Introduction to E-Business

Introduction to E-Business
VI semester BBM
E-Business
E-BUSINESS
Introduction:
In the present day, electronic business has become the order of the day with the presence of internet and web Page | 1
technologies in business. E-business is the conduct of business on the Internet, not only buying and selling but
also servicing customers and collaborating with business partners.
Histroy of E-commerce:
In 1960 Electronic Data Interchage(EDI) relpaced the traditional mailing and faxing of documents. Further,
teleshopping was introduced which was widely used upto 1982. In 1982, minitel with the help of videotex
terminal was introduced and was used upto 1991. In the year 1990 web server and web browser was
developed. Internet was introduced in 1991 for trading purpose and many business entities started to operate
online. Further google and yahoo seach engines popularised online activities. After the year 2000, security
reforms took place for online activities which increased the volume of e-business and at present it is continuing
with the use of internet in smart phones, tablets, etc.
Meaning:
E-business generally refers to buying and selling of goods or services through internet. E-business involves the
use of information and communication technologies to facilitate and support processes and activities of
business. In other words, E-business is the conduct of business on the internet, not only buying and selling of
goods but also servicing customers and collaborating with business partners.
E-commerce is where business transactions take place via telecommunication networks like internet. In other
words, it refers to conduct of business or financial transcations by electronic means.
Components of E-Business:
1. Cutomer Relationship management 4. E-commerce
2. Supply chain management 5. Business intelligence
3. Enterprise Resource Planning 6. Online activities
E-commerce Transaction:
1. Electronic Data Interchange (EDI) 4. Electronic Fund Transfer (EFT)
2. E-mail 5. Other network based technologies
3. Electronic Bulletine Boards
Impact of E-Commerce:
1. Marketing 4. Economics
2. Computer science 5. Production and operations management
3. Finance and Accounting 6. Manufacturing
Complied by
Sri. Sri.Balaji.A.
balaji.27dec@gmail.com
VI semester BBM
E-Business
7. Management information System (MIS) 9. Law and ethics
8. Human resource management
Importance/ significance/Features of E-Commerce Technology:

1. Improved sales 7. Service availability and global reach Page | 2
2. Improved responsiveness 8. Sets universal standards
3. Efficient inventory management 9. Interactivity and support
4. Increased Efficiency and effectiveness 10. Information density
5. Planning and execution 11. Personalisation or customization
6. Extended market space
Benefits of E-Commerce:
A. To Business:
1. Global reach
2. Cost effective
3. New customers with search engine visibility
4. It reduces the paper costs
5. Reduction in Inventories
6. Mass customization and competitive advantage
7. No middlemen
8. Reduced production lead time
9. Improved customer relationship
10. Lower sale and marketing costs
11. Lower telecommunication costs
12. New found business partners
13. Increased supply chain efficiencies
14. Digitization of products and processes
15. Information sharing
B. To Consumers:
1. Gives freedom to make choices
2. Increase in variety of goods
3. It gives more choice and alternatives
4. Convenience of Shopping at Home
5. Ensure secrecy
6. More competitive prices and increased price comparison capabilities
7. Access to greater amounts of information on demand
8. Time compression
9. Quick delivery of digitized products/services
10. Provide comparison shopping
11. E-payment system
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
C. To Society:
1. Enables More Flexible Working Practices
2. Connects People
3. Facilitates Delivery of Public Services
Page | 3
Disadvantages of E-Commerce:
1. E-commerce lacks personal touch
2. System and data integrity
3. E-commerce delays goods
4. System scalability
5. Dependent on internet
6. Many goods cannot be purchased online
7. People won't buy online products very often
8. E-commerce does not allow experiencing the product before purchase
9. Loyal customers
10. Shopping is social experience
11. Anyone one can set up an E-commerce website
12. Too Many Competitors
13. Security
Comparison of Traditional commerce and E-commerce:
Factor E-Commerce Traditional Commerce
Sales Channel Enterprise –Internet -Consumer Manufacturer-Wholesaler-Retailer-

Consumer
Sales timing /Region Entire world Restricted area
24X7 Restricted sales hour
Sales place/method Market space (Network) Market space (store)
Sale based on information Sale based on display
Customer Any acquisition through internet Market survey and salesman
information Digital data without re-entry Require information re-entry
acquisition
Marketing activity Marketing via bi-directional One way marketing to consumer
communication
Customer support Real time support for customer Delayed support for customer
dissatisfaction. dissatisfaction.
Real time acquisition of customer needs. Different time for catching customer
needs.
Capital requirement Less High
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
E-COMMERCE BUSINESS MODELS:

A business model is defined as the organization of product, service and information flows, and the sources of
revenues and benefits for suppliers and consumers. The concept of E- business model is same as the traditional
business model but in the online presence.
1) Business 2 Business Model (B2B) Page | 4

Business-To-Business is a transaction that occurs between two companies, as opposed to a transaction
involving a consumer. The term may also describe a company that provides goods or services for another
company.
Advantages of B2B Model:

1. It can efficiently maintain the movement of the supply chain and the manufacturing and procuring
processes.
2. It can automate corporate processes to deliver the right products and services quickly and cost-
effectively.
3. B2B is a global trade market where we can buy anything at any time.
4. Creates new sales opportunities
5. It lowers the search costs and time for buyers to find products and vendors
6. Reduces marketing and sales costs
7. Provides for efficient customer service

8. Increases opportunities for collaboration
9. Enables customized online catalogues with different prices for different customers
Disadvantages of B2B Model:

1. Delay of goods where the earliest to receive goods woudbe the next day
1. Some goods cannot be purchased online such as perishable items
2. Unable to experience the product before purchasing
3. Fraudulent websites and seams
4. Security issues leading to credit card fraud or identity theft.
2) Business- to- Consumer (B2C)

B2C, or business-to-consumer, is the type of commerce transaction in which businesses sell products or
services to consumers. More recently, the term B2C refers to the online selling of products, or e-tailing, in
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
which manufacturers or retailers sell their products to consumers over the Internet. B2C-Represents the vast
majority of e-Commerce web sites online.
Page | 5
Advantages of B2C Model:
1) For Business
a. worldwide market reach
b. Display of product information with colourful advertisement.
c. Easy order processing
d. Low or no overhead
2) For the Consumers

a. Convenience to customers
b. More choices for consumers
Disadvantages of B2C:
1) To Business
a. Many websites offering same product
b. Technological problems in website
c. Lack of security norms
2) To consumer
a. Lack of security norms
b. Unsatisfied customers
3) Consumer to Consumer (C2C) Model

C2C, or customer-to-customer, or consumer-to-consumer, is a business model that facilitates the transaction
of products or services between customers.
Advantages of C2C Model:

1. Customers can directly contact sellers and eliminate the middle man.
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
2. Anyone can now sell and advertise a product in the convenience of one's home.
3. Sellers can reach both national and international customers and greatly increase their market.
4. Feedback on the purchased product helps both the seller and potential customers.
5. The transactions occur at a swift rate with the use of online payment systems such as PayPal
Disadvantages of C2C Model:

1. Although online auctions allow one to display his or her products, there is often a fee associated with Page | 6
such exhibitions.
2. The number of Internet-related auction frauds has also increased
3. Identity theft has become a rising issue.
4. Numerous cases have been documented in which users find unknown charges on their credit card
statements and withdrawals in their bank statements after purchasing something online.
5. Illegal or restricted products and services have been found on auction sites.
4) Consumer - to - Business (C2B)

Consumer to business e-commerce means transactions taking place between consumers to business
organizations. The C2B model completely transposes the traditional business-to-consumer (B2C) model,
where a business produces services and products for consumer consumption.
5. Peer-to-Peer (P2P)
P2P is not only an E-commerce type but also a technology that allows people to share computer files and
computer resources without going through a central web server. The required software should be installed by
both sides so that they can communicate on the common platform.
As from the beginning this type of e-commerce has been launched to the free usage, it has quite low revenue.
It consists in mutual help of consumers. The main disadvantage of this model of transaction often entangles
cyber laws.
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
6. Government-to Consumer (G2C) model:

In this model the government transacts with an individual consumer. For example, a government can enforce
laws pertaining to tax payments on individual consumers over the Internet by using the G2C model.
7. Consumer-to-Government (C2G) model:

In this model, an individual consumer interacts with the government. For example, a consumer can pay his Page | 7
income tax or house tax online. The transactions involved in this case are C2G transactions.
8. Business-to-Government (B2G) model: In this model, an individual Business firms interacts
with the government. For example, a business firm can pay its income tax or corporate tax online. The
transactions involved in this case are B2G transactions.
WEB AUCTIONS (Online Auctions):

A web auction/ online auction is an auction which is held over the internet. Online auctions remove the
physical limitations of traditional auctions such as geography, presence, time, space and target much wider
audience. Some of the major online auction sites on the Internet are ebay, ubid,craigslist.
Advantages of Online auctions:

1. No fixed time constraint
2. Flexible time limits
3. No geographical limitations
4. Offers highly intensive social interactions
5. Includes a large numbers of sellers and bidders, which encourages a high-volume online business
Disadvantages of Online auctions are:

1. Unlawful actions are also carried on in internet.
2. Sometimes there is delay in delivery of goods.
Types of online auctions:

1) English auctions: English auctions are where bids are announced by either an auctioneer or by the
bidders and winners pay what they bid to receive the object. The common operational method of the
format is that it is an ascending bid auction in which bids are open for all to see.
2) Dutch auctions: Dutch auctions are the reverse of English auctions whereby the price begins high
and is methodically lowered until a buyer accepts the price.
3) First-price sealed-bid: First-price sealed-bid auctions are when a single bid is made by all bidding
parties and the single highest bidder wins, and pays what they bid. The main difference between this
and English auctions is that bids are not openly viewable or announced as against to the competitive
nature which is created by public bids.
4) Vickrey auction: A Vickrey auction, sometimes known as a second-price sealed-bid auction, uses
much the same principle as a first-price sealed bid The highest bidder and winner will only pay what
the second highest bidder had bid.
5) Reverse auction: Reverse auctions are where the roles of buyer and seller are reversed Multiple
sellers compete to obtain the buyer's business and prices typically decrease over time as new offers
are made.
6) Shill bidding: Placing fake bids that benefits the seller of the item is known as shill bidding, This is a
method often used in Online auctions. This is seen as an unlawful act as it unethically raises the final
price of the auction, so that the winning bidder pays more than they should have.
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
VIRTUAL COMMUNITIES :
A virtual community is a community of people sharing common interests, ideas, and feelings over the internet
or other collaborative networks. In a virtual community group of individuals interact through specific social
media, potentially crossing geographical and political boundaries in order to pursue mutual interests or goals.
Types of virtual communities: Page | 8

1) Internet message boards - An online message board is a forum where people can discuss thoughts
or ideas on various topics. Online message centres allow users to choose which thread, or board of
discussion, users would like to read or contribute to. A user will start a discussion by making a post on
a thread other users who choose to respond can follow the discussion by adding their own post to that
thread.
2) Online chat rooms - Just after the rise of interest in message boards and forums, people started to
want a way of communicating with their "communities" in real time. The disadvantage to message
boards was that people would have to wait until another user replied to their posting. The development
of online chat rooms allowed people to talk to whoever was online at the same time they were. This
way, messages were sent and online users could immediately respond back.
3) Virtual worlds - Virtual worlds are the most interactive of all virtual community forms. In this group
of members form a online team and play games against other online teams in certain games .
Characters within the world can talk to one another and have almost the same interactions people
would have in reality. GameTZ.com is an online game, music, movie, and book trading community.
4) Social network services - Social networking services are the most prominent type of virtual
community. They are either a website or software platform that focuses on creating and maintaining
relationships. Face book, Twitter, and Myspace are all virtual communities. With these sites, one often
creates a profile or account, and adds friends or follows friends.
Benefits of virtual community

1) More flexible or accessible 24 hours and 7 days any place anywhere as long as internet connection.
2) Easy relevance: It gives a place to exchange a real life examples and experience.
3) Community building: Over time can develop into a supportive, stimulating community which
participants come to regard as the high point of their course.
4) Limitless: It can never predict where the discussion will go. The unexpected often results in increased
incidental learning.
5) Choice: A quick question or comment or a long reflective account is equally possible.
Limitation of virtual community:

1. Overloading information: A large volume of information and messages can be overload and hard to
follow, even stress-inducing.
2. No physical documents: Any physical documents to any conversation, without facial expressions and
gestures or the ability to retract immediately there's a big risk of misunderstanding.
3. Directionless: Participants used to having a teacher or instructor telling them what to do can find it a
leaderless environment.
4. Inefficient: It takes longer than verbal conversation and so it's hard to reply to all the points in a message,
easily leaving questions unanswered.
5. Threads: Logical sequence of discussion is often broken by users not sticking to the topic.
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
WEB PORTAL:
A web portal is specially-designed Web page at a website which brings information together from diverse
sources in a uniform way. A Web portal refers to a Web site or service that offers a broad array of resources
and services, such as e-mail, forums, search engines, links to other sites, and online shopping malls.
The first Web portals were online services, such as AOL, that provided access to the Web, but by now most of
Page | 9
the traditional search engines have transformed themselves into Web portals to attract and keep a larger
audience. Examples: AOL, Excite, Netvibes, iGoogle, MSN, Naver, India times, Rediff, Sify and Yahoo!.
Types of Web Portals:

1) Vertical Portals
These are web portals which focus only on one specific industry, domain or vertical Vertical portals provide
tools, information, articles, research and statistics on the specific industry or vertical. As the web has become
a standard tool for business.
2) Horizontal Portals
These are web portals which focus on a wide array of interests and topics. They focus on general audience and
try to present something for everybody. Horizontal portals try act as an entry point of a web surfer into the
internet, providing content on the topic of interest and guiding towards the right direction to fetch more
related resources and information.
3) Enterprise Portals
These are portals developed and maintained for use by members of the intranet or the enterprise network.
The most common implementation of enterprise portals focus on providing employees with this information
on a regularly updated manner along with document management system, availability of applications on
demand, online training courses and web casts etc along with communication in the form of emails,
messaging, web meetings etc.
4) Knowledge Portals
Knowledge portals increase the effectiveness of knowledge workers by providing easy access to information
that is necessary or helpful to them in one or more specific roles. Knowledge portals are not mere intranet
portals since the former are supposed to provide extra functionality such as collaboration services,
sophisticated information discovery services and
a knowledge map.
5) Corporate Portals
A corporate portal provides personalized access to an appropriate range of information about a particular
company. As opposed to public web portals, corporate portals aim at providing a virtual workplace for each
individual using them - executives, employees, suppliers, customers, third-party service providers.
6) Market space portals

Market space portals exist to support the business-to-business and business-to-customer ecommerce,
software support for e-commerce transactions and ability to find and access rich on information about the
products on sale also, ability to participate in discussion groups with other vendors and/or buyers
7) Search portals
Search portals aggregate results from several search engines into one page.
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
E-BUSINESS REVENUE MODELS

A company's revenue model describes how the company will earn revenue, generate profits, and produce a
better return on invested capital. The function of business organizations is both to generate profits and to
produce returns on invested capital that exceed alternative investments.
Types of e-business revenue models: Page | 10
1) Advertising revenue model

In the advertising revenue model, a Web site that offers its users content, services, and/or products also
provides a forum for advertisements and receives fees from advertisers. The Web sites that are able to
attract the greatest viewership or that have a highly specialized, differentiated viewership and are able to
retain user attention are able to charge higher advertising rates.
2) Subscription revenue model

In the subscription revenue model a Web site that offers its users content or services charges a subscription
fee for access to some or all of its offerings. For instance, some of the e-books website provides access to
download any book only to subscribers, who have paid monthly or annual subscription fee.
3) Transaction fee revenue model

In the transaction fee revenue model, a company receives a fee for enabling or executing a transaction. For
example, e8ay provides an online auction marketplace and receives a small transaction fee from a seller if
the seller is successful in selling the item.
4) Sales revenue model

In the sales revenue model companies derive revenue by selling goods, information, or services to
customers. Companies such as Flipkart, Amazon (which sells books, music, and other products), and
shoppersstop.corn, all have sales revenue models.
5) Affiliate revenue model

In the affiliate revenue model sites that steer business to an "affiliate" receive a referral fee or percentage
of the revenue from any resulting sales. For example, HDFC bank offers 5 reward point for every 100 rupees
spent on the card. When the consumer take advantage of an offer and make a purchase, members earn
"points" and these points can redeem for freebies.
Complied by
Sri. Sri.Balaji.A.
Hardware and Software for E-Business
VI semester BBM
E-Business

(E-Business Infrastructure)
Page | 11
Introduction:
E-Business infrastructure is most important parameter to all companies adopting E-business. E- Business
affects directly the quality of service experienced by users of the system in terms of speed, security, richness,
user friendly and responsiveness. A good infrastructure refers to the combination of hardware such as servers
and client PCs in an organization, the network used to link this hardware and the software applications.
Infrastructure also includes the architecture of the networks, hardware and software and where it is located.
A key decision with managing this infrastructure is which elements are located within the company and which
are managed externally as third- party managed applications, data servers and networks.
The Basic Technologies For E-Commerce

1. Web server: A web server can mean two things - a computer on which a web site is hosted and a
program that runs on such a computer. So the term web server refers to both hardware and software.
A web server is a hardware device that is used to host an e- commerce website. It is just like a personal
computer which stores all the website pages. In case of bigger and heavy traffic e-commerce
applications, we use powerful computer to cater the needs of heavy requests.
Web server hardware need to run software that manages access attempts to a website. The web
server software manages all the request and response communication, locating the files in the web
server hardware etc.
2. Web Browser: A Web Browser is a software application used to locate and display Web pages. It
is able to retrieve, find, view, and send information over the internet
3. Web authoring tools: There are some tools in the market to create the web pages quickly and
beautifully with less development time and cost. Example: Dreamweaver The html files created by
Dreamweaver will include CSS (cascading style sheet) files that are used to enhance the visual
appearance of the site.
4. Database system: A database system is an integral part of an e-Commerce website The database
is used to store information about the products that are for sale on the store. The database will store
price description, images and details of the each product and
services that are available. In addition to this the customer details are stored when they make a
purchase such as what they ordered, the payment details, shipping details, phone number and email
address etc.
5. Operating systems: OS include:
• Running programs
• Allocating computer resources (memory & disk space) to programs
• Provide input and output services to devices used on the computer.
• Keep track of multiple users on a network (for larger systems).
6. Internet: The Internet refers to the physical network that links computers across the globe. It
consists of the infrastructure of network servers and communication links between them that are used
to hold and transport information between the client computers and web servers.
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
Working of E-Commerce:
E-commerce works like conventional commerce with the same process of selling and purchasing goods or
services for a price. The difference is that goods and services in e-commerce are bought and sold over the
Internet wherein consumer visits website and thereby selects the product or service. Payment is made using
a credit card or debit card or using the internet banking over a secure connection which is deposited in
merchant bank account. The seller makes arrangement for delivery of product. Transactions can be done Page | 12
globally 24 hours a day and 7 days a week, unlike conventional commerce. There are no weekly holidays or
closing time as with conventional stores.
Client- Server Architecture:

The internet revolves around client server architecture.The computer runs software called the client which is
a browser like Internet Explorer, Google Chrome, Netscape Navigator or Mozilla and it interacts with server
software (ex: Apache http server software) which is located at a remote computer. Browsers interact with the
server using a set of instructions called protocols. These protocols help in the accurate transfer of data from
browser to server and response from server to browser. There are many protocols available on the Internet.
The web employs a connection-less protocol, which means that after every client-server interaction the
connection between the two is lost.
http
Request
clien
t
Server
httpresponse
Some common Internet protocols
 HTTP (Hypertext transfer Protocol): This protocol is used on the World Wide Web (WWW) for
transferring web pages and files contained in web pages.
 FTP (File Transfer protocol): This protocol is used for transferring files from one machine to the other.
 SMTP (Simple Mail Transport Protocol): This protocol is used for email communication.
 IMAP(Internet message access protocol)
 POP(Post office Protocol)
 Https(Secure HTTP or Http over SSL)
Procedure of Client-server communication:

a. User enters the website URL in the browser (Example: www.yahoo.co.in). Then the request is sent to
the web server which is present in the remote location. This request is sent via internet.
b. The server receives the request and looks for the file requested and sends the response back to client.
The response contains th e web page and images.
c. The client receives the response from the server and displays the webpage in the browser.
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
INFRASTRUCTURE REQUIREMENTS FOR E-COMMERCE

1) Telecommunication Infrastructure Requirements
a. Bandwidth: Bandwidth is the amount of traffic that passes between the website and other computers
connected to the internet. Depending on the quality of the network provided by the hosting company,
we will have higher or lower bandwidth limitations. Depending upon the e-commerce application, Page | 13
usage, and number of visitors we should choose the bandwidth for the website. If the bandwidth is
low, then the website request and response performance will be slow.
b. Security: Two main components of security requirements for e-commerce are type of firewall and
encryption algorithm mechanism. This also varies widely from one e-commerce activity to the other.
Security requirements are a crucial part of e-commerce.
2) Hardware Requirements for E-commerce

Hardware requirements for high-traffic sites may be dependent on the following issues:
a) Number of transactions per second;
b) Number of hits per second;
c) Number of queries per second;
d) Number of queries done by database per second;
e) Number of pages served per second
f) Need for backup servers( In short clustering i.e. use of backup servers which automatically takes over
operations in case of failure of primary ones).
3) Software Requirements for e-Commerce

Several software like Apache Web Server, Linux Operating System, mySQL database, etc are available free
on the Internet that can be used to build e-commerce applications. Many of these open source software
may not be adequate for high-traffic sites. The selection of software depends upon the whether it is high
traffic or low traffic site.
4) Technical Skill Requirements

A system administrator must have –
 Good knowledge of computer hardware,
 Must be able to maintain and upgrade hardware including hard drive, processor and motherboard
 Must also have the skill to install the software and applications.
 A developer needs to have –
 High level programmer with a few years of experience in the industry and must possess a clear
understanding of how an e-commerce system works.
 Understanding how information flows from one end of the system to another and what modifications
take place in between is essential.
 Should have the knowledge of web technologies like HTML, Java Script PHP, Web 2.0, XML etc., The
person should have the knowledge of using various Internet and web utility programmes.
5) Financial Infrastructure
 High availability telecommunication network
 Good integrated banking software for back office and front office data processing
 Use of WAN and Internet for banking operations
 Availability of Electronic fund transfer System
 Availability of Electronic Clearing System
 Availability of Public Key based Encryption System
 Availability of Credit Card System both for local and international payment
 Availability of Foreign Exchange Remittance Mechanism over the Internet
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
E-Commerce Software
Components of e-commerce software
a. Catalogue Display: A small commerce site can have static catalogue whereas larger commerce sites use
a dynamic catalogue. A catalogue is a listing of goods and services. A static catalogue is a simple list written
in HTML that appears on a Web page or a series of Web pages. To add an item delete an item or change an Page | 14
item's listing, the company must edit the HTML of one or more pages. A dynamic catalogue stores the
information about items in a database, usually on a separate computer that is accessible to the server that
is running the Web site itself. Further, it features multiple photos of each item, detailed descriptions, and
a search feature that, allows customers to search for an item and determine its availability.
b. Shopping Cart: A shopping cart is a piece of e-commerce software on a web server that allows visitors to
select items in the website for online purchase. A shopping cart is used by E-commerce web sites to track
the items that are selected for purchase; the shopping cart allows customers to view all the items selected
by them.
c. Transaction Processing: Transaction processing occurs when the shopper proceeds to the virtual
checkout counter by clicking a checkout button. Then the electronic commerce software performs any
necessary calculations, such as volume discounts, sales tax, and shipping costs. At checkout, the customer's
Web browser software and the seller's Web server software both switch into a secure state of
communication. Transaction processing can be the most complex part of the online sale. Computing taxes
and shipping costs are important parts of this process, and site administrators must continually check tax
rates and shipping tables to make sure they are current. Some software enables the Web server to obtain
updated shipping rates by connecting directly to shipping companies to retrieve information.
d. Middleware: Larger companies usually establish the connections between their electronic commerce
software and their existing accounting system by using a type of, software called middleware. Some large
companies that have sufficient IT staff write their own middleware; however, most companies purchase
middleware that is customized for their businesses by the middleware vendor or a consulting firm. Thus,
most of the cost of middleware is not the software itself, but the consulting fees needed to make the
software work in a given company. Making a company's information systems work together is called
interoperability and is an important goal of companies when they install middleware.
e. Enterprise Application Integration with Databases: A program that performs a specific function,
such as creating invoices, calculating payroll, or processing payments received from customers, is called an
application program, application software or, more simply, an application. An application server is a
computer that takes the request messages received by the Web server and runs application programs that
perform some kind of action based on the contents of the request messages. The actions that the
application server software performs are determined by the rules used in the business. These rules are
called business logic. An example of a business rule is: When a customer logs in, check the password
entered against the password file in the database. Application servers are usually grouped into two types:
page-based and component-based systems. Page-based application systems return pages generated by
scripts that include the rules for presenting data on the Web page with the business logic. Larger businesses
often prefer to use a component-based application system that separates the presentation logic from the
business logic. Each component of logic is created in its own module.
f. Web Services: Companies are beginning to extend the idea of application server systems so that these
programs can communicate across organizational boundaries. Although a generally many IT professionals
define Web services as a combination of software tools that let application software in one organization
communicate with server applications over a network by using a specific set of standard protocols known
by their acronyms: SOAP, UDDI and WSDL.
g. Integration with ERP Systems: Many B2B Web sites must be able to connect to existing information
systems such as enterprise resource planning software. Enterprise resource planning (ERP) software
packages are business systems that integrate all facets of a business, including accounting, logistics,
manufacturing, marketing, planning, project management, and treasury functions. The major ERP vendors
include Baan, Oracle, PeopleSoft, and SAP.
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
Web Browsers:
A Web Browser is a software application used to locate and display Web pages. It is able to retrieve, find, view,
and send information over the internet. It formats the documents such that it is understandable by the user.
A web browser is also called as a client that connects to a server; using HTTP.Some of the popular web
browsers are Internet Explorer, Google Chrome, Netscape Navigator, Mozilla Firefox, Opera, Safari
Page | 15
Primary functions of Web Browser:
a) To give user's access to the World Wide Web, the browser understands the programming languages used
to write web pages and convert them to readable and viewable documents.
b) A Web browser knows how to go to a Web server on the Internet and request a page, so that the browser
can pull the page through the network and present it to the user in understandable manner.
c) A Web browser knows how to interpret the set of HTML tags within the page in order to display the page
on the screen.
d) To play games through the browser, use chat rooms and use more interactive websites.
Web Server Software

Meaning: A web server program is software that runs on the web site hosting Server computer. Its main
purpose is to serve web pages; which mean it waits for requests from web browsers (also known as clients)
and responds by sending the required data back.
Software is the main component that implements the E-commerce services and functionality. Web Server
software is piece of software that is installed and runs on the server platform (Microsoft Xp, Microsoft NT,
UNIX or some other operating system). When the user clicks a hyperlink on a Web page, a request is sent to
the Web server for the page associated with the link. It is the HTTP protocol that responds to the request and
sends the results to the client machine.
Web server software is required in addition to the Web server operating system software. It is used to
implement some extra functionality such as security and identification and retrieval and sending of Web pages.
Web server software creates a Web log file that identifies things such as the URL of the visitor, the length of
the visit and the search engine and the key words used to find the site. Web server software includes website
development tools such as HTML editor and Web page upload support. Choosing Web server software is not
an easy task. There are many products available, with many different features, and the only way to choose the
right one is to actually evaluate the software. For example, we desire to trade over the Internet, like an on-
line shop, we will need software that provides on-line transaction functionality or want to provide referencing
capabilities, for which we will require a built-in search engine.
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
Popular web server software used in e-commerce Apache HTTP Server, Microsoft Internet Information
Services (lIS), nginx, and Google Web server are the most popular web servers used as of today.
E-Commerce Hardware
Page | 16
Web Server Hardware
Web server hardware is a computer that is used to host an e-commerce website. All html files, databases and
image files that make up the entire content of the web site are stored on the server. Web servers will run on
a Windows or Linux or any other operating system and will use web server software to manage access requests
to the website. A web server is similar to a Personal Computer but will have faster processors and more
memory making it much mo - powerful Depending upon the traffic and e-commerce application, the hardware
should selected If the number of hits per second is too heavy, then we should select a power computer for
server.
A company that wants to host an e-commerce website can maintain the site on their own web server or pay
a hosting company to provide space on a secure web server that hosts the site. Managing and maintaining a
web server is a very important and hence most of the small and medium sized business companies will pay for
hosting instead of maintaining their own server. Web server hardware is one of the major components of the
E-commerce infrastructure which the performance of the whole E-commerce application depends.
Factors determining web server hardware and software requirements:

a) Size of the web site c) Traffic on the web site
b) Purpose of the web site
A small, non commercial Web site will require fewer resources than a large commercial site. While selecting
Web server hardware, the software that will run on the server of the e-Commerce transactions to be processed
must be considered. The amount of the storage capacity and the computing power required depend on the
volume of the E-commerce transaction to be processed. If the exact requirements are not known in advance,
then the hardware configuration should be highly scalable so that they can be upgraded to meet the
requirements.
Web Server Hardware Requirements of B2B and B2C commerce sites include:
a. They must be available 24 hours a day,7 days a d. Efficient and easily upgraded software
week e. Security software
b. Reliable servers f. Database connectivity
c. Backup servers for high availability
The following parts of the computer make bigger impact on the performance of the e- Commerce-
a) Network card c) Server Memory
b) Server Processor d) Hard Drives
WEB HOSTING
Web hosting is a service that allows organizations and individuals to publish or upload a website or web page
on to the Internet. A web host or web hosting service provider, is a business that provides the technologies
and services needed for the website or webpage to be viewed in the Internet. Websites are hosted, or stored,
on special computers called web servers. A few web hosting service providers Godaddy, iPage, justHost.com,
web.com, blueHost.
Steps to Hosting a Website:

i. Upload file from our computer to server webhosting
ii. The host computer makes server site available on the internet
iii. Visitors are able to view web site
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
Features provided by Web Hosting Service Providers:

a. Amount of Storage f. Database Support
b. Amount of Bandwidth g. Technical Support
c. Domain Registration h. Site Backup
d. Number of Sub-domains i. Choice of Operating System
e. Email Support j. 24/7 Availability Page | 17
Selecting best Web Hosting Provider:
1. Evaluate the disk space and bandwidth needs 5. Price
2. Choosing the right operating system 6. E-mail services
3. Reliability and availability 7. 24/7 support
4. Security like firewalls, daily backup, user
authentication, etc.
Types of Web Hosting

1) Free Web Hosting: Free Web hosting is free. Many free hosting providers support the hosting costs
through advertising added automatically to Web pages through pop-ups, frames, and scripts. Free Web
hosting is typically limited in some way compared to the paid hosting. For example, we may get less space
and bandwidth. Free Web hosting can be done through a hosting service like GeoCities or through the
Internet Service Provider (ISP).
2) Shared Web Hosting: Shared hosting is the most popular form of web hosting. It is called "shared"
because many different web applications (most often websites) are stored on one single physical server
and thus share its resources. All the websites in the server share all a common pool of server resources,
such as RAM and the CPU. With shared paid hosting, we pay money typically once a month your space
and services to web hosting service provider. The price depends upon what services we want. Services
include email support, database support, security, extra space, extra bandwidth, and so on.
3) Dedicated Web Hosting In contrast to shared hosting, dedicated hosting implies that client's
applications do not share the server's resources with other users' applications. Besides, the server uses
the entire available bandwidth for purposes of its own. This type of hosting is intended for high traffic
websites and web applications.
4) Cloud Web Hosting: The term cloud is more of an electronic structure where data is stored over many
different computers and served up via a network connection, typically the Internet. In cloud hosting, the
actual website data (such as HTML, CSS files, images, etc.) is spread out over a cluster of hard drives
connected together. Cloud hosting services are the hottest trend in the hosting market. Cloud hosting has
many advantages over the shared hosting services and sometimes performs better than dedicated hosting
solutions. Cloud hosting is based on the most innovative Cloud computing technologies that allow
unlimited number of machines to act as one system.
5) Co-location Web Hosting: This kind of webhosting is similar to the dedicated web hosting service, but
the user owns the server; the hosting company provides physical space that the server takes up and takes
care of the server. This is the most powerful and expensive type of web hosting service. The client would
have his own administrator visit the data center on site to do any hardware upgrades or changes. Co-
location comes in two flavours: managed and unmanaged. Unmanaged is where we handle all the
administration and management of the server, including software updates, the Web server, and the site
itself. Co-location is perfect for companies who want something unusual in their Web software
configuration or need the extra security.
Web Site And Internet Utility Programs:

A utility program allows a user to perform maintenance type tasks usually related to managing a computer,
server; internet communications, client server communication, or programs. The utility programs are very
much helpful in analyzing the issues and fixing it.
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
1. Finger utilities are used to find information about the users that are on the network. This can include
who is on the network and when they last logged in. Many companies have disabled this feature so that
they can maintain network security and privacy.
2. Packet Internet Groper utility (ping) is useful for making sure the connection on the network
is working or not to find out what is causing the connection problems. Ping is used to test the connectivity Page | 18
between two computers connected to the Internet.
3. Route-tracing programs (traceroute) are used to determine the amount of time it takes for a
message sent from one computer to another and back. When we enter an address and use the traceroute
program, it will show the route taken by data sent between client and the server. We can use this to
troubleshoot connection problems by finding out the point where the data is being blocked We can also
use it when we are downloading a file and have multiple download mirrors in different locations to choose
from. Just type the addresses of the mirrors into traceroute and we can get a good idea of which mirror is
fastest.
4. Telnet allows users to log on to a computer that is connected to the Internet. Telnet is a program that
allows for users to perform tasks on the Internet without using a Web browser. Telnet use is decreasing
due to so many users having the technology that allows for much more efficient means of Internet access.
5. FTP(File transfer Protocol) allows to transfer files between two computers on the Internet. is a
simple network protocol based on Internet Protocol and also a term used when referring to the process
of copying files when using FTP technology. To transfer files with FTP, we use a program often called the
client. An FTP client program initiates a connection to a remote computer running FTP server software.
After the connection is established, the client can choose to send and/or receive copies of files, singly or
in groups.
6. Data Analysis: Webmasters website administrator can use data analysis programs to determine what
types of users are visiting the site as well as other information of those viewing the site.
7. Link-checking is the process of a program going through all the links on a site and determining if
there are any links that do not work This allows for the website administator to make sure that all links
are working and that if there are any links that are not working, to figure out what needs to be changed.
Shopping Cart Software:

Meaning: A shopping cart is a piece of e-commerce software on a web server that allows visitors to select
items in the website for online purchase. A shopping cart is used by E-commerce web sites to track the items
that are selected for purchase; the shopping cart allows customers to view all the items selected by them.
Important features to consider while doing Shopping cart comparison.

1. Payment Alternatives
2. Searching and Browsing Website
3. Product Ratings and Reviews
4. Wish List and Gift Registry Options
5. Inventory Management
6. Faster Checkout
7. Tracking Orders
8. Special Offers
9. Security for Ecommerce Sites
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
The procedure for online purchase using shopping cart software is shown in the below diagram
Page | 19
The customers can add new items and remove the previously selected items from the shopping cart. The
software allows online shopping customers to accumulate a list of items for purchase. Upon checkout, the
software typically calculates a total for the order, including shipping and handling (i.e. postage and packing)
charges and the associated taxes, as applicable.
These applications typically provide a means of capturing a client's payment information, but in the case of a
credit card they rely on the software module of the secure gateway provider, in junction with the secure
payment gateway, in order to conduct secure credit card transactions online.
Although the simplest shopping carts strictly allow for an item to be added to a basket to start a checkout
process (e.g. the free Pay Pal shopping cart), most shopping cart software provides additional features that an
Internet merchant uses to fully manage an online store. Data regarding the products, categories, discounts,
orders, customers are normally stored in a database and accessed in real time by the software.
Shopping Cart Software is also known as e-commerce software, e-store software, online store software or
storefront software and online shop.
Types of Shopping Cart Software:

1. Licensed software: In the "licensed" shopping cart model a merchant pays a license fee (often a one-
time fee), and then takes possession of the software. Within reason, the merchant may place the software
on any web server and, in most cases, may modify or customize the shopping cart software. The main
advantages of this option are that the merchant owns a license and therefore can host it on any Web server
that meets the server requirements.
2. Hosted service: The "hosted" shopping cart model the merchant pays a recurring monthly / yearly fee for
access to the software. The merchant does not choose the web server's configuration or location, and the
merchant may in no way modify or customize the shopping cart software.
3. Free licensed shopping cart software: "free" licensed shopping cart software available in the market.
With these carts, one will still need to either own or maintain a web server or rent a web server, but the
software itself is free.
E-Commerce Software Tools:

1. Web Site Development Tools
2. Intershop Infinity
3. IBM Web Sphere Commerce Professional Edition
4. Microsoft Commerce Server 2002
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
5. Enterprise-Class Electronic Commerce Software
6. Customer Relationship Management Software
7. Supply Chain Management Software
8. Content Management Software
9. Knowledge Management Software
Page | 20
E-Business Terminologies:
1. Domain Name: A domain name is a textual representation of a numeric number (IP address) used to
locate specific areas of the Internet. It is easier to remember a name than a series of numbers. Domain
names are used in various networking contexts and application-specific naming and addressing purposes.
2. HTTP: Hypertext Transfer Protocol is a simple application protocol working under-a client/server
computing environment. Basically, a client issues a request to a server and then the server returns the
response. The request is specified in text (ASCII) format; whereas the response is specified in Multipurpose
Internet Mail Extensions (MIME) format, which defines different types of content types such as text, image
and audio.
3. URL: A uniform resource locator, abbreviated URL, also known as web address, is a specific character
string that constitutes a reference to a resource. In most web browsers, the URL of a web page is displayed
on top inside of an address bar. An example of a typical URL would be "http//en.example.org/wik/Main
_Page". An URL is technically a type of Uniform Resource Identifier (URT), but in many technical documents
and verbal discussions, URL is often used as a synonym for URF.
4. Web Browser: A web browser (commonly referred to as a browser) is a software application World
Wide Web. An information resource is identified by a Uniform Resource Identifier 3 Hyperlinks browsers.
Although browsers are primarily intended to use the World Wide Web, they can also be used to access
information provided by web servers private networks or files in file systems. The major web browsers are
Chrome, Firefox, Internet Explorer, Opera, and Safari.
5. Web Client: A Client and a Server are two parts of a connection. In a web environment, these are two
distinct machines. A Client is any machine that requests information, and the Server is the machine to
which the client makes the request to. So a Web Server is basically a PC that is designed to accept requests
from remote computers and send on the information requested. A Web client is actually the browser. It
is the browser on the PC/Mac that makes the requests to the remote server. A PC/Mac that uses a web
(Client) browser is referred to as a Client Machine.
6. Web Page: A web page or webpage is a web document or other web resource that is suitable for the
World. Wide Web and can be accessed through a web browser and displayed on a monitor or mobile
device. This information is usually in HTML or XHTML format, and may provide navigation to other web
pages. Web pages may be retrieved from a local computer or from a remote web server.
7. Web Site: A website, also written as Website, Form a single web domain. A website is hosted on at least
one web server, accessible via a network such as the Internet or a private local area network through an
Internet address known as a Uniform Resource Locator. All publicly accessible websites collectively
constitute World Wide Web.
Complied by
Sri. Sri.Balaji.A.
Security for E-Business
VI semester BBM
E-Business

Concepts of electronic security
 Confidentiality  Availability Page | 21
 Integrity
Electronic Security Features

While security features do not guarantee a secure system, they are necessary to build a secure system.
1. Authentication: This refers to the verification of the authenticity of either a person or of data. It
enforces that you are the only one allowed to logon to your Internet account.
2. Authorization: The process whereby a person approves a specific event or action. Allows only
authorized persons to manipulate your resources in specific ways. This prevents you from increasing
the balance of your account or deleting a bill.
3. Encryption: The process by which data are temporarily re-arranged into an unreadable or
unintelligible form for confidentiality, transmission, or other security purposes. It ensures you cannot
spy on others during Internet banking transactions. It deals with information hiding.
4. Auditing: Keeps a record of operations. Merchants use auditing to prove that you bought specific
merchandise.
5. Integrity: prevention against unauthorized data modification
6. Nonrepudiation: prevention against any one party from reneging on an agreement after the fact
7. Availability: prevention against data delays or removal.
8. Confidentiality: Ensures that messages and data are available only to those who are authorized to
view them.
9. Privacy: Ability of an user to control use of information a customer provides about himself to
merchant.
Major vunerabilty points in E-commerce

1. Client side Security
These are security measures that protect the user’s privacy and the integrity of their computer and data.
Technological solutions include safeguards to protect users against computer viruses and other malicious
software as well as measures that limit the amount of personal information that browsers can transmit
without the users consent.
2. Server side Security

These are measures that protect the web server and the machine it runs on from breakings, site vandalism
and denial-of-service attacks. Technological solutions range from firewall systems to operating system
security measures.
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
3. Communication Channel Security

This is measure that protects private information from being disclosed to third parties. One risk to document
confidentiality is eavesdropping by unauthorized third parties who will intercept documents as they cross
the network. The main technological fix in this category is cryptography, although simpler measures, such as
the use of passwords to identify users also play an important role.
Page | 22
E-commerce threats
1. Tricking the Shopper
These attacks involve surveillance of the shopper's behavior, gathering information to use against the
shopper.A common scenario is that the attacker calls the shopper, pretending to be a representative from a
site visited, and extracts information.
2. Snooping the Shopper's Computer

A popular technique for gaining entry into the shopper's system is to use a tool, such as SATAN, to perform
port scans on a computer that detect entry points into the machine. Based on the opened ports found, the
attacker can use various techniques to gain entry into the user's system. Upon entry, they scan your file system
for personal information, such as passwords.
3. Sniffing the Network

In this scheme, the attacker monitors the data between the shopper's computer and the server. He collects
data about the shopper or steals personal information, such as credit card numbers.
4. Guessing Passwords
Another common attack is to guess a user's password. This style of attack is manual or automated. Manual
attacks are laborious, and only successful if the attacker knows something about the shopper. For example, if
the shopper uses their child's name as the password. Automated attacks have a higher likelihood of success.
5. Using Known Server Bugs

The attacker analyzes the site to find what types of software are used on the site. The sophisticated attacker
finds a weakness in a similar type of software, and tries to use that to exploit the system.
6. Using Server Root Exploits

Root exploits refer to techniques that gain super user access to the server. This is the most coveted type of
exploit because the possibilities are limitless. When you attack a shopper or his computer, you can only affect
one individual. With a root exploit, you gain control of the merchants and all the shoppers' information on the
site.
7. The Denial of Service (DoS)

A denial of service (DoS) attack is a malicious attempt to make a server or a network resource unavailable to
users, usually by temporarily interrupting or suspending the services of a host connected to the Internet.Denial
of Service attack involves flooding the target resource with external communication requests. This overload
prevents the resource from responding to legitimate traffic, or slows its response so significantly that it is
rendered effectively unavailable.
Resources targeted in a DoS attack can be a specific computer, a port or service on the targeted system, an
entire network, a component of a given network any system component.
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
Page | 23
8. Distributed Denial of Service (DDoS)

DDoS attack, uses many devices and multiple Internet connections, often distributed globally into what is
referred to as a botnet. A DDoS attack is, therefore, much harder to deflect, simply because there is no single
attacker to defend from, as the targeted resource will be flooded with requests from many hundreds and
thousands of multiple sources.
9. SQL Injection
SQL Injection is an attack method using the application vulnerability. If the attacker has filled the data that
include the vicious SQL query instruction in the web page form, these query instruction together with HTML
file will drill through the firewall and arrive to web server. Once they are run at web server, the important
information will be revealed or modified.
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
10. Price Manipulation
This is a vulnerability that is almost completely unique to online shopping carts and payment gateways. In
the most common occurrence of this vulnerability, the total payable price of the purchased goods is stored in
a hidden HTML field of a dynamically generated web page. An attacker can use a web application proxy such
as Achilles to simply modify the amount that is payable, when this information flows from the user's browser
to the web server. The final payable price can be manipulated by the attacker to a value of his choice. Page | 24
11. Session Hijacking

Session hijacking is the act of taking control of a user session after successfully obtaining or generating an
authentication session ID. Session hijacking involves an attacker using captured, brute forced or reverse-
engineered session IDs to seize control of a legitimate user's Web application session while that session is
still in progress.
12. Cross-site script (XSS) (Cookie Theft)

Cross-site scripting is an attack that takes advantage of a Web site vulnerability in which the site displays
malicious content .
13. Viruses: Have ability to replicate and spread to other files infecting them; most also deliver a “payload”
of some sort include macro viruses, file-infecting viruses, and script viruses
14. Worms: Designed to spread from computer to computer and occupies free space.
15. Trojan horse: Appears to be benign, but then does something other than expected.
16. Bots: Can be covertly installed on computer; responds to external commands sent by the attacker.
17. EXE file: some times webmaster or system admin may forget to delete shopping cart exe file which
may detect by the attackers and if they are able to run exe file the entire file would deleted from
e- Commerce system.
18. Browser parasites: Can monitor and change settings of a user’s browser: Adware- Calls for unwanted
pop-up ads and Spyware- Can be use to obtain information, such as a user’s keystrokes, e- mail, IMs,
etc.
19. Spyware: Spyware is software that aims to gather information about a person or organization without
their knowledge and that may send such information to another entity without the consumer's consent,
or that asserts control over a computer without the consumer's knowledge.
Steps to be taken to provide E-business security/ Protection from threats

1. Personal Firewalls
A personal firewall helps protect our computer by limiting the types of traffic initiated by and directed to our
computer.
2. Antivirus Software
It is a computer software used to prevent, detect and remove malicious software like virus and worms.
3. Anti-Spyware Software
Anti-spyware software programs can be used solely for detection and removal of spyware
4. Data Back-up
process of backing up, refers to the copying and archiving of computer data so it may be used to restore the
original after a data loss event.
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
5. Encryption
Encryption is the process of encoding messages or information in such a way that only authorized parties can
read it.
6. Uninterruptible Power Supply (UPS)

It is an electrical device that provides emergency power during input power interruptions.A UPS is typically Page | 25
used to protect hardware such as computers, data centers, telecommunication equipment or other electrical
equipment where an unexpected power disruption could cause injuries, fatalities, serious business disruption
or data loss.
7. Secure Socket Layer (SSL)

Secure Socket Layer is a protocol that encrypts data between the shopper's computer and the site's server.
8. PCI Standard Compliance

In 2004 five different credit card security programs merged to form the Payment Card Industry Security
Standards Council (PCI DSS) with the purpose of creating an extra level of protection for card issuers making
sure that merchants (both online and brick and mortar) meet basic levels of security when storing, processing,
and transmitting cardholder data.
9. Digital Signatures and Certificates

Digital signatures meet the need for authentication and integrity. This is a digital document issued by the CA
(certification authority like VeriSign, Thawte, etc.) that uniquely identifies the merchant. Digital certificates
are sold for emails, e-merchants and web-servers.
10. Password policies

Ensure that password policies are enforced for shoppers and internal users. Ensure that passwords are
sufficiently strong enough so that they cannot be easily guessed.
11. Installing Recent Patches

Software bugs and vulnerabilities are discovered every day. Even though many of them are discovered by
security experts, rather than hackers, they may still be exploited by hackers once they became a public
knowledge. That's why it is important to install all software patches as soon as they become available.
12. Intrusion Detection and Audits of Security Logs

One of the cornerstones of an effective security strategy is to prevent attacks and to detect potential attackers.
Like if a shopper makes 6 failed logon attempts, then his account is locked out. In this scenario, the company
sends an email to the customer, informing them that his account is locked. This event should also be logged
in the system, either by sending an email to the administrator, writing the event to a security log, or both.
13. Physical Security:

Do not allow unauthorized access to to computer system containing sensitive information.
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
Encryption and Cryptography

Encryption
Encryption is the process of encoding messages or information in such a way that only authorized parties can
read it. Encryption does not of itself prevent interception, but denies the message content to the interceptor
Page | 26
Cryptography
Cryptography is the science,practice and study of techniques for secure communication in the presence of
third parties.
Basic terms in Cryptography

 Plain text: The original intelligible message.
 Cipher text:The transformed message.
 Cipher: An alhgorithm for transforming an intelligible meessage into unintelligible messageby
transposition and/or substitution.
 Key: Some critical information used bythe cipher, known only to the senderand receiver.
 Encipher(Encode):The process of converting plain text to cipher text.
 Decipher(decpde): The process of converting cipher text to plain text.
Types ofEncryption
1. Symmetric Key Encryption :
Symmetric key encryption involves using a single key to encrypt and decrypt data. A secret key, which can be
a number, a word, or just a string of random letters, is applied to the text of a message to change the content
in a particular way. This might be as simple as shifting each letter by a number of places in the alphabet. As
long as both sender and recipient know the secret key, they can encrypt and decrypt all messages that use
this key.
For example, suppose that you took a document and placed it in a file cabinet and then locked the cabinet
with a key. For you or anyone else to access the document, you'd need the key to the file cabinet.
Advantages
 Symmetric encryption is the oldest and best-known technique.
 Symmetric key encryption is fast and secure.
 symmetric key encryption works well locally.
Disadvantages
 It doesn't work very well across networks. In order for the receiver of the encrypted packets to be able
to decrypt the packets, they must use the key. Needless to say, this means that you must send them
that key along with the message.
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
 The other problem is that the physical medium you're sending the packets across is insecure. If it were
secure, there would be no reason to encrypt the message in the first place. Anyone who might be
monitoring the network could steal the encrypted packets and the key necessary for decrypting them.
2. Public Key Encryption/ Asymmetric Key Encryption:

In Public Key Encryption, there are two related keys in a key pair. Two different but mathematically related Page | 27
keys are used. The private key is based on a derivative of the public key. A public key is made freely available
to anyone who might want to send you a message. A second, private key is kept secret, so that only you know
it. Public key encryption encrypts data using the recipient’s public key, and it cannot be decrypted without
using a matching private key. In other words, you need one key to lock (encrypt the plaintext) and another key
to unlock (decrypt the cypertext). Important thing is that one key cannot be used in the place of the other.
Any message (text, binary files, or documents) that are encrypted by using the public key can only be decrypted
by applying the same algorithm, but by using the matching private key.
Advantages
 Asymmetric key encryption is most secure.
 It work very well across all networks.
Disadvantages
 Asymmetric key encryption is very slow.
 Asymmetric key encryption is resource intensive.
Digital Signature and Digital certificate

Digital Signature
It's is also possible to use your private key for encryption and your public key for decryption. Although this is
not desirable when you are encrypting sensitive information, it is a crucial part of digitally signing any data.
Instead of encrypting the data itself, the signing software creates a one-way hash of the data, then uses your
private key to encrypt the hash. The encrypted hash, along with other information, such as the hashing
algorithm, is known as a digital signature.the original data and the digital signature, which is basically a one-
way hash (of the original data) that has been encrypted with the signer's private key. To validate the integrity
of the data, the receiving software first uses the signer's public key to decrypt the hash. It then uses the same
hashing algorithm that generated the original hash to generate a new one-way hash of the same data.
(Information about the hashing algorithm used is sent with the digital signature, although this isn't shown in
the figure.) Finally, the receiving software compares the new hash against the original hash. If the two hashes
match, the data has not changed since it was signed. If they don't match, the data may have been tampered
with since it was signed, or the signature may have been created with a private key that doesn't correspond
to the public key presented by the signer.
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
Hashing: The signing software crunches the data using
one-way hashing formula. This process is called as
hashing.
Message Digest: A message digest is a cryptographic

hash function containing a string of digits created by a Page | 28
one-way hashing formula. "Hash Function" is
cryptographic algorithm, that takes input message of
arbitrary length and out puts fixed length code, the out
is called "Message Digest".
Digital certificate
An attachment to an electronic message used for security purposes. The most common use of a digital
certificate is to verify that a user sending a message is who he or she claims to be, and to provide the receiver
with the means to encode a reply.
An individual wishing to send an encrypted message applies for a digital certificate from a Certificate Authority
(CA). The CA issues an encrypted digital certificate containing the applicant's public key and a variety of other
identification information. The CA makes its own public key readily available through print publicity or perhaps
on the Internet.
The recipient of an encrypted message uses the CA's public key to decode the digital certificate attached to
the message, verifies it as issued by the CA and then obtains the sender's public key and identification
information held within the certificate. With this information, the recipient can send an encrypted reply.
Secure Sockets Layer(SSL)

Meaning: SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link
between a server and a client—typically a web server (website) and a browser; or a mail server and a mail
client (e.g., Outlook).
SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to
be transmitted securely. Normally, data sent between browsers and web servers is sent in plain text—leaving
you vulnerable to eavesdropping. If an attacker is able to intercept all data being sent between a browser and
a web server they can see and use that information.
More specifically, SSL is a security protocol. Protocols describe how algorithms should be used; in this case,
the SSL protocol determines variables of the encryption for both the link and the data being transmitted.
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
SSL Certificates have a key pair: a public and a private key. These keys work together to establish an encrypted
connection. The certificate also contains what is called the “subject,” which is the identity of the
certificate/website owner.
To get a certificate, you must create a Certificate Signing Request (CSR) on your server. This process creates a
private key and public key on your server. The CSR data file that you send to the SSL Certificate issuer (called Page | 29
a Certificate Authority or CA) contains the public key. The CA uses the CSR data file to create a data structure
to match your private key without compromising the key itself. The CA never sees the private key.
An SSL Certificate issued by a CA to an organization and its domain/website verifies that a trusted third party
has authenticated that organization’s identity. Since the browser trusts the CA, the browser now trusts that
organization’s identity too. The browser lets the user know that the website is secure, and the user can feel
safe browsing the site and even entering their confidential information.
How Does the SSL Certificate Create a Secure Connection Or how does it work?
When a browser attempts to access a website that is secured by SSL, the browser and the web server establish
an SSL connection using a process called an “SSL Handshake” (see diagram below). Note that the SSL
Handshake is invisible to the user and happens instantaneously.
Essentially, three keys are used to set up the SSL connection: the public, private, and session keys. Anything
encrypted with the public key can only be decrypted with the private key, and vice versa.
Because encrypting and decrypting with private and public key takes a lot of processing power, they are only
used during the SSL Handshake to create a symmetric session key. After the secure connection is made, the
session key is used to encrypt all transmitted data.
Server Browser Communication
1. Browser connects to a web server (website) secured with SSL (https). Browser requests that the
server identify itself.
2. Server sends a copy of its SSL Certificate, including the server’s public key.
3. Browser checks the certificate root against a list of trusted CAs and that the certificate is unexpired,
unrevoked, and that its common name is valid for the website that it is connecting to. If the browser
trusts the certificate, it creates, encrypts, and sends back a symmetric session key using the server’s
public key.
4. Server decrypts the symmetric session key using its private key and sends back an acknowledgement
encrypted with the session key to start the encrypted session.
5. Server and Browser now encrypt all transmitted data with the session key.
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
Firewalls
Meaning:
Firewall is a network security system that controls the incoming and outgoing network traffic based on an
applied rule set. A firewall establishes a barrier between a trusted, secure internal network and another
network (e.g., the Internet) that is assumed not to be secure and trusted.[1] Firewalls exist both as software Page | 30
to run on general purpose hardware and as a hardware appliance.
Types of Firewall
1. Network layer or packet filters
Network layer firewalls, also called packet filters, operate at a relatively low level of the TCP/IP
protocol stack, not allowing packets to pass through the firewall unless they match the established
rule set. The firewall administrator may define the rules; or default rules may apply.
2. Application layer firewall

Application-layer firewalls work on the application level of the TCP/IP stack (i.e., all browser traffic, or
all telnet or ftp traffic), and may intercept all packets traveling to or from an application. They block
other packets (usually dropping them without acknowledgment to the sender).Application firewalls
function by determining whether a process should accept any given connection.
3. Proxy server
A proxy server (running either on dedicated hardware or as software on a general-purpose machine)
may act as a firewall by responding to input packets (connection requests, for example) in the manner
of an application, while blocking other packets.
4. Network address translation

Firewalls often have such functionality to hide the true address of protected hosts.
Virtual Private Networks (VPNs)

Meaning: Virtual private network (VPN) extends a private network across a public network, such as the
Internet. It enables a computer or network-enabled device to send and receive data across shared or public
networks as if it were directly connected to the private network, while benefiting from the functionality,
security and management policies of the public network.[1] A VPN is created by establishing a virtual point-
to-point connection through the use of dedicated connections, virtual tunneling protocols, or traffic
encryption.
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
Network security policy

Meaning: A C, or NSP, is a generic document that outlines rules for computer network access, determines how
policies are enforced and lays out some of the basic architecture of the company security/ network security
environment.
A security policy goes far beyond the simple idea of "keep the bad guys out". It's a very complex document, Page | 31
meant to govern data access, web-browsing habits, use of passwords and encryption, email attachments and
more. It specifies these rules for individuals or groups of individuals throughout the company.
Security policy should keep the malicious users out and also exert control over potential risky users within
your organization.
Steps in creating a network security policy

First step: To understand what information and services are available (and to which users), what the potential
is for damage and whether any protection is already in place to prevent misuse.
Second step: The security policy should dictate a hierarchy of access permissions; that is, grant users access
only to what is necessary for the completion of their work.
Third Step: The policies could be expressed as a set of instructions that could be understood by special
purpose network hardware dedicated for securing the network.
Complied by
Sri. Sri.Balaji.A.
E-Payment
VI semester BBM
E-Business
E-Payment
Generic E-Payment System
Page | 32
1. Entities
Electronic payments involve a payer and a payee.
a) Payer: payer (buyer or customer), is an entity who makes a payment.

b) Payee: payee (seller or merchant), is an entity who receives a payment. The main purpose of an electronic
payment protocols is to transfer monetary value from the payer to the payee.
c) Financial institution: The process also involves a financial institution (bank or mint).
Typically, financial institution participates in payment protocols in two roles: as an issuer (interacting with
the payer) and as an acquirer (interacting with the payee). The issuer is responsible for validating the
payer during account registrations and holds the payer’s account and assets. The acquirer holds the
payee’s account and assets. The payee deposits the payments received during a transaction with the
acquirer. The acquirer and the issuer then proceed to perform an inter-banking transaction for clearance
of funds. It is possible for the issuer and the acquirer to be from the same financial institution.
d) Trusstee: Other parties that may be present in a payment protocol include a Trustee (arbiter) who is an
entity that is independent from all parties. All entities in a protocol unconditionally trust the Trustee who
is called to adjudicate any disputes between the payer and the payee. Certain payment systems might
involve more players like Payment Gateways (PG) who are entities that act as a medium for transaction
processing between other entities (e.g. MasterCard, Visa) and Certification Authorities (CA) who are
necessary if the e-payment systems involve PKI’s. They issue public key certificates to entities involved in
a payment protocol so that their authenticity can be publicly verified. Figure 1 illustrates the participating
entities in an e-payment system.
2. Phases in E-Payment
An electronic payment typically involves the following phases:
1. Registration: This phase involves the registration of the payer and the payee with the issuer and acquirer
respectively. Most electronic payments designed require registration of payers and payees with their
corresponding banks so there is a link between their identities and their accounts held at the bank.
Complied by
Sri. Sri.Balaji.A.
E-Payment
VI semester BBM
E-Business
2. Invoicing: In this phase, the payee obtains an invoice for payment from the payee. This is accomplished
by either browsing and selecting products for purchase from the merchant’s (payee’s) website in case of
purchases made through the internet or obtaining an electronic invoice using other electronic
communication medium like e-mail.
3. Payment selection and processing: In this phase the payer selects type of payment, (card based, e-
cash, e-cheque, etc.,) based on the type of payment the payee accepts. Based on the selection, the payer Page | 33
then sends the relevant payment details like account number, unique identifiers of the payer to the payee
along with accepted amount based on the invoice.
4. Payment authorisation and confirmation: In this phase, the acquirer on receiving payment details
from the payee authorises the payment and issues a receipt containing the success or failure of the
payment to the payee. The payee based on the message may also issue a receipt of payment to the payer.
Classification of Payment Systems

As previously mentioned, electronic commerce can be broadly categorised into two groups, business-to-
business (B2B) and business to consumer (B2C). B2B normally involve higher value transactions and
predominant payment methods are electronic cheques and bank transfers, whereas, B2C payments are lower
value transactions and payment methods used are cash and card based payment systems. This section
presents an overview of e-payment classifications.
1) On the basis of Payment instruments: There are three common electronic payment
instruments, namely cash, cheque and card.
a) Cash payment systems consist of self-authenticating divisible tokens that can be processed offline.
b) Cheque payment system is typically linked to a payer’s account and payment is indivisible.
c) Card payment schemes provide a payment mechanism through the existing credit card payment
infrastructure.
2) On the basis of payment time, i.e.,Pre-paid, Pay-now and Post-pay:

a) Pre-paid system: In pre-paid system the payment is debited from the payer’s account before a
payment is processed and hence the term “pre-paid”. Most cash-like systems such as an electronic-
cash system fall in this category.
Prepaid - Cash like system
Complied by
Sri. Sri.Balaji.A.
E-Payment
VI semester BBM
E-Business
Basic model of e-cash system: An anonymous off-line e-cash consists of the following:
i. probabilistic, polynomially-bounded parties:
 bank  payee
 payer Page | 34
ii. main sub protocols:
 withdrawal  deposit
 payment
Payer and payee maintain their accounts with the bank. The payer withdraws electronic coins
from their account with the bank, by performing a withdrawal protocol over an authenticated
channel. The payer spends coins by participating in a payment protocol with the payee over
an anonymous channel. In effect, the payee performs a deposit protocol, to deposit the coins
into their account. The e-cash system also includes setup protocols: system setup, payer
setup and payee setup which performs system initialisation functions, namely creating and
publishing public keys and opening payer and payee bank accounts.
b) Pay-now system: In pay-now system, when an electronic transaction is processed, the payer’s
account is debited and the payee’s account is credited with the payment amount. Even though
availability of funds depends on the time when inter-bank settlements are carried out, the payer’s
and payee’s account are updated to show the debited and credited balances immediately after an
transaction is carried out. Credit card based system, like Secure Electronic Transaction (SET) [11],
Verified by Visa (VBV), MasterCard secure-code fall into this category.
Pay now or Card based system

The most common method for “on-line” payment is card-based systems. Most payment systems in
this category are specifically designed for transaction conducted through the Internet. Because of
their convenience and omnipresent nature, credit cards in particular have become a popular method
for conducting online payments over the Internet.
Secure electronic payment over the Internet

Card-based systems are insecure, offer no anonymity or protection of payer’s payment information
like card details and account information. To overcome these drawbacks and make card payment
more secure, the two leading credit card companies VISAand MasterCardhave developed various
protocols. This section presents an overview of various card-based systems that have been proposed.
i. Secure Transaction Technology (STT): In 1995, Visa and Microsoft developed a card
based system called as Secure Transaction Technology (STT). It featured strong, export-
approved DES encryption of financial information, RSA encryption of bank account numbers,
RC4 encryption of the purchasing order contents and receipts, and mandatory authentication
of all participants.
ii. Secure Electronic Payment Protocol (SEPP): During the same time the IBM Research
group proposed the Internet Keyed Payment Protocol (iKP) , which later became a part of
MasterCard’s Secure Electronic Payment Protocol (SEPP) proposal.
Complied by
Sri. Sri.Balaji.A.
E-Payment
VI semester BBM
E-Business
iii. Secure Electronic Transaction (SET): Due to the limited popularity of both STT and SEPP
proposals, MasterCard and Visa in a joint effort proposed Secure Electronic Transaction (SET)
system that would take advantage of the combined customer and merchant base. SET was
published as an open specification for the industry and the development of the payment
system included major companies like GTE, IBM, Microsoft, Netscape, RSA, SAIC, Terisa and
VeriSign. It incorporates digital signatures for not only authenticating customer but also Page | 35
merchants and banks.
Dual Signatures:SET also included a unique concept known as dual signatures. The main goal
of dual signatures is to protect the customer’s account information from the merchant and
purchase information from the banks. Dual signatures link purchase information (like order
message) sent to the merchant with the payment information (like account information) sent
to the acquirer. When the merchant sends an authorisation request to the acquirer, it
includes the payment information sent to it by the cardholder (customer) and the message
digest of the purchase information. The acquirer uses the message digest from the merchant
and computes the message digest of the payment information to check the dual signature.
Today there are two major proposals for secure electronic payment over the Internet. They
are Visa 3-D Secure (Verified by Visa - VBV) and MasterCard SecureCode. Both protocols rely
on SSL /TLS to encrypt communication over the Internet. SSL is a client-server protocol that
uses public key cryptography and has become the de facto standard for encrypted
communication over the Internet. In SSL, only servers (merchants) have public key certificates
and clients (buyers) remain anonymous to the servers. Because of the lightweight nature and
an existing wider deployment base of SSL protocol, MasterCard and Visa have implemented a
standard that would allow merchant to incorporate the proposed security features into their
payment acceptance structure.
c) Post-pay systems: In post-pay systems the payer’s account is debited only when the payee’s makes
a request for payment settlement with the acquirer. Most cheque based systems fall into this
category.
Complied by
Sri. Sri.Balaji.A.
E-Payment
VI semester BBM
E-Business
Pay later or Cheque based system
Customers generally tend to use credit card payment methods for low and middle value payments,
whereas, cheque is the preferred method for large value payments. Various electronic cheque (e-
cheque) protocols have been proposed over the years. Systems like FSTC’s eCheck, NetCheque and
MANDATE II are based on methods used in traditional paper based checking protocols. Systems like
NetBill, ECheque and PayNow by CyberCash use a central server. Other e-checking systems are based Page | 36
on modified versions of e-cash protocols [21]. But most promising of all e-cheque system that has the
support of major financial institutions and government agencies has been the FSTC’s eCheck system.
3) On the basis communicational characteristics, i.e.,Offline and Online:

a) Offline system: In an offline system, the communication does not involve any third party, i.e., an
electronic transaction takes place only between the payer and the payee.
Advantages of offline payments

 Lower communication cost
 Less time-critical transaction handling at the banks.
Disadvantages of offline payments
 The problem of double spending: Double spending occurs when the payer spends the same
electronic money multiple times. In a digital system the payer could make a backup of
electronic money before each payment and reset his system to this backup after the payment.
In this way, an arbitrary number of payments to different recipients are possible with the
“same” money.Typically, double spending is prevented with the use of tamper-resistant
hardware e.g. a smart card.
b) On-line system:In an on-line system, the payee typically connects to the bank to obtain a payment
authorisation, thus increasing the communication requirements for the payment system. The
advantage is, the payee obtains a guarantee on the payment, as the bank is able to authorise and
check for availability of funds in the payer’s account.
4) Other Classifications:
a) Micropayments:
Micro payments can be seen as a solution to allow low-value payments for purchasing news articles,
stock quotes, index queries, per-click purchase and other services over the Internet. Various micro
payment protocols (micromint and payword, netbill, cybercoin by cybercash, millicent by compaq,
NetPay , and miKP) have been proposed over the years.
b) Mobile Payments
Due to the phenomenal success of mobile communicational devices, there has been increasing effort
to used mobile devices as “electronic wallets” to store payment and account information. Currently
two main wireless protocols are used for mobile commerce.
i. WAP (Wireless Application Protocol): WAP developed by WAP forum (consolidated into
the Open Mobile Alliance) WAP is an open and global specification that helps mobile devices
with WAP enabled browsers to access information and services. WAP specifications include
Complied by
Sri. Sri.Balaji.A.
E-Payment
VI semester BBM
E-Business
an XML-type markup language known as Wireless Markup Language (WML) for displaying
information on to a mobile device browser.
ii. iMode: Developed by NTT DoCoMo, Japan. I-mode is a proprietary protocol developed by
NTT DoCoMo and uses Personal Digital Cellular-Packet (PDC-P) to provide network services.
Imode allows efficient network usage by using packet switching technology for wireless
communication and TCP/IP for wired communications. I-mode uses c-HTML (compact-HTML) Page | 37
to display content on mobile devices. I-mode enabled devices are also view HTML web pages
as the structure of c-HTML is similar to HTML as compared to WAP where HTML needs to be
converted to WML for display.
c) Polling Schemes:
Schemes where users register by giving a first payment, which is a signed note including a bank
certificate and subsequent payments sent by users are received by the vendor and probabilistically
sent to the bank for deposit at the time of the transaction.
d) Phone bases System:

BPay and PostBillPayenables users to pay most of your regular monthly bills using either your
telephone or your computer 24/7. Bills that can be paid include utilities, telephone bills, cable TV,
credit cards, charge cards and many other accounts. To use the system a payee requires to obtain
biller specific information (like biller account) and payment details (like credit card information). They
also have the option to receive electronic bills for registered users and to send additional details
regarding bills registered or add more bills after the initial registration phase.
Differences between B2B and B2C Payments

Basis B2B Payments B2C Payments
B2C company, invoices for their customers
B2B model, most larger companies
Invoicing can be optional but typically not required by
expect to be invoiced.
the average consumer
Credit card payment methods, Debit card
payment methods, Digital cash, Digital
Payment Electronic cheques, Corporate credit
wallet, Smartcard stored value systems,
Methods cards
Online stored value systems, Digital
accumalating balance systems.
Corporate clients payment methods Consumet clients payment methods
Interchange impose higher interchange rates if you imposes a nominal interchange rates if you
and Enhanced do not send enhanced data fields (like do not send enhanced data fields (like sales
Data sales tax, PO numbers, product details, tax, PO numbers, product details, etc.). A
Requirements etc.) billing system should handle Level billing system which can handle Level 1data
2 and Level 3 data. is more than enough.
B2B companies will usually have more
sophisticated pricing models - metered
billing, tiered pricing, early payment
Contracted discounts, bundling discounts, bills with B2C companies have simple non
Pricing multiple line items, etc.These models differenciated pricing models
have have come about as companies
look for added revenue potential, and
can be critical for the B2B segment.
Complied by
Sri. Sri.Balaji.A.
E-Payment
VI semester BBM
E-Business
Corporate customer to have multiple
subscriptions (e.g., a data center may
bill the same customer in arrears
monthly for data storage, and quarterly
Multiple
for pre-paid colocation space.) The Consumer based subscriptions usually
Concurrent
billing engine needs to handle the added involve a single monthly bill
Subscriptions Page | 38
complexity around processing payments
on invoice due dates, sending overdue
notices, reporting, ageing, combined
payments, etc.
Negotiated pricing: Corporate Fixed pricing: Consumers usually cannot
Bargain customers negotiate price as they buy in negotiate price and pay the fixed price
bulk because the buy less quantities.
Higher order values: B2B AOV (average
Higher traffic volumes: B2C, high levels of
Volumes and order value) is much larger and products
traffic may not result in equally high profits.
values are often brought collectively. This
results in lower traffic, but a bigger sale,
Pay later: In B2B, the person browsing
may not be the person actually buying –
the actual purchasing may be done by Pay now: In B2c, the person browsing is
the procurement department, or head usually the person actually buying. And
buyer. Once the B2B order has been more often, products are paid for at the
placed, shipping and delivery is point of sale via credit card or PayPal, like a
Payment time arranged, and the buyers receive an B2C site.
invoice which they will clear based on
the agreed payment terms. The logistics
channels too differ: it’s not always
FedEx and UPS! A shipment of boilers,
for example, would need a large freight
carrier.
Marketing
and social
B2B experts are more into LinkedIn B2C marketers focus more on Facebook
networking
site
Types of E-Payment system
1) Credit Card payment System

Credit card is small plastic card with a unique number attached with an account. It has also a magnetic strip
embedded in it which is used to read credit card via card readers. When a customer purchases a product via
credit card, credit card issuer bank pays on behalf of the customer and customer has a certain time period
afterwhich he/she can pay the credit card bill.Commercial business credit cards are used for one-off and
recurring transactions in the B2B world everyday.
Following are the participants in the credit card system .

 The card holder - Customer
 The merchant - seller of product who can accept credit card payments.
Complied by
Sri. Sri.Balaji.A.
E-Payment
VI semester BBM
E-Business
 The card issuer bank - card holder's bank
 The acquirer bank - the merchant's bank
 The card brand - for example, Visa or Master Card.
Credit card Payment Process

Page | 39
Step Description
Step 1 Bank issues and activates a credit card to.customer on hislher request.
Customer presents credit card information to merchant site or to
Step 2
merchant from whom he/she want to purchase a product/service.
Merchant validates customer's identity by asking for approval from card
Step 3
brand company.
Card brand company authenticates the credit card and paid the
Step 4
transaction by credit. Merchant keeps the sales slip.
Merchant submits the sales slip to acquirer banks and gets the service
Step 5
chargers paid to himlher.
Acquirer bank requests the card brand company to clear the credit
Step 6
amount and gets the payment.
Now card brand company asks to clear amount from the issuer bank and
Step 7
amount gets transferred to card brand company.
There are three primary categories of commercial cards:

a) Procurement or Purchasing Cards(P-cards) are commercial cards used for procurement purposes.
These cards provide point of sale controls as well as back-endreporting data based on information
collected at the point of sale.
Merchant benefits for accepting P-cards include:

 Increased sales as some buyers prefer buying from organizations that accept P-cards.
 Decreased expenses through the elimination of invoicing, handling, mailing, collecting and
depositing activities.
 Quicker receipt of payment via electronically deposited funds.
 Improved cash flow.
 Increased customer satisfaction.
b) Travel and Entertainment Cards (T&E Cards) are commercial cards commonly used by Employees
to pay expenses jelated to travel, including hotel, restaurant, airfare and other business related
entertainment expenses such as business lunches ordinners. T &E Cards are sometimes referred to as
Corporate Cards.
c) Business Cards are multi-function cards that are commonly used by smaller companies for both
procurement and travel and entertainment expenses .
Advantages of Credit Cards

a) Purchase protection:Under Section 75 of the Consumer Credit Act, credit card issuers and retailers
take joint responsibility for faulty purchases.
Complied by
Sri. Sri.Balaji.A.
E-Payment
VI semester BBM
E-Business
b) Incentives: Some providers will offer incentives for using your plastic, such as loyalty points, cashback
or donations to charity.
c) Flexible credit: Most cards offer an interest-free period. They offer flexibility and convenience,
allowing the customer to make emergency purchases or pay for more expensive items by instalments.
Limitations of Credit Card Payment Systems Page | 40

a) Security: Neither the merchant nor the consumer can be fully authenticated.
b) Merchant Risk: Consumers can repudiate charges.
c) Cost: Roughly 3.5% of purchase plus transaction fee is charged.
d) Social Equity: Young adults do not have credit cards. Still many Indian adults cannot afford credit
cards.
2) Debit Card Payment System

Debit card like credit card is a small plastic card with a unique number mapped with the bank account number.
It is required to nave a bank account before getting a debit card from the bank. The major difference between
debit card and credit card is that in case of payment through debit card amount gets deducted from card's
bank account immediately and there should be sufficient balance in bank account for the transaction to get
completed. Whereas in case of credit card there is no such compulsion.
Debit cards free customer to carry cash, cheques and even merchants accepts debit card more readily. Having
restriction on amount being in bank account also helps customer to keep a cheque on his/her spending's.
Advantages of Debit card

a) Most of these debit cards have the MasterCard or Visa logos hence are accepted everywhere these
logos.
b) Very convenient substitute to checks when shopping online.
c) Allows us stay within our budget since we can only spend what is on the account. Be advised though
that most lending institutions have an overdraft protection offer that allows consumers exceed the
balance.
d) It takes a shorter time to complete a purchase since one doesn't have to wait for a check to get
approved. Further, we wouldn't have to carry a checkbook, traveler's check or worse still cash.
Disadvantages of Debit card

a) We may incur bank fees like annual or sometimes even monthly service Charges
b) User rewards aren't applicable with debit cards.
c) Note that the debit card doesn't improve our credits core because it isn't a credit card and is never
reported to credit reporting bureaus.
d) It is very hard to resolve disputed charges because unless we own a PIN-based direct debit card,
whoever knows 'our PIN can use the card.
3) Digital Accumulating Balance Payment Systems

Digital accumulating balance payment systems are more like utility bills. Examples: phone. This system allows
users to make multiple purchases, which will be totaled up and billed for at the end of a time period.This is
ideal for micro-transactions heavy' websites, where numerous cheap items are purchased frequently. The
micro-payment system uses a technology similar to the digital wallet, where the customer transfers some
money into the online stored value system and uses it to pay for digital products.
Complied by
Sri. Sri.Balaji.A.
E-Payment
VI semester BBM
E-Business
Many vendors are involved in micro-payment systems, as it can be used for transactions by
 Banks  Content providers

 Internet Service Providers (ISPs)  Premium search engines
 Telecommunications
4) Online Stored Value Systems Page | 41
Stored value systems are a form of electronic payment technology. They coexist with credit and debit
technology and principally target the low vaiue transactions. Stored value systems are based on creating a
form of electronic value, for example on smart cards or as computer files. The value can be bought (withdrawn)
any time and spent in optional parts at a later date.
A stored-value card is a payment card with a monetary value stored on the card itself, not in an external
account maintained by a financial institution and differs from debit cards where money is on deposit with the
issuer. Another difference between stored-value cards and debit cards is that debit cards are usually issued in
the name of individual account holders, while stored-value cards are usually anonymous.
The term stored-value card means the funds and or data are metaphorically 'physically' stored on the card, in
the form of binary-coded data. With prepaid cards the data is maintained on the card issuer's computers. The
value associated with the card can be accessed using a magnetic stripe embedded on the card, on which the
card number is encoded; using radio-frequency identification (RFID); or by entering a code number, printed
on the 'card, into a telephone or other numeric keypad.
Uses
a) Stored-value cards are most commonly used for low-value transactions, such as telephone prepaid
calling cards, cafeterias, or for micropayments in shops or vending machines.
b) They are used as payroll cards, rebate cards, gift cards, cafeteria cards and travel cards
Benefits
a) SVC are easy to use, low-cost and easy to issue.
b) They are easy to convert cash and paper transactions to electronic.
c) They reduce the cost of securing, transporting and accounting for cash,
d) They are used to accelerate transactions at the point-of-sale (PaS).
e) They are used to get rid of intensive back-end processes like vouchers, meal tickets, money orders,
traveller's cheques or other payment methods.
f) They decrease the extent of theft or loss.
g) They are easy to procure as no personal information is needed.
Disadvantages
a) Stored-value cards can be used for money laundering, that is, moving offshore funds derived from
criminal activities such as drug trafficking,
b) There is lack of relevant information about the card holder.
c) They can often have various restrictions on the maximum or minimum value that may be loaded on
to a card.
d) There is no fraud protection from the card issuer.
e) The user will not earn interest on the pre-loaded money.
f) There is restricted usage, i.e., the card cannot be used in planes or trains.
Complied by
Sri. Sri.Balaji.A.
E-Payment
VI semester BBM
E-Business
5) Digital Cash
Digital cash is a form of electronic currency. It functions similarly to a debit card. Customers can transfer money
from sa vings and checking accounts into an online cash account, from which they withdraw to make purchases
over the Internet. This form of payment is particularly well suited to purchases of small, low-cost items, In
addition, it offers consumers the benefit of anonymity in their purchases, similar to using real cash. The basic
technology involved in digital cash transactions is public-key encryption. Digital signatures are used to Page | 42
authenticate the bank issuing the note and the individual computer user who is spending the money.
The digital cash numbers are unique. Each one is issued by a bank and represents a specified sum of real
money. One of the key features of digital cash is that like real cash, it is anonymous and reusable. That is, when
a digital cash amount is sent from a buyer to a vendor, (here is no way to obtain information about the buyer.
This is one of the key differences between digital cash and credit card systems. Another key difference is that
a digital cash certificate can be reused Digital cash is not constrained by national borders. Those using digital
cash can purchase services and goods from any site anywhere on the Internet. Banks issuing digital cash can
do so relative to any stable, real currency.
Benefits of Digital Cash

a) Digital cash is green i.e., paperless.
b) It is cost effective i.e., no wear and tear replacement.
c) It is convenient.
d) For banks, it could mean the elimination of thousands of paper transactions.
e) Its existence opens up new business opportunities, especially for small businesses in e-commerce
space.
Disadvantages of Digital Cash

a) Digital cash is anonymous and can flow freely across national borders.
b) Criminals could use untraceable digital cash to evade taxes or launder money.
c) It can lead to online fraud and virus attack.
d) Digital cash will increase the instability of exchange rates.
6) Digital Wallet
A digital wallet refers to an electronic device that allows an individual to make electronic commerce
transactions. This can include purchasing items on-line with a computer or using a smartphone to purchase
something at a store. Increasingly, digital wallets are being made not just for basic financial transactions but
to also authenticate the holder's credentials. For example, a digital-wallet could potentially verify the age of
the buyer to the store while purchasing alcohol.
It is useful to approach the term "digital wallet" not as a singular technology but as three major parts:
 the system (the electronic infrastructure)

 the application (the software that operates on top)
 the device (the individual portion).
An individual's bank account can also be linked to the digital wallet. They might also have their driver's license,
health card, loyalty card(s) and other ID documents stored on the phone. The credentials can be passed to a
merchant's terminal wirelessly via near field communication (NFC).
Complied by
Sri. Sri.Balaji.A.
E-Payment
VI semester BBM
E-Business
Certain sources are speculating that these srnartphone "digital wallets" will eventually replace physical
wallets.
Advantages
a) The e-wallet makes online shopping easier as it fills an online order form automatically.
b) E-wallets allow users to keep track of their payments as they save digital receipts which can later be Page | 43
printed off for the user's records.
c) As e-wallet is an online pre-paid account, consumers can buy a range of products without swiping
debit/credit cards.
Disadvantages
a) There is no facility of refund; the amount is only redeemable against a purchase.
b) If password is revealed, it can lead to theft.
7) Agile Wallet
Agile is relating to or denoting method of project management, used especially for software development
that is-characterized by the division of tasks into short phases of work and frequent reassessment and
adaptation of plans. Agile methods replace high-level design with frequent redesign.
Agile principles
The Agile Manifesto is based on 12 principles:
i. Customer satisfaction by rapid delivery of useful software.
ii. Welcome changing requirements, even late in development.
iii. Working software is delivered frequently.
iv. Close daily cooperation between business people and developers.
v. Projects are built around motivated individuals, who should be trusted.
vi. Face-to-face conversation is the best form of communication (eo-location),
vii. Working software is the principal measure of progress'.
viii. Sustainable development, able to maintain a constant pace.
ix. Continuous attention to technical excellence and good design.
x. Simplicity the art of maximizing the amount of work not done is essential.
xi. Self-organizing teams.
xii. Regular adaptation to changing circumstances.
Meaning of Wallet
A wallet is a small software program used for online purchase transactions. Many payment solution
companies, such as Cyber Case, offer free Wallet software that allows several methods of payment to be
defined within the wallet (for example, several different credit cards).
Working of Wallet
The working of wallet is as follows:
a) When you order something, the order is sent to the merchant. The merchant (actually, the merchant's
server) sends back an invoice and asks the consumer to launch the. Wallet in his computer (or to
download it 'quickly if the consumer doesn't have it yet).
Complied by
Sri. Sri.Balaji.A.
E-Payment
VI semester BBM
E-Business
b) When the consumer selects "Pay," the Cyber Cash software on the merchant server sends a message
back to the consumer's PC that activates the "Wallet" software. The consumer selects one of the
cards -. defined in the Wallet and clicks.
c) The transaction includes real-time credit card authorization.
d) Cyber Cash says" Soon we will incorporate an electronic "Cash" and "Coin" system to use for
transactions that are considered small for credit cards. Page | 44
8) Smart Card
A smart card, chip card or integrated circuit card (lCC) is any pocket-sized card with embedded integrated
circuits. Smart cards are made of plastic, generally polyvinyl chloride. Smart card is similar to credit card and
debit card in appearance but it has a small microprocessor chip embedded in it. It has the capacity to store
customer work related/personal information; -Smart card is also used to store money which is reduced as per
usage.
Smart card can be accessed only using a PIN of customer. Smart cards are secure as they stores information in
encrypted-format and are less expensive/provides faster processing. Mondex and Visa Cash cards are
examples of smart cards. Smart cards serve as credit or ATM cards fuel cards, mobile phone SIMs,
authorization cards for pay television, household utility pre-payment cards, high-security identification and
access-control cards, and public transport and public phone payment cards.
Uses of Smart Card

a) Smart cards can be used as a security token.
b) The Mozilla Firefox web browser can use smart cards to store certificates for use in secure web
browsing.
c) Some disk encryption systems, such as Free OTFE, True Crypt and Microsoft Windows 7 Bitlocker, can
use smart cards to securely hold encryption keys and also to add another layer of encryption to critical
parts of the secured disk.'
d) Smart cards are also used.for single sign-on to log on to computers.
e) Smart cards are being provided to students at schools and colleges for tracking attendance, to pay for
items at canteens, access to transportation services.
f) Smart health cards can improve the security and privacy of patient information, provide a secure
carrier for portable medical records and reduce health care 'fraud.
g) Smart health cards provide secure access to emergency medical information.
h) Smart cards are widely used to protect digital television streams.
Advantages of Smart Cards

a) Flexibility: There is no need, for example, to carry several cards. one card can simultaneously be an
ID, a credit card, a stored-value cash card, and a repository of personal information such as telephone
numbers or medical history.
b) Security: Smart cards can be electronic key rings, giving the bearer ability to access information and
physical places without need for online connections. They are encryption devices, so that the user can
encrypt and decrypt information without relying on unknown, and therefore potentially
untrustworthy, appliances such as ATMs.
c) Double as an 1D card: A third advantage of using a smart card is that they can provide complete
identification in certain industries. There are numerous benefits of using smart cards for identification.
A driver's license that has been created using 'smart card technology can give .
Complied by
Sri. Sri.Balaji.A.
E-Payment
VI semester BBM
E-Business
d) Prevents Fraud: Other benefits of using smart cards for identification can be used by governments
to prevent benefits and social welfare fraud to' ensure the right person is receiving the welfare benefit.
Some countries are using the smart cards to identify temporary workers who have been given work
permits. This has the potential to reduce immigration fraud.
e) Safe to Transport: Another advantage to having a smart card is their use in the banking industry.
These cards give the holder freedom to carry large sums of money around without feeling anxious Page | 45
about having the money stolen. In this regard, they are also safe because the cards can be easily
replaced, and the person would have to know the pin number to access its stored value. This takes
care of the problem with cash; once it is stolen it is nearly impossible to trace and recover it.
Other general benefits of smart cards are:

 Portability
 Increasing data storage capacity
 Reliability that is virtually unaffected by electrical and magnetic fields.
Disadvantages of Smart Cards

a) Easily Lost: Like a credit card, smart cards are small, lightweight and can be easily lost if the person
is irresponsible. Unlike credit cards, smart cards can have multiple uses and so the loss may be much
more inconvenient.
b) Security: A second disadvantage of the using smart cards is their level of security.
c) Slow Adoption: If used as a payment card, not every store or restaurant will have the hardware
necessary to use these cards.
d) Possible Risk of Identify Theft: When used correctly for identification purposes, they make the
jobs of law enforcement and healthcare professionals easier. However, for criminals seeking a new
identity, they are like gold, based on the amount of information it can contain on an individual.
9) Digital Cheque or electronic cheque.

Definitions of Digital Cheque
It is a system that transfers money electronically from the buyer's current account to the seller's bank account.
An electronic cheque, also known as an e-cheque, works in much the same way as a regular cheque in that it's
drafted against your bank account. Electronic cheques are a more convenient, safer alternative to paper
cheques when paying for goods and services and paying bills. It is a form of payment made via the internet
that is designed to perform the same function as a conventional paper cheque. Because the cheques in an
electronic format, it can be processed in fewer steps and has more security features than a standard paper
cheque
Security
An electronic cheque has more security features than traditional paper cheques. The encryption feature of an
electronic cheque verifies your account number and the dollar amount, and your digital signature is checked
against the name on the bank account. These measures help prevent fraud and identity theft. Other security
features provided by electronic cheques include authentication public key cryptography and digital signatures.
Advantages
a) The biggest benefits of using an electronic cheque are speed and convenience as the payment is
immediately processed.
Complied by
Sri. Sri.Balaji.A.
E-Payment
VI semester BBM
E-Business
b) It is well suited for clearing micro payments. Ccnventional cryptography of e-cheques makes them
easier to process than systems based on public key cryptography (like digital cash).
c) They can serve corporate markets. Firms can use them in more cost-effective manner.
d) They create float and the availability of float is an important requirement of Commerce.
e) They are similar to traditional cheques. This eliminates the need for customer education.
f) Since Electronic cheques use conventionalencryption than Public and private keys as in e-Cash, Page | 46
Electronic cheques are much faster.
g) The risk is taken care of by the accounting server, which will guarantee that the cheque would be
honored.
h) The time frame in which an electronic cheque clears varies. Depending on the financial institutions
involved and the timing of the transaction, it can clear immediately or take up to three days to post to
your account. Electronic cheques presented over the weekend take longer to process, because most
financial institutions are closed.
10) E-Money
E-Money transactions refers to situation where payment is done over the network and amount gets
transferred from one financial body to another financial body without any involvement of a middleman.
Esmoney transactions are faster, convenient and saves a lot of time. Online payments done via credit card,
debit card or smart card are examples of e-rnoney transactions. In case of e-rnoney, both customer and
merchant both have to sign up with the bank or company issuing e-rnoney.
Advantages of e-money
a) It is safe and convenient.
b) For the e-rnoney providers, it enhances the ability to reach new clients.
c) Lower operating costs for e-money providers.
Disadvantages and Legal Issues of E-Money

a) E-Money cannot be broken into smaller denominations.
b) The concept of maintaining a database of spent notes is very expensive.
c) Accessing Database of spent notes is also very time consuming.
d) Currency fluctuation is another issue related to e-rnoney,
11) Electronic Fund Transfer

It is a very popular electronic payment method to transfer money from one bank account to another bank
account. Accounts can be in same bank or different bank. Fund transfer can be done using ATM (Automated
Teller Machine) or using computer.
Now a day, internet based EFT is getting popularity. In this case, customer uses website provided by the bank.
Customer logins to the bank's website and registers another bank account. He/she then places a request to
transfer certain amount to that account. Customer's bank transfers amount to other account if it is in same
bank otherwise transfer request is forwarded to ACH (Automated Clearing House) to transfer amount to other
account and amount is deducted from customer's account. Once amount is transferred to other account,
customer is notified of the fund transfer by the bank.
12) PAYPAL
PayPal is a global e-cornrnerce business allowing payments and money transfers to be made through the
Internet. Online money transfers serve as electronic alternatives to paying with traditional paper methods,
Complied by
Sri. Sri.Balaji.A.
E-Payment
VI semester BBM
E-Business
such as cheques and money orders. Pay Pal is an acquirer, a performing payment processing for online
vendors. auction sites, and other commercial users, for which it charges a fee. It may also charge a fee for
receiving money. proportional to the amount received. The fees depend on the currency used, the payment
option used, the country of the sender. the country of the recipient, the amount sent and the recipient's
account type. In addition, eBay purchases made by credit card through Pay Pal may incur extra fees if the
buyer and seller use different currencies. Page | 47
Secure Electronic Transaction protocol (SET Protocol)

It is a form of protocol for electronic credit card payments. As the name implies, the secure electronic
transaction (SET) protocol is used to facilitate the secure transmission of consumer credit card information via
electronic avenues, such as the Internet. SET blocks out the details of credit card infonnation, thus preventing
merchants, hackers and electronic thieves from accessing this information.
Key Features
To meet the business requirements. SET incorporates the following features:
 Confidentiality of information  Merchant authentication

 Integrity of data  Participants
 Cardholder account authentication
Participants of SET system:
 Card holder  Acquirer
 Merchant  Payment gateway
 Issuer  Certification authority
SET Transaction
The sequence of events required for a transaction is as follows:
a) The customer obtains a credit card account with a bank that supports electronic payment and SET.
b) The customer receives a X.509v3 digital certificate signed by the bank.
c) Merchants have their own certificates The customer places an order with the merchant.
d) The merchant sends the customer his public key and a copy of his certificate so that the customer
can verify that it's a valid store.
e) The customer sends the merchant:
 His certificate.
 His order details .. uncncrypted.
 His bank account details encrypted with the bank's public key.
f) The merchant requests payment authorization by sending the bank:

 The payment details encrypted with the bank's public key.
 The customer's bank account details encryptcd with the bank's public key.
Note that the merchant doesn't know the client's payment and bank account details.
a) The bank sends the merchant a confirmation encrypted with the merchant's public key.
b) The merchant sends the client the bank's response encryptcd with the client's public key.
Complied by
Sri. Sri.Balaji.A.
E-Payment
VI semester BBM
E-Business
c) The merchant ships the goods or provides the service to the customer.
d) The merchant sends the bank a transaction request cncryptcd with thc bank's public key.
e) The bank transfers the payment to the merchant.
Advantages of SET
a) It is secure enough to protect user's credit-card numbers and personal information from attacks. Page | 48
b) The hardware independent.
c) It is used world-wide.
d) It provides confidentiality of information.
e) It provides integrity of data.
f) It provides for cardholder account authentication.
g) It also provides for merchant authentication.
Disadvantages of SET
a) User must have credit card
b) It is not cost-effective when the payment is small.
c) None of anonymity and it is traceable.
d) Network effect - need to install client.software (an e-wallet).
e) Cost and complexity for merchants to offer support, contrasted with the comparatively low cost and
simplicity of the existing SSL based alternative.
Complied by
Sri. Sri.Balaji.A.
E- Business Marketing Technologies
VI semester BBM
E-Business
E-Business Marketing Technologies

Definition:
According to Boone and Kurtz (2005) “E-marketing is one component in e-comrnerce with the special interests
Page | 49
by marketers, i.e. manufacturing process, distribution strategy, promotion, and pricing of goods and services
to the market share of the internet or through other digital equipment.”
E-Business marketing environment

Characteristics Of Marketing In A B To B Environment
1. Committees of people in an organization responsible for purchases: In B2B there are usually
committees of people in an organization responsible for purchases and each of the members may have
different attitudes towards any brand.
2. Technical details: Since there are more people involved in the decision making process and technical
details may have to be discussed in length, the decision-making process for B2B products is usually much
longer.
3. Knowledge of the products: Buyers are usually well-versed with costing and specifications. Also, due
to constant monitoring of the market, these buyers would have excellent knowledge of the products
too. In many cases the purchases are specification driven. As a result of this, it is vital that brands are
clearly defined and target the appropriate segment.
4. Long-term relationships: Companies seek long-term relationships as any experiment with a li'ifferent
brand will have impact on the entire business. Brand loyalty is therefore much higher than in consumer
goods markets.
5. High costs: In B2B goods, the selling process involves high costs, The seller is required to meet the
buyer numerous times, but the buyer may ask for prototypes, samples and mock ups etc. Such detailed
assessment helps in eliminating the risk of buying the wrong product or service.
B To C Marketing Characteristics
1. Decision making: Consumers make buying decisions based on status, security, comfort and quality.
2. Short sales cycles-days or even minutes for impulse buys: In B to C marketing the consumers
make emotional purchase decisions and buy many a times things they need and don't need at the spur
of the movement. Therefore sellers have to understand the customer and their marketing pitch has to
appeal to the emotions of the customer.
3. Brand is built through advertising and referrals: Advertising plays a very important role in creating
awareness of a product, explaining the features of the product and attracting them to purchase the
product by giving those reasons as to how the product is going to be useful to him. Referrals from peer
groups also plays a major role in purchase decisions.
4. Customer service is core to sales: To have customer loyalty marketing doesn't end with sales. After
sales customer service becomes a very important part of B to C transactions.
5. Social media: Social media gives greater aceess to customers, opening up huge opportunities for
advertising, customer service, and building of customer loyalty .
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
Differences between B2B And B2C

B2B B2C
Relationship driven. Product driven.
Maximize the value of the relationship. Maximize the value of the transaction.
Small, focused target market. Large target market. Page | 50

Multi-step buying process, longer sales Single step buying process, shorter sales cycle.
cycle.
Brand identity created on personal Brand identity created through repetition and
relationship. imagery.
Educational and awareness building Merchandising and point of purchase activities.
activities.
Rational buying decision based on business Emotional buying decision based on status, desire
value or price.
Cookies
Meaning: Cookies are created when a user's browser loads a particular website that uses cookies to keep
track of your movements within the site, help you resume where you left off, remember your registered login,
theme selection, preferences, and other customization functions. Cookies are small, often encrypted text files,
located in browser directories.
The website sends information to the browser which then creates a text file. Every time the user goes back to
the same website, the browser retrieves and sends this file to the website's server. Computer Cookies are
created not just by the website the user is browsing but also by other websites that run ads, widgets, or other
elements on the page being loaded. These cookies regulate how the ads appear or how the widgets and other
elements function on the page
Cookies are often indispensable for websites that have huge databases, need logins, have customizable
themes, other advanced features.
Uses of Cookies
a) Session Management
Cookies may be used to maintain data related to the user during navigation, possibly across multiple visits.
Allowing users to log into a website is a frequent use of cookies. Typically the web server will first send a
cookie containing a unique session identifier. Users then submit their credentials and the web application
authenticates the session and allows the user access to services. Cookies provide a quick and convenient
means of client/server interaction.
b) Personalisation
Cookies may be used to remember the information about the user who has visited a website in order to
show relevant content in the future.
c) Tracking
Tracking cookies may be used to track internet users' web browsing. This can also be done in part by using
the IP address of the computer requesting the page or the referrer field of the IITTP request header.
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
Types of Cookies
a) Session cookie: A session cookie, also known as an in-memory cookie or transient cookie, exists
only in temporary memory while the user navigates the website. Web browsers normally delete
session cookies when the user closes the browser.
b) Persistent cookie: Instead of expiring when the web browser is closed as session cookies do,
persistent cookies expire at a specific date or after a specific length of time which can be as long or Page | 51
as short as its creators want
c) Secure cookie: A secure cookie can only be transmitted over an encrypted connection (i.e. HTTPS).
This makes the cookie less likely to be exposed to cookie theft via eavesdropping.
d) Http Only cookie: HttpOnly cookies can only be used when transmitted via HTTP (or HTTPS). They
are not accessible through non-HTTP APIs such as JavaScript.
e) Third-party cookie: Normally, a cookie's domain name will match the domain name that is shown
in the web browser's address bar. This is called a first-party cookie. Third-party cookies, however,
belong to domains different from the one shown in the address bar. These sorts of cookies typically
appear when web pages feature content, such as banner advertisements, from external websites.
f) Supercookie: Supercookies can be a potential security concern and are therefore often blocked by
web browsers. If unblocked by the client computer, an attacker in control of a malicious website
could set a supercookie and potentially disrupt or impersonate legitimate user requests to another
website.
g) Zombie cookie: Zombie cookies are cookies that are automatically recreated after being deleted.
Cookie threat
a) Cookie poisoning: Cookie poisoning is the modification of a cookie (personal information in a Web
user's computer) by an attacker to gain unauthorized information about the user for purposes such
as identity theft.
b) Cookie theft: Cookie theft occurs when a third party copies unencrypted session data and uses it to
impersonate the real user
c) Cookie hijacking(Session hijacking): Cookie hijacking is the exploitation of a valid computer
session sometimes also called a session key to gain unauthorized access to information or services in
a computer system.
Shopping Cart
Meaning: A shopping cart is a piece of e-commerce software on a web server that allows visitors to select
items in the website for online purchase. A shopping cart is used by E-commerce web sites to track the items
that are selected for purchase; the shopping cart allows customers to view all the items selected by them.
Shopping Cart Database

Almost all shopping carts use a shopping cart database to store their information in. This allows them to
easily manage and update all the aspects of shopping cart such as products, customer reviews, customer
information, sales history, stock levels etc. Without a database, managing all the pages in a typical shopping
cart would be difficult. Databases use a language called SQL which allows creation of programs like sort and
filter which allows customers to browse for products according to their requirement.
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
Popular data bases
a) MySQL: This is the most popular. It's a fast and powerful database with excellent integration with
PHP. It is a free source software.
b) Microsoft Access: This is also a very popular Microsoft database. The advantage of access is that it's
very easy to deploy and to use. The limitation of this is that if there are a lot of visitors to a shopping
cart (thousands a day) it might not handle it so well. Page | 52
c) SQL Server: This is Microsoft's high end database, used to power some of the busiest websites in
the world .. This can handle a lot of visitor's traffic. SQL is a good choice for heavy duty web sites.
The major issues and challenges of designing a database for e-commerce environments:
a) Handling of multimedia and semi-structured data

To create a database for E commerce is challenging, as various Medias have to be integrated into the
website. The data available for constructing a database provided by the company may also not be
clearly structured.
b) Translation of paper catalog into a standard unified format and cleansing the data
Companies generally will have a catalog printed in the physical form for different product ranges and
different customer categories. When creating a database for e commerce it has to be organized and
integrated into a standard unified format. Repetitions have to be avoided and at the same time all the
products should get covered in the website,
c) Supporting user interface at the database level/easy navigation

For a visitor to the website the navigation should be easy. 'The database should be interfaced with the
store layout should in a user friendly manner and designed in such a way that hyperlinks are easy to
understand and navigate
d) Schema evolution
An E commerce database has to be designed in such a manner that classification of products is user
friendly, exhaustive and easy to understand. It should display the various products available for sale
of the seller along with their quantities. It is important to highlight new products along with their
prices and discounts. It should also integrate browsing, order and stock position in such a manner'
that sold out products are clearly mentioned in order to ensure thiWsold' out products are not offered
for sale.
e) Data evolution (e.g., changes in specification and description, naming, prices)

A database should be so designed that when new produ,cts are launched replacing new ones, newer
versions are launched, products are renamed or when there is a change in prices it should be easy to
incorporate the same.
f) Handling meta data

Meta data is data about data. It is information about the title, subject, author, typeface,
enhancements, and size of the data file of a document. It may also describe the conditions under
which the data stored in a database was acquired, its accuracy, date, time, method of compilation and
processing, etc. It is important for a databases to effectively manage •this data for information
purposes,
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
g) Capturing data for customization and personalisation such as navigation data within the
context
A database should be so designed that when a user starts using 'and navigating a website it should be
capable of incorporating in its design the ability to capture dataduring navigation' for effective
personalisation to provide easier usage.
Page | 53
Database Management System

Database
a) Database may be defined in simple terms as a collection of data
b) A database is a collection of related data.
c) The database can be of any size and of varying complexity.
d) A database may be generated and maintained manually or it may be computerized.
Database Management System

a) A Database Management System (DBMS) is a collection of program that enables user to create and
maintain a database.
b) The DBMS is hence a general purpose software system that facilitates the process of defining constructing
and manipulating database for various applications.
Characteristics of DBMS
1. To incorporate the requirements of the organization, system should be designed for easy maintenance.
2. Information systems should allow interactive access to data to obtain new information without
writing fresh programs.
2. System should be designed to co-relate different data to meet new requirements.
3. An independent central repository, which gives information and meaning of available data is required.
4. Integrated database will help in understanding the inter-relationships between data stored in different
applications.
5. The stored data should be made available for access by different users simultaneously.
6. Automatic recovery feature has to be provided to overcome the problems with processing system failure.
Advantages of DBMS
Due to its centralized nature, the database system can overcome the disadvantages of the file system-based
system
a. Data independency: Application program should not be exposed to details of data representation
and storage. DBMS provides the abstract view that hides these details.
b. Efficient data access: DBMS utilizes a variety of sophisticated techniques to store and retrieve data
efficiently.
c. Data integrity and security: Data is accessed through DBMS, it can enforce integrity constraints. E.g.:
Inserting salary information for an employee.
d. Data Administration: When users share data, centralizing the data is an important task, Experience
professionals can minimize data redundancy and perform fine tuning which reduces retrieval time.
e. Concurrent access and Crash recovery: DBMS schedules concurrent access to the data. DBMS
protects user from the effects of system failure.
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
f. Reduced application development time: DBMS supports important functions that are common to
many applications.
Disadvantages of DBMS
a. Higher data processing cost
b. Increasing hardware and software costs Page | 54
c. Insufficient database expertise
Users of DBMS
Typically there are three types of users for a DBMS:
a. The END User who uses the application: Ultimately he is the one who actually puts the data into the
system into use in business.
b. The Application Programmer who develops the application programs: He/She has more
knowledge about the data and its structure. He/she can manipulate the data using his/her programs.
He/she also need not have access and knowledge of the complete data in the system.
c. The Data base Administrator (DBA) who is like the super-user of the system.
SQL (Structured Query Language)

SQL is used to communicate with a database. According to ANSI (American National Standards Institute), it is
the standard language for relational database management systems. SQL statements are used to perform
tasks such as update data on a database, or retrieve data from a database.
Some common relational database management systems that use SQL are: Oracle, Sybase, Microsoft SQL
Server, Access, Ingres, etc.
SQL Language elements

The SQL language is subdivided into several language elements, including:
a. Clauses, which are constituent components of statements and queries.

b. Expressions, which can produce either scalar values, or tables consisting of columns and rows of
data
c. Predicates, which specify conditions that can be evaluated to SQL three-valued logic (3VL)
(true/false/unknown) or Boolean truth values and are used to limit the effects of statements and
queries, or to change program flow.
d. Queries, which retrieve the data based on specific criteria. This is an important element of SQL.
e. Statements, which may have a persistent effect on schemata and data, or may control transactions,
program flow, connections, sessions, or diagnostics.
f. SQL statements also include the semicolon (";") statement terminator. Though not required on
every platform, it is defined as a standard part of the SQL grammar.
g. Insignificant whitespace is generally ignored in SQL statements and queries, making it easier to
format SQL code for readability.
Web Transaction Logs

The transaction log is a log of all changes to your database. SQL writes these changes, known as transactions,
to your transaction log before writing them to the database. This lets you restore the sequence of changes to
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
your database should there be a system crash or other problem. Often the transaction log is also used by
developers to ensure that a series of related changes to a database take place together or not at all.
In the event of a system or disk crash you may use the transaction log to revert the database to its previous
state. The database would be restored to the most recent full backup (made daily), then all the changes
recorded in the transaction log since that backup would be applied. Page | 55
Data Mining
Generally, data mining (sometimes called data or knowledge discovery) is the process of analyzing data from
different perspectives and summarizing it into useful information - information that can be used to increase
revenue, cuts costs, or both.
Data mining software is one of a number of analytical tools for analyzing data. It allows users to analyze data
from many different dimensions or angles, categorize it, and summarize the relationships identified.
Although data mining is a relatively new term, the technology is not. Companies have used powerful
Data Warehouses
Data warehousing is defined as a process of centralized data management and retrieval.
Scope of Data Mining:

a) Classes: Stored data is used to locate data in predetermined groups. For example, a restaurant chain
could mine customer purchase data to determine when customers visit and what they typically order.
This information could be used to increase traffic by having daily specials.
b) Clusters: Data items are grouped according to logical relationships or consumer preferences. For
example, data can be mined to identify market segments or consumer affinities.
c) Associations: Data can be mined to identify associations. The beer-diaper example is an example of
associative mining.
d) Sequential patterns: Data is mined to anticipate behavior patterns and trends. For example, an
outdoor equipment retailer could predict the likelihood of a backpack being purchased based on a
consumer's purchase of sleeping bags and hiking shoes.
Uses of Data mining

a) Extract, transform, and load transaction data onto the data warehouse system.
b) Store and manage the data in a multidimensional database system.
c) Provide data access to business analysts and information technology professionals.
d) Analyze the data by application software.
e) Present the data in a useful format, such as a graph or table.
Customer Relationship Management System (CRMS)

Customer relationship management (CRM) is a system for managing a company’s interactions with current
and future customers. It often involves using technology to organize, automate, and synchronize sales,
marketing, customer service, and technical support.
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
Characteristics of CRM
a) Relationship management is a customer-oriented feature with service response based on
customer input, one-to-one solutions to customers’ requirements, direct online communications with
customer and customer service centers that help customers solve their issues.
b) Sales force automation: This function can implement sales promotion analysis, automate tracking
of a client’s account history for repeated sales or future sales, and also сoordinate sales, marketing, Page | 56
call centers, and retail outlets in order to realize the salesforce automation.
c) Use of technology: This feature is about following the technology trends and skills of value delivering
using technology to make “up-to-the-second” customer data available. It applies data warehouse
technology in order to aggregate transaction information, to merge the information with CRM
products, and to provide KPI (key performance indicators).
d) Opportunity management: This feature helps the company to manage unpredictable growth and
demand and implement a good forecasting model to integrate sales history with sales projections.
Customer-centric relationship management (CCRM)

CCRM is a style of customer relationship management that focuses on customer preferences instead of
customer leverage. Customer centric organizations help customers make better decisions and it also helps
drive profitability. CCRM adds value by engaging customers in individual, interactive relationships.
Features of CCRM
a) tailored marketing, e) providing information customers actually
b) one-to-one customer service, want,
c) retaining customers, f) subscription billing,
d) building brand loyalty, g) rewards.
Key Functionalities of a CRM

Based on its functionality, a typical CRM system is subdivided into three basic sub sections:
Marketing
Marketing primarily deals with providing functionalities of Long term planning and Short term execution of
marketing related Activities within an organization.
Sales
The sales functionalities of the CRM - Customer relationship management software are focused on helping the
Sales team to execute and manage the presales process better and in an organized manner. When opportunity
management reaches a “Quotation phase”, a quotation is generated which if “won” gets converted into a
sales order. The sales order then flow in to the Back end (ERP) system for further execution and Delivery
Service
Service related functionalities are focused on:
a. Effectively managing the customer service (Planned or Unplanned)

b. Avoid "leakage" of Warranty based services
c. Avoid "Penalties" arising due to Non conformity of SLA (Service Level Agreements)
d. Provide first and Second Level support to Customers
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
Advantages
a) Departmental Integration: If a customer calls and speaks on one matter to someone in the sales
department and moments later speaks to the billing department, departmental integration reduces
the chance a customer is put on hold while the departments speak to each other.
b) Enhanced Customer Service: CRMs are a great tool for auditing, training and tracking information
such as complaint calls. They are useful in identifying a customer’s needs. Page | 57
c) Improved Sales and Marketing Tactics: With a CRM, an organization's sales team can work more
efficiently. They can monitor their pipeline and track the lead-to-sale process, review each other's
notes on customers and share product and contract information.
d) Gaining customer loyalty: As stated above, loyalty is less costly for a company and the loyal
customer becomes a professional recommendation of the company and its services.
e) Good view over the list of customers and prospects: CRM helps a company to know where it
stands with relationship management, when to contact them again, etc.
f) Enhanced productivity: By fostering customer's loyalty, the company spends less time acquiring
new customers and saves then time on other projects.
Disadvantages
a) System Integration: CRM software may not integrate well with other email and accounting systems.
Resentment :CRM software's biggest disadvantage is the resentment employees may feel toward the
software. Many employees disagree with change.
b) Learning Curve: Either implementing a CRM for the first time or upgrading an older version will
require employees to take the time out to learn the system.
c) A mistaken tool choice may make CRM more complicated:This is why you need to consider in
advance what kind of tools would be appropriate to your structure in order to follow its relationship
with its customers and prospects.
d) Choice of tools: CRM is not easy to put in place, attention must be given to the choice of tools, but
also to the effective implementation of CRM process that will be undertaken by the company.
Affiliate marketing
Affiliate marketing is a type of performance-based marketing in which a business rewards one or more
affiliates for each visitor or customer brought by the affiliate's own marketing efforts. Affiliate marketing is
one of the oldest forms of marketing wherein you refer someone to any online product and when that person
buys the product based on your recommendation, you receive a commission.
Players in Affiliate marketing

 Merchant (also known as 'retailer' or 'brand')
 Network (that contains offers for the affiliate to choose from and also takes care of the payments)
 Publisher (also known as 'the affiliate')
 Customer
Complied by
Sri. Sri.Balaji.A.
VI semester BBM
E-Business
Page | 58
Viral Marketing
Viral marketing, viral advertising, or marketing buzz are buzzwords referring to marketing techniques that use
pre-existing social networking services and other technologies to try to produce increases in brand awareness
or to achieve other marketing objectives (such as product sales) through self-replicating viral processes,
analogous to the spread of viruses or computer viruses. It can be delivered by word of mouth or enhanced by
the network effects of the Internet and mobile networks. Viral advertising is personal and, while coming from
an identified sponsor, it does not mean businesses pay for its distribution.
Email was the original viral marketing strategy because the media encourages forwarding messages to more
people.But today facebook, Youtube etc are popular.
Permission Marketing
Permission marketing is a relatively new term, which was coined and developed by the entrepreneur, Seth
Godin.Permission marketing is an approach to selling goods and services in which a prospect explicitly agrees
in advance to receive marketing information. Opt-in e-mail, where Internet users sign up in advance for
information about certain product categories, is a good example of permission marketing. Advocates of
permission marketing argue that it is effective because the prospect is more receptive to a message that has
been requested in advance and more cost-efficient because the prospect is already identified and targetted.
In a world of information overload, automated telemarketing, and spam, most people welcome the idea of
permission marketing.
Complied by
Sri. Sri.Balaji.A.
Cyber Laws
VI semester BBM
E-Business
Cyber Laws(Legal aspects of E-Business)

Introduction:
 Cyber law is a new phenomenon having emerged much after the onset of Internet. Page | 59
 Internet grew in a completely unplanned and unregulated manner
 Even the inventors of Internet could not have really anticipated the scope and far reaching
consequences of cyberspace.
 The growth rate of cyberspace has been enormous.
 Internet is growing rapidly and with the population of internet doubling roughly every year.
 Cyberspace is becoming the new preferred environment of the world.
 With the spontaneous and almost phenomenal growth of cyberspace, new and ticklish issues relating
to various legal aspects of cyberspace began cropping up.
 CYBER LAW or the law of Internet came into being.
 The growth of Cyberspace has resulted in the development of a new and highly specialized branch of
law called CYBER LAW- LAWS OF THE INTERNET AND THE WORLD WIDE WEB.
Definition of Cyber law:

There is no one exhaustive definition of the term “Cyber law”. Simply, Cyber law is a term which refers to all
the legal and regulatory aspects of Internet and the World Wide Web. Anything concerned with or related to,
or emanating from, any legal aspects or issues concerning any activity of Citizens and others, in Cyberspace
comes within the ambit of Cyber Law.
Need for Cyber Laws in India:

The need for Cyber Laws was propelled by numerous factors:
1. In India we have a detailed and well defined legal system and numerous laws have been enacted and
implemented and the foremost amongst them is the Constitution of India. The arrival of Internet signaled
the beginning of the rise of new and complex legal issues. As such, the coming of the Internet led to the
emergence of numerous ticklish legal issues and problems which necessitated the enactment of Cyber
Laws.
2. The existing laws were to be interpreted in the scenario of emerging cyberspace, without enacting new
cyber laws. As such, there was a need for enactment of relevant cyber laws.
3. The existing laws didn’t gave any legal validity or sanction to the activities in cyberspace. Courts and
judiciary in our country have been reluctant to grant judicial recognition to the legality of email in the
absence of any specific law having been enacted by the parliament. This arise the need for Cyber law.
4. Internet requires an enabling and supportive legal infrastructure in tune with the times. This legal
infrastructure can only be given by the enactment of the relevant Cyber Laws.
Complied by
Sri. Sri.Balaji.A.
Cyber Laws
VI semester BBM
E-Business
Information Technology Act 2000 and Cyber Crimes:

Definition of Cyber Crimes:
Cyber Crimes, as “Acts that are punishable by the Information Technology Act”.
A simple yet study definition of Cyber Crime would be “unlawful acts wherein the computer is either a tool or Page | 60
a target or both”. Or
Cyber Crime defined as “Any crime with the help of computer and telecommunication technology”, with the
purpose of influencing the functioning of computer or the computer systems.
Nature of Cyber Crimes:

a. Most of Cyber Crimes do not involve violence but rather greed, pride or play on some character
weakness of the victims.
b. It is difficult to identify the culprit, as the net can be accessed from any part of the globe. For these
reason, Cyber crimes are considered as “White –collar crimes”.
c. This new technology not only provides opportunities for the profitable development of an international
information market but also raised the specter of new criminal activities to exploit them.
d. There are three basic categories of criminals who engage in such crimes, ranging from hackers,
information merchants and mercenaries, to terrorists, extremists and deviants.
Types of Cyber Crimes:

1. Hacking: It is the most common type of cyber crime being committed across the world. Hacking has
been defined in Sec 66 of The Information Technology Act, 2000 as follows “whoever with the intent
to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person
destroys or deletes or alters any information residing in a computer resource or diminishes its value
or utility or affects its injuriously by any means commits hacking”.
Punishment for hacking under the above mentioned section is imprisonment for three years or fine
which may extend up to 2 lakhs rupees or both.
2. Cracking: The term ‘Cracking’ means, illegal access’. Now ‘access’ comprises the entering of the
whole or any part of a computer system (hardware, components, stored data of the system installed,
directories, traffic and content-related data. It does not include the mere sending of an e-mail
message. Access includes the entering of another computer, system, where it is connected via public
telecommunication networks or to a computer on the same network, such as a LAN or Intranet within
an organization.
3. Security Related Crimes: With the growth of the Internet, network security has become a major
concern. Private confidential information has become available to the public. Confidential information
can reside in two states on the network. It can reside on the physical stored media, such as hard drive
or memory or it can reside in the transit across the physical network wire in the form of packets. These
two information states provide opportunities for attacks from users on the internal network, as well
as users on the internet.
4. Network Packet Snifters: Network computers communicate serially where large information pieces
are broken into smaller ones. The information stream would be broken into smaller pieces even if
networks communicated in parallel. These smaller pieces are called network packets. Since these
network packets are not encrypted they can be processed and understood by any application that can
pick them off the network and process them, A network protocol specifies how packets are identified
Complied by
Sri. Sri.Balaji.A.
Cyber Laws
VI semester BBM
E-Business
and labeled which enables a computer to determine whether a packet is intended for it. A packet
snifter can provide its users with meaningful and often sensitive information such as user account
names and passwords.
5. Internet Protocol Spoofing: An IP attack occurs when an attacker outside the network pretends to
be a trusted computer either by using an IP address that is within its range or by using an external IP
address that you trust and to which you wish to provide access to specified resources on your network. Page | 61
Normally an IP spoofing attack is limited to the injection of data or commands into an existing stream
of data passed between clients and server application or a peer to peer network connection.
6. Password attacks: Password attacks can be implemented using several different methods like the
brute force attacks, Trojan horse programmes. IP spoofing can yield user accounts and passwords.
Password attacks usually refer to repeated attempts to identify a user password or account. This
attack requires that the attacker have access to network packets that come across the networks.
7. Fraud on the Internet: This is a form of white collar crime. Internet fraud is a common type of crime
whose growth has been proportionate to the growth of internet itself. The internet provides
companies and individuals with the opportunities of marketing their products on the net. It is easy for
people with fraudulent intention to make their messages look real and credible.
8. Online Investment newsletters: Many newsletters on the internet provide the investors with free
advice recommending stocks where they should invest. Sometimes these recommendations are
totally bogus and cause loss to the investors.
9. Bulletin Boards: This is a forum for sharing investor information and often fraud is perpetrated in
this zone causing loss of millions who bank on them.
10. E-mail scans: Since junk mail (E-mail which contains useless materials) is easy to create, fraudsters
often find it easy to spread bogus investment schemes or spread false information about a company.
11. Credit card fraud: With the electronic commerce rapidly becoming a major force in national
economies it offers rich pickings for criminals prepared to undertake fraudulent activities. Sometimes
like a half a billion dollars is lost to consumers in card fraud alone.
12. Publishing of false digital signature: According to sec 73 of the I.T. Act 2000, if a person knows
that a digital signature certificate is erroneous in certain particulars and still goes ahead and publishes
it, is guilty of having contravened the Act. He is punishable with imprisonment for a term that may
extend to two years or with fine of a lakh rupee or with both.
13. Making available digital signature for fraudulent purpose: This is an offence punishable under
sec 74 of the above mentioned act, with imprisonment for a term that may extend to two years or
with fine of two lakh rupees or with both.
14. Alteration and destruction of digital information: The corruption and destruction of digital
information is the single largest menace facing the world of computers. Virus just as a virus can infect
the human immunity system there exist programmes, which can, destroy or hamper computer system.
Preventing of computer crimes:

1. By educating everyone: Users and systems operators, people who hold personal data and the
people about whom it is held, people who create intellectual property and those who buy it and the
criminals. We must educate people to understand how technology can be used to help or hurt others
and think about what it would be like to be the victim of a computer hacker or computer pirate.
2. By practicing safe computing: The internet is analogous to the high seas. No one owns it, yet
people of all nationalities use it. It would perhaps be ideal if unification of internet laws could be so
achieved so as to minimize the discrepancies in application of such laws.
Complied by
Sri. Sri.Balaji.A.
Cyber Laws
VI semester BBM
E-Business
Information Technology Act, 2000

The Act consists of 94 sections spread over thirteen chapters, and four schedules to the Act.
Objectives of the Act:

1. To grant legal recognition for transactions carried out by means of electronic data interchange and
other means of electronic communication commonly referred to as “Electronic Commerce” in place Page | 62
of paper based methods of communication.
2. To give legal recognition to digital signature for authentication of any information or matter which
requires authentication under any law;
3. To facilitate electronic filing of documents with government departments.
4. To facilitate electronic storage of data.
5. To facilitate and give legal sanction to electronic fund transfers between banks and financial
institutions.
6. To give legal recognition for keeping books of account by bankers in electronic form, Evidence Act,
1891 and the reverse bank of India Act, 1934.
Scope of the Act:

1. A negotiable instrument as defined in Section 13 of Negotiable Instruments Act, 1881;
2. A power- of- attorney as defined in Section 1A of the Powers-of-Attorney Act, 1882.
3. A trust as defined in Section 3 of the Indian Trusts Act, 1882;
4. A will as defined in of Section 2{R} of Indian Succession Act, 1925 including any other testamentary
disposition by whatever name called.
5. Any contract for the sale or conveyance of immovable property or any interest in such property.
6. Any such class of documents or transactions as may be notified by the Central Government in the
Official Gazette.
Definitions:
1. “Access” with its grammatical variations and cognate expressions means gaining entry into, instructing
or communicating with the logical, arithmetical, or memory function resources of a computer,
computer system or computer network.
2. “Addressee” means a person who is intended by the originator to receive the electronic record but
does not include any intermediary.
3. “Affixing digital signature” with its grammatical variations and cognate expressions means adoption
of any methodology or procedure by a person for the purpose of authenticating an electronic record
by means of digital signature.
4. “Appropriate Government” means the Central Government except in the following two cases where
it means the state government: a) in matters enumerated in List II of the Seventh Schedule to the
Constitution; b) relating to any state law enacted under list III of the seventh schedule to the
Constitution.
5. “Asymmetric crypto system” means a system key pair consisting of a private key for creating a digital
signature and a public key to verify the digital signature.
6. “Computer” means any electronic magnetic, optical or other high-speed data processing device or
system which performs logical, arithmetic, and memory function by manipulations of electronic,
Complied by
Sri. Sri.Balaji.A.
Cyber Laws
VI semester BBM
E-Business
magnetic or optical impulses, and includes all input output, processing, storage, or communication
facilities which are connected or related to the computer in a computer system.
7. “Computer Network” means the interconnection of one or more computers through- a) the use of
the satellite, microwave, terrestrial line or other communication media; b) terminals or a complex
consisting of two or more interconnected computers whether or not the interconnection is
continuously maintained. Page | 63
8. “Computer Resource” means computer, computer system, computer network, data, computer data
base or software.
9. “Computer system” means a device or collection of devices, including input and output support
devices and excluding calculators which are not programmable and capable of being used in
conjunction with external files, which contain computer programmes, electronic instructions, input
data and output data, that performs logic, arithmetic, data storage and retrieval, communication
control and other functions.
10. “Data” means a representation of information, knowledge, facts, concepts or instructions which are
being prepared or have been prepared in a formalized manner, and is intended to be processed, is being
processed or has been processed in a computer system and may be in any form.
11. “Digital signature” means authentication of any electronic record by a subscriber by means of an
electronic method or procedure in accordance with the provisions of Section 3.
12. “Electronic form” with reference to information means of any information generated, sent, received
or stored in media, magnetic, optical, computer memory, micro film, computer generated micro fiche
or similar device.
13. “Electronic Record” means data, record or data generated, image or sound stored, received or sent
in an electronic form or micro film or computer generated micro fiche.
14. “Function” in relation to a computer, includes logic, control arithmetical process, deletion, storage
and retrieval and communication or telecommunication from or within a computer.
15. “Information” includes data, text, images, sound, voices, codes, computer programmes, software
and database or micro film or computer generated micro fiche.
16. “Intermediary” with respect to any particular electro message means any person who on behalf of
another person receives stores or transmits that message or provides any service with respect of that
message.
17. “Key pair” in any asymmetric crypto system, means a private key and its mathematically related
public key, which are so related that the public key can verify a digital signature created by the private
key.
18. “Orignator” means a person who sends, generates, stores or transmits any electronic message or
causes any electronic message to be sent, generated, stored or transmitted to any other person but
does not include an intermediary.
19. “Prescribed” means prescribed by rules made under this act.
20. “Private Key” means the key of a key pair used to create a digital signature.
21. “Public key” means the key of a key pair used to verify a digital signature and listed in the digital
signature certificate.
22. “Secure System” means computer hardware, software, and procedure that-
 are reasonably secure form unauthorized access and misuse.
Complied by
Sri. Sri.Balaji.A.
Cyber Laws
VI semester BBM
E-Business
 Provide a reasonable level of reliability and correct operation.
 Are reasonably suited to performing the intended functions and
 Adhere to generally accepted security procedures.
23. “Verify” in relation to a digital signature, electronic record or public key, with its grammatical
variations and cognate expressions means to determine whether:
 The initial electronic record was affixed, with the digital signature by the use of private key Page | 64
Corresponding to the public key of the subscriber.
 The initial electronic record is retained intact or has been altered since such electronic
record was so affixed with the digital signature.
Digital signature Certificate:

Section 35 lays down the procedure for issuance of a Digital signature certificate. It provides that an application
for such certificate shall be made in the prescribed form and shall be prescribed by the Central Government,
and different fees may be prescribed for different classes of applicants. The section also provides, that no
Digital Signature Certificate shall be granted unless the Certifying authority is satisfied that:
a. The applicant holds the private key corresponding to the public key to be listed in the Digital
Signature Certificate.
b. The applicant holds a private key,, which he is capable of creating a digital signature.
c. The public key to be listed in the certificate can be used to verity a digital signature affixed by the
private key held by the applicant.
However, no application shall be rejected unless the applicant has been given a reasonable opportunity of
showing cause against the proposed rejection.
While issuing a digital signature certificate the certifying authority should certify that it has complied with
provisions of the Act, the rules and regulations made there under and also with other conditions mentioned
in the Digital Signature Certificate.
Procedure of Digital Signature:

a. Authentication of patents: the authentication of the electronic record shall be effected by the use
of asymmetric cryptosystem and hash function which envelope and transform the initial electronic
record into another electronic record.
b. Verification of digital signature: any person by the use of a public key of the subscriber can verify
the electronic record. The private key and public key are unique to the subscriber and constitute a
functioning key pair.Example: here there are two lockers key one with a bank and other private key.
The locker does not open unless both the keys come together.
c. Electronic records acceptable unless specific provision to contrary : where any law provides
that information or any other matter shall be in writing or in the type written or printed form, then,
not withstanding anything contained in such law, such requirement shall be deemed to have been
satisfied, it such information anything contained in such law, such requirement shall be deemed to
have been satisfied, if such information or matter is a) rendered or made available in an electronic
form, and b) accessible so as to be usable subsequent reference.
d. Legal recognition of digital signature: where any law provides that information or any other
matter shall be authenticated by affixing the signature or any other document shall be signed or bear
Complied by
Sri. Sri.Balaji.A.
Cyber Laws
VI semester BBM
E-Business
the signature of any person, then, not withstanding anything contained to such law, such requirement
shall be deemed to have been satisfied.
e. Certifying digital signature: the digital signature will be certified by certifying authority. The
certifying authority will be licensed, supervision and controlled by certifying authorities.
Page | 65
Penalties and Adjudication Sec 43-47:
The Act provides for awarding compensation or damage for certain types of computer frauds. It is also provides
for the appointment of Adjudicating Officer for holding an inquiry in relation to certain computer crimes and
for awarding compensation.
Types of Penalties:
A. Penalty for damage to computer, computer system or network like:
1. Securing access to the computer, computer system or computer network.
2. Downloading or extracting any data, computer database of information from such computer
system or those stored in any removable storage medium.
3. Introducing any computer contaminant or computer virus into any computer, computer system
or network.
4. Damaging any computer, computer system or network or any computer data, database or
Programmes.
5. Disrupting any computer, computer system or network.
6. Denying access to any person Authorised to access any computer, computer system or network.
7. Providing assistance to any person to access any computer, computer system or network in
contravention of any person by tampering with or manipulating any computer, computer system
or network.
B. Penalty for misrepresentation Sec 71: provides that any person found misrepresenting or
suppressing any material fact from the controller or the certifying authority shall be punished with
imprisonment for a term which may extend to two years or with fine which may extend to Rs 1 lakh
or with both.
C. Penalty for publishing false digital signature certificate Sec 73: provides punishment for
publishing a digital signature certificate false in material particulars or otherwise making it available
to any person with imprisonment for a term which may extend to two years or with fine which may
extend to Rs 1 lakh or with both.
D. Penalty for fraudulent publication Sec 74: provides for punishment with imprisonment for a term
which may extend to two years or with fine which may extend to Rs 1 lakh or with both to a person
whoever knowingly publishing for fraudulent purpose any digital signature certificate.
Complied by
Sri. Sri.Balaji.A.
Cyber Laws
VI semester BBM
E-Business
Offences:
1) Tampering with computer source documents Sec 65: This section provides for punishment with
imprisonment upto three years or with a fine which may extend to Rs 2 Lakhs or with imprisonment
upto 3 years, or with both.
2) Hacking with computer system Sec 66: Hacking is a term used to describe the act of destroying
Page | 66
or deleting or altering any information residing in a computer resource or diminishing its value or
utility, or affecting it injuriously in spite of knowing that such action is likely to cause wrongful loss or
damage to the public or that person. Sec 66 provides that a person who commits hacking shall be
punished with a fine upto Rs 2 lakhs or with imprisonment upto 3 years, or with bond.
3) Publishing of information which is obscene in electronic form: sec 67 provides for punishment
to whoever transmits or publishes or causes to be published or transmitted, any material which is
obscene in electronic form with imprisonment for a term which may extended to five years and with
fine which may extended to Rs 1 lakh or first conviction. In the event of second or subsequent
conviction the imprisonment would be for a term which may extend to ten years and fine which may
extend to Rs 2 lakhs.
Power of the Controller:

1. Sec 68 provides the controller may give directions to certifying authority or an employee of such
authority to take such measures or cease carrying on such activities as specified in the order, so as to ensure
compliance with this law. If any person fails to comply, he shall be liable to imprisonment upto 3 years or five
upto Rs 2 lakhs, or both.
2. Sec 69 empowers the controller, if he is satisfied that it is necessary or expedient so to do in the

interest of sovereignty and integrity of India, Security of the state, friendly relation with foreign states or public
order, to intercept any information transmitted through any computer system or computer network.
3. Sec 70 empowers the appropriate government to declare by notification any computer, computer
system or computer network to be protected system. Any unauthorized access of such systems will be
punishable with imprisonment which may extend to ten years or with fine.
Powers of the Adjudicating Officer:

Section 46 confers the power of adjudicate contravention under the Act to an officer not below than the rank
of a Director to the Government of India or an equivalent officer of State Government. Such appointment shall
be made by the Central Government.
The Adjudicating Officer so appointed shall be responsible for holding an inquiry in the prescrived manner
after giving reasonable opportunity of being heard and thereafter, imposing penalty where required.
Sec 47 provides that while deciding upon the quantum of compensation, the adjudicating officer shall have
due regard to the amount of gain of unfair advantage and the amount of loss caused to any person as well as
the respective nature of the default.
Complied by
Sri. Sri.Balaji.A.

Introduction to E-Business - Key Concepts, Models and Impact in <40 Chars

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Introduction to E-Business - Key Concepts, Models and Impact in <40 Chars

Uploaded by

Copyright:

Available Formats

Importance/ significance/Features of E-Commerce Technology:

Comparison of Traditional commerce and E-commerce:

Factor E-Commerce Traditional Commerce

Sales Channel Enterprise –Internet -Consumer Manufacturer-Wholesaler-Retailer-

E-COMMERCE BUSINESS MODELS:

1) Business 2 Business Model (B2B) Page | 4

Advantages of B2B Model:

7. Provides for efficient customer service

Disadvantages of B2B Model:

2) Business- to- Consumer (B2C)

Advantages of B2C Model:

2) For the Consumers

3) Consumer to Consumer (C2C) Model

Advantages of C2C Model:

Disadvantages of C2C Model:

4) Consumer - to - Business (C2B)

6. Government-to Consumer (G2C) model:

7. Consumer-to-Government (C2G) model:

WEB AUCTIONS (Online Auctions):

Advantages of Online auctions:

Disadvantages of Online auctions are:

Types of online auctions:

Types of virtual communities: Page | 8

Benefits of virtual community

Limitation of virtual community:

Types of Web Portals:

6) Market space portals

E-BUSINESS REVENUE MODELS

Types of e-business revenue models: Page | 10

1) Advertising revenue model

2) Subscription revenue model

3) Transaction fee revenue model

4) Sales revenue model

5) Affiliate revenue model

Hardware and Software for E-Business

The Basic Technologies For E-Commerce

Client- Server Architecture:

Procedure of Client-server communication:

INFRASTRUCTURE REQUIREMENTS FOR E-COMMERCE

2) Hardware Requirements for E-commerce

3) Software Requirements for e-Commerce

4) Technical Skill Requirements

Web Server Software

Factors determining web server hardware and software requirements:

Steps to Hosting a Website:

Features provided by Web Hosting Service Providers:

Types of Web Hosting

Web Site And Internet Utility Programs:

Shopping Cart Software:

Important features to consider while doing Shopping cart comparison.

Types of Shopping Cart Software:

E-Commerce Software Tools:

Security for E-Business

Electronic Security Features

Major vunerabilty points in E-commerce

2. Server side Security

3. Communication Channel Security

2. Snooping the Shopper's Computer

3. Sniffing the Network

5. Using Known Server Bugs

6. Using Server Root Exploits

7. The Denial of Service (DoS)