Professional Documents
Culture Documents
Isee Unit-1 PDF
Isee Unit-1 PDF
E-commerce
Information systems are a vital tool in achieving competitive advantage for a business
by properly managing and analysing the information. However there are many security
concerns that have being in the corporate agenda since its early usage. Today
organizations are challenged by various and complex information security matters for
handling distributed computer networks. Large amount of e-commerce activities,
increased usage of internet, and ever changing technologies means new threats and
risks and vulnerabilities for businesses as more and more business functions and
procedures are becoming paperless. For this purpose, right controls are required within
an organization to reduce the risks and ensure effective functioning of the information
systems Sushil & Leon, 2004).
Information Systems requires certain controls to be implemented for its smooth and
effective functionality (Boczko, 2007). Information security managers can put these
controls in place to ensure the system is secure against threats, exposure, and risks.
(Gertz, 2003).
• A threat can be any possible unwanted occurrence or event that could harm the
Accounting Information System or the business.
• The exposure is the possible loss of money that would occur as a result of the threat
becoming a reality.
• The risk is the chance that the threat will become reality.
The controls that secure information systems against unfavourable outcomes are as
follows:
• Preventive Controls
• Input Controls; Input controls checks upon the information that is being entered into
the system.
• Output Controls; The output controls ensure the completeness, validity, and accuracy
of the data in various output mediums.
• Storage Controls; The storage controls ensures that the data in stored in such a
manner that it cannot be tampered with.
• Files Controls; Files controls reduce the errors that occur due the improper storage of
files.
(Basset, 1993)
• Detective controls
• Testing; Testing is required to detect any problems occurring in the system and is thus
performed before it is made operational. Testing can shows problems that can occur in
the processing and any other errors. It is recommended that testing should be
performed on a routine basis or after any new developments.
• Training; the training of the data processing staff ensures proper functioning of the
system. The awareness of the staff also helps in pointing any defects in the system
which could then be resolved.
• Operation Controls; Operation controls in Dean Plc are controls which record what
computer systems and the employees have been doing. The operational controls can
include tasks such as rotation of shifts, duty logs, manual of operating instructions,
attendance controls and computer logs, etc. which can referred to whenever a problem
is reported.
(Basset, 1993)
• Corrective controls
• When any problem in the system is detected, the management along with the help of
Business Analysts and Expert can take relevant steps to correct the problems in the
system.
Apart from security concerns, there are several other challenges and issues associated
with managing information systems. These are:
• Reliability for certain processes (information systems require thorough testing before
they could be used and are difficult prone to errors leading to potential losses)
• Software tools are not fixed but constantly evolving (information communication
technology tools require timely upgrades to meet prevailing standards)
• Integrating digital and non-digital sales and production information (for e-commerce
activities)
• Customer have high expectations regarding efficiency and real time responses
Decision-Support Systems
Decision Support Systems are designed to assist middle and top level management in
making decisions at uncertain conditions. It informs the user about the possible
consequences of their decisions. It gathers internal information to analyse the available
options and alternatives. It has a predefined set of logic which is part of its design. It
uses complex tools spreadsheets, and databases for creating ‘what if' models.
Transaction Processing Systems are created to process daily repetitive activities and
transaction in an automated efficient manner. The automation increases the accuracy
of the information. A business usually involves several reoccurring transactions.
Therefore, there are several Transaction Processing Systems such as Billing systems,
Payroll systems, Inventory management systems, etc. The sources of these information
systems are the employees at the operational level or the organization. Sometimes
automated identifications are also used to input data to these systems such as Radio
Frequency Identification.
Office Automation Systems are tools that help improve the productivity of employees
processing data. Such systems usually work as standalone programs and do not link
data to other information systems. Examples of such systems include Microsoft Office
Tools, and Computer Operating Systems.
Information systems also help employees and managers of a business to make well
informed decisions. This is because information systems have the capability of analyzing
data that has been collected from both within the organization and from external
sources into useful information which can be used by employees and managers in their
decision making process. Decision-making isan integral part of management and occurs
in every function and at all levels.
Decisions are better made when accurate information is available which aids the
decision maker in making an objective decision (Terry Lucey 2005). Information systems
types like Management Information System (MIS), Decisions Support Systems (DSS) and
Executive Information Systems (EIS) are specially designed to help management of an
organization in their decision making process. These systems generate typical reports
and graphs on issues such as trend of orders, customer analysis, product profitability,
finished stock positions and forecasts, accident and absentee reports, job evaluation
reports and many more. Managers and employees use these reports and graphs as a
basis for their decisions. For example, decisions on which meals that need to be added
or removed from a hotel menu may be taken by the food and beverage manager after a
typically analysis is made by the help of a Decisions Support System.
At the date of publication, many companies no longer manage their data and
information manually with registers and hard-copy formats. Through the adoption of
information systems, companies can make use of sophisticated and comprehensive
databases that can contain all imaginable pieces of data about the company.
Information systems store, update and even analyze the information, which the
company can then use to pinpoint solutions to current or future problems.
Furthermore, these systems can integrate data from various sources, inside and outside
the company, keeping the company up to date with internal performance and external
opportunities and threats.
The long-term success of a company depends upon the adequacy of its strategic plans.
An organization’s management team uses information systems to formulate strategic
plans and make decisions for the organization's longevity and prosperity. The business
uses information systems to evaluate information from all sources, including
information from external references such as Reuters or Bloomberg, which provide
information on the general economy. This analysis of and comparison to market trends
helps organizations analyze the adequacy and quality of their strategic decisions.
Considerations
To gain the maximum benefits from your company's information system, you have to
exploit all its capacities. Information systems gain their importance by processing the
data from company inputs to generate information that is useful for managing your
operations. To increase the information system's effectiveness, you can either add
more data to make the information more accurate or use the information in new ways.
Communication
Operations
How you manage your company's operations depends on the information you have.
Information systems can offer more complete and more recent information, allowing
you to operate your company more efficiently. You can use information systems to gain
a cost advantage over competitors or to differentiate yourself by offering better
customer service. Sales data give you insights about what customers are buying and let
you stock or produce items that are selling well. With guidance from the information
system, you can streamline your operations.
Decisions
The company information system can help you make better decisions by delivering all
the information you need and by modeling the results of your decisions. A decision
involves choosing a course of action from several alternatives and carrying out the
corresponding tasks. When you have accurate, up-to-date information, you can make
the choice with confidence. If more than one choice looks appealing, you can use the
information system to run different scenarios. For each possibility, the system can
calculate key indicators such as sales, costs and profits to help you determine which
alternative gives the most beneficial result.
Records
Your company needs records of its activities for financial and regulatory purposes as
well as for finding the causes of problems and taking corrective action. The information
system stores documents and revision histories, communication records and
operational data. The trick to exploiting this recording capability is organizing the data
and using the system to process and present it as useful historical information. You can
use such information to prepare cost estimates and forecasts and to analyze how your
actions affected the key company indicators.
Operational Challenges
Perhaps designing information systems software may have become easier than what it
was in the past, however, operational challenges have become even more demanding.
Some of the key operational challenges facing today’s information system’s
development include:
In order for the project to succeed from an operational perspective all stakeholders
including the end-user (customers), managers who influence direction and budget, and
software developers must be in full collaboration to ensure successful delivery of the
new information system.
Technical Challenges
The other main and important part of information system’s development challenges are
the technical challenges. Technical challenges determine the true system functionality,
reliability and availability. Today’s information systems challenges include:
These challenges and many more should be properly addressed and defined way before
programmers even start coding. The key takeaway in production quality is to have a
polished/optimized/efficient program with strong business logic and always tested and
documented information system development project.
oday's business environment has changed drastically from just a few years back. Rather
than working exclusively with equipment, data, and systems, today's IT managers face
issues such as cross training, personnel management, interdepartmental
communication, and a widening job scope for all IT employees.
This expansion of the IT job realm has left many IT managers juggling new challenges.
While the problems, in and of themselves, might appear overwhelming, there are
simple, proven ways to rise above them.
To achieve this, start by making employees aware of the importance of the data they
help to gather. Encourage accuracy and demonstrate to employees how their active
participation in the process can reap rewards they might not have thought of.
Because your job as IT manager will continue to get more and more hectic, you'll want
to continually look for ways to improve speed and quality while reducing rising costs.
Rising costs are a challenge for any manager. They are especially troubling to an IT
manager working in the electronic data processing area.
Industry experts show that, despite various "old systems" existing, resources are only
used at about 30% of their optimal performance. This leaves room for 70%
improvement without an excessive outlay of cash.
Ask what their primary challenges are with the existing systems. The majority of the
time the solutions lie within untapped features of existing resources. Search the
systems for solutions and provide them.
Oftentimes, employees may not know how to communicate the problems they face in
"IT language." This may relate to an ill-suited solution. Take time to work with
employees or department heads to clearly outline challenges so you are equipped to
find solutions more quickly and accurately.
To help others within your organization understand how sensitive certain data is, create
a memo or site page explaining:
the consequences (internally and externally) for not following security procedures,
and
Any specific information system aims to support operations, management and decision-
making.[7][8] An information system is the information and communication technology
(ICT) that an organization uses, and also the way in which people interact with this
technology in support of business processes.[9]
The six components that must come together in order to produce an information
system are:
2. Software: The term software refers to computer programs and the manuals
(if any) that support them. Computer programs are machine-readable
instructions that direct the circuitry within the hardware parts of the system
to function in ways that produce useful information from data. Programs are
generally stored on some input / output medium, often a disk or tape.
3. Data: Data are facts that are used by programs to produce useful
information. Like programs, data are generally stored in machine-readable
form on disk or tape until the computer needs them.
5. People: Every system needs people if it is to be useful. Often the most over-
looked element of the system are the people, probably the component that
most influence the success or failure of information systems. This includes
"not only the users, but those who operate and service the computers, those
who maintain the data, and those who support the network of computers."
<Kroenke, D. M. (2015). MIS Essentials. Pearson Education>
The "classic" view of Information systems found in the textbooks [18] in the 1980s was of
a pyramid of systems that reflected the hierarchy of the organization, usually
transaction processing systems at the bottom of the pyramid, followed by management
information systems, decision support systems, and ending with executive information
systems at the top. Although the pyramid model remains useful, since it was first
formulated a number of new technologies have been developed and new categories of
information systems have emerged, some of which no longer fit easily into the original
pyramid model.
data warehouses
enterprise systems
expert systems
search engines
office automation.
The first four components (hardware, software, database, and network) make up
what is known as the information technology platform. Information technology
workers could then use these components to create information systems that
watch over safety measures, risk and the management of data. These actions are
known as information technology services. [19]
In 1986 the Ministry of Railways saw the need for a dedicated, autonomous
organisation and established CRIS, an umbrella organisation for all information
technology-related activities on Indian Railways.
It was entrusted with the task of designing, developing and implementing the Freight
Operations Information System (FOIS) and its communications infrastructure. CRIS
began functioning in July 1986 as an autonomous organisation headed by an Executive
Director (later redesignated Managing Director).
Work
CRIS designs, develops, implements and maintains information systems for Indian
Railways. In addition, CRIS has developed, implemented and maintained IT systems for
the Andaman and Nicobar Islands (the A & N Ship Ticketing system). The number of
projects handled by CRIS has increased from three in 2000 to more than 40 by 2016.
Major IR projects
5. [ National Train Enquiry System] for latest train running times and live train
tracking.[6]
The first major project launched came in the year 2000; it was the Internet Querying
system for PRS (Passenger Reservation System). Passengers could check their PNR S S
Mathur, GM – Corporate Coordination, Cris (Centre for Railway Information Systems),
talks about the role that CRIS is playing in bringing the benefits of IT to the Indian
Railways status on the PRS website.
The site continues to be extremely popular with railway passengers. In 2002, the
Unreserved Ticketing System (UTS) was developed in a record time of 8 months and
installed in the Delhi area on 15th August.
Prior to the implementation of UTS, unreserved tickets were in the form of small
purpose-built cards, specially printed for each origin-destination pair of stations.
Disbursing these tickets was a mammoth exercise, requiring mundane and wasteful
effort just to keep the tickets in stock.
Passengers faced crowded and chaotic ticket windows, last-minute ticketing glitches,
and opaque ticket refund rules.
The UTS has eliminated all these bottlenecks by having a centralised database of tickets,
which can be bought in advance from any ticket window.
The introduction of ATVMs (Automatic Ticket Vend-ing Machines) and smart cards has
made ticketing even simpler for Mumbai’s suburban passengers.
Accounting of the money received from remote rural stations, which used to take
months, is carried out by running regular end-of-day routines.
UTS now runs at more than 5500 stations across the country. It accounts for more than
95% of all unreserved tickets sold.
In a related development, in July 2011, CRIS provided automatic flap-type gates for the
Kolkata Metro along with in-house ticketing software to take over from the aging
turnstiles.
The FOIS system manages the operations of all freight trains in the Railways. Similarly,
the movement and operation of passenger trains is managed by the Integrated Coaching
Management System (ICMS). This system collects online information from 220 major
yards in the country and provides Railway managers with updated information on
passenger train consists, locomotive availability, and maintenance schedules. ICMS was
envisaged in 2003 and implementation was completed in 2008.
Two systems that have changed the way the Railways function internally are the Control
Office Application (COA) and the Crew Management System (CMS).
COA assists each train controller (Section Controller in Railway parlance), located in the
Divisional Control Offices, to manage short-term train movements. Section Controllers
prepare their Control Charts on the COA terminal automatically through the COA
program.
This frees them up to plan train movements more effectively, leading to more
throughputs in each section. The COA provides the controllers with an intuitive interface
similar to the manual chart, with which they are fully familiar. Ultimately, the train
position will get automatically populated in the chart by transmitting GPS location data
from the train locomotive directly into the COA database.
COA also provides spin off benefits to the passengers. COA’s train movement data and
movement forecasts are picked up by the National Train Enquiry System (NTES) to
provide train position to passengers through the NTES website and the 139 call-centre.
The Crew Management System, on the other hand, benefits running staff (Train Drivers
or Loco Pilots, Assistant Loco Pilots, and Guards) by rationalising their working hours,
informing them via SMS about impending duty rosters, and providing them with simple
kiosk-based sign-on and sign-off facilities. Mileage allowances to compensate for their
movement outside their home station are also automatically calculated by this system.
COA was developed in 2005 and remained on trial up to 2007. Thereafter it was
implemented in all 70 Divisional Control offices by 2010. CMS also was developed by
CRIS during this period and implementation in 340 crew lobbies (all but the smallest
ones) was completed
CRIS is in the process of developing the necessary algorithms and programs to enable
the design of optimised and stable train schedules, which maximise efficiency in the
Railway system. Preliminary work on this system is already over and the first version of
the “Sat- sang” (Software aided Train Scheduling and Network Governance) is about to
be rolled out.
Indian Railways buys materials worth well over `15,000 crore annually to maintain its
assets consisting of more than 7000 stations, 112,000 track Km of permanent way (30
percent of it with overhead electrification equipment), 9000 locomotives, 2,25,000
freight wagons, and 45,000 passenger coaches.
This onerous task has been awarded to CRIS for implementation, and is targeted for
completion in the next 3 years. In the meantime, a fully automated and secure e-
procurement system had been put in place centrally by CRIS in 2008.
This system has already been used for finalisation of more than 3 lakh tenders, and more
than 14000 vendors are enrolled in it.
The entire application is PKI enabled and completely secure. Railway assets are spread
out across the country. It becomes easy to manage them effectively if geo-spatial data
about the assets is maintained in a central repository.
This aspect has been recently addressed with the initiation of a project for preparation
of a geospatial database and GIS map to cover all of the Railways’ fixed and moving
assets. IT systems in Indian Railway’s Production Units have evolved over the years.
A landmark was reached in March 2012 when a comprehensive SAP-based ERP system
was implemented in the Integral Coach Factory (ICF) after 24 months of design and
development effort. The system provides an integrated view of the organisation for all
levels of managers and staff.
Conclusion
In this lesson, we will introduce you to e-commerce systems. After you work out
➢ E-commerce process
➢ Mobile commerce
Introduction
Electronic commerce or e-commerce refers to a wide range of online business activities
for products and services. It also pertains to “any form of business transaction in which
the parties interact electronically rather than by physical exchanges or direct physical
contact”.
E-commerce is usually associated with buying and selling over the Internet, or
conducting any transaction involving the transfer of ownership or rights to use goods or
services through a computer-mediated network. Though popular, this definition is not
comprehensive enough to capture recent developments in this new and revolutionary
business phenomenon.
A more complete definition is E-commerce is the use of electronic communications and
digital information processing technology in business transactions to create, transform,
and redefine relationships for value creation between or among organizations, and
between organizations and individuals
Types of E-Commerce
B2B E-Commerce
B2B e-commerce is simply defined as e-commerce between companies. This is the type
of e-commerce that deals with relationships between and among businesses. About
80% of e-commerce is of this type, and most experts predict that B2B e-commerce will
continue to grow faster than the B2C segment.
The B2B market has two primary components e-frastructure and e-markets. E-
frastructure is the architecture of B2B, primarily consisting of the following
Gamble);
security and customer care solutions (e.g., outsourcing providers such as eShare);
➢ Auction solutions software for the operation and maintenance of real- time
The more common B2B examples and best practice models are IBM, Hewlett
Packard (HP), Cisco and Dell. Cisco, for instance, receives over 90% of its product orders
over the Internet.
Most B2B applications are in the areas of supplier management (especially purchase
order processing), inventory management (i.e., managing order-ship- bill
cycles), distribution management (especially in the transmission of shipping
documents), channel
B2C E-Commerce
It is the second largest and the earliest form of e-commerce. Its origins can be
traced to online retailing (or e-tailing). Thus, the more common B2C business models
are the online retailing companies such as Amazon.com. Some of the Indian B2C e-
commerce firms are futurebazaar.com (from Big Bazaar), thehindushopping.com,
indiaverta.com, fabmart.com and so on. Other B2C examples involving information
goods are Travelocity and Expedia.
The more common applications of this type of e-commerce are in the areas of
purchasing products and information, and personal finance management, which
pertains to the management of personal investments and finances with the use of
online banking tools (e.g., Quicken).
B2C e-commerce also reduces market entry barriers since the cost of putting up and
maintaining a Web site is much cheaper than installing a “brick-and-mortar” structure
for a firm. In the case of information goods, B2C e-commerce is even more
attractive because it saves firms from factoring in the additional cost of a
physical distribution network. Moreover, for countries with a growing and robust
Internet population, delivering information goods becomes increasingly feasible.
C2C E-Commerce
➢ Auctions facilitated at a portal, such as eBay, which allows online real- time
bidding on items being sold in the Web;
A concrete example of this when competing airlines gives a traveler best travel and
ticket offers in response to the traveler’s post that she wants to fly from one place to
another as in www.priceline.com.
E-commerce does not refer merely to a firm putting up a Web site for the
purpose of selling goods to buyers over the Internet.
Banking institutions that offer transaction clearing services (e.g., processing credit card
payments and electronic fund transfers);National and international freight companies to
enable the movement of physical goods within, around and out of the country. For
business-to- consumer transactions, the system must offer a means for cost-efficient
transport of small packages (such that purchasing books over the Internet, for example,
is not prohibitively more expensive than buying from a local store); and Authentication
authority that serves as a trusted third party to ensure the integrity and security of
transactions.
Form a critical mass of the population with access to the Internet and disposable income
enabling widespread use of credit cards;
Possess a mindset for purchasing goods over the Internet rather than by physically
inspecting items.
Government, to establish
A robust and reliable Internet infrastructure; andA pricing structure that doesn’t
penalize consumers for spending time on and buying goods over the Internet (e.g., a flat
monthly charge for both ISP access and local phone calls).
E-commerce allows “network production.” This refers to the parceling out of the
production process to contractors who are geographically dispersed but who are
connected to each other via computer networks. The benefits of network production
include reduction in costs, more strategic target marketing, and the facilitation of selling
add-on products, services, and new systems when they are needed. With network
production, a company can assign tasks within its non- core competencies to factories all
over the world that specialize in such tasks (e.g., the assembly of specific components).
Payments on Internet
Most of online purchases are paid for by a credit card. Merchants like credit card
payments because an instant authorization guarantees that the card is valid (as opposed
o a check which may bounce). Customers like paying by credit cards because they can
easily cancel a transaction in case when they don’t receive products or services
according to the agreement in the transaction.
While some of credit card payments for online services are performed by phone, most of
such payments are made by filling in an online form.
Credit card information submitted by the customer is sent to the bank which has issued
the credit card to verify.
If the transaction is approved, the merchant notifies the customer that the order has
been placed. The actual transfer of money from the credit card bank to the merchant
may happen in a few hours, or even in a few days.
Merchants who accept credit card payments pay fee (between 1 and 7 percent of the
card charge) for each card charge. In addition, in some cases merchants pay
authorization fee for each credit card authorization attempt, as well as other fees
related to credit card processing.
In case when a customer is not satisfied with the product or a service, or for other
reasons, merchants may issue a refund or a charge-back to the customer’s account.
Technical Issues
There are several technical issues involved in online credit card payments as described
below
Since the merchant may be charged for each credit card authorization, it is convenient
to check that the credit card number makes sense before sending it to the issuing bank
to authorize.
There is an easy algorithm to verify a credit card number the last digit of the credit card
number is computed from the other digits using a simple procedure. The details are
given here.
The algorithm is public, and therefore can be used only to catch typos and disallow
random data, but not to check the validity of a credit card number.
Since the card is not physically present during the transaction, it is practically impossible
for a merchant to distinguish a legitimate credit card user from a thief. In online
transactions the user is usually asked to provide additional information, such as their
address and phone number, and the card’s billing address, if different from the
customer’s address.
Another way of verifying a card number is to ask the user to provide the additional digits
on the card (the digits which do not appear on the magnetic strip or on a carbon paper
when the print of the card is taken).
However, online customers may be reluctant to provide this information because of fear
of merchant’s fraud (see below) or of eavesdropping.
While it is theoretically possible to obtain credit card information sent in plain text (in an
e-mail message or via an online form), so far there hasn’t been a known case when a
credit card number was stolen this way.
Protecting Card Numbers on the Merchant’s Site In practice, the main vulnerability of
dealing with credit card numbers is not the transmission, but the storage.
Security experts agree that storing credit card numbers at the merchant’s site is a risky
practice, and should be avoided. If credit card numbers need to be stored, they should
be stored on a secure machine, and preferably in an encrypted form.
They should not be stored in a database which is (at least partially) accessible to
customers, nor should they be stored (in any form) on the web server.
Electronic payment systems are non-credit-card online payment systems. The goal of
their development is to create analogs of checks and cash on the Internet, i.e. to
implement all or some of the following features
1. Preventing double-spending copying the “money” and spending it several times. This
is especially hard to do with anonymous money.
2. Making sure that neither the customer nor the merchant can make an unauthorized
transaction.
While electronic payment systems have not gained a very wide popularity, except for
PayPal system used on online auctions, such as eBay, they may become more popular in
the future if more businesses start using them.
Electronic payment systems may be more convenient for international online business
due to differences in credit card customer protection laws in different countries.
Virtual PIN
Virtual PIN, started in 1994 by a company called First Virtual Holding, was a system for
making credit card payments over the Internet without exposing the credit card number
to the merchant. It required no special software for a customer to make a purchase.
Virtual PIN relied on difficulty of intercepting and forging e-mail. To enroll, a customer
gives their credit card information and their e-mail address to the First Virtual (this was
done by phone). After the credit card information has been verified, the customer
receives their PIN by e-mail.
➢ The merchant sends the Virtual PIN and the amount of transaction to First Virtual.
➢ First Virtual sends an e-mail to the customer asking to confirm the purchase.
➢ The customer answered “Yes”, “No”, or “Fraud”. If the answer is “Yes”, the merchant
is informed that the charge has been accepted.
If “No”, the charge is declined. If the answer is “Fraud”, the charge is investigated.
Even though no encryption was involved, an eavesdropper could not use a virtual PIN
without being able to intercept and answer the e-mail message to confirm the purchase.
Dr. David Chaum, who is widely regarded as an inventor of digital cash. The system was
based on digital tokens called digital coins. DigiCash operated as follows
➢ A customer establishes an account with the bank or other organization that could
mint and receive digital coins. The customer’s account was backed by real money
in some form, for instance it could be linked to the customer’s checking account.
➢ The customer also needs to download and install a software called electronic
wallet.
➢ To obtain DigiCash, the customer uses the electronic wallet to create digital coins.
The coins are sent to the bank to sign. When the coins are signed, the equivalent
amount of money is withdrawn from the customer’s account.
In the proposed protocol the customer also had an option of “blinding” the coins.
To blind a coin, the customer multiplies it by a random number r before sending it to the
bank to sign.
The bank signs the data. After the data and its digital signature are sent to the customer,
the customer computes the digital signature of the original (non-multiplied) coin by
dividing the bank’s signature by r. This way the bank doesn’t know the coin, but the
customer, who knows r, can trace his/her payments. Blind signatures have not been
implemented.
To find out why blind signatures work, read the article Cryptography and Number
Theory for Digital Cash by Orlin Grabbe. This article explains mathematics behind blind
signatures. This material is optional.
When the customer wants to make a purchase, he/she sends signed digital coins to the
merchant. The merchant verifies the bank’s signature and deposits the coins to the
bank, where they are credited to the merchant’s account.
The DigiCash (or E-cash), produced by the company DigiCash BV based in Amsterdam,
has never created a market. The company eventually declared bankruptcy.
CyberCash/CyberCoin
CyberCash is a system that allows customers to pay by a credit card without revealing
the credit card number to the merchant. To achieve this, a credit card number is sent to
the merchant in an encrypted form.
To enroll, a customer installs software called CyberCash wallet on their computer. At the
time of the installment the wallet generated a pair of a public and a private key.
The wallet was protected by a passphrase, and a backup key was stored encrypted on a
floppy disk.
A CyberCash account was linked to the customer’s credit card. A variation of this scheme
called CyberCoin was linked to the customer’s checking account.
➢ The merchant could decrypt some of the information in the order, such as the
product list, the address, etc., but not the other (such as the credit card information).
The merchant’s software would add its own payment information to the order, digitally
sign it, and then send it to the CyberCash gateway.
➢ The CyberCash gateway would decrypt the information. The order would be checked
for duplicate requests. The gateway would verify that the customer’s and the
merchant’s order information match (i.e. no fraud was committed on either side). Then
it would perform the money transfer and send the approval message to the merchant.
The main point of this scheme was to prevent merchant’s fraud, and thus allow
customers to do business with more merchants without fear of scam. However,
CyberCash and CyberCoin were not able to find the market. The main reasons for the
failure were the large size of customer’s software and the fact that very few merchants
would accept CyberCash payment. The company was eventually bought by VeriSign.
SET is the Secure Electronic Transaction protocol for sending money over Internet. It has
been developed jointly by MasterCard, Visa, and several computer companies.
In SET the order information consists of two parts the part which is private between the
customer and the merchant (such as the items being ordered) and information which is
private between the customer and the bank (such as the included in a single signed
transaction the part private between the customer and the merchant is encrypted using
the merchant’s private key, and the part private between the customer and the bank is
encrypted using the bank’s public key.
To prevent changing the order information, the customer computes message digests of
each part of the message separately, then takes the message digest of the two message
digests, and then signs the resulting message digest.
This mechanism, called a dual signature, allows either the merchant or the bank to read
and validate the signature on its half of the purchase request without having to decrypt the
other half.
The reason why SET never became popular was pretty much the same as for CyberCash
the trouble of getting a digital wallet software and setting it up for each credit card was
not worth it for a customer, because very few merchants would accept SET payments.
PayPal is an electronic payment system which can transfer money between its accounts.
In order to use PayPal, one has to obtain a PayPal account, which is associated either
with the customer’s credit card or with their regular bank account.
The validity of a credit card is checked by the usual ways. The validity of a checking
account is checked as follows the customer gives PayPal their account number; PayPal
makes two small-amount (less than $1) deposits to the account. If the customer is able
to tell PayPal the value of these deposits, then the customer is assumed to be a
legitimate user of the account.
PayPal provides easy interface to send money to anyone by giving the person’s e-mail
account. In order for the person to retrieve the money, they must have a PayPal
account. To avoid fraud, PayPal sends an e-mail message to both the initiator and the
recipient of the transaction.
PayPal is used to settle online auctions, such as eBay auctions. The ease of use and the
fact that no credit card is required to use it makes PayPal increasingly popular.
Example
Indian Railways online reservation system (operated by IRCTC) is very impressive and it
supports a wide range of Internet banking services, credit card payments and other
payment systems.
Smart Cards
Smart cards are cards that look like credit cards, but store information on a
microprocessor chip instead of magnetic strips. A microchip can hold significantly more
information than a magnetic strip. Because of this capacity, a single smart card can be
used for many different purposes.
Unlike magnetic strip cards which can be read by any magnetic reader, and are therefore
vulnerable to loss or theft, a smart card can be password-protected to guarantee that
it’s only used by the owner.
Smart cards can run RSA encryption and can be programmed to generate a pair of
public/private keys. The public key is made publicly readable, but the private key is be
stored on the card without anyone being able to copy it. Therefore, to use the private
key, the user must physically possess the card.
Smart cards are used in European telephones, and are gaining popularity for other
purposes both in Europe and in the US.
Advantages and Disadvantages of Online Payment Systems
Typically, Internet merchant accounts are provided through an acquiring bank (or
acquirer) that lets you accept credit cards, and sometimes other types of payments,
online. As is the case with any business decision, there are advantages and
disadvantages to online payment systems and other types of credit card processors.
In general, advantages tend to revolve around having direct control of the payment
processing system. Disadvantages tend to revolve around mechanics, security, and
logistics of being responsible for the entire payment process.
Merchant accounts and third party payment processors provide needed online services.
Advantages include
➢ Customer convenience - Online merchant accounts save site visitors the extra step of
writing and sending a check or calling in an order.
➢ Increased functionality - Internet processors also enable Web sites to be direct sales
generator rather than simply lead generators or online brochures.
➢ Additional direct sales channel - Credit card processors help you add Internet sales as
a revenue stream.
➢ Streamline payment process - With Internet merchant accounts and other payment
providers, there are fewer steps necessary to assure valid payment as compared to less
automated processes.
Like any other technology, there are disadvantages to online payment systems.
Some of the disadvantages of having your own Internet merchant account include
➢ You are responsible - With your own Internet merchant account, it is your
responsibility to maintain site function, resolve field service issues, etc.
➢ Fees - Various monthly fees are associated with Internet merchant accounts.
➢ Fraud - As a merchant, you may have to directly deal with credit card fraud.
➢ Security issues - Internet merchant accounts are only one piece of a reliable, secure
payment system. Private, sensitive information such as credit card numbers can be
stolen or altered; system integrity can be breached; and Web site spoofing are all risks
with weak security systems.
➢ Agreements - Internet merchant accounts come with long agreements. Often, you
are committed to minimum time frames and/or dollar minimums.
website design. The interface is the virtual (and, to date, largely visible) representation
of a firm’s chosen value proposition. Similar to a retail storefront, the virtual website
provides significant information to current and prospective target market customers.
If designed effectively, the site quickly answers a number of basic questions that
confront such users. Is this site worth visiting? What products or services does it sell?
Exclusivity? Low price? Ease of use? Consistent with a tightly constructed business
model, well-designed sites should simultaneously attract target segment customers and
repel (or not to appeal) non-targeted customers. Compelling sites communicate the core
value proposition of the company and provide a rationale for buying from and/or visiting
the site.
Context
The Context of the website is aesthetic and functional look-and-feel. Some sites have
chosen to focus heavily on interesting graphics, colors, and design features, while others
have emphasized more simply utilitarian goals, such as ease of navigation. Figure
illustrates a webpage from Landsend.com. Lands’ End balances aesthetic (pastel colors;
simple, warm visuals) and functional (crisp, uncluttered) design elements to
communicate its core benefits—traditionally designed clothing, great service, and
moderate prices.
In sharp contrast, an online apparel retailer - Luckyjeans.com will appear more hip,
nontraditional brand; its website is comparatively more edgy, with bolder colors, humor
(the “get lucky” slogan), and a more focused product line. Lands’ End customers might
not find the Luckyjeans.com site appealing, purely because of its look- and-feel.
Luckyjeans.com suggests a younger, more urban, and fashion-forward target segment.
Compare the homepages (shown below) of these two online retailers.
Content
Community
Customization
Communication
Connection
Commerce
Note:- All content provided on this blog is for informational purposes only. The owner
of this blog makes no representations as to the accuracy or completeness of any
information on this site or found by following any link on this site. The owner will not
be liable for any errors or omissions in this information nor for the availability of this
information. The owner will not be liable for any losses, injuries, or damages from the
display or use of this information.