Savitribai Phule Pune University

Third Year of Computer Engineering (2015 Course)

310244: Information Systems and Engineering Economics

Unit-1 Basic of Management Theory & Practices

Syllabus:- Role of Information Systems in Organizations, The Information System

Manager and his challenges, Concepts of Information Systems, Information Systems
and Management Strategy Case Studies - May Include Information Systems in the
Indian Railways, Information Systems in an e-Commerce Organization.

Purpose of Information Systems

The purpose of an information system is to empower its users. There is a wide

difference in a simple database which stores data and return it to its users upon
request. A database can be created in a way that manages and retrieves information in
a sorted manner. This information can help make decision at various levels within an
organization. Information system recognize that there are different levels of workers in
an organization who have their specific duties and thus provides them information is
different ways (Heinrich, 2002). Its purpose is to make sure that the users of the system
are quickly able to access, comprehend, and react to the information provided to them.
Wiseman (1985) mentions that the information system improves business functionality
by automating some of the fundamental information procedures. He further mentions
that the information system increases the effectiveness of the management by
satisfying their information demands.
Information demands of businesses vary at different organizational levels. Various
business functions at strategic, tactical and operational level have different types of
subsystems of information system to serve their information demands. Some of the
commonly used subsystems are as follows:

• Management Information Systems (MIS)

• Decision Support Systems (DSS)
• Knowledge Management Systems (KMS)
• Expert Systems (ES)
• Executive Information Systems (EIS)
• Transaction Processing Systems (TPS)
• Accounting Information Systems (AIS)

E-commerce

An important component of the information and communication technology and

indeed one of its most momentous impacts is the provision and empowerment of
electronic commerce. Electronic commerce is a process of buying and selling of
products or services by means of electronic systems involving the Internet and e-mails .
Commercial activities performed through e-commerce are either business-to-business
(B2B) or business-to-consumers (B2C). E-commerce is a very cost-efficient mode of
conducting business-to-consumers commercial activities (Graham 2008). E-commerce
allows economic agents to reduce the transactional cost to a great extent (Porter 2001).
Instead of internal hierarchies, it empowers the market itself to organize economic
activities, which in turn increases the efficiency of the not just the business but across
the entire commodity chain (Malone et al. 1987).

E-commerce creates a dimension of ‘spacelessness' for economic activities which is one

of its most distinctive features. Since the emergence of the Internet and increasing use
of e-commerce, the imminent “death of distance” and creation of an ‘eight continent'
has been highlighted by researchers which is spurred by the increasing trade and
commerce activities conducted electronically. They assert that constraints such as
space and distance are becoming less significant for conducting economical activities
(O'Brien 1992; Cairncross 1997). A large literature exits regarding various firms having
used e-commerce to achieve competitive advantage by finding new and distant
customers (for example see Daniel and Grimshaw 2002; Hamill and Gregory 1997; Kim
and Mauborgne 1999; O'Keefe et al. 1998; Poon and Swatman 1999). Thus information
systems also serve the purpose of communication with external business entities for
trade and commerce activities.

Analysis of the problems of gathering data and analysing information

Information systems are a vital tool in achieving competitive advantage for a business
by properly managing and analysing the information. However there are many security
concerns that have being in the corporate agenda since its early usage. Today
organizations are challenged by various and complex information security matters for
handling distributed computer networks. Large amount of e-commerce activities,
increased usage of internet, and ever changing technologies means new threats and
risks and vulnerabilities for businesses as more and more business functions and
procedures are becoming paperless. For this purpose, right controls are required within
an organization to reduce the risks and ensure effective functioning of the information
systems Sushil & Leon, 2004).
Information Systems requires certain controls to be implemented for its smooth and
effective functionality (Boczko, 2007). Information security managers can put these
controls in place to ensure the system is secure against threats, exposure, and risks.
(Gertz, 2003).

• A threat can be any possible unwanted occurrence or event that could harm the
Accounting Information System or the business.

• The exposure is the possible loss of money that would occur as a result of the threat
becoming a reality.

• The risk is the chance that the threat will become reality.
The controls that secure information systems against unfavourable outcomes are as
follows:

• Preventive Controls

• Input Controls; Input controls checks upon the information that is being entered into
the system.

• Processing Controls; Processing controls checks whether the data is processed

properly after it is entered in to the system.

• Output Controls; The output controls ensure the completeness, validity, and accuracy
of the data in various output mediums.

• Storage Controls; The storage controls ensures that the data in stored in such a
manner that it cannot be tampered with.

• Files Controls; Files controls reduce the errors that occur due the improper storage of
files.

• Hardware Security; Hardware security control is very important as any damage or

harm to the hardware would mean that the failure of the system therefore the
hardware for the information system must be kept in a secure place and with only
reliable and relevant personal having access to it. Proper protection against high
temperature or power failures and incidents should be made along with backup
support.

• Standardization; Standardization controls involves usage of already laid down

standards by the developers and operators for the methodology of the system
development and operation respectively.

(Basset, 1993)

• Detective controls

• Testing; Testing is required to detect any problems occurring in the system and is thus
performed before it is made operational. Testing can shows problems that can occur in
the processing and any other errors. It is recommended that testing should be
performed on a routine basis or after any new developments.

• Training; the training of the data processing staff ensures proper functioning of the
system. The awareness of the staff also helps in pointing any defects in the system
which could then be resolved.

• Operation Controls; Operation controls in Dean Plc are controls which record what
computer systems and the employees have been doing. The operational controls can
include tasks such as rotation of shifts, duty logs, manual of operating instructions,
attendance controls and computer logs, etc. which can referred to whenever a problem
is reported.

(Basset, 1993)

• Corrective controls

• When any problem in the system is detected, the management along with the help of
Business Analysts and Expert can take relevant steps to correct the problems in the
system.

• Certain procedure can be set for reoccurrence of the problems.

Apart from security concerns, there are several other challenges and issues associated
with managing information systems. These are:

• Increase costs of a technological solution (developing, implementing and maintaining

of the information technologies and systems)

• Reliability for certain processes (information systems require thorough testing before
they could be used and are difficult prone to errors leading to potential losses)

• Software tools are not fixed but constantly evolving (information communication
technology tools require timely upgrades to meet prevailing standards)

• Integrating digital and non-digital sales and production information (for e-commerce
activities)

• Customer fear of personal information being used wrongly (privacy issues)

• Customer have high expectations regarding efficiency and real time responses

• Vulnerability to fraud and other crimes

• Higher employee training required to effectively using the information technology.

Another technological concern regarding information technology is the high volume of

data generated from its use and its management. Organizations are required to create
robust middleware application that are capable of handling the high amount of data
and route it to the appropriate information systems in a timely manner (Ngain and
Gunasekaran 2009).

Major sources of relevant data used for management information systems

As mentioned previously, businesses and organizations have a variety of information

requirements. Executives at strategic level require information to help them with their
planning and strategic decision making. They require a summarized form of information
that can give an overview of the business. Middle management requires more detailed
information in order to oversee and control business activities. Operational level
employees need basic routine information to carry out their day to day duties.
Therefore, businesses have several information systems working altogether at the same
time. Different information systems have different sources of gathering data according
their purpose. The following presents a list of most commonly used information system
and their likely sources of data and users.

Executive Support Systems

Executive Support System helps the senior management of an organization in making

strategic decisions. Executive Support Systems shows the status of all key business
activities and involves large data analysis to help strategic decision making. Therefore, it
is likely to have information from all the internal and external sources which is
gathered, analysed and summarized for strategic decision making. Internal sources
include information collected from other information systems. External information
system can include external data gathered by e-commerce activities, external market
analysis and etc.

Management Information Systems

Management information system is concerned with the summarized data of the

business transactions that helps middle management to monitor business activities.
Therefore it is likely to have information from all the internal sources such as
transaction processing systems. It summarizes information into management reports.

Decision-Support Systems

Decision Support Systems are designed to assist middle and top level management in
making decisions at uncertain conditions. It informs the user about the possible
consequences of their decisions. It gathers internal information to analyse the available
options and alternatives. It has a predefined set of logic which is part of its design. It
uses complex tools spreadsheets, and databases for creating ‘what if' models.

Knowledge Management Systems

Knowledge Management Systems are created to help organizations and businesses

create and share information. The source of such information systems is typically the
employees who create new knowledge through their own expertise and then share it
along with others within an organization. This share pool of information is created to
search new commercial opportunities. Examples of such information systems are web-
portals and Intranet portals created by professional lawyers, management consultants
and etc. these information systems categorize and distribute information efficiently
among users. Information could be contained in any form and formats such as word
processed documents, presentations, web pages and etc.
Transaction Processing Systems

Transaction Processing Systems are created to process daily repetitive activities and
transaction in an automated efficient manner. The automation increases the accuracy
of the information. A business usually involves several reoccurring transactions.
Therefore, there are several Transaction Processing Systems such as Billing systems,
Payroll systems, Inventory management systems, etc. The sources of these information
systems are the employees at the operational level or the organization. Sometimes
automated identifications are also used to input data to these systems such as Radio
Frequency Identification.

Office Automation Systems

Office Automation Systems are tools that help improve the productivity of employees
processing data. Such systems usually work as standalone programs and do not link
data to other information systems. Examples of such systems include Microsoft Office
Tools, and Computer Operating Systems.

Role of Information Systems in Organizations,

Information systems play a vital role in an organizations’ overall performance. They

provide many advantages to their users which range from simple transaction processing
at the operational level to difficult tasks such as making important and competitive
decisions at the strategic level of the organization. Several roles played by information
systems in an organization can be identified but O’Brien and Marakas (2008) have
identified three fundamental roles played by information systems in businesses. These
are; Information systems support business processes and operations. Secondly, they
support decision making of employees and managers and lastly, they support strategies
for competitive advantage. These three fundamental roles encompass any other roles
played by information systems in an organization.

Information systems support business processes and operations of an organization in

many ways. In a hotel for instance, customer check - ins and check-outs are done by
computers and software which makes work easy unlike the traditional method of using
notebooks and paper to record such information. Customers can now even make their
own bookings through the hotels website instead of visiting the hotel in person to do
so, which may lead to pressure on front office staff. Systems have now been developed
to gather customer information easily and quickly. Now, because of information
systems, the various departments of an organization work together with ease. The
housekeeping department of a hotel can now inform the front office about which
rooms areready for use and which are not, without personal interactions of staff as a
result of information systems. The running of an organization has now
becomesmoother with well integrated information systems.

Information systems also help employees and managers of a business to make well
informed decisions. This is because information systems have the capability of analyzing
data that has been collected from both within the organization and from external
sources into useful information which can be used by employees and managers in their
decision making process. Decision-making isan integral part of management and occurs
in every function and at all levels.

Decisions are better made when accurate information is available which aids the
decision maker in making an objective decision (Terry Lucey 2005). Information systems
types like Management Information System (MIS), Decisions Support Systems (DSS) and
Executive Information Systems (EIS) are specially designed to help management of an
organization in their decision making process. These systems generate typical reports
and graphs on issues such as trend of orders, customer analysis, product profitability,
finished stock positions and forecasts, accident and absentee reports, job evaluation
reports and many more. Managers and employees use these reports and graphs as a
basis for their decisions. For example, decisions on which meals that need to be added
or removed from a hotel menu may be taken by the food and beverage manager after a
typically analysis is made by the help of a Decisions Support System.

Finally, information systems also support strategies for competitive advantage.

Competition in today’s business is keen and what will become important is how quickly
companies can convert their reams of information they collect into knowledge so that
they can provide services and products that are ahead of their competitors. Strategic
information systems can help provide hospitality operations with the innovative
mediums they need to provide products and services that will give them comparative
advantage over their competitors. Nhyiem et al (2005) observes that, in the hospitality
industry, competitive advantages may result in increased room sales ( through efficient
reservation systems and organisational websites), decreased cost of goods ( through
reduction in operating cost and less expensive distribution channels), brand
awareness(through effective advertising campaigns targeted at the appropriate
customer and delivered through the most appropriate cost effective medium), good
customer-organizational relationship (by keeping database of customers and their
needs)and effective decisions making that are timely.

Organizations strive to be market leaders in their given industry. In climates where

factors such as recession, inflationary pressures and increased competition can hinder
the achievement of this goal, companies look for strategies that lead to competitive
advantages. One such strategy is the adoption of information systems within the
company. Information systems help a company make adequate use of its data, reduce
workload and assist with compliance with various mandatory regulations.

Information Storage and Analysis

At the date of publication, many companies no longer manage their data and
information manually with registers and hard-copy formats. Through the adoption of
information systems, companies can make use of sophisticated and comprehensive
databases that can contain all imaginable pieces of data about the company.
Information systems store, update and even analyze the information, which the
company can then use to pinpoint solutions to current or future problems.
Furthermore, these systems can integrate data from various sources, inside and outside
the company, keeping the company up to date with internal performance and external
opportunities and threats.

Assist With Making Decisions

The long-term success of a company depends upon the adequacy of its strategic plans.
An organization’s management team uses information systems to formulate strategic
plans and make decisions for the organization's longevity and prosperity. The business
uses information systems to evaluate information from all sources, including
information from external references such as Reuters or Bloomberg, which provide
information on the general economy. This analysis of and comparison to market trends
helps organizations analyze the adequacy and quality of their strategic decisions.

Assist With Business Processes

Information systems aid businesses in developing a larger number of value added-

systems in the company. For example, a company can integrate information systems
with the manufacturing cycle to ensure that the output it produces complies with the
requirements of the various quality management standards. Adoption of information
systems simplifies business processes and removes unnecessary activities. Information
systems add controls to employee processes, ensuring that only users with the
applicable rights can perform certain tasks. Further, information systems eliminate
repetitive tasks and increase accuracy, allowing employees to concentrate on more
high-level functions. Information systems can also lead to better project planning and
implementation through effective monitoring and comparison against established
criteria.

Considerations

Implementing information systems within an organization can prove to be costly.

Implementation costs include not only installation of the systems but also employee
training sessions. In addition, employees may see the adoption of information systems
as an unwarranted change and, thus, may resist this change. Resistance to change can
hinder business operations and can cause employee turnover. Companies should have
leadership in place to assess the adequacy of the decision to have an information
system and to guide the company through the transition phase and weigh information
systems cost against the potential benefits.

To gain the maximum benefits from your company's information system, you have to
exploit all its capacities. Information systems gain their importance by processing the
data from company inputs to generate information that is useful for managing your
operations. To increase the information system's effectiveness, you can either add
more data to make the information more accurate or use the information in new ways.
Communication

Part of management is gathering and distributing information, and information systems

can make this process more efficient by allowing managers to communicate rapidly.
Email is quick and effective, but managers can use information systems even more
efficiently by storing documents in folders that they share with the employees who
need the information. This type of communication lets employees collaborate in a
systematic way. Each employee can communicate additional information by making
changes that the system tracks. The manager collects the inputs and sends the newly
revised document to his target audience.

Operations

How you manage your company's operations depends on the information you have.
Information systems can offer more complete and more recent information, allowing
you to operate your company more efficiently. You can use information systems to gain
a cost advantage over competitors or to differentiate yourself by offering better
customer service. Sales data give you insights about what customers are buying and let
you stock or produce items that are selling well. With guidance from the information
system, you can streamline your operations.

Decisions

The company information system can help you make better decisions by delivering all
the information you need and by modeling the results of your decisions. A decision
involves choosing a course of action from several alternatives and carrying out the
corresponding tasks. When you have accurate, up-to-date information, you can make
the choice with confidence. If more than one choice looks appealing, you can use the
information system to run different scenarios. For each possibility, the system can
calculate key indicators such as sales, costs and profits to help you determine which
alternative gives the most beneficial result.

Records

Your company needs records of its activities for financial and regulatory purposes as
well as for finding the causes of problems and taking corrective action. The information
system stores documents and revision histories, communication records and
operational data. The trick to exploiting this recording capability is organizing the data
and using the system to process and present it as useful historical information. You can
use such information to prepare cost estimates and forecasts and to analyze how your
actions affected the key company indicators.

Challenges Facing Today’s Information System Development

The world today runs on various information systems. Information Systems
functionality is increasingly becoming a necessity and not an option. Imagine a
company that relies on e-commerce that has its website taken down due to software
failure and security issue. This fault in the software can make the company lose
thousands if not millions of dollars in revenue. Thus, robustness and security of the
system are equally important to ensure system confidentiality, integrity and availability
(CIA). The two main challenges facing today’s information systems are operational and
technical challenges. These challenges must be addressed from the very beginning to
ensure software projects do not fail.

Operational Challenges

Perhaps designing information systems software may have become easier than what it
was in the past, however, operational challenges have become even more demanding.
Some of the key operational challenges facing today’s information system’s
development include:

Bad Communication: Lack of understanding/planning for customer,

organization and other stakeholders requirements/needs for the project.
Unclear Requirements: When requirements are not clearly identified, this
will lead to change of requirements during middle of the project which will
increase project delivery time and anger many customers.
Increasing Cost: All of this will lead to added labor and project cost. Thus
making the project less profitable and takes away interest from stakeholders.
Delayed Project Delivery: The result of what mentioned above will cause
project milestones to be pushed back and a potential software with less
functionality than what agreed upon in the beginning agreement with the
client.
Market Pressure: Another important aspect is the rapid development of
software to meet the ever-changing market demands.

In order for the project to succeed from an operational perspective all stakeholders
including the end-user (customers), managers who influence direction and budget, and
software developers must be in full collaboration to ensure successful delivery of the
new information system.

Technical Challenges

The other main and important part of information system’s development challenges are
the technical challenges. Technical challenges determine the true system functionality,
reliability and availability. Today’s information systems challenges include:

Knowing the Technical needs: This is about understanding programing

languages, the frameworks, the systems and the algorithms needed for a
particular information system to be successful. An important factor today is
making sure that your web based information system works on all browsers
 and devices. It is also about knowing your developers programming expertise
and using that to your advantage.
Right Design Patterns: Identifying the right design patterns for your
information system software and establishing an actual design review, quality
evaluation criteria and design management is something highly neglected
today because of the time and effort it takes.
Quality Control: Sometimes codes are not built with a "sanity in mind" which
can lead to significant challenges in the future. Building quality and
maintainable code that can scale to multiple systems to serve millions and
millions of customers is a key challenge today if addressed can save the
company from catastrophes and put them ahead of their competition.
Security: Security is highly important especially with today’s cyber warfare
and attacks. Ensuring no leaks are open during information system
development is key in safeguarding your customer and employee private
data. Educating your employees about reverse engineering is also another
key important thing that developers and technical staff overlook.
Always Debugging: You're always on the lookout in fixing logical errors,
debugging those infinite loops or divide by zero bugs in the code. According
to Linu’s law, always have enough eyeballs to lookout for bugs in the system.

These challenges and many more should be properly addressed and defined way before
programmers even start coding. The key takeaway in production quality is to have a
polished/optimized/efficient program with strong business logic and always tested and
documented information system development project.

The Information System Manager and his challenges:-

Top Three Problems IT Managers Face and How to Overcome Them

oday's business environment has changed drastically from just a few years back. Rather
than working exclusively with equipment, data, and systems, today's IT managers face
issues such as cross training, personnel management, interdepartmental
communication, and a widening job scope for all IT employees.

This expansion of the IT job realm has left many IT managers juggling new challenges.
While the problems, in and of themselves, might appear overwhelming, there are
simple, proven ways to rise above them.

Problem #1 - Tough Data Flow

Information often flows irregularly and is subject to quantitatively strong fluctuations.

These fluctuations can become detrimental if not dealt with. The simple solution is to
control the information.
Officially, "information controlling" is the analysis, evaluation, and importance attached
to the electronic data that is collected and provided with the data under various
criteria.

To achieve this, start by making employees aware of the importance of the data they
help to gather. Encourage accuracy and demonstrate to employees how their active
participation in the process can reap rewards they might not have thought of.

Because your job as IT manager will continue to get more and more hectic, you'll want
to continually look for ways to improve speed and quality while reducing rising costs.

Problem #2 - Rising Costs

Rising costs are a challenge for any manager. They are especially troubling to an IT
manager working in the electronic data processing area.

Industry experts show that, despite various "old systems" existing, resources are only
used at about 30% of their optimal performance. This leaves room for 70%
improvement without an excessive outlay of cash.

To increase ROI using existing resources, consider:

I. Conducting a survey of departments.

Ask what their primary challenges are with the existing systems. The majority of the
time the solutions lie within untapped features of existing resources. Search the
systems for solutions and provide them.

II. Getting clear definitions of problems.

Oftentimes, employees may not know how to communicate the problems they face in
"IT language." This may relate to an ill-suited solution. Take time to work with
employees or department heads to clearly outline challenges so you are equipped to
find solutions more quickly and accurately.

III. Looking for ways to integrate.

A smooth flow of information always increases productivity. When possible, work to

find ways to integrate existing systems. With a little ingenuity on your part, and a little
creativity, you can develop solutions without budget increases.

Problem #3 - Insufficient Sensitivity Concerning Data Security

As the complexity of electronic data processing increases, security often decreases. Not
only does this pose problems in the form of breaches, it also has legal ramifications
with regard to licenses.

From healthcare companies to financial organizations, the US government is cracking

down on lax security. The smart IT manager is taking steps now to not only stress the
importance of security to those in his/her company, but to also instill the necessary
protective measures.

To help others within your organization understand how sensitive certain data is, create
a memo or site page explaining:

what security measures are currently in place,

why these measures exist,

the consequences (internally and externally) for not following security procedures,
and

whom to contact with questions/issues regarding security.

Although an IT manager's job is continually evolving and becoming more challenging,

there are ways to overcome pressing problems. By looking at each situation from a
variety of angles, you'll be able to define problems quickly and accurately, and then
offer solutions that will benefit you, your team, and your entire company.

Concept of Information System

By Wiki[pedia:- An information system (IS) is an organized system for the collection,

organization, storage and communication of information. More specifically, it is the
study of complementary networks that people and organizations use to collect, filter,
process, create and distribute data.[according to whom?]

"An information system (IS) is a group of components that interact to produce

information."[1]

A computer information system is a system composed of people and computers that

processes or interprets information.[2][3][4][5] The term is also sometimes used in more
restricted senses to refer to only the software used to run a computerized database or
to refer to only a computer system.

Information systems is an academic study of systems with a specific reference to

information and the complementary networks of hardware and software that people
and organizations use to collect, filter, process, create and also distribute data. An
emphasis is placed on an information system having a definitive boundary, users,
processors, storage, inputs, outputs and the aforementioned communication
networks.[6]

Any specific information system aims to support operations, management and decision-
making.[7][8] An information system is the information and communication technology
(ICT) that an organization uses, and also the way in which people interact with this
technology in support of business processes.[9]

Some authors make a clear distinction between information systems, computer

systems, and business processes. Information systems typically include an ICT
component but are not purely concerned with ICT, focusing instead on the end use of
information technology. Information systems are also different from business
processes. Information systems help to control the performance of business
processes.[10]

The six components that must come together in order to produce an information
system are:

1. Hardware: The term hardware refers to machinery. This category includes

the computer itself, which is often referred to as the central processing unit
(CPU), and all of its support equipments. Among the support equipments are
input and output devices, storage devices and communications devices.

2. Software: The term software refers to computer programs and the manuals
(if any) that support them. Computer programs are machine-readable
instructions that direct the circuitry within the hardware parts of the system
to function in ways that produce useful information from data. Programs are
generally stored on some input / output medium, often a disk or tape.

3. Data: Data are facts that are used by programs to produce useful
information. Like programs, data are generally stored in machine-readable
form on disk or tape until the computer needs them.

4. Procedures: Procedures are the policies that govern the operation of a

computer system. "Procedures are to people what software is to hardware"
is a common analogy that is used to illustrate the role of procedures in a
system.

5. People: Every system needs people if it is to be useful. Often the most over-
looked element of the system are the people, probably the component that
most influence the success or failure of information systems. This includes
"not only the users, but those who operate and service the computers, those
 who maintain the data, and those who support the network of computers."
<Kroenke, D. M. (2015). MIS Essentials. Pearson Education>

6. Feedback: it is another component of the IS, that defines that an IS may be

provided with a feedback (Although this component isn't necessary to
function).

Types of information system

The "classic" view of Information systems found in the textbooks [18] in the 1980s was of
a pyramid of systems that reflected the hierarchy of the organization, usually
transaction processing systems at the bottom of the pyramid, followed by management
information systems, decision support systems, and ending with executive information
systems at the top. Although the pyramid model remains useful, since it was first
formulated a number of new technologies have been developed and new categories of
information systems have emerged, some of which no longer fit easily into the original
pyramid model.

Some examples of such systems are:

data warehouses

enterprise resource planning

enterprise systems

expert systems

search engines

geographic information system

global information system

office automation.

The first four components (hardware, software, database, and network) make up
what is known as the information technology platform. Information technology
workers could then use these components to create information systems that
watch over safety measures, risk and the management of data. These actions are
known as information technology services. [19]

Certain information systems support parts of organizations, others support entire

organizations, and still others, support groups of organizations. Recall that each
department or functional area within an organization has its own collection of
application programs, or information systems. These functional area information
 systems (FAIS) are supporting pillars for more general IS namely, business
intelligence systems and dashboards[citation needed]. As the name suggest, each FAIS
support a particular function within the organization, e.g.: accounting IS, finance IS,
production/operation management (POM) IS, marketing IS, and human resources
IS.

In finance and accounting, managers use IT systems to forecast revenues and

business activity, to determine the best sources and uses of funds, and to perform
audits to ensure that the organization is fundamentally sound and that all financial
reports and documents are accurate. Other types of organizational information
systems are FAIS, Transaction processing systems, enterprise resource planning,
office automation system, management information system, decision support
system, expert system, executive dashboard, supply chain management system,
and electronic commerce system. Dashboards are a special form of IS that support
all managers of the organization. They provide rapid access to timely information
and direct access to structured information in the form of reports. Expert systems
attempt to duplicate the work of human experts by applying reasoning capabilities,
knowledge, and expertise within a specific domain.

Information Systems and Management Strategy Case Studies:- Indian

Railway
The Centre for Railway Information Systems (CRIS) designs, develops, implements and
maintains most of the important information systems of Indian Railways. It is located in
Chanakyapuri, New Delhi. CRIS was established in 1986 by the Ministry of Railways of
India.

In 1982, Indian Railways (IR) set up a central organisation (COFOIS) to computerise

freight operations.

In 1986 the Ministry of Railways saw the need for a dedicated, autonomous
organisation and established CRIS, an umbrella organisation for all information
technology-related activities on Indian Railways.

It was entrusted with the task of designing, developing and implementing the Freight
Operations Information System (FOIS) and its communications infrastructure. CRIS
began functioning in July 1986 as an autonomous organisation headed by an Executive
Director (later redesignated Managing Director).

A unique feature of CRIS is collaboration by IT specialists and railway experts on

deputation from the Indian Railways. Systems managed by CRIS have received
international recognition from Computerworld.[1][2]

Work
CRIS designs, develops, implements and maintains information systems for Indian
Railways. In addition, CRIS has developed, implemented and maintained IT systems for
the Andaman and Nicobar Islands (the A & N Ship Ticketing system). The number of
projects handled by CRIS has increased from three in 2000 to more than 40 by 2016.

Major IR projects

1. Computerisation of the Freight Operations Information System of Indian

Railways: The FOIS enables management and control of freight movement,
optimised asset utilisation and the generation of freight invoices. Many of
IR's larger freight customers pay through an electronic payment gateway
interfaced with the FOIS. About 72 percent of the railway's freight revenue is
paid electronically.[3]

2. Passenger Reservation System (PRS): A nationwide online passenger

reservation and ticketing system, developed and maintained by CRIS, is
developed in C and Fortran on a Digital OpenVMS operating system using RTR
(Reliable Transaction Router) as middleware. Also known as CONCERT
(Country-wide Network of Computerised Enhanced Reservation & Ticketing),
it interconnects the four regional computing systems (in New Delhi, Mumbai,
Kolkata and Chennai) into a national PRS grid. It allows a passenger anywhere
to book train tickets from any station to any station. PRS handles
reservations, changes, cancellations and refunds, reserving over 1.6 million
seats and berths daily. Complex rules, validations and fare-computation
techniques are interwoven in the application. [4]

3. Next Generation eTicketing (NGeT): The Internet-based E-ticketing

reservation system, developed for IRCTC, that connects at the back-end to
PRS.[5]

4. Computerisation of Indian Railways' Unreserved Ticketing System.

Unreserved ticketing is a major component of IR’s ticket volume and an
important source of revenue. UTS delivers fast unreserved ticketing from
dedicated counters, replacing manual printed-card tickets, EFTs and BPTs
with centralised online sales accounting. The architecture integrates with
handheld terminals, smart cards and vending machines.

5. [ National Train Enquiry System] for latest train running times and live train
tracking.[6]

6. [ Web-enabled claims: Web-based software enables the public to file and

track claims online.[7]
7. Rail Budget Compilation System (RBCS): Developed for budgetary input from
Indian Railways zones and production units, RBCS facilitates data capture,
database construction, demand analysis and estimate pruning for the railway
budget.

1. "Case Monitoring System" the Online Peoples' Representatives Demands

Monitoring and Redressal System. Used in Parliament by MR Mukul Roy.
2. "I-Pas" aids the personnel and finance departments. It consists of two
modules: Financial Accounting System (FAS) and Payroll System (PS).
3. Workshop Information SystEm (WISE): A MIS project for railway workshops
around the country. It is in operation in 14 workshops: Kharagpur, Jagadhri,
Ajmer, Kota, Charbagh, Liluah, Kanchrapara, Matunga, Lower Parel, Parel,
Bhusawal, Secunderabad, Lallaguda and Jamalpur. WISE provides report for
workshop management using the ORACLE DBMS, and is being upgraded to an
ERP-based system.
4. Crew management: The Crew Management System (CMS) software provides
real-time railway crew information. Information includes location, status and
train assignments. It also maintains information on time off and continuing
education. The software issues SMS alerts to management and supervisors if
crew levels drop below a level likely to affect train operations. It can book
crew for coach, shunting and freight service. The software supports the
safety monitoring of the crew by inspectors, monitoring crew knowledge
through a quiz administered through kiosks in crew lobbies, and provides up-
to-date safety circulars.
5. Control Office Application (COA): Enables rail-traffic controllers to manage
the trains running in their section, and is operational in all division control
offices. The COA interfaces with other applications (such as NTES) to provide
train information to passengers and managers.
6. E-Procurement System: Provides a secure, fair and transparent method of
materials procurement through a web-based interface. It enables suppliers to
securely upload their tenders to a central server in encrypted form, which
can be decrypted only by authorised railway officials after the tender
opening. All timestamps are authenticated by the National Physical
Laboratory. The system is operational on all zonal railways and units, and has
been extended to CORE, RDSO, RailTel and the Kolkata Metro. E-Auction was
launched in March 2012, and has been adopted by All zonal railways and
Production Units. A payment gateway was implemented in January 2012 and
approx 280 Crore online funds transferred till Feb 2014 . [8]
7. Software for Locomotive Asset Management (SLAM): Under development,
this system will track and allocate electric locomotives.
8. Additional asset-management systems, such as for Diesel locomotives, freight
cars, coaches and track, are under development. An ERP-based system was
implemented at the Integral Coach Factory, Chennai, in January 2012.
 9. Automatic fare-collection and passenger-control systems for Metro Railway
in Kolkata using RFID technology.
10. Freight Maintenance Management(FMM): An ERP and Java based system,
developed to cover Maintenance of Freight Rolling Stock. ERP part is used for
purely maintenance jobs in depots, whereas Java part(known as Central
Application) is used for reporting purpose and other mechanical(only freight)
department related business processes by Divisional and Zonal HQs and RB.
Currently in pilot phase, successfully implemented in Dadri Wagon Depot
(NCR), Tuglakabad Wagon depot (NR) & Dhandarikalan Wagon Depot (NR).
The BPC(Brake Power Certificate) of freight trains in yards under these
depots, are issued through FMM.
11. Locoshed Maintenance Management(LMS): A Maintenance Management
System for Diesel Locos.

The first major project launched came in the year 2000; it was the Internet Querying
system for PRS (Passenger Reservation System). Passengers could check their PNR S S
Mathur, GM – Corporate Coordination, Cris (Centre for Railway Information Systems),
talks about the role that CRIS is playing in bringing the benefits of IT to the Indian
Railways status on the PRS website.

The site continues to be extremely popular with railway passengers. In 2002, the
Unreserved Ticketing System (UTS) was developed in a record time of 8 months and
installed in the Delhi area on 15th August.

Prior to the implementation of UTS, unreserved tickets were in the form of small
purpose-built cards, specially printed for each origin-destination pair of stations.
Disbursing these tickets was a mammoth exercise, requiring mundane and wasteful
effort just to keep the tickets in stock.

Passengers faced crowded and chaotic ticket windows, last-minute ticketing glitches,
and opaque ticket refund rules.

The UTS has eliminated all these bottlenecks by having a centralised database of tickets,
which can be bought in advance from any ticket window.

The introduction of ATVMs (Automatic Ticket Vend-ing Machines) and smart cards has
made ticketing even simpler for Mumbai’s suburban passengers.

Accounting of the money received from remote rural stations, which used to take
months, is carried out by running regular end-of-day routines.

UTS now runs at more than 5500 stations across the country. It accounts for more than
95% of all unreserved tickets sold.
 In a related development, in July 2011, CRIS provided automatic flap-type gates for the
Kolkata Metro along with in-house ticketing software to take over from the aging
turnstiles.

Managing Train Operations

The FOIS system manages the operations of all freight trains in the Railways. Similarly,
the movement and operation of passenger trains is managed by the Integrated Coaching
Management System (ICMS). This system collects online information from 220 major
yards in the country and provides Railway managers with updated information on
passenger train consists, locomotive availability, and maintenance schedules. ICMS was
envisaged in 2003 and implementation was completed in 2008.

Two systems that have changed the way the Railways function internally are the Control
Office Application (COA) and the Crew Management System (CMS).

COA assists each train controller (Section Controller in Railway parlance), located in the
Divisional Control Offices, to manage short-term train movements. Section Controllers
prepare their Control Charts on the COA terminal automatically through the COA
program.

This frees them up to plan train movements more effectively, leading to more
throughputs in each section. The COA provides the controllers with an intuitive interface
similar to the manual chart, with which they are fully familiar. Ultimately, the train
position will get automatically populated in the chart by transmitting GPS location data
from the train locomotive directly into the COA database.

COA also provides spin off benefits to the passengers. COA’s train movement data and
movement forecasts are picked up by the National Train Enquiry System (NTES) to
provide train position to passengers through the NTES website and the 139 call-centre.

The Crew Management System, on the other hand, benefits running staff (Train Drivers
or Loco Pilots, Assistant Loco Pilots, and Guards) by rationalising their working hours,
informing them via SMS about impending duty rosters, and providing them with simple
kiosk-based sign-on and sign-off facilities. Mileage allowances to compensate for their
movement outside their home station are also automatically calculated by this system.

COA was developed in 2005 and remained on trial up to 2007. Thereafter it was
implemented in all 70 Divisional Control offices by 2010. CMS also was developed by
CRIS during this period and implementation in 340 crew lobbies (all but the smallest
ones) was completed

by 2011. Scheduling of passenger trains remains an arcane art in railways worldwide. A

large number of factors need to be optimised in order to prepare a workable yet
efficient train schedule. Apart from passenger trains, freight trains have also to be
provided line capacity to
Maximise freight throughput.

CRIS is in the process of developing the necessary algorithms and programs to enable
the design of optimised and stable train schedules, which maximise efficiency in the
Railway system. Preliminary work on this system is already over and the first version of
the “Sat- sang” (Software aided Train Scheduling and Network Governance) is about to
be rolled out.

Material and asset management systems

Indian Railways buys materials worth well over `15,000 crore annually to maintain its
assets consisting of more than 7000 stations, 112,000 track Km of permanent way (30
percent of it with overhead electrification equipment), 9000 locomotives, 2,25,000
freight wagons, and 45,000 passenger coaches.

Managing the material is a gigantic task. Material management systems comprising

procurement and inventory control functions have been established in all Railway units.
However, it is planned to centralise the Material Management systems.

This onerous task has been awarded to CRIS for implementation, and is targeted for
completion in the next 3 years. In the meantime, a fully automated and secure e-
procurement system had been put in place centrally by CRIS in 2008.

This system has already been used for finalisation of more than 3 lakh tenders, and more
than 14000 vendors are enrolled in it.

The entire application is PKI enabled and completely secure. Railway assets are spread
out across the country. It becomes easy to manage them effectively if geo-spatial data
about the assets is maintained in a central repository.

This aspect has been recently addressed with the initiation of a project for preparation
of a geospatial database and GIS map to cover all of the Railways’ fixed and moving
assets. IT systems in Indian Railway’s Production Units have evolved over the years.

A landmark was reached in March 2012 when a comprehensive SAP-based ERP system
was implemented in the Integral Coach Factory (ICF) after 24 months of design and
development effort. The system provides an integrated view of the organisation for all
levels of managers and staff.

Conclusion

Indian Railways has used Information Technology to improve the experience of

passengers and freight customers. Increasingly, IT applications are being developed to
address internal efficiency and effectiveness. Indian Railways now finds itself in an age in
which rapid assimilation of IT in all walks of life opens up greater opportunities. The
recent acceleration in development and deployment of IT systems is evidence of Indian
Railway’s commitment to the common citizen of India.

Information Systems and Management Strategy Case Studies:- E-

Commerce
Learning Objectives

In this lesson, we will introduce you to e-commerce systems. After you work out

this lesson, you should be able to

➢ Understand the components of an e-commerce system

➢ Explain the trends in e-commerce

➢ Identify the important features of a web storefront

In this lesson, we will discuss the following

➢ E-commerce process

➢ Electronic payment options

➢ Web store requirements

➢ Mobile commerce

Introduction
Electronic commerce or e-commerce refers to a wide range of online business activities
for products and services. It also pertains to “any form of business transaction in which
the parties interact electronically rather than by physical exchanges or direct physical
contact”.
E-commerce is usually associated with buying and selling over the Internet, or
conducting any transaction involving the transfer of ownership or rights to use goods or
services through a computer-mediated network. Though popular, this definition is not
comprehensive enough to capture recent developments in this new and revolutionary
business phenomenon.
A more complete definition is E-commerce is the use of electronic communications and
digital information processing technology in business transactions to create, transform,
and redefine relationships for value creation between or among organizations, and
between organizations and individuals
Types of E-Commerce

The major different types of e-commerce are business-to-business (B2B); business-to-

consumer (B2C); consumer-to-consumer (C2C).

B2B E-Commerce

B2B e-commerce is simply defined as e-commerce between companies. This is the type
of e-commerce that deals with relationships between and among businesses. About
80% of e-commerce is of this type, and most experts predict that B2B e-commerce will
continue to grow faster than the B2C segment.

The B2B market has two primary components e-frastructure and e-markets. E-
frastructure is the architecture of B2B, primarily consisting of the following

➢ Logistics - transportation, warehousing and distribution (e.g., Procter

and

Gamble);

➢ Application service providers - deployment, hosting and management of

packaged

software from a central facility (e.g., Oracle);

➢ Outsourcing of functions in the process of e-commerce, such as Web-

hosting,

security and customer care solutions (e.g., outsourcing providers such as eShare);

➢ Auction solutions software for the operation and maintenance of real- time

auctions in the Internet (e.g., OpenSite Technologies);

➢ Content management software for the facilitation of Web site content

management

and delivery (e.g., ProcureNet); and

➢ Web-based commerce enablers (e.g., Commerce One, a browser-based, XML

enabled purchasing automation software).

E-markets are simply defined as Web sites where buyers and sellers interact with each
other and conduct transactions.

The more common B2B examples and best practice models are IBM, Hewlett
Packard (HP), Cisco and Dell. Cisco, for instance, receives over 90% of its product orders
over the Internet.

Most B2B applications are in the areas of supplier management (especially purchase
order processing), inventory management (i.e., managing order-ship- bill
cycles), distribution management (especially in the transmission of shipping
documents), channel

management (i.e., information dissemination on changes in operational conditions),

and payment management (e.g., electronic payment systems).

B2C E-Commerce

Business-to-consumer e-commerce, or commerce between companies and

consumers, involves customers gathering information; purchasing physical goods
(i.e., tangibles such as books or consumer products) or information goods (or goods of
electronic material or digitized content, such as software, or e- books); and, for
information goods, receiving products over an electronic network.

It is the second largest and the earliest form of e-commerce. Its origins can be
traced to online retailing (or e-tailing). Thus, the more common B2C business models
are the online retailing companies such as Amazon.com. Some of the Indian B2C e-
commerce firms are futurebazaar.com (from Big Bazaar), thehindushopping.com,
indiaverta.com, fabmart.com and so on. Other B2C examples involving information
goods are Travelocity and Expedia.

The more common applications of this type of e-commerce are in the areas of
purchasing products and information, and personal finance management, which
pertains to the management of personal investments and finances with the use of
online banking tools (e.g., Quicken).

B2C e-commerce reduces transactions costs (particularly search costs) by

increasing consumer access to information and allowing consumers to find the
most competitive price for a product or service.

B2C e-commerce also reduces market entry barriers since the cost of putting up and
maintaining a Web site is much cheaper than installing a “brick-and-mortar” structure
for a firm. In the case of information goods, B2C e-commerce is even more
attractive because it saves firms from factoring in the additional cost of a
physical distribution network. Moreover, for countries with a growing and robust
Internet population, delivering information goods becomes increasingly feasible.

C2C E-Commerce

Consumer-to-consumer e-commerce or C2C is simply commerce between private

individuals or consumers.

This type of e-commerce is characterized by the growth of electronic marketplaces and

online auctions, particularly in vertical industries where firms/businesses can bid for
what they want from among multiple suppliers. It perhaps has the greatest potential for
developing new markets.

This type of e-commerce comes in at least three forms

➢ Auctions facilitated at a portal, such as eBay, which allows online real- time
bidding on items being sold in the Web;

➢ Peer-to-peer systems, such as the Napster model (a protocol for sharing

files between users used by chat forums similar to Internet Relay Chat) and other file
exchange and later money exchange models; and classified ads at portal sites such as
Sulekha.com and justdial.com classifieds.

Consumer-to-business (C2B) transactions involve reverse auctions, which

empower the consumer to drive transactions.

A concrete example of this when competing airlines gives a traveler best travel and
ticket offers in response to the traveler’s post that she wants to fly from one place to
another as in www.priceline.com.

Components of a Typical Successful E-Commerce Transaction Loop

E-commerce does not refer merely to a firm putting up a Web site for the
purpose of selling goods to buyers over the Internet.

For e-commerce to be a competitive alternative to traditional commercial transactions

and for a firm to maximize the benefits of e-commerce, a number of technical as well as
enabling issues have to be considered.

A typical e-commerce transaction loop involves the following major players

and corresponding requisites The Seller should have the following components

A corporate Web site with e-commerce capabilities (e.g., a secure transaction

server);
A corporate intranet so that orders are processed in an efficient manner; and IT-literate
employees to manage the information flows and maintain the e-commerce
system.

Transaction partners include

Banking institutions that offer transaction clearing services (e.g., processing credit card
payments and electronic fund transfers);National and international freight companies to
enable the movement of physical goods within, around and out of the country. For
business-to- consumer transactions, the system must offer a means for cost-efficient
transport of small packages (such that purchasing books over the Internet, for example,
is not prohibitively more expensive than buying from a local store); and Authentication
authority that serves as a trusted third party to ensure the integrity and security of
transactions.

Consumers (in a Business-to-Consumer Transaction) who

Form a critical mass of the population with access to the Internet and disposable income
enabling widespread use of credit cards;

Possess a mindset for purchasing goods over the Internet rather than by physically
inspecting items.

Firms/Businesses (in a business-to-business transaction) that together form a critical

mass of companies (especially within supply chains) with Internet access and the
capability to place and take orders over the Internet.

Government, to establish

A legal framework governing e-commerce transactions (including electronic documents,

signatures, and the like); and Legal institutions that would enforce the legal framework
(i.e., laws and regulations) and protect consumers and businesses from fraud, among
others.And finally, the Internet, the successful use of which depends on the following

A robust and reliable Internet infrastructure; andA pricing structure that doesn’t
penalize consumers for spending time on and buying goods over the Internet (e.g., a flat
monthly charge for both ISP access and local phone calls).

Advantages of E-Commerce for Businesses

E-commerce serves as an “equalizer”. It enables start-ups and small- and medium-sized

enterprises to reach the global market.
However, this does not discount the point that without a good e-business strategy, e-
commerce may in some cases discriminate against SMEs because it reveals proprietary
pricing information. A sound e-business plan does not totally disregard old economy
values. The dot-com bust is proof of this.

E-commerce makes “mass customization” possible. E-commerce applications in this area

include easy-to-use ordering systems that allow customers to choose and order
products according to their personal and unique specifications. For instance, a car
manufacturing company with an e-commerce strategy allowing for online orders can
have new cars built within a few days (instead of the several weeks it currently takes to
build a new vehicle) based on customer’s specifications. This can work more effectively
if a company’s manufacturing process is advanced and integrated into the ordering
system.

E-commerce allows “network production.” This refers to the parceling out of the
production process to contractors who are geographically dispersed but who are
connected to each other via computer networks. The benefits of network production
include reduction in costs, more strategic target marketing, and the facilitation of selling
add-on products, services, and new systems when they are needed. With network
production, a company can assign tasks within its non- core competencies to factories all
over the world that specialize in such tasks (e.g., the assembly of specific components).

Payments on Internet

Most of online purchases are paid for by a credit card. Merchants like credit card
payments because an instant authorization guarantees that the card is valid (as opposed
o a check which may bounce). Customers like paying by credit cards because they can
easily cancel a transaction in case when they don’t receive products or services
according to the agreement in the transaction.

While some of credit card payments for online services are performed by phone, most of
such payments are made by filling in an online form.

Credit card information submitted by the customer is sent to the bank which has issued
the credit card to verify.

If the transaction is approved, the merchant notifies the customer that the order has
been placed. The actual transfer of money from the credit card bank to the merchant
may happen in a few hours, or even in a few days.

Merchants who accept credit card payments pay fee (between 1 and 7 percent of the
card charge) for each card charge. In addition, in some cases merchants pay
authorization fee for each credit card authorization attempt, as well as other fees
related to credit card processing.
In case when a customer is not satisfied with the product or a service, or for other
reasons, merchants may issue a refund or a charge-back to the customer’s account.

Technical Issues

There are several technical issues involved in online credit card payments as described
below

Quick Check for Typos

Since the merchant may be charged for each credit card authorization, it is convenient
to check that the credit card number makes sense before sending it to the issuing bank
to authorize.

There is an easy algorithm to verify a credit card number the last digit of the credit card
number is computed from the other digits using a simple procedure. The details are
given here.

The algorithm is public, and therefore can be used only to catch typos and disallow
random data, but not to check the validity of a credit card number.

Authenticating the User Protection from Customer Fraud

Since the card is not physically present during the transaction, it is practically impossible
for a merchant to distinguish a legitimate credit card user from a thief. In online
transactions the user is usually asked to provide additional information, such as their
address and phone number, and the card’s billing address, if different from the
customer’s address.

However, this information can be easily mistyped. While in a telephone transaction an

operator can use their judgment to approve or reject a transaction based on how much
of the information has matched and how confident the customer sounds, in an online
transaction the level of “tolerance” of typos and mistakes must be set automatically.

Another way of verifying a card number is to ask the user to provide the additional digits
on the card (the digits which do not appear on the magnetic strip or on a carbon paper
when the print of the card is taken).

However, online customers may be reluctant to provide this information because of fear
of merchant’s fraud (see below) or of eavesdropping.

Protecting Card Numbers in Transmission

Since information transmitted in an online transaction is sufficient for approval of a

credit card charge, it is essential that this information is protected from eavesdropping.

The most common way of doing it is to encrypt data in transmission.

This is done via SSL. However, many online businesses do not use SSL when transmitting
credit card numbers and other customer information, or do not make SSL the default for
such transmissions.

While it is theoretically possible to obtain credit card information sent in plain text (in an
e-mail message or via an online form), so far there hasn’t been a known case when a
credit card number was stolen this way.

Protecting Card Numbers on the Merchant’s Site In practice, the main vulnerability of
dealing with credit card numbers is not the transmission, but the storage.

Security experts agree that storing credit card numbers at the merchant’s site is a risky
practice, and should be avoided. If credit card numbers need to be stored, they should
be stored on a secure machine, and preferably in an encrypted form.

They should not be stored in a database which is (at least partially) accessible to
customers, nor should they be stored (in any form) on the web server.

Electronic Payment Systems

Electronic payment systems are non-credit-card online payment systems. The goal of
their development is to create analogs of checks and cash on the Internet, i.e. to
implement all or some of the following features

1. Protecting customers from merchant’s fraud by keeping credit card numbers

unknown to merchants.

2. Allowing people without credit cards to engage in online transactions.

3. Protecting confidentiality of customers.

4. In some cases providing anonymity of customers (“electronic cash”).

The problems in implementing electronic payment systems, especially anonymous

electronic money, are

1. Preventing double-spending copying the “money” and spending it several times. This
is especially hard to do with anonymous money.

2. Making sure that neither the customer nor the merchant can make an unauthorized
transaction.

3. Preserving customer’s confidentiality without allowing customer’s fraud.

While electronic payment systems have not gained a very wide popularity, except for
PayPal system used on online auctions, such as eBay, they may become more popular in
the future if more businesses start using them.
Electronic payment systems may be more convenient for international online business
due to differences in credit card customer protection laws in different countries.

Virtual PIN

Virtual PIN, started in 1994 by a company called First Virtual Holding, was a system for
making credit card payments over the Internet without exposing the credit card number
to the merchant. It required no special software for a customer to make a purchase.
Virtual PIN relied on difficulty of intercepting and forging e-mail. To enroll, a customer
gives their credit card information and their e-mail address to the First Virtual (this was
done by phone). After the credit card information has been verified, the customer
receives their PIN by e-mail.

The procedure for purchasing an item using Virtual PIN is as follows

The customer gives the merchant their Virtual PIN.

➢ The merchant sends the Virtual PIN and the amount of transaction to First Virtual.

➢ First Virtual sends an e-mail to the customer asking to confirm the purchase.

➢ The customer answered “Yes”, “No”, or “Fraud”. If the answer is “Yes”, the merchant
is informed that the charge has been accepted.

If “No”, the charge is declined. If the answer is “Fraud”, the charge is investigated.

Even though no encryption was involved, an eavesdropper could not use a virtual PIN
without being able to intercept and answer the e-mail message to confirm the purchase.

DigiCash (or E-Cash)

DigiCash (also known as E-cash) is an electronic payment system developed by

Dr. David Chaum, who is widely regarded as an inventor of digital cash. The system was
based on digital tokens called digital coins. DigiCash operated as follows

➢ A customer establishes an account with the bank or other organization that could
mint and receive digital coins. The customer’s account was backed by real money

in some form, for instance it could be linked to the customer’s checking account.

➢ The customer also needs to download and install a software called electronic

wallet.

➢ To obtain DigiCash, the customer uses the electronic wallet to create digital coins.
The coins are sent to the bank to sign. When the coins are signed, the equivalent
amount of money is withdrawn from the customer’s account.

In the proposed protocol the customer also had an option of “blinding” the coins.

To blind a coin, the customer multiplies it by a random number r before sending it to the
bank to sign.

The bank signs the data. After the data and its digital signature are sent to the customer,
the customer computes the digital signature of the original (non-multiplied) coin by
dividing the bank’s signature by r. This way the bank doesn’t know the coin, but the
customer, who knows r, can trace his/her payments. Blind signatures have not been
implemented.

To find out why blind signatures work, read the article Cryptography and Number
Theory for Digital Cash by Orlin Grabbe. This article explains mathematics behind blind
signatures. This material is optional.

When the customer wants to make a purchase, he/she sends signed digital coins to the
merchant. The merchant verifies the bank’s signature and deposits the coins to the
bank, where they are credited to the merchant’s account.

The DigiCash (or E-cash), produced by the company DigiCash BV based in Amsterdam,
has never created a market. The company eventually declared bankruptcy.

However, the algorithms used in DigiCash are considered fundamental in development

of digital money.

CyberCash/CyberCoin

CyberCash is a system that allows customers to pay by a credit card without revealing
the credit card number to the merchant. To achieve this, a credit card number is sent to
the merchant in an encrypted form.

To enroll, a customer installs software called CyberCash wallet on their computer. At the
time of the installment the wallet generated a pair of a public and a private key.

The wallet was protected by a passphrase, and a backup key was stored encrypted on a
floppy disk.

A CyberCash account was linked to the customer’s credit card. A variation of this scheme
called CyberCoin was linked to the customer’s checking account.

A purchase was conducted the following way

➢ When the purchase was initiated, the CyberCash wallet displayed the amount, the
merchant’s name, and other information. After the customer approved the transaction,
an encrypted payment order was sent to the merchant.

➢ The merchant could decrypt some of the information in the order, such as the
product list, the address, etc., but not the other (such as the credit card information).

The merchant’s software would add its own payment information to the order, digitally
sign it, and then send it to the CyberCash gateway.

➢ The CyberCash gateway would decrypt the information. The order would be checked
for duplicate requests. The gateway would verify that the customer’s and the
merchant’s order information match (i.e. no fraud was committed on either side). Then
it would perform the money transfer and send the approval message to the merchant.

The main point of this scheme was to prevent merchant’s fraud, and thus allow
customers to do business with more merchants without fear of scam. However,
CyberCash and CyberCoin were not able to find the market. The main reasons for the
failure were the large size of customer’s software and the fact that very few merchants
would accept CyberCash payment. The company was eventually bought by VeriSign.

SET (Secure Electronic Transactions)

SET is the Secure Electronic Transaction protocol for sending money over Internet. It has
been developed jointly by MasterCard, Visa, and several computer companies.

SET uses mechanisms similar to CyberCash. However, being a standard protocol, it is

built into a wide variety of commercial products.

In SET the order information consists of two parts the part which is private between the
customer and the merchant (such as the items being ordered) and information which is
private between the customer and the bank (such as the included in a single signed
transaction the part private between the customer and the merchant is encrypted using
the merchant’s private key, and the part private between the customer and the bank is
encrypted using the bank’s public key.

To prevent changing the order information, the customer computes message digests of
each part of the message separately, then takes the message digest of the two message
digests, and then signs the resulting message digest.

This mechanism, called a dual signature, allows either the merchant or the bank to read
and validate the signature on its half of the purchase request without having to decrypt the
other half.
The reason why SET never became popular was pretty much the same as for CyberCash
the trouble of getting a digital wallet software and setting it up for each credit card was
not worth it for a customer, because very few merchants would accept SET payments.

PayPal is an electronic payment system which can transfer money between its accounts.
In order to use PayPal, one has to obtain a PayPal account, which is associated either
with the customer’s credit card or with their regular bank account.

The validity of a credit card is checked by the usual ways. The validity of a checking
account is checked as follows the customer gives PayPal their account number; PayPal
makes two small-amount (less than $1) deposits to the account. If the customer is able
to tell PayPal the value of these deposits, then the customer is assumed to be a
legitimate user of the account.

PayPal provides easy interface to send money to anyone by giving the person’s e-mail
account. In order for the person to retrieve the money, they must have a PayPal
account. To avoid fraud, PayPal sends an e-mail message to both the initiator and the
recipient of the transaction.

PayPal is used to settle online auctions, such as eBay auctions. The ease of use and the
fact that no credit card is required to use it makes PayPal increasingly popular.

Example

Indian Railways online reservation system (operated by IRCTC) is very impressive and it
supports a wide range of Internet banking services, credit card payments and other
payment systems.

Smart Cards

Smart cards are cards that look like credit cards, but store information on a
microprocessor chip instead of magnetic strips. A microchip can hold significantly more
information than a magnetic strip. Because of this capacity, a single smart card can be
used for many different purposes.

Unlike magnetic strip cards which can be read by any magnetic reader, and are therefore
vulnerable to loss or theft, a smart card can be password-protected to guarantee that
it’s only used by the owner.

Smart cards can run RSA encryption and can be programmed to generate a pair of
public/private keys. The public key is made publicly readable, but the private key is be
stored on the card without anyone being able to copy it. Therefore, to use the private
key, the user must physically possess the card.

Smart cards are used in European telephones, and are gaining popularity for other
purposes both in Europe and in the US.
Advantages and Disadvantages of Online Payment Systems

Typically, Internet merchant accounts are provided through an acquiring bank (or
acquirer) that lets you accept credit cards, and sometimes other types of payments,
online. As is the case with any business decision, there are advantages and
disadvantages to online payment systems and other types of credit card processors.

In general, advantages tend to revolve around having direct control of the payment
processing system. Disadvantages tend to revolve around mechanics, security, and
logistics of being responsible for the entire payment process.

Advantages of Merchant Accounts and Other Online Payment Systems

Merchant accounts and third party payment processors provide needed online services.
Advantages include

➢ Customer convenience - Online merchant accounts save site visitors the extra step of
writing and sending a check or calling in an order.

➢ Increased functionality - Internet processors also enable Web sites to be direct sales
generator rather than simply lead generators or online brochures.

➢ Additional direct sales channel - Credit card processors help you add Internet sales as
a revenue stream.

➢ Immediate authorization - With automation, you know immediately if an Internet

payment is valid. No waiting for checks to clear.

➢ Streamline payment process - With Internet merchant accounts and other payment
providers, there are fewer steps necessary to assure valid payment as compared to less
automated processes.

Disadvantages of Internet Merchant Accounts

Like any other technology, there are disadvantages to online payment systems.

Some of the disadvantages of having your own Internet merchant account include

➢ You are responsible - With your own Internet merchant account, it is your
responsibility to maintain site function, resolve field service issues, etc.

➢ Fees - Various monthly fees are associated with Internet merchant accounts.

➢ Fraud - As a merchant, you may have to directly deal with credit card fraud.

➢ Security issues - Internet merchant accounts are only one piece of a reliable, secure
payment system. Private, sensitive information such as credit card numbers can be
stolen or altered; system integrity can be breached; and Web site spoofing are all risks
with weak security systems.

➢ Agreements - Internet merchant accounts come with long agreements. Often, you
are committed to minimum time frames and/or dollar minimums.

Designing an E-Commerce Website Using 7Cs Framework

7Cs framework for e- commerce

website design. The interface is the virtual (and, to date, largely visible) representation
of a firm’s chosen value proposition. Similar to a retail storefront, the virtual website
provides significant information to current and prospective target market customers.

If designed effectively, the site quickly answers a number of basic questions that
confront such users. Is this site worth visiting? What products or services does it sell?

What messages does the site communicate

Exclusivity? Low price? Ease of use? Consistent with a tightly constructed business
model, well-designed sites should simultaneously attract target segment customers and
repel (or not to appeal) non-targeted customers. Compelling sites communicate the core
value proposition of the company and provide a rationale for buying from and/or visiting
the site.

The following sections briefly describe the 7C

Context

The Context of the website is aesthetic and functional look-and-feel. Some sites have
chosen to focus heavily on interesting graphics, colors, and design features, while others
have emphasized more simply utilitarian goals, such as ease of navigation. Figure
illustrates a webpage from Landsend.com. Lands’ End balances aesthetic (pastel colors;
simple, warm visuals) and functional (crisp, uncluttered) design elements to
communicate its core benefits—traditionally designed clothing, great service, and
moderate prices.

In sharp contrast, an online apparel retailer - Luckyjeans.com will appear more hip,
nontraditional brand; its website is comparatively more edgy, with bolder colors, humor
(the “get lucky” slogan), and a more focused product line. Lands’ End customers might
not find the Luckyjeans.com site appealing, purely because of its look- and-feel.
Luckyjeans.com suggests a younger, more urban, and fashion-forward target segment.
Compare the homepages (shown below) of these two online retailers.
Content

Community

Customization

Communication

Connection

Commerce

Note:- All content provided on this blog is for informational purposes only. The owner
of this blog makes no representations as to the accuracy or completeness of any
information on this site or found by following any link on this site. The owner will not
be liable for any errors or omissions in this information nor for the availability of this
information. The owner will not be liable for any losses, injuries, or damages from the
display or use of this information.

********************************* THE END ******************************