-Case diagrams and Scenarios for requirements analysis
as well as,Digital Signatures and XML. Critical success factors
including effective communication between users and developers,
processing time, process cost, reusability,efficiency, security etc. for
successfully building an ecommerce system are considered .
Section 2 provides background information on the areas of UML,
Digital Signatures, XML as well as the critical success factors,
mentioned above, needed for building a successful web
application. The research methodology adopted for requirements
analysis is described in Section 3. Section 4 details the client and
server applications and other implementation details for the
application. Finally, the conclusions and scope of future work are
presented in Section 5.

Developing a web application requires making decisions and
selecting technologies to support those decisions. We developed
the B2B system described in this paper using UML and Use-Case
diagrams for formalization of user requirements; XML for
documenting and transmission of data; and digital signatures
for security purposes; steered by the critical success factors along
the development process. Background information on each of
these topics and related research in these areas are presented in this
section.

Visual modeling is a way of thinking about problems using
modeling organized around real-world ideas [11]. Models are
useful for understanding problems, communicating with project
team members (customers, domain experts, analysts, designers,
etc.), modeling enterprises, preparing documentation, and
designing programs and databases. Models promote better
understanding of the requirements by filtering out nonessential
details and establishing the most suitable architectural basis for
design. Software systems that have been thoroughly modeled
tend to be more maintainable systems.
Unified Modeling Language (UML) is a language used to specify,
visualize, and document the artifacts of an object-oriented system
under development. It represents the unification of the Booch,
OMT (Rumbaugh), OOSE (Jacobson), and Objectory notations,
as well as the best ideas from a number of other methodologists.
UML is an attempt to standardize the artifacts of analysis and
design: semantic models, syntactic notation, and diagrams. It
provides a very robust notation, which grows from analysis into
design. Certain elements of the notation (e.g., classes, associations,
aggregations, inheritance) are introduced during analysis.Other
elements of the notation (e.g., containment implementation
indicators and properties) are introduced during design.

The Rational Rose product family was developed to provide
developers with a complete set of visual modeling tools to ensure
robust, efficient solutions to needs in the client/server, distributed
enterprise, and real time systems environments.
Rational Rose products share a common universal standard, making
modeling accessible to nonprogrammers wanting to model
business processes as well as to programmers modeling
applications logic. Although it is one of the leading OOCASE
tools, Rational Rose requires considerable improvements in the
support of OO characteristics, prototyping and support for
teamwork development .
Use-Case Diagrams model the user requirements and their
interactions with the system at a very high level of abstraction.
They are very useful for early requirements analysis because they
enforce the identification of the different users and uses of a
system while at the same time being easily understood by
customers .
In addition, Class, Instance, Sequence, Collaboration, Class State,
Activity, and Implementation Diagrams are also present. UML
can overcome most problems and be used to model most aspects
of a system. The activity flow model has been successfully adapted
to industrial projects including a leading German organization in
the banking sector . The UML architectural framework consists of
five views: Use-Case, Design, Implementation, Process, and
Deployment. The contents of each architecture view are shown in
Table 1.

Architecture Style
Contents
Use-Case View Explain System Behavior View for
End User, Analyst, Designer, and
Tester. Specify factors of concrete
system architecture.
Design View Present system service to End User.
Consists of Class, Interface,Collaboration that
make problem and solution area.
Process View Present system ability, flexibility, and
capacity. Consists of Threads and
Process that make system consistency
and synchronize mechanism.
Implementation View Present shape management of
systemic placement. Consists of
Component and File that make
physical system.
Deployment View Present distribution, release, and
settlement view of system physical
part. Consists of Node that make H/
W shape.
UML has been used in the development of business information
systems based on business object components, business process
modeling, and design service components of a
telecommunications management system (including component
generation in a financial enterprise framework ).


UML can be used within the context of a service-based architecture
and component-based process. Use- Cases may be employed not
only to create the architecture but also for testing and as a vehicle
for solution delivery. UML notation can also be used to model
families of systems. UML supports architecture phase
documentation through its development and component
diagrams. Use-Case diagrams may be enhanced by providing
contracts as a formal counterpart . There are two important
relationships among Use-Cases, namely uses and extends which
provide an object-oriented specification technique specially designed
for formalization .

In this paper, we focus on B2B e-commerce. The trend of e-
commerce transactions shows that B2B transactions increased from
8 billion U.S dollars in 1997 to $183 billion U.S dollars in 2001 . In
Japan, it is predicted that the amount in B2B transactions will
reach $680 billion U.S dollars in 2003, while in the USA, it should
reach $1650 billion U.S dollars . Accordingly, only companies that
can manage B2B e-commerce will survive in the global mega-
competition. Electronic Commerce (e -commerce) is the ability to
perform business transactions involving the exchange of goods
and services between two or more parties using electronic tools
and techniques. Electronic commerce can be subdivided into four
distinct categories: Business-to-Business (B2B), Business-to-
Consumer, Business-to- Administration, and
Consumer-to-Administration.
B2B e-commerce has its roots in electronic data interchange (EDI)
networks established between large buyers and suppliers within a
specific industry. Ecommerce enables companies to conduct their
business from prospecting to order processing and delivery on-
line.
B2B e-commerce includes the use of exchanges – internet-based
marketplaces in which companies can purchase or sell a variety of
products, some generic across industries and others specific to a
given industry. Exchange technologies are basically web sites that
use a standard language, XML, to facilitate application to-
application data exchange. XML allows information regarding
orders, purchases, payments, and products to be easily understood
by other computers and makes the benefits of EDI accessible to
organizations of all sizes.
Researchers have conducted several studies and validated the use
of the technology acceptance model (TAM) for building web
applications. Security, audit ability, non-repudiation of transactions,
internet technology for the creation of digital receipt and improved
articulation of digital signatures are important to B2B e-
commerce.They also suggested a method that supports them by
using XFDL (eXtensible Forms Description Language).They
presented a software engineering tool for developing process-
oriented Internet applications that implement e-business
connections.
In Web application development, desirable technologies include
(1) e-commerce as a domain for system development,
(2) PC-based server software as a platform,
(3) HTML as a document design vehicle,
(4) the Common Gateway Interface (CGI),

(5) Visual Basic to CGI and,
(6) a DBMS as a live data source.
We considered several development tools for building web
applications.Client-side processing require Java Applets and
ActiveX components. Server-side processing require CGI, ISAPI,
ODBC, Java, JavaScript, VBScript, ActiveX, and CGI-script (Perl,
C, C++). Other challenges of web application development include
security, content-rich maintenance, integration with legacy systems,
fast development, scalability and load balancing. This paper
considers factors such as ease of use, speed, accuracy, security and
reliability; all essential for building a B2B e-commerce system
successfully.
We used DTDs (Document Type Definitions) and XML elements
to denote the input and output of the service and values.
Figure 1. Basic Flow Chart of Digital Signature

Digital signatures utilize encryption technology and offer such
functions as signer certifications, forgery/falsification identification
and transmission as well as repudiation. Figure 1 is a brief digital
signature algorithm. It first creates a message digest by applying
hash functions on a message that the sender will transmit. The
hashing function creates a code value of regular length (a value
that differentiates each message) by mapping a certain function for
a message.
The code value is created using a single direction function (simplex)
that cannot be used to unencrypted original messages. The sender
encrypts the message with its private key and the message digest
sends it to the receiver. The receiver, using the sender’s public key,
decodes the digital signature. A successful process is the signer’s
certification and transmission repudiation blockade. A message
digest is also created. The receiver creates the message digest in a
separate way as hash function MD5 from the original message
that is received with digital signatures.



the message digest is encoded instead of encoding all messages by
public key encoding methodology, the run time is reduced and the
integrity of the message can be confirmed and forgery and/or
falsification of messages can be prevented.

 
We address the CSF (Critical Success Factors) for building B2B e-
commerce systems in this section. At a minimum, e-commerce
systems should increase the processing speed, accuracy, and
efficiency of business and personal transactions. However, B2B e-
commerce faces problems like partial solutions, rigid requirements,
limited interoperability, insufficient trust and security and a lack of
integration with existing business models.
Therefore, we must consider factors like security, trust and
reputation, legal expertise, speed, reliability, accuracy, efficiency of
business and transactions when building such systems. A scalable
electronic brokerage architecture is required that can, not only handle
the diverse nature of existing and future goods and services, but
also the heterogeneity of the systems and networks deployed by
the various actors (customers, suppliers, brokers,
developers) involved in the supply chain . Adaptive business
objects and controlled interoperability among business alliances
are the key enabling technologies needed to meet the challenge of
integrated value chains.
There are two key security requirements: first, to provide users
with integrated tools that guarantee privacy,security and fair trade
in a framework that protects against criminal behavior and technical
failure. Second,to provide suppliers with an environment that
enables them to freely change the market model they use for trading
digital goods . A role-based access model for e-commerce has
been suggested that separates the organizational models from
applications. Such a model allows for flexible modeling of
organizational policies and dynamic authorization requirements
in a rapidly changing business world .
Collaborative reputation mechanisms can provide personalized
evaluations of ratings assigned to users to predict their reliability.
In this way, negotiation and trading between unrelated parties can
be facilitated. They presented a legal expert system for ecommerce
that provides on-line explanations and reasoning about the use
of trading terms e.g., types of delivery for traded goods in contracts.
We have established the following CSF for building successful
B2B e-commerce systems :
(1) harmonious communication between users and developers ,
(2) reduced processing time of transactions,
(3) reduced processing cost of transactions,
(4) accuracy of business and transactions data,
(5) efficiency of the systems that we are going to implement,
(6) shortened systems development life cycle,
(7) reliability of transactions data, and
(8) security of transmitted data.
3. Empirical Study

A detailed empirical study based on the above stated factors is
presented. The methodology and process described here employs
Use-Case diagrams for requirement analysis and forms the basis
of our research on our best practices contribution.
Figure 2. Process Methodology of Research
For the purpose of establishing a best practice, and based on a
research , we implemented a remote order and delivery web-based
system for an auto-parts manufacturing company. The process
methodology is shown in Figure 2. Myung Shin is a small auto
parts manufacturing company (supplier/vendor) that delivers its
products to several large automobile companies. Myung Shin set
out to build a B2B system that is faster and more convenient. The
main goal was to improve the order and delivery process between
its own company and other remote businesses (contractors).
First, we drew up a scenario that captured the existing order and
delivery system based on the study by Jean-Charles Pomerol as
shown in Figure 3.
Figure. 3 Scenario for building B2B ecommerce systems

The first step in the process is to obtain the user requirements.
Users are presented with a scenario that is refined until they (the
users) are satisfied with the corresponding prototype. All
requirements concerning business and transaction data are also
developed in this step. The next step includes formalizing the
user requirements with Use-Case diagrams (based on event flow
using). These specifications provide easy readability and
understandability of the requirements. An iterative methodology


is followed to ensure that all requirement prototypes and designs
conform to the needs of the users.The order and delivery system
was implemented using UML, XML and digital signatures as
shown in Figure 4. The critical success factors were the controlling
criteria in the implementation scheme 1.


After developing our order/delivery scenario, we developed Use-
Case Diagrams based on the aforementioned scenario and the
user’s requirements with Rational Rose as shown in Figure 4.

When employees A and B of a business company request an
item, the order and delivery system is started. The Use-Case is
shown in Figure 4 and works as follows:
(1) Input ordering data in delivering data input flow is
processed,
(2) Input data is verified,
(3) XML data is sent to the server,
(4) Receiver M logs in at the server,
(5) Verifying employee verifies the received digital signature,
(6) Transaction results in XML documentation being processed,
and
(7) Close Use-1
We use Window 2000 Server, Microsoft Visual C++ 6.0 for
programming and Ms-SQL Server 7.0 as the Database. We
document using XML (eXtensible Markup Language) and use
ASP (Active Server Page) for receiving and ordering data. Also, we
use using RSAEuro encode library, to encode/decode exchanged
messages. To create a message digest, we use a single hash function
MD5. The message switching is created with socket
communication s using a Microsoft Visual C++ 6.0. Rational
Rose tool is used to draw the Use Case diagrams . We use 550Mhz
CPU and 256MB memory system for the server and Intel Pentium
II 500Mhz CPU and 128MB Memory system for the client. Case.
Figure 4. Research Model

If an employee omits an essential item in the order then the input
ordering data will not be processed. If the server does not properly
verify the digital signature that was received, an exception is
generated and the employee responsible for verifying each order
terminates the order.


The DTD (Document Type Definition) must exist in a Global
Repository to verify XML data. Also, XSL (eXtensible Stylesheet
Language) must also exist in the repository to enable expression
of XML data.

First, the order and delivery system of employee A, B and Receiver
M go ahead of all. Second, Use-Case Diagram needs to maintain
Internet connection because of Internet based programs. Third,
the database server has to exist to manage transaction data.

Though the Use-Case is closed, the document ordered and
delivered off-Line has to be processed continuously. And, an order
and delivery business of physical goods must be processed
continuously.

Figure 5 is the context diagram of the system. The proposed B2B Figure 7. Delivery data input screen
system exchanges only server programsand encoded files while 
communicating with other business companies. Only certified employees can execute the client program for security
reasons. Figure 7 shows the screen to input the data that is to be
delivered. The data is stored in XML format on the client when
the Order button is clicked and is validated against the DTD. The
screen in Figure 8 confirms validation by web browsers on the
client application by referring to the DTD that was saved in the
global repository.

Figure 5. The B2B System Context Diagram.

The XML documentation is transmitted by using a socket on the
application. The DTD and XSL are saved in a global repository
and are used by the web browser’s parser for validation based on
the information in the XML documentation itself that is sent and
received as shown in Figure 5.

Figure 8. The screen that confirms input data in client

Figure 6. Information with which XML documentation is
preserved
The first row of Figure 6 shows that the Korean language is used
as the encoding language. The version number is also indicated.
The second row specifies the name of the XML documentation
and the location of the global repository where the DTD is saved.
If the input data wasn’t in accord with the DTD, an error is
displayed.By clicking the Sign button in Figure 8, digital signature
files are created that are translated to XML data for
transmission.Figure 9 is a dig ital signatures file that applies the
digital signatures algorithm (MD5 hash algorithm) of the
RSAEuro encoded library and adopts a 1024-bit
password key to a message digest file. Figure 9 shows a screen that
is opened as a text editor. It is formalized as a length of 64byte. If
we click the Send-Quit button (Figure 8), XML data and the digital
signature are transmitted to the server.


 
Figure 9. Digital signature of 64-byte length

On the server side, we receive an XML file and a digital signature
file simultaneously from the client through the course of Figure
9. Decoding the digital signature file with the public key of sender
(obtained from an earlier exchange) produces the message digest.
After decoding the message digest and the digital signatures that
were created from XML data, we compare these message digests
with each other. If the compared results are the same, the
transaction is certified.Figure 9 confirms the digital signature by
the algorithm that is in the RSAEuro library, and when the received
digital signature is inconsistent, an error message is displayed while
at the same time the operation is stopped. Figure 10 is the
employee’s certification screen that enables access to the global
repository which can then be used to identify the received XML
Figure 10. Employee’s certification screen
data at the server.
Figure 11 is the screen that displays the XML documentation that
was delivered, after the digital signature has been verified and the
data validated against the DTD and the XSL in the global
repository.

 First, communication between the developers and the users
was harmonious. That is, by producing conceptually and
physically visualized and specified output using Use-Case


 
 Diagram and XML, the communications between developers
and employees were improved.
 Second, processing time of the business and employee’s
transaction data was reduced. In the past, employees
managed order and delivery documents by writing directly on
paper. Moving the order and delivery system onto the
Internet reduced the time needed to process business/
employee’s transaction data.
 Third, the processing cost was reduced. This conclusion is
based on the annual salary of an employee.Namely, we
compared between the times when the B2B e-commerce
system wasn’t and was implemented. There was a cost
savings of roughly $12,000 USD per month.
Figure 11. Delivered XML documentation
 Fourth, the accuracy of transaction data was improved
resulting in less rework . The system was more responsive
(i.e., interactive) and therefore employees were less apt to
commit errors (the user interface provided a more intuitive
environment). For these reasons, the accuracy of transaction
data input to the system (e.g., auto parts codes were
tabulated) was greatly improved.
 Fifth, efficiency of the system was improved. Unit
components were designed by separating concerns into
functions. In this way, the system designed was extensible
and reusable. Perfective and corrective maintenance were
greatly simplified by this component based object-oriented
approach. Consequently our system evolved into a more
usable and ultimately more efficient system.
 Sixth, the development life cycle for the system was
shortened by applying our development methodology, a
combination of SDLC (System Development Life Cycle) and
PDLC (Prototyping Development Life Cycle).
 Seventh, the reliability of the system was improved. Errors
were reduced because employees retrieved the relevant auto
parts (and other information) from tables stored in memory


and without input through keyboard when they worked on
an order/delivery.
 Eighth, we ensured security of transmitted data by using
digital signatures while transmitting data. This enabled
authentication of identity and repudiation of forgery/
falsification.

In this paper, we have described the implementation of a B2B e-
commerce system for the order and delivery of auto parts.
Requirements analysis was carried out using scenarios and
formalized using Use-Case diagrams. Digital signatures were
employed for implementing security. Order and delivery
documentation was made simple and clear through the use of
XML. Eight critical success factors were used as controlling
parameters while building the application.
The implementation approach preserved and promoted
harmonious communication between the users and developers.
The end product achieved a reduction in the processing time of
transactions, reduced processing cost including improved accuracy,
efficiency and security of transmitted data. Also, the strategy
seemingly shortened the System Development Life Cycle.
In general, the typical B2B e-commerce characteristic is
heterogeneity, especially in the types of product information that
is needed. Strategies for the successful implementation of such
systems depend on both the standardization and the
accommodation of such heterogeneity. For future work, the tools
that we are considering for accomplishing this include XML, DTD
(Document type definitions), ICE (Information and Context
Exchange), and CBL (Common Business Library). Further research
on the convergence of XML technologies and software engineering
will also be done. They claim that the strengths of middleware
and markup languages are complementary. They expect this
combination to be used in the future for distributed systems
where complex data structures need to be transmitted between
distributed off- the-shelf components and semantic
transformations performed.They present a formal basis for syntactic
structures and semantics of core UML class constructs, and also
provide a basis for reasoning about UML class diagrams in their
paper. They translate UML class constructs to Object-Z constructs
as being based on this formal description. Also present RoZ, an
automated tool for generating a Z formal specification An XML
web environment for projecting integrated formal models (TCOZ:
Integrated model of state-based Object-Z and event-based Timed
CSP) to UML diagrams and several ways of using UML for
designing effective software architectures have been suggested .In
the future, we plan on building a B2B e-commerce system using
Advanced Visual Modeling Technique and Object-Z. Study of a
natural language processing technique for semantic modeling of
user’s requirements will also be undertaken.
