Professional Documents
Culture Documents
UNIT – I
E-COMMERCE –Meaning –Evolution in India- Traditional commerce VS E-Commerce- Factors Driving the
growth of E-commerce- Benefits and limitations- Business models for E-commerce- E-commerce opportunities
in India and challenges.
UNIT- II
Electronic Data Interchange- Benefits- EDI Legal, Security and Privacy issues- EDI software implementation-
Value Added Network- Internal Information Systems- Work flow atomization and Coordination- Customization
and internal commerce.
UNIT – III
Network security and firewalls- Client Server Network Security- Emerging client server security threats-
Firewalls and network security- Data and message security- Encrypted documents and electronic mail-
Hypertext publishing- Technology behind the web- Security and the web.
UNIT – IV
Consumer Oriented Electronic Commerce: Consumer Oriented Applications- Mercantile Process Models-
Mercantile Models from the Consumers Perspective- Mercantile Models from the Merchants Perspective.
UNIT – V
Electronic Payment Systems- Types- Digital Token Based Electronic Payment System- Smart Card & Credit
Card Electronic Payment Systems- Risk- Designing Electronic Payment System.Mobile Commerce –Benefits-
Products and services of M-commerce.
REFERENCE BOOKS:
1. Frontiers of Electronic Commerce – Ravi Kalakota & Andrew B.Whinston,Dorling Kindersley (India) Pvt
Ltd,- 2006
2. Electronic commerce - Bharat Bhasker, Tata Mc Graw Hill Publishing Co Ltd,New Delhi-2006
3. Web Commerce Technology Handbook – Daniel Minoli, Emma Minoli, Tata Mc Graw Hill Publishing Co
Ltd, New Delhi-2006 4.
E-Commerce & E-Business - Dr.C.S.Rayudu, Himalaya Publishing House, New Delhi
5. E-Commerce – The Cutting Edge of Business- Kamalesh K Bajaj, Debjani Nag TMH, New Delhi
1
UNIT I
ECOMMERCE
E-commerce (electronic commerce) is the buying and selling of goods and services, or the transmitting of funds or
data, over an electronic network, primarily the internet. These business transactions occur either as business-to-
business (B2B), business-to-consumer (B2C), consumer-to-consumer or consumer-to-business.
The terms e-commerce and e-business are often used interchangeably. The term e-tail is also sometimes used in
reference to the transactional processes that make up online retail shopping.
2
Traditional Commerce VS E Commerce:
BASIS FOR
TRADITIONAL COMMERCE E-COMMERCE
COMPARISON
TRADITIONAL COMMERCE IS A
E-COMMERCE MEANS
BRANCH OF BUSINESS WHICH
CARRYNG OUT COMMERCIAL
FOCUSES ON THE EXCHANGE OF
TRANSACTIONS OR
MEANING PRODUCTS AND SERVICES, AND
EXCHANGE OF INFORMATION,
INCLUDES ALL THOSE ACTIVITIES
ELECTRONICALLY ON THE
WHICH ENCOURAGES EXCHANGE, IN
INTERNET.
SOME WAY OR THE OTHER.
PROCESSING OF
MANUAL AUTOMATIC
TRANSACTIONS
GOODS CANNOT BE
PHYSICAL GOODS CAN BE INSPECTED
INSPECTED PHYSICALLY
INSPECTION PHYSICALLY BEFORE PURCHASE.
BEFORE PURCHASE.
CUSTOMER
FACE-TO-FACE SCREEN-TO-FACE
INTERACTION
SCOPE OF
LIMITED TO PARTICULAR AREA. WORLDWIDE REACH
BUSINESS
PROVIDES A UNIFORM
INFORMATION NO UNIFORM PLATFORM FOR
PLATFORM FOR INFORMATION
EXCHANGE EXCHANGE OF INFORMATION.
EXCHANGE.
RESOURCE
SUPPLY SIDE DEMAND SIDE
FOCUS
BUSINESS
LINEAR END-TO-END
RELATIONSHIP
DELIVERY OF
INSTANTLY TAKES TIME
GOODS
3
Factors driving the growth of E- Commerce:
The critical factors that contribute the growth of electronic commerce are:
Growth of Internet: The Internet has seen a tremendous growth in the past five years making it a potential place for
communicating to many customers both efficiently as well as cost effectively. The process of e marketing by which a
customer over the Internet is reached through electronic mails or other form of adverts in the websites that attract the
attention of the target customers eventually conducting a potential sale. The fact that the Internet can effectively
communicate to a mass segment of people irrespective of age, cast, color or sex makes it a potential tool to promote the
products and services offered by n organization.
Security and Data Protection: The presence of strict laws enforcing the data protection and privacy of information along
with the legal restrictions and guidance to conduct transactions over the Internet in a secured fashion is the major
accelerating force for the growth of electronic commerce especially by providing the customers with the confidence and
faith of severe action against any fraudulent activities.
Growth in Technology: The growth of Internet was mainly due to the tremendous growth and innovation in Information
Technology products that enable secure and fast transaction over the Internet. The growth of high-speed communication
systems like Integrated Services Digital Network (ISDN) and security systems like Asynchronous Transfer Mode (ATM)
etc., has immensely contributed for the unrivaled growth of Internet and Internet based business initiatives across the globe.
Convenience Factor: The customers opt for electronic transactions more due to the convenience associated with the
process of shopping itself thus reducing the snag of commuting to the high street shops and eliminating congestion in busy
places like London. Alongside, the authors further stress that the convenience is not only the physical rest but mainly the
time factor whereby a customer can place the order for a product over the Internet at anytime he/she finds it convenient thus
eliminating the major issue of time keeping and scheduling more important activities effectively.
Innovation in Business and Competition: The growth of information technology has also opened the doors for innovative
methods like data mining and Customer Relationship Marketing whereby an organization can identify potential customers
and tailor its products based on the customer needs purely by means of the customer information held in their databases has
apparently increased the competition to sky-high levels in every sphere of business across the globe.
Reduced Operating Costs: The costs involved with the operating of the stores in the high-streets and costs associated with
the labor are greatly reduced by the one-time investment on the electronic commerce technology to deploy a robust and
secure system in their company websites for conducting commercial transactions.
Time-Saver – Consumers can buy or sell the product at any instance of time as its available 24×7.
Low Cost – E-commerce avoids the expense of maintaining stores or warehouses for the products.
Wide availability – E-commerce helps the brands and customers’ products to a wide range of people across various
regions and borders.
Convenience – All the purchases and sales can be made from the comfort sitting home or working place.
Information – Customers can find relevant information about the products and services from the comfort of home
or working place.
Personalized Recommendations – With the help of data analytics e-commerce sites track this information to show
the product desired to your needs.
Easy Customer Service – Customer service is available with just a click, either phone or chat with a representative
both features are available to fix the issue.
Limitation of E-Commerce:
There are various limitations of e-commerce such as
4
Increase in competition with emerging new technologies.
A threat of an increase in cybercrimes.
Negotiation is not possible on online platforms.
Creates social differences as technical knowledge is a must for using e-commerce.
Cost of internet and equipment to access the e-platforms.
A recent report by internet and mobile association of India reveals that’s e-commerce market is
Growing at an average rate 70 percent annually, and has grown over 500 percent in the past three
years alone.
Challenges in the E-commerce:
In India, cash on delivery is the preferred payment mode: In India, most of the people prefer
to pay cash on delivery due to the lower credit card diffusion and low trust in online transactions.
Not like electronic payments, manual cash collection is quite perilous, expensive and laborious.
Infrastructural problems: Internet is the backbone of e-commerce. Internet penetration in India
is still very low (38.4%) compared to other countries. The quality of connectivity is poor in
several regions. But both these are real threats for the growth e-commerce market in India.
Incorrect postal address: When the customer places an online order, he will get a call from the
company, asking about his exact location. The given address is not enough because there is
always a little standardization while writing post address. It is also one of the biggest challenges
that faced by e-commerce in India.
Privacy and security concerns: In case of start up and small business, business owners fail to
take the initial steps to secure and protect their online business through the installation of
authentic protection services like antivirus and firewall product, which indeed a crucial step for
successful business players. Usage of unauthorized softwares will not protect the customer.
Shopping Challenges: Issues related to lack of supply chain integration, higher delivery charges
for products. Delay in delivery and lack of proper courier services in some areas also make.
7
Standard Means of communication − EDI enforces standards on the content of data and its format which
leads to clearer communication.
BENEFITS OF EDI
Minimal paper usage. EDI reduces associated expenses of storage, printing, postage, mailing
and recycling.
Enhanced quality of data. EDI minimises data entry errors, improves accounts payable/receivable
times as processes become streamlined and can be used for forecasting.
Improved turnaround times.
Cost & time savings, Speed, Accuracy, Security, System Integration, Just-In-Time
Support.
Reduced paper-based systems, i.e. record maintenance, space, paper, postage costs
ecommerce
EDI LEGAL
Liability and contractual information. Amazon, easily the most recognizable face of the e-
commerce industry, has had to navigate the treacherous world of regulation for years. ...
Data protection and privacy. ...
Managing fraud and securing electronic transactions.
To understand the legal framework, let’s take a look on three modes of communication
types: Instantaneous communication, delayed communication via the U.S. Postal
Service (USPS), & delayed communication via non-USPS couriers;
Instantaneous. If the parties are face to face or use an instantaneous
communication medium such as the telephone
Delayed (USPS). The “mailbox rule” provides that an acceptance communicated
via USPS mail is effectively when dispatched
Delayed (non-USPS). Acceptances transmitted via telegram, mailgram, &
electronic messages, are communicated & operable upon receipt.
9
• It is a business procedure that enables e-commerce to occur between organizations
where the interaction is of short duration.
• It is process of doing EDI without the upfront trading partner agreement that
is currently signed by the trading partners.
• The goal is to sustain ad hoc business or short-term trading relationships using
simpler legal codes.
• It is a law of contract within the context of e-commerce where transactions
are not repeated over long period of time.
Standardization & EDI
Standards translation
• Specifies business form structure so that information can be exchanged
• Two competing standards
– American National Standards Institute (ANSI) X12
– EDIFACT developed by UN/ECE, Working Party for the Facilitation
of International Trade Procedures
Structure of EDI transactions
– Transaction set is equivalent to a business document, such as a purchase order
– Data Segments are logical groups of data elements that
together convey information
– Data elements are individual fields, such as purchase order no.
Comparison of EDIFACT & X.12 Standards
• These are comprised of strings of data elements called segments.
• A transaction set is a set of segments ordered as specified by the standard.
• ANSI standards require each element to have a very specific name, such as order
date or invoice date.
EDI SOFTWARE IMPLEMENTATION
EDI software has 4 layers:
1. Business application
2. Internal format conversion.
3. EDI Translator.
4. EDI envelope for document messaging
• These 4 layers package the information & send it over the value-added network to
the target business, which then reverses the process to obtain the original
10
information
11
EDI Business Application Layer
1. It creates a document, an invoice.
2. Sends to EDI translator, reformats the invoice into an EDI standard.
3. If there are on the same type of computer, the data move
faster. Ecommerce
12
• A VAN is a communication network that typically exchanges EDI messages
13
among trading partners.
• It provides services, including holding messages in “electronic mailboxes”,
interfacing with other VANs
• Disadvantage is EDI-enabling VANs is that they are slow & high-priced, charging by
the no. of characters transmitted.
Internet-Based EDI
Several factors make internet useful for EDI:
• Flat-pricing that is not dependent on the amount of information transferred
• Cheap access with low cost of connection- often a flat monthly fee for leased line
0r dial- up access
• Common mail standards & proven networking & interoperable systems
• Security--public-key encryption techniques are being incorporated in various
electronic mail systems.
15
Today, a similar trend is emerging in the automation of knowledge-based business processes called
work-flow automation
The goal of work-flow automation is to offer more timely, cost-effective,and integrated ways to make
decisions.
Typically, work-flows are decomposed into steps or tasks, which are task oriented. Work-flows can be
simple or complex.
Simple work-flows typically involve one or two steps or tasks. Another way of looking at work-flow is
to determine the amount of cross-functional activity.In other words, companies must adopt an integrated
process view of all the business elements.
Organizational integration is extremely complex and typically involves three steps
Improving existing processes by utilizing technology where appropriate.
Integrate across the business function offer identifying the information needs for each process.
Integrating business functions, application program interface, and database across departments
and groups.
Complex work-flows involve several other work-flows, some of which Executes simultaneously.
Work-Flow Coordination:
The key element of market-driven business is the coordination of tasks and other resources throughout
the company to create value for customer. To this end, effective companies have developed horizontal
structures around small multifunctional teams that can move more quickly and easily than businesses that use
the traditional function-by-function, sequential approach.
Some of the simplest work-flow coordination tools are electronic forms routing applications such as
lotus notes. As the number of parties in the work flow increases, good coordination becomes crucial.
Work-flow related technologies:
Technology must be the “engine” for driving the initiatives to streamline and transform business
interactions. Large organizations are realizing that they have a middle-management offer all the drawn sizing
and reorganization of fast few years.
Pressures for more comprehensive work-flow systems are building rapidly. Work-flow system are
limited to factory like work process.
Middleware is maturing:
By this users or third-party providers need to learn how to develop work-flow applications within
middleware environment.
Organizational memory is becoming practical:
16
The new tools for memory becoming advancing towards what can be called the “corporate digital
library”.
Mass customization, in marketing, manufacturing, and management, is the use of flexible computer-
aided manufacturing systems to produce custom output. Those systems combine the low unit costs of mass
production processes with the flexibility of individual customization"Mass Customization" is the new frontier in
business competition for both manufacturing and service industries.
Implementation:
Many implementations of mass customization are operational today, such as software- based product
configurations which make it possible to add and/or change functionalities of a core product or to build fully
custom enclosures from scratch. Companies which have succeeded with mass-customization business models
tend to supply purely electronic products. However, these are not true "mass customizers" in the original sense,
since they do not offer an alternative to mass production of material goods.
Four types of mass customization:
Collaborative customization - Firms talk to individual customers to determine the precise product
offering that best serves the customer's needs.
Adaptive customization - Firms produce a standardized product, but this product is customizable in the
hands of the end-user.
17
Transparent customization - Firms provide individual customers with unique products, without
explicitly telling them that the products are customized.
Cosmetic customization - Firms produce a standardized physical product, but market it to different
customers in unique ways.
Most of the written materials and thinking about customization has neglected technology. It has been
about management and design of work processes.
Today technology is so pervasive that it is virtually impossible to make clear distributions among
management, design of work, and technology in almost all forms of business and industry.
Technology has moved into products, the workplace, and the market with astonishing speed and
thoroughness.
Mass customization, not mass production. Today the walls that separated functions in manufacturing
and service industries alike are beginning to fall like dominoes. Customization need not be used only in the
production of cars, planes, and other traditional products.
18
UNIT III
NETWORK SECURITY AND
FIREWALLS FIREWALLS
Almost every medium and large-scale organization has a presence on the Internet and has an organizational
network connected to it. Network partitioning at the boundary between the outside Internet and the internal
network is essential for network security. Sometimes the inside network (intranet) is referred to as the “trusted”
side and the external Internet as the “un-trusted” side.
Types of Firewall
Firewall is a network device that isolates organization’s internal network from larger outside network/Internet.
It can be a hardware, software, or combined system that prevents unauthorized access to or from internal
network.
All data packets entering or leaving the internal network pass through the firewall, which examines each
packet and blocks those that do not meet the specified security criteria.
Deploying firewall at network boundary is like aggregating the security at a single point. It is analogous to
locking an apartment at the entrance and not necessarily at each door.
Firewall is considered as an essential element to achieve network security for the following reasons −
Internet is a dangerous place with criminals, users from competing companies, disgruntled ex-
employees, spies from unfriendly countries, vandals, etc.
19
Packet filter (Stateless & Stateful)
Application-level gateway
Circuit-level gateway
These three categories, however, are not mutually exclusive. Modern firewalls have a mix of abilities that may
place them in more than one of the three categories.
In this type of firewall deployment, the internal network is connected to the external network/Internet via a
router firewall. The firewall inspects and filters data packet-by-packet.
Packet-filtering firewalls allow or block the packets mostly based on criteria such as source and/or
destination IP addresses, protocol, source and/or destination port numbers, and various other parameters within
the IP header.
The decision can be based on factors other than IP header fields such as ICMP message type, TCP SYN and
ACK bits, etc.
Selection criteria − It is a used as a condition and pattern matching for decision making.
Action field − This part specifies action to be taken if an IP packet meets the selection criteria. The
action could be either block (deny) or permit (allow) the packet across the firewall.
Packet filtering is generally accomplished by configuring Access Control Lists (ACL) on routers or switches.
ACL is a table of packet filter rules.
As traffic enters or exits an interface, firewall applies ACLs from top to bottom to each incoming packet, finds
matching criteria and either permits or denies the individual packets.
20
Stateless firewall is a kind of a rigid tool. It looks at packet and allows it if its meets the criteria even if it is
not part of any established ongoing communication.
Hence, such firewalls are replaced by stateful firewalls in modern networks. This type of firewalls offer a
more in-depth inspection method over the only ACL based packet inspection methods of stateless firewalls.
Stateful firewall monitors the connection setup and teardown process to keep a check on connections at the
TCP/IP level. This allows them to keep track of connections state and determine which hosts have open,
authorized connections at any given point in time.
They reference the rule base only when a new connection is requested. Packets belonging to existing
connections are compared to the firewall's state table of open connections, and decision to allow or block is
taken. This process saves time and provides added security as well. No packet is allowed to trespass the
firewall unless it belongs to already established connection. It can timeout inactive connections at firewall after
which it no longer admit packets for that connection.
Application Gateways
An application-level gateway acts as a relay node for the application-level traffic. They intercept incoming and
outgoing packets, run proxies that copy and forward information across the gateway, and function as a proxy
server, preventing any direct connection between a trusted server or client and an untrusted host.
The proxies are application specific. They can filter packets at the application layer of the OSI model.
Application-specific Proxies
21
An application-specific proxy accepts packets generated by only specified application for which they are
designed to copy, forward, and filter. For example, only a Telnet proxy can copy, forward, and filter Telnet
traffic.
If a network relies only on an application-level gateway, incoming and outgoing packets cannot access services
that have no proxies configured. For example, if a gateway runs FTP and Telnet proxies, only packets
generated by these services can pass through the firewall. All other services are blocked.
Application-level Filtering
An application-level proxy gateway, examines and filters individual packets, rather than simply copying them
and blindly forwarding them across the gateway. Application-specific proxies check each packet that passes
through the gateway, verifying the contents of the packet up through the application layer. These proxies can
filter particular kinds of commands or information in the application protocols.
Application gateways can restrict specific actions from being performed. For example, the gateway could be
configured to prevent users from performing the ‘FTP put’ command. This can prevent modification of the
information stored on the server by an attacker.
Transparent
Although application-level gateways can be transparent, many implementations require user authentication
before users can access an untrusted network, a process that reduces true transparency. Authentication may be
different if the user is from the internal network or from the Internet. For an internal network, a simple list of
IP addresses can be allowed to connect to external applications. But from the Internet side a strong
authentication should be implemented.
22
An application gateway actually relays TCP segments between the two TCP connections in the two directions
(Client ↔ Proxy ↔ Server).
For outbound packets, the gateway may replace the source IP address by its own IP address. The process is
referred to as Network Address Translation (NAT). It ensures that internal IP addresses are not exposed to the
Internet.
Circuit-Level Gateway
The circuit-level gateway is an intermediate solution between the packet filter and the application gateway. It
runs at the transport layer and hence can act as proxy for any application.
Similar to an application gateway, the circuit-level gateway also does not permit an end-to-end TCP
connection across the gateway. It sets up two TCP connections and relays the TCP segments from one network
to the other. But, it does not examine the application data like application gateway. Hence, sometime it is
called as ‘Pipe Proxy’.
SOCKS
SOCKS (RFC 1928) refers to a circuit-level gateway. It is a networking proxy mechanism that enables hosts
on one side of a SOCKS server to gain full access to hosts on the other side without requiring direct IP
reachability. The client connects to the SOCKS server at the firewall. Then the client enters a negotiation for
the authentication method to be used, and authenticates with the chosen method.
The client sends a connection relay request to the SOCKS server, containing the desired destination IP address
and transport port. The server accepts the request after checking that the client meets the basic filtering criteria.
Then, on behalf of the client, the gateway opens a connection to the requested untrusted host and then closely
monitors the TCP handshaking that follows.
The SOCKS server informs the client, and in case of success, starts relaying the data between the two
connections. Circuit level gateways are used when the organization trusts the internal users, and does not want
to inspect the contents or application data sent on the Internet.
A firewall is a mechanism used to control network traffic ‘into’ and ‘out’ of an organizational internal network.
In most cases these systems have two network interfaces, one for the external network such as the Internet and
the other for the internal side.
23
The firewall process can tightly control what is allowed to traverse from one side to the other. An organization
that wishes to provide external access to its web server can restrict all traffic arriving at firewall expect for port
80 (the standard http port). All other traffic such as mail traffic, FTP, SNMP, etc., is not allowed across the
firewall into the internal network. An example of a simple firewall is shown in the following diagram.
In the above simple deployment, though all other accesses from outside are blocked, it is possible for an
attacker to contact not only a web server but any other host on internal network that has left port 80 open by
accident or otherwise.
Hence, the problem most organizations face is how to enable legitimate access to public services such as web,
FTP, and e-mail while maintaining tight security of the internal network. The typical approach is deploying
firewalls to provide a Demilitarized Zone (DMZ) in the network.
In this setup (illustrated in following diagram), two firewalls are deployed; one between the external network
and the DMZ, and another between the DMZ and the internal network. All public servers are placed in the
DMZ.
With this setup, it is possible to have firewall rules which allow public access to the public servers but the
interior firewall can restrict all incoming connections. By having the DMZ, the public servers are provided
with adequate protection instead of placing them directly on external network.
24
Intrusion Detection / Prevention System
The packet filtering firewalls operate based on rules involving TCP/UDP/IP headers only. They do not attempt
to establish correlation checks among different sessions.
Intrusion Detection/Prevention System (IDS/IPS) carry out Deep Packet Inspection (DPI) by looking at the
packet contents. For example, checking character strings in packet against database of known virus, attack
strings.
Application gateways do look at the packet contents but only for specific applications. They do not look for
suspicious data in the packet. IDS/IPS looks for suspicious data contained in packets and tries to examine
correlation among multiple packets to identify any attacks such as port scanning, network mapping, and denial
of service and so on.
IDS and IPS are similar in detection of anomalies in the network. IDS is a ‘visibility’ tool whereas IPS is
considered as a ‘control’ tool.
Intrusion Detection Systems sit off to the side of the network, monitoring traffic at many different points, and
provide visibility into the security state of the network. In case of reporting of anomaly by IDS, the corrective
actions are initiated by the network administrator or other device on the network.
Intrusion Prevention System are like firewall and they sit in-line between two networks and control the traffic
going through them. It enforces a specified policy on detection of anomaly in the network traffic. Generally, it
drops all packets and blocks the entire network traffic on noticing an anomaly till such time an anomaly is
addressed by the administrator.
Types of IDS
There are two basic types of IDS.
25
Signature-based IDS
o It needs a database of known attacks with their signatures.
o Signature is defined by types and order of packets characterizing a particular attack.
o Limitation of this type of IDS is that only known attacks can be detected. This IDS can also
throw up a false alarm. False alarm can occur when a normal packet stream matches the
signature of an attack.
o Well-known public open-source IDS example is “Snort” IDS.
Anomaly-based IDS
o This type of IDS creates a traffic pattern of normal network operation.
o During IDS mode, it looks at traffic patterns that are statistically unusual. For example, ICMP
unusual load, exponential growth in port scans, etc.
o Detection of any unusual traffic pattern generates the alarm.
o The major challenge faced in this type of IDS deployment is the difficulty in distinguishing
between normal traffic and unusual traffic.
NETWORK SECURITY
Information and efficient communication are two of the most important strategic issues for the success of
every business. With the advent of electronic means of communication and storage, more and more businesses
have shifted to using data networks to communicate, store information, and to obtain resources. There are
different types and levels of network infrastructures that are used for running the business.
It can be stated that in the modern world nothing had a larger impact on businesses than the networked
computers. But networking brings with it security threats which, if mitigated, allow the benefits of networking
to outweigh the risks.
Nowadays, computer networks are viewed as a resource by almost all businesses. This resource enables them
to gather, analyze, organize, and disseminate information that is essential to their profitability. Most businesses
have installed networks to remain competitive.
The most obvious role of computer networking is that organizations can store virtually any kind of information
at a central location and retrieve it at the desired place through the network.
Benefits of Networks
26
Computer networking enables people to share information and ideas easily, so they can work more efficiently
and productively. Networks improve activities such as purchasing, selling, and customer service. Networking
makes traditional business processes more efficient, more manageable, and less expensive.
The threats on wired or wireless networks has significantly increased due to advancement in modern
technology with growing capacity of computer networks. The overwhelming use of Internet in today’s world
for various business transactions has posed challenges of information theft and other attacks on business
intellectual assets.
In the present era, most of the businesses are conducted via network application, and hence, all networks are at
a risk of being attacked. Most common security threats to business network are data interception and theft, and
identity theft.
Network security is a specialized field that deals with thwarting such threats and providing the protection of
the usability, reliability, integrity, and safety of computer networking infrastructure of a business.
Protecting Business Assets − This is the primary goal of network security. Assets mean the
information that is stored in the computer networks. Information is as crucial and valuable as any other
tangible assets of the company. Network security is concerned with the integrity, protection, and safe
access of confidential information.
27
Compliance with Regulatory Requirements − Network security measures help businesses to comply
with government and industry specific regulations about information security.
Secure Collaborative Working − Network security encourages co-worker collaboration and facilitates
communication with clients and suppliers by offering them secure network access. It boosts client and
consumer confidence that their sensitive information is protected.
Reduced Risk − Adoption of network security reduces the impact of security breaches, including legal
action that can bankrupt small businesses.
Gaining Competitive Advantage − Developing an effective security system for networks give a
competitive edge to an organization. In the arena of Internet financial services and e-commerce,
network security assumes prime importance.
28
The network model on which they were implemented mirrored this client-server model with a user's PC
(the client) typically acting as the requesting machine and a more powerful server machine to which it was
connected via either a LAN or a WAN acting as the supplying machine.
It requires special networking operating system. It provides user level security and it is more expensive.
Advantages of Client Server Networks
1. Centralized back up is possible.
2. Use of dedicated server improves the performance of whole system.
3. Security is better in these networks as all the shared resources are centrally administered.
4. Use of dedicated servers also increases the speed of sharing resources.
Disadvantages of Client Server Networks
1. It requires specialized servers with large memory and secondary storage. This leads to increase in the cost.
2. The cost of network operating system that manages the various clients is also high.
3. It requires dedicated network administrator.
Security is an essential part of any transaction that takes place over the internet. Customers will lose
his/her faith in e-business if its security is compromised. Following are the essential requirements for safe e-
payments/transactions −
Confidentiality − Information should not be accessible to an unauthorized person. It should not be intercepted
during the transmission.
Integrity − Information should not be altered during its transmission over the network.
Availability − Information should be available wherever and whenever required within a time limit specified.
Authenticity − There should be a mechanism to authenticate a user before giving him/her an access to the
required information.
Non-Repudiability − It is the protection against the denial of order or denial of payment. Once a sender sends a
message, the sender should not be able to deny sending the message. Similarly, the recipient of message should
not be able to deny the receipt.
Encryption − Information should be encrypted and decrypted only by an authorized user.
Auditability − Data should be recorded in such a way that it can be audited for integrity requirements.
Malicious data or code in the form of Trojan Horses, Viruses, Worms and Deviant.
Eavesdropping without proper authorization.
29
Denial of services and alteration in the data packets received.
Hackers use these tools to interrupt the activities of an e-commerce website.
They can capture user details including password or make the site unavailable for an undefined period
of time.
Client threats mainly includetrojan horses, malicious codes and data.
There could be worms in the servers as well that can replicate a programme without requiring a host
for it.
Server threats include unauthorized eavesdropping that can lead to unwanted people getting
hold of secret and important information.
Denial of services and the modification of the incoming data packets are also some of the
leading threats.
DATA AND MESSAGE SECURITY
E data and message security ensured in e-business via:
Encryption: This technology deploys a public key and a private key infrastructure to ensure security. The
public key can be distributed but the private key remains only with the user and the service provider. So,
it works just like the username and password system of your e-mail account.
Digital signatures: This technology requires a recipient’s password to decode the encrypted data. The sender’s
authentication gets confirmed through a digital certificate, issued by credible authorities such as Verisign and
Thawte.
Secure socket layers (SSL): This process involves both public key and digital certificate technologies to ensure
privacy and authentication. To initiate the process, a client asks for authentication from the server, which is
done through a digital certificate. Then, both the client and server design session keys for data transfer. The
session will expire following any modification or prolonged period of inactivity.
Firewalls: This includes both software and hardware that protects the network against hackers and viruses.
Installing premium quality anti-virus programs and spyware helps to fortify e-commerce protection from
malicious threats.
Access control: Restricting user access to information on the site is an effective way to control the site’s
security. Researches show that most e-commerce malfunctions occur due to users’ ignorance.
data security is important and it is essential for any transaction that is carried. While doing a transaction,
the basic requirements needs for a secured transaction are Encryption, Authenticity, Availability, Integrity,
Confidentiality, Non- Repudiability.
The measures that can be taken for security purposes are Security Certificates, digital signature and
encryption.
30
Message security is the kind of security which provides the safety of companies. This type of security
includes IP address to find the malware and email intrusion etc.
31
Pretty Good Privacy (PGP)
Pretty Good Privacy (PGP) is a popular program used to encrypt and decrypt email over the Internet. It
can also be used to send an encrypted digital signature that lets the receiver verify the sender's identity and
know that the message was not changed en route. Available both as freeware and in a low-cost commercial
version, PGP is the most widely used privacy-ensuring program by individuals and is also used by many
corporations. Developed by Philip R. Zimmermann in 1991, PGP has become a de facto standard for e-mail
security. PGP can also be used to encrypt files being stored so that they are unreadable by other users or
intruders.
PGP can be used basically for 4 things:
Encrypting a message or file so that only the recipient can decrypt and read it. The sender, by
digitally signing with PGP, can also guarantee to the recipient, that the message or file must have
come from the sender and not an impostor.
Clear signing a plain text message guarantees that it can only have come from the sender and not
an impostor.
Encrypting computer files so that they can't be decrypted by anyone other than the person who
encrypted them.
Really deleting files (i.e. overwriting the content so that it can't be recovered and read by anyone
else) rather than just removing the file name from a directory/folder.
Privacy-Enhanced Mail (PEM)
Privacy-Enhanced Mail (PEM) is an Internet standard that provides for secure exchange of electronic
mail. PEM employs a range of cryptographic techniques to allow for confidentiality, sender authentication, and
message integrity.
The message integrity aspects allow the user to ensure that a message hasn't been modified during
transport from the sender. The sender authentication allows a user to verify that the PEM message that they
have received is truly from the person who claims to have sent it. The confidentiality feature allows a message
to be kept secret from people to whom the message was not addressed.
Originator Authentication
32
In RFC 1422 an authentication scheme for PEM is defined. It uses a hierarchical authentication
framework compatible X.509, ``The Directory --- Authentication Framework.''
Central to the PEM authentication framework are certificates, which contain items such as the digital
signature algorithm used to sign the certificate, the subject's Distinguished Name, the certificate issuer's
Distinguished name, a validity period, indicating the starting and ending dates the certificate should be
considered valid, the subject's public key along with the accompanying algorithm. This hierarchical
authentication framework has four entities.
HYPERTEXT PUBLISHING
Web provides a functionality necessary for e-commerce. The web has become an umbrella for wide
range of concepts and technology that differ markedly in purpose and scope which include hypertext publishing
concept, the universalreader concept and the client server concept.
Hypertext publishing promotes the idea of seamless information world in which all
online information can be accessed and retrieved. In a constant and simple way hypertext
publishing is a primary application of web interest in hypermedia. On the internet ( called
distributed or global hypermedia).
As accelerated shortly following the success of web media and browser. This success has been aided by
more powerful work station high resolution graphic display faster network communication and decreased cost
for large online service.
Hypertext Vs hypermedia:
Hype rtext
Hypertext is an approach information management in which data are shared in the network of document
connect by links (this link represents relationship between nodes.
Hypermedia
A hypermedia system is made up of nodes (documents) and links (pointers). A node generally
represents a simple concept and idea. Nodes can contain texts, graphics, audio, video images etc. nodes are
connected to other nodes by links. The movement between nodes is made by activating links which connect
related concept or nodes links can be bidirectional.
Hypertext is a simple context based on the association of nodes through links. A node from which a link
is originated is called the reference or the anchor link and a node at which a link ends is called referent. The
movement between the links is made possible by activating links. The promise of hypertext lies in the ability to
produce large complex richly connected and
33
crossed reference bodies of information.
Benefits of Hypermedia:
1. hypermedia documents are much more flexible than conventional documents.
2. hypermedia documents offer video sequences animation and even compute programs.
3. its power and appeal increases when it is implemented in computing environments that
include network , micro computers , work stations, high resolution displays and large
online storage.
4. it provides dynamic organization.
5. hypermedia systems provides non-linear innovative way of accessing and restricting
network documents.
Technology behind the web:
Information providers ( publishers ) run programs called servers from which the browsers can obtain
information. These programs can either be web servers that understand the hypertext transfer protocol (
HTTP ) , “gateway” programs that convert an existing information format to hypertext, or a non-HTTP
server that web browsers can access i.e FTP or Gopher servers.
Web servers are composed of two major parts.
1. the hypertext transfer protocol ( HTTP ) for transmitting documents between servers
and clients .
2. HTML format for documents.
The link between HTML files & HTTP server is provided by Uniform Resource Locator (URL ).
34
URL are central to web architecture. That fact is that it is easy to address an object anywhere on the
internet is essential for the system to scale & for the information space to be independent os network and server
topology.
Hype rtext Transfer Protocol ( HTTP ):
It is the simple request response protocol that is currently run over TCP and is the basis of WWW.
HTTP is a protocol for transferring information efficiently between the requesting client and server. The data
transferred may be plain text , hypertext images or anything else. When a user browses the web objects are
retrieved in rapid succession from often widely dispersed servers.
HTTP is used for retrieving documents in an unbounded & extensible set of formats. It is an internet
protocol. It is similar in its readable, text based style to the file transfer ( FTP ) & the
network news (NNTP) protocols that have been used to transfer files and news on the internet
for many years.
When objects are transferred over network, information about them is transferred in HTTP Header. The
set of headers is an extension of the multi purpose internet mail extension ( MIME ) set. This design decision
was taken to open the door to integration of hypermedia mail , news and information access.
HTTPD Servers ( Hype rtext transfer protocol domain )
The server that are used to publish information via WWW servers are called HTTPD servers. While
choosing a web server flexibility, ease of administrator, security features, familiarity and performance are
considered.
It is important to evaluate the tasks for which the web server is used. A server used for internet based
marketing & technical support task will need more powerful server than the web server used internally within a
firewall for distributing memos and bulletins. HTTPD servers are ideal for companies that want tp provide
multitude of services ranging from product information to technical support.
HTML ( Hypertext markup language )
At the heart of the web is a simple page description language called HTMl. It is a common basic
language of interchange for hypertext that forms the fabric of the web. It is based on an international
electronic document standard called Standard generalized markup
language (SGML)
HTML enables document orientation for the web by embedding control codes in ASCII (
American standard code for information interchange ) text to designate titles, headings, graphics
and the hypertext links, making links of SGML’s powerful linking capabilities. HTML was meant to be a
language of communication which actually flows over the network HTML was designed to be sufficiently
simply as to be produced easily by the people and automatically
35
generated by the programs.
HTML Forms
Forms support is an important element for doing online business. Forms are necessary
for gathering user information conducting surveys and also providing interactive services.
Forms make web browsing an interactive process for the user and the provider. They provide the means
to collect and act upon the data entered by end users. Forms also open up a number of possibilities for online
transactions such as restricting specific news articles, specifying such as request , soliciting customer feedback
or ordering products. The number of features are available for building forms including text boxes, radio
buttons, check boxes.
36
Because routing is dynamic, packets of the same message may take different paths and not necessarily arrive in
the sequence in which they were sent.
Addressability
Messages can be sent from one computer to another only when every server on the Internet is uniquely
addressable. The Internet Network Information Center (InterNIC) manages the assignment of unique IP
addresses so that TCP/IP networks anywhere in the world can communicate with each other. An IP address is a
unique 32-bit number consisting of four groups of decimal numbers in the range 0 to 255 (e.g., 128.192.73.60).
IP numbers are difficult to recall. Humans can more easily remember addresses like aussie.mgmt.uga.edu. A
Domain Name Server (DNS) converts aussie.mgmt.uga.edu to the IP address 128.192.73.60. The exponential
growth of the Internet will eventually result in a shortage of IP addresses, and the development of next-
generation IP (IPng) is underway.
INFRASTRUCTURE
Electronic commerce is built on top of a number of different technologies. These various technologies created a
layered, integrated infrastructure that permits the development and deployment of electronic commerce
applications (see Exhibit 9). Each layer is founded on the layer below it and cannot function without it.
37
This layer consists of software for sending and receiving messages. Its purpose is to deliver a message from a
server to a client. For example, it could move an HTML file from a Web server to a client running Netscape.
Messages can be unformatted (e.g., e-mail) or formatted (e.g., a purchase order). Electronic data interchange
(EDI), e-mail, and hypertext text transfer protocol (HTTP) are examples of messaging software.
Electronic publishing infrastructure
Concerned with content, the Web is a very good example of this layer. It permits organizations to publish a full
range of text and multimedia. There are three key elements of the Web:
A uniform resource locator (URL), which is used to uniquely identify any server;
A network protocol;
A structured markup language, HTML.
Notice that the electronic publishing layer is still concerned with some of the issues solved by TCP/IP for the
Internet part of the NII layer. There is still a need to consider addressability (i.e., a URL) and have a common
language across the network (i.e., HTTP and HTML). However, these are built upon the previous layer, in
the case of a URL, or at a higher level, in the case of HTML.
Business services infrastructure
The principal purpose of this layer is to support common business processes. Nearly every business is
concerned with collecting payment for the goods and services it sells. Thus, the business services layer supports
secure transmission of credit card numbers by providing encryption and electronic funds transfer. Furthermore,
the business services layer should include facilities for encryption and authentication (see See Security).
Electronic commerce applications
Finally, on top of all the other layers sits an application. Consider the case of a book seller with an on-line
catalog (see Exhibit 6). The application is a book catalog; encryption is used to protect a customer’s credit card
number; the application is written in HTML; HTTP is the messaging protocol; and the Internet physically
transports messages between the book seller and customer.
Electronic publishing
38
Two common approaches to electronic publishing are Adobe’s portable document format (PDF) and HTML.
The differences between HTML and PDF are summarized in Exhibit 7.
Exhibit 7. HTML versus PDF
PDF
PDF is a page description language that captures electronically the layout of the original document.
Adobe’s Acrobat Exchange software permits any document created by a DOS, Macintosh, Windows, or Unix
application to be converted to PDF. Producing a PDF document is very similar to printing, except the image
is sent to a file instead of a printer. The fidelity of the original document is maintained–text, graphics, and
tables are faithfully reproduced when the PDF file is printed or viewed. PDF is an operating system
independent and printer independent way of presenting the same text and images on many different systems.
PDF has been adopted by a number of organizations, including the Internal Revenue Service for tax
forms. PDF documents can be sent as e-mail attachments or accessed from a Web application. To decipher a
PDF file, the recipient must use a special reader, supplied at no cost by Adobe for all major operating systems.
In the case of the Web, you have to configure your browser to invoke the Adobe Acrobat reader whenever a
file with the extension pdf is retrieved.
HTML
HTML is a markup language , which means it marks a portion of text as referring to a particular type of
information.6 HTML does not specify how this is to be interpreted; this is the function of the browser. Often the
person using the browser can specify how the information will be presented.
For instance, using the preference features of your browser, you can indicate the font and size for
presenting information. As a result, you can significantly alter the look of the page, which could have been
carefully crafted by a graphic artist to convey a particular look and feel. Thus, the you may see an image
somewhat different from what the designer intended.
39
ELECTRONIC COMMERCE TOPOLOGIES
There are three types of communication networks used for electronic commerce (see Exhibit 8), depending on
whether the intent is to support cooperation with a range of stakeholders, cooperation among employees, or
cooperation with a business partner. Each of these topologies is briefly described, and we discuss how they can
be used to support electronic commerce.
Exhibit 8. Electronic commerce topologies
The Internet is a global network of networks. Any computer connected to the Internet can communicate with
any server in the system (see Exhibit 5). Thus, the Internet is well-suited to communicating with a wide variety
of stakeholders. Adobe, for example, uses its Web site to distribute software changes to customers and provide
financial and other reports to investors.
Many organizations have realized that Internet technology can also be used to establish an intra-organizational
network that enables people within the organization to communicate and cooperate with each other. This so-
called intranet (see Exhibit 10) is essentially a fenced-off mini-Internet within an organization. A firewall (see
See Firewall) is used to restrict access so that people outside the organization cannot access the intranet.
While
40
an intranet may not directly facilitate cooperation with external stakeholders, its ultimate goal is to improve an
organization’s ability to serve these stakeholders.
The Internet and intranet, as the names imply, are networks. That is, an array of computers can connect to each
other. In some situations, however, an organization may want to restrict connection capabilities. An extranet
(see Exhibit 7) is designed to link a buyer and supplier to facilitate greater coordination of common activities.
The idea of an extranet derives from the notion that each business has a value chain and the end-point of one
firm’s chain links to the beginning of another’s.
Internet technology can be used to support communication and data transfer between two value chains.
Communication is confined to the computers linking the two organizations. An organization can have
multiple extranets to link it with many other organizations, but each extranet is specialized to support
partnership coordination.
41
SECURITY AND THE WEB
Security is an essential part of any transaction that takes place over the internet. Customers will lose his/her
faith in e-business if its security is compromised. Following are the essential requirements for safe e-
payments/transactions −
Confidentiality − Information should not be accessible to an unauthorized person. It should not be intercepted
during the transmission.
Integrity − Information should not be altered during its transmission over the network.
Availability − Information should be available wherever and whenever required within a time limit specified.
Authenticity − There should be a mechanism to authenticate a user before giving him/her an access to the
required information.
Non-Repudiability − It is the protection against the denial of order or denial of payment. Once a sender sends a
message, the sender should not be able to deny sending the message. Similarly, the recipient of message should
not be able to deny the receipt.
Encryption − Information should be encrypted and decrypted only by an authorized user.
Auditability − Data should be recorded in such a way that it can be audited for integrity
requirements. MEASURES TO ENSURE SECURITY
Major security measures are following −
Encryption − It is a very effective and practical way to safeguard the data being transmitted over the
network. Sender of the information encrypts the data using a secret code and only the specified receiver can
decrypt the data using the same or a different secret code.
Digital Signature − Digital signature ensures the authenticity of the information. A digital signature is an e-
signature authenticated through encryption and password.
Security Certificates − Security certificate is a unique digital id used to verify the identity of an individual
website or user.
SECURITY PROTOCOLS IN INTERNET
We will discuss here some of the popular protocols used over the internet to ensure secured online transactions.
SECURE SOCKET LAYER (SSL)
It is the most commonly used protocol and is widely used across the industry. It meets following security
requirements −
Authentication
Encryption
Integrity
42
Non-reputability
"https://" is to be used for HTTP urls with SSL, where as "http:/" is to be used for HTTP urls without SSL.
Secure Hypertext Transfer Protocol (SHTTP)
SHTTP extends the HTTP internet protocol with public key encryption, authentication, and digital signature
over the internet. Secure HTTP supports multiple security mechanism, providing security to the end-users.
SHTTP works by negotiating encryption scheme types used between the client and the server.
Secure Electronic Transaction
It is a secure protocol developed by MasterCard and Visa in collaboration. Theoretically, it is the best security
protocol. It has the following components −
Card Holder's Digital Wallet Software − Digital Wallet allows the card holder to make secure purchases
online via point and click interface.
Merchant Software − This software helps merchants to communicate with potential customers and financial
institutions in a secure manner.
Payment Gateway Server Software − Payment gateway provides automatic and standard payment process. It
supports the process for merchant's certificate request.
Certificate Authority Software − This software is used by financial institutions to issue digital certificates to
card holders and merchants, and to enable them to register their account agreements for secure electronic
commerce.
43
UNIT IV
CONSUMER-ORIENTED APLLICATIONS
• The wide range of applications envisioned for the consumer marketplace can be
broadly classified into:
(i) Entertainment
(ii) Financial Services and Information
(iii) Essential Services
(iv) Education and Training
44
• In 1980s were the days of “stone age” technology because of technology choices for accessing services
were limited
• For home banking, greater demands on consumers and expanding need for information, it’s services are often
categorized as basic, intermediate and advanced
(i) Basic services
• These are related to personal finance
• The evolution of ATM machines from live tellers and now to home banking
• The ATM network has with banks and their associations being the routers and the ATM machines being the
heterogeneous computers on the network.
• This interoperable network of ATMs has created an interface between customer and bank that changed the
competitive dynamics of the industry. See in next figure
• Increased ATM usage and decrease in teller transactions
Intermediate Services
• The problem with home banking in 1980 is, it is expensive service that requires a PC, a modem and
special software
• As the equipment becomes less expensive and as bank offers broader services, home banking develop into a
comprehensive package that could even include as insurance entertainment
• Consider the computerized on-line bill-payment system
• It never forgets to record a payment and keeps track of user account number, name, amount and the date
and we used to instruct with payment instructions. See in Fig;
45
iii)Advanced Services
• The goal of advanced series is to offer their on-line customers a complete portfolio of life, home, and auto
insurance along with mutual funds, pension plans, home financing, and other financial products
• The Figure explains the range of services that may well be offered by banks in future
• The servic3es range from on-line shopping to real-time financial information from anywhere in the world
. In short, home banking allows consumers to avoid long lines and gives flexibility.
2. HOME SHOPPING:
• It is already in wide use.
• This enable a customer to do online shopping
46
(i) Television-Based Shopping:
• It is launched in 1977 by the Home Shopping Network (HSN).
• It provides a variety of goods ranging from collectibles, clothing, small electronics, house wares, jewelry,
and computers.
• When HSN started in Florida in 1977, it mainly sold factory overruns and discontinued items
• It works as, the customer uses her remote control at shop different channels with touch of button. At this
time, cable shopping channels are not truly interactive
(ii) Catalog-Based Shopping
• In this the customer identifies the various catalogs that fit certain parameters such as safety, price, and quality
• The on-line catalog business consists of brochures , CD-ROM catalogs, and on-line interactive catalogs
• Currently, we are using the electronic brochures.
3. HOME ENTERTAINMENT:
• It is another application for e-commerce
• Customer can watch movie, play games, on-screen catalogs, such as TV guide.
• In Home entertainment area, customer is the control over programming
4. MICRO TRANSACTIONS OF INFORMATION:
• One change in traditional business forced by the on-line information business is the creation of a
new transaction category called small-fee transactions for micro services
• The customer by giving some information away for free and provide information bundles that cover the
transaction overhead.
• The growth of small-money transfers could foster a boom in other complementary information services
• The complexity is also increased in micro services when an activity named, reverification is entered.
• It means checking on the validity of the transaction after it has been approved
Desirable Characteristics of an Electronic marketplace
• Critical mass of Buyers and sellers: To get critical mass, use electronic mechanisms Opportunity for
independent evaluations and for customer dialogue and discussion: Users not only buy and sell products, they
compare notes on who has the best products and whose prices are outrageous
• Negotiation and bargaining: Buyers and sellers need to able to haggle over conditions of mutual
satisfaction, money, terms & conditions, delivery dates & evaluation criteria
• New products and services: Electronic marketplace is only support full information about new services
• Seamless interface: The trading is having pieces work together so that information can flow seamlessly
• Resource for disgruntled buyers: It provide for resolving disagreements by returning the
product. Opportunity for independent evaluations and for customer dialogue and
47
discussion: Users
48
not only buy and sell products, they compare notes on who has the best products and whose prices are
outrageous
• Negotiation and bargaining: Buyers and sellers need to able to haggle over conditions of mutual
satisfaction, money, terms & conditions, delivery dates & evaluation criteria
• New products and services: Electronic marketplace is only support full information about new services
• Seamless interface: The trading is having pieces work together so that information can flow seamlessly
• Resource for disgruntled buyers: It provide for resolving disagreements by returning the product.
49
1. Pre purchase Determination: this phase includes search and discovery for a set of products in the larger
information space applicable of meeting customers requirements and product selection from the smaller set of
products based on attribute comparision.
2. Purchase Consumption: this phase includes mercantile protocols that specify the flow of information and
documents associated with purchasing and negotation with merchants for suitable terms such as price
availability and delivery dates.
3. Post Purchase interaction: this phase includes customer service and support
to addresses customers complaints, product returns & product defects.
PRE PURCHASE PREPARATION:
From the consumer point of view any major purchase can be assumed to involve some amount of pre
purchase deliberation. Pre purchase deliberation is defined as elapsed time between the consumer’s first
thinking about buying and actual purchase itself.
Information search should constitute the major part of duration but comparison of
alternatives and price negotiations would be included in continuously evolving information search and deliver
process.
To deliberate, consumers have to be watchful for the new or existing information which
50
are essential for purchase decision process. Information on consumer characteristics with reduced purchase
deliberation time can be quite valuable when attempting to target, selective communications to desired audience
properly.
Thus not much attention have been paid to this important research area which may dictate success or
failure of online shopping.
Consumers can be categorized into three types
1. Impulsive buyers
2. Patient buyers
3. Analytical buyers
1. Impulsive buyers: these buyers purchase the product quickly.
2. Patient buyers: who purchase products after making some analysis or comparision.
3. Analytical buyers: who do substantial research before making the decision to purchase product or
services. Marketing researchers have isolated several types of purchasing.
1. Specifically planned purchase: the need was recognized on entering the store
and the shopper brought the exact item planned.
2. Generally planned purchases: the need was recognized, but the shopper decided instore on the actual
manufacture of the item to satisfy the need.
3. reminder purchases: the shopper was reminded of the need by some store
influence. This shopper is influenced by in-store advertisements and can substitute
products readily.
4. Entirely unplanned purchases: the need was not recognized entering the store.
PURCHASE CONSUMPTION:
After identifying the product to be purchased by the buyer and the seller must interact in
some way ( e-mail, on-line) to carry out the mercantile transactions. The mercantile transaction is defined as the
exchange of information between the buyer and seller followed by necessary payment depending upon the
payment model mutually agreed on, they may interact by exchanging currently i.e. backed by the third party
such as the central bank, master card, visa card etc.
A single mercantile model will not be sufficient to meet the needs of everyone. In very
general terms a simple mercantile protocol would require the following transaction where the basic flow
remains the same .
1. Through e-mail, online the buyer contacts the vendors to purchase a product or service. This might be done
online through e-mail (or) through e-catalogue etc.
2. Vendor states the price.
51
3. Buyer and vendor may or may not engage in a transaction.
4. If satisfied buyer authorizes payment to the vendor with an encrypted transaction containing the
digitalsignature.
5. Vendor contacts the billing service of the buyer to verify the encrypted authorization for authentication.
6. Billing service decrypts the authorization and checks the buyer account balance and puts a hole on the
amount transfer.
7. Billing service give the vendor green signal to deliver the product.
8. On notification of adequate funds to cover financial transaction, vendor delivers the goods to buyer or in the
case of information purchase provides a crypto key to unlock the file.
9. on receiving the goods the buyer signs and delivers receipt. Vendors then tell billing service to complete the
transaction.
10. At the end of the billing cycle buyer receives a list of transactions.
The following are the two types of mercantile protocols where the payment is in the form of
electronic cash and credit cards.
1. Mercantile process using digital cash: a bank mints ( prints ) electronic currency or ecash. Such a currency
is simply a series of bits that the issuing bank can be verified to be valid. This currency is kept secured by the
use of cryptographic techniques. After being issued some e-cash a buyer can transfer to a seller in exchange for
goods upon receiving a e-cash the sellers can verify authenticity by sending it to the issuing bank for
verification.
E-cash issuing banks make money by charging either buyer or seller or both. A transaction fee for the
use of their E-cash. E-cash is similar to paper currency and has the benefits of being anonymous ( hidden ) and
easily transmitted electronically. It still entails the risk of theft or loss. However, and so requires significant
security by the buyer when storing e-cash.
2. Mercantile Transaction Using Credit Cards: two major components of credit card transaction in the
mercantile process are
Electronic Authorization
Settlement
In the authorization process in the retail transaction, the 3 rd party processor (tpp) captures the
information at the point of sale and transmit the information to the credit card issue for authorization,
communicated a response to the merchant and electronically stores the information for the settlement and
reporting. Once the information leaves the merchants premises the entire process takes few seconds. The
benefits of electronic processing include a reduction of credit card losses, lower merchant transaction costs,
faster consumer checkout.
52
POST PURCHASE INTERACTION:
As long as there is payment for services there will be references, disputes, other customer service issues
that need to be considered. Returns and claims are an important part of purchasing process that impact the
administrative costs, scrap and transportation expenses and customers relations.
To overcome these problems many companies design their mercantile process for one way i.e., returns
and claims must flow upstream.
The following are the complex customer service challenges that arise in the customized retaining
which have not fully understood or resolved.
1. Inventory Issues: to serve a customer properly a company should inform a customer right
from when an item is ordered to it is sold out, otherwise the company will have a disappointed customer.
2. database Access and Compatibility Issues: unless the customer can instantly access all the
computers of all the direct response vendors likely to advertise on the information super highway on a real time
basis, with compatible software to have an instant access to the merchants inventory and database.
3. Custome r service issues: Customers often have questions about the product such as colour,
size, shipment etc. and other things in mind can resolved only by talking to an order entry
operator.
53
b) Cost Estimation and Pricing:
54
Pricing is the bridge between the customer needs and company capabilities pricing at
the individual order level depends on understanding value to the customer i.e, generated by each order etc.
through order based pricing it is difficult to generate greater profits that are indicated by pricing.
2. PRODUCT SERVICE PURCHASE AND DELIVERY:
a) Order Receipt and entry:After the acceptable price code the customer enters the order receipts and entries
paid in OMC.
b) Orde r selection and prioritization: customer service representatives are responsible for choosing which to
accept and order to decline. Not all customer order created equal, some or better business and some are fit into
the companies capabilities and offers healthy profits. Companies also make gains by the way they handle over
priority i.e, to check which orders to execute faster.
c) Order Scheduling: during this phase prioritized orders get slotted into an actual production or operational
sequence. Production people seek to minimize equipment change over communication between various function
units is most essential in this
phase of OMC.
d) Order fulfillment and delivery: during order fulfillment and delivery the actual provision of product or
service is made. While the details vary from industry to industry in almost in every company this step has
become increasingly complex.
Often order fulfillment involves multiple functions and location. Different parts of any order may be
created in different manufacturing facilities and merged yet another site or order may be manufactured in one
location warehoused in a second and installed in the third. In some businesses fulfillment includes third party
vendor.
In service operations it can mean sending individuals with different talent to the customers site. The
more complicated task the more coordination required across the organization.
e) Order billing and payment : after the order has been fulfilled and delivered billing is typically handled by
the finance staff who view their job as getting the bill out effectively and collecting quickly i.e, the billing
function is designed to serve the needs of the company not the customer service.
POST SALE INTERACTION:
a) Customer service and support: this phase plays an interestingly important role in all Elements of a
company’s profit equation, customer value, price and cost. Depending on the specifications of business it can
include elements such as physical installation of a product, repair and maintenance, customer training,
equipment upgrading and disposal.
55
Thus post sale service can affect customer satisfaction and company profitability of the year. But in
most companies the post sale service people are not linked to any marketing operation, internal product
development effort or quality assurance team.
Web advertisement
Online advertising:
Online Advertising is the art of using the internet as a medium to deliver marketing messages to an identified and
intended audience. It is helpful for attracting website traffic and brand exposure, but first and foremost, online advertising
is designed to persuade the targeted customer to engage in a specific action - like, making a purchase.
There are many different types of online advertising - or internet advertising/web advertising as it is otherwise known - and
it can be difficult to know where to start. To help, we have highlighted some of the most important types of online
advertising for you to consider:
2. Content Marketing
3. Email Marketing
6. Mobile Advertising
Social Media Advertising
Once you have established a clear social media marketing strategy, you can start to consider advertising on social media
platforms. Most social media sites now easily allow advertisers to utilise their reach and promote their products from within
the platform. They also include good analytics tools to assess the success of the investment made. This might include a
promoted tweet or post, a promotion of user-generated content or even an entire campaign that is released across multiple
social channels. , you can start to consider advertising on social media platforms.
Content Marketing
Content Marketing is another great way to get a brand and message in front of the right people. It’s primary focus is to
attract organic traffic to a website by improving a site’s SEO, but once you have the strategy and content in place, you can
56
increase its reach and engagement by paying for the content to feature on relevant websites. Paid advertising can help to
increase the ROI of content marketing - i.e. without promotion, the production costs can often outweigh the potential return.
Email Marketing
Email Marketing should be an integral part of your online communications as it’s an important way to keep in touch with
your existing customers. As such, consideration and investment should certainly be on your radar. Whether you love or
loathe Amazon, they are undoubtedly one of the leaders when it comes to sending targeted email campaigns and we can all
learn a lot from them in this respect. We have gone into the concept of email marketing in more detail on this page.
Search Engine Marketing is designed to increase the visibility of your website on the search engine results pages (SERP) by
paying to appear on search engines, such as Google. It is not to be confused with SEO (search engine optimisation), which
is the art of appearing as high as possible within the search engines without having to pay for it.
Display Advertising
Display advertising is when your advert - usually made up of branded photos, videos, graphics or rich media content - are
placed on third party websites, which when clicked, refer the user back to your own website. It’s important to consider the
journey the user takes when they click on an ad as it would be a waste of time, effort and money to attract web traffic that
doesn’t convert to business because the UX on the landing page hasn’t been properly thought out.
Mobile Advertising
With so many of us spending such a big part of our day using our smartphones, it’s no wonder advertisers are using mobile
advertising to reach their customers. However, this is becoming an increasingly regulated way to market products and
services, so it should be approached with caution.
57
Promotional strategy is a method used by companies to advertise, promote & sell their goods. A company chooses its
promotional strategy based on factors like product type, marketing budget, target audience etc.
Promotion
Promotion is when a business decides which forms of communication it wants to use in their marketing plan. Research is
done that details market research, segmentation, and budget. Large companies might choose to do a national campaign,
especially if the brand is already familiar to the consumer. Smaller businesses, with fewer resources, might use direct selling
until they have a larger budget for advertising.
The first step for the marketer is to develop a marketing communications strategy. The strategy will define the consumer, the
best way to reach them, and what the message should be. This process is called the marketing mix. The process goes through
the following steps
Segmentation
By dividing consumers into segments, the marketer is better able to meet consumer needs, and increase positive response.
During the promotion process, the marketing team will decide which segments to target, and why. Market research will be
able to ascertain all of this information for the team.
2. Targeting
Targeting is the best way to communicate with the chosen segments. The marketer will want to ensure the best possible
customer response. The marketing plan must detail how to target the intended audience, and define any marketing
objectives.
3. Positioning
Positioning is the process of defining an image for the company, or developing the "brand." Positioning is key to this
process, but all aspects of the marketing mix help define the brand. To position a business successfully, the company must
meet or exceed all expectations and look good in the eyes of the consumer.
Positioning will also take competitors into account, and will give the company an opportunity to set itself apart from other
similar products.
The marketer has the segments, the target, and the position; what is next? He needs the message. What does he want to say
to influence his potential customers? The marketer's objectives should be aligned with the marketing strategy, and will fit
into one of the following categories:
1. Inform – Increase awareness of the product and brand, and try to gain an advantage.
The best results come from clear and distinctive promotions, so it is important the marketing works together to formulate a
clear message for the targeted audience. The best message won't work if it doesn't get to the proper audience.
59
UNIT V
ELECTRONIC PAYMENT
SYSTEM
An e-payment system is a way of making transactions or paying for goods and services through an
electronic medium, without the use of checks or cash. It’s also called an electronic payment system or online
payment system.
The electronic payment system has grown increasingly over the last decades due to the growing spread
of internet-based banking and shopping. As the world advances more with technology development, we can see
the rise of electronic payment systems and payment processing devices. As these increase, improve, and
provide ever more secure online payment transactions the percentage of check and cash transactions will
decrease.
Electronic payment methods
One of the most popular payment forms online are credit and debit cards. Besides them, there are also
alternative payment methods, such as bank transfers, electronic wallets, smart cards or bitcoin wallet (bitcoin is
the most popular cryptocurrency).
E-payment methods could be classified into two areas, credit payment systems and cash payment systems.
1. Credit Payment System
Credit Card — A form of the e-payment system which requires the use of the card issued by a financial
institute to the cardholder for making payments online or through an electronic device, without the use of cash.
E-wallet — A form of prepaid account that stores user’s financial data, like debit and credit card information to
make an online transaction easier.
Smart card — A plastic card with a microprocessor that can be loaded with funds to make transactions; also
known as a chip card.
2. Cash Payment System
Direct debit — A financial transaction in which the account holder instructs the bank to collect a specific
amount of money from his account electronically to pay for goods or services.
E-check — A digital version of an old paper check. It’s an electronic transfer of money from a bank account,
usually checking account, without the use of the paper check.
E-cash is a form of an electronic payment system, where a certain amount of money is stored on a client’s
device and made accessible for online transactions.
Stored-value card — A card with a certain amount of money that can be used to perform the transaction in the
issuer store. A typical example of stored-value cards are gift cards.
Pros and cons of using an e-payment system
60
E-payment systems are made to facilitate the acceptance of electronic payments for online transactions. With
the growing popularity of online shopping, e-payment systems became a must for online consumers — to make
shopping and banking more convenient. It comes with many benefits, such as:
Reaching more clients from all over the world, which results in more sales.
More effective and efficient transactions — It’s because transactions are made in seconds (with one-
click), without wasting customer’s time. It comes with speed and simplicity.
Convenience. Customers can pay for items on an e-commerce website at anytime and anywhere. They
just need an internet connected device. As simple as that!
Lower transaction cost and decreased technology costs.
Expenses control for customers, as they can always check their virtual account where they can find the
transaction history.
61
opposed to the credit card where the amounts that the buyer spends are billed to him/her and payments are made
at the end of the billing period.
Smart Card It is a plastic card embedded with a microprocessor that has the customer’s personal
information stored in it and can be loaded with funds to make online transactions and instant payment of bills.
The money that is loaded in the smart card reduces as per the usage by the customer and has to be reloaded
from his/her bank account.
E-Wallet E-Wallet is a prepaid account that allows the customer to store multiple credit cards, debit
card and bank account numbers in a secure environment. This eliminates the need to key in account
information every time while making payments. Once the customer has registered and created E-Wallet profile,
he/she can make payments faster.
Netbanking This is another popular way of making e-commerce payments. It is a simple way of paying
for online purchases directly from the customer’s bank. It uses a similar method to the debit card of paying
money that is already there in the customer’s bank.
Net banking does not require the user to have a card for payment purposes but the user needs to register
with his/her bank for the net banking facility. While completing the purchase the customer just needs to put in
their net banking id and pin.
Mobile Payment One of the latest ways of making online payments are through mobile phones.
Instead of using a credit card or cash, all the customer has to do is send a payment request to his/her service
provider via text message; the customer’s mobile account or credit card is charged for the purchase.
To set up the mobile payment system, the customer just has to download a software from his/her service
provider’s website and then link the credit card or mobile billing information to the software.
Amazon Pay Another convenient, secure and quick way to pay for online purchases is through Amazon
Pay. Use your information which is already stored in your Amazon account credentials to log in and pay at
leading merchant websites and apps. Your payment information is safely stored with Amazon and accessible on
thousands of websites and apps where you love to shop.
62
In this mode of electronic tokens transactions takes place via the exchange of electronic currency (e-cash).
2. Debit or Prepaid:-
In this electronic payment system the prepaid facilities are provided. It means that for transactions of
information user pay in advance. This technology are used in smart card, electronic purses etc.
3. Credit or Postpaid;-
These types of electronic token based on the identity of customers which issue a card, their authentication
and verification by a third party. In this system the server authenticate the customers and then verify their
identity through the bank. After all these processing the transaction take place. Example is E-Cheques.
The Digital Token based system have following issues for which they are established:-
1. Nature of transaction for which instrument is designed:-
In this category, the design issues of token take place. It may be designed to handle micro payments. It may be
designed for conventional products. Some tokens are designed specifically and other generally. The design issue
involve involvement of parties, purchase interaction and average amount.
2. Means of Settlement:- The Digital Tokens are used when their format must be in cash, credit, electronic
bill payments etc. Most transaction settlement methods use credit cards while other used proxies for values.
3. Approach to Security, Anonymity and Authentication:-
Since the electronic token are vary from system to system when the business transaction take place. So it is
necessary to secure it by intruders and hackers. For this purpose various security features are provided
with electronic tokens such as the method of encryption. The encryption method use the digital signatures
of the customers for verification and authentication.
4. Risk Factors:-
The electronic tokens may be worthless and if the customer have currency on token than nobody will accept it,
If the transaction has long time between delivery of products and payments to merchants then merchant
exposes to the risk. so it is important to analysis risk factor in electronic payment system.
E-commerce sites use electronic payment, where electronic payment refers to paperless monetary
transactions. Electronic payment has revolutionized the business processing by reducing the paperwork,
transaction costs, and labor cost. Being user friendly and less time-consuming than manual processing, it helps
business organization to expand its market reach/expansion. Listed below are some of the modes of electronic
payments −
63
Credit Card
Debit Card
Smart Card
E-Money
Electronic Fund Transfer (EFT)
CREDIT CARD
Payment using credit card is one of most common mode of electronic payment. Credit card is small plastic card
with a unique number attached with an account. It has also a magnetic strip embedded in it which is used to
read credit card via card readers. When a customer purchases a product via credit card, credit card issuer bank
pays on behalf of the customer and customer has a certain time period after which he/she can pay the credit card
bill. It is usually credit card monthly payment cycle. Following are the actors in the credit card system.
The card holder − Customer
The merchant − seller of product who can accept credit card payments.
The card issuer bank − card holder's bank
The acquirer bank − the merchant's bank
The card brand − for example , visa or Mastercard.
Credit Card Payment Process
64
SMART CARD
Smart card is again similar to a credit card or a debit card in appearance, but it has a small
microprocessor chip embedded in it. It has the capacity to store a customer’s work-related and/or personal
information. Smart cards are also used to store money and the amount gets deducted after every transaction.
Smart cards can only be accessed using a PIN that every customer is assigned with. Smart cards are
secure, as they store information in encrypted format and are less expensive/provides faster processing. Mondex
and Visa Cash cards are examples of smart cards.
RISK IN ELECTRONIC PAYMENT SYSTEMS
Electronic payments allow you to transfer cash from your own bank account to the bank account of the
recipient almost instantaneously. This payment system relies heavily on the internet and is quite popular due to
the convenience it affords the user. It would be hard to overstate the advantages of electronic payment
systems, but what about the risks? Certainly they exist, both for financial institutions and consumers.
The Risk of Fraud
Electronic payment systems are not immune to the risk of fraud. The system uses a particularly
vulnerable protocol to establish the identity of the person authorizing a payment. Passwords and security
questions aren’t foolproof in determining the identity of a person.
So long as the password and the answers to the security questions are correct, the system doesn’t care
who’s on the other side. If someone gains access to your password or the answers to your security question,
they will have gained access to your money and can steal it from you.
The Risk of Tax Evasion
The law requires that businesses declare their financial transactions and provide paper records of them
so that tax compliance can be verified. The problem with electronic systems is that they don’t fit very cleanly
into this paradigm and so they can make the process of tax collection very frustrating for the Internal
Revenue Service.
It is at the business’s discretion to disclose payments received or made via electronic payment systems
in a fiscal period, and the IRS has no way of knowing if it’s telling the truth or not. That makes it pretty easy
to evade taxation.
The Risk of Payment Conflicts
One of the idiosyncrasies of electronic payment systems is that the payments aren’t handled by humans
but by an automated electronic system. The system is prone to errors, particularly when it has to handle large
amounts of payments on a frequent basis with many recipients involved.
65
It’s important to constantly check your pay slip after every pay period ends in order to ensure
everything makes sense. Failure to do this may result in payment conflicts caused by technical glitches and
anomalies.
66
4. Legal Requirements
Electronic payment system must abide by governmental regulations and the law and guaranty
all necessary proofs (digital signature, contracts,...)to protect users performing
domestic/international transactions.
2. COMPONENTS THAT MAKE E-PAYMENT SYSTEM
1. DATABASE INTEGRATION
An integration database is a database which acts as the data store for multiple applications,
and thus integrates data across these applications (in contrast to an ApplicationDatabase).
An integration database needs a schema that takes all its client applications into account.
Each record should be kept in separate database. Each database must be linked together
to access from anywhere.
2. BROKERS
The role of electronic brokers facilitate financial transactions electronically. The information
superhighway directly connects millions of people, each both a consumer of information and
a potential provider. If their exchanges are to be efficient, yet protected on matters of privacy,
sophisticated mediators are required.
Electronic brokers play this important role by organizing markets that promote the
efficient production and consumption of information.
Electronic brokers will be required to permit even reasonably efficient levels and patterns of
exchanges. Their ability to handle complex, albeit mechanical, transactions, to process
millions of bits of information per second, and to act in a demonstrably even-handed fashion
will be critical as this information market develops.
Electronic brokers can also run pricing systems, charging and crediting slight amounts
to individual accounts as bits careen along the superhighway.
3. STANDARDS
The e-payment standards enable payment users to link with various networks and other
payment systems.
Standards for interoperability which enable users to buy and receive information regardless
of which bank is managing their money.
4. PRICING
o Payment card networks, such as Visa, require merchants' banks to pay substantial
"interchange" fees to cardholders' banks, on a per transaction basis.
67
o Consumers make two distinct decisions (membership and usage) whereas merchants make
only one (membership).
5. PRIVACY
o Protecting the privacy of evaluators and their information is another important policy concern
of e-payment system.
o Contemporary standards of fairness require that many documents, ranging from letters to
the editor to personnel evaluations, be signed, and that one's accuser be identified in court.
o Signed evaluations are less likely to be unfair and, over time, people can identify
trustworthy evaluators.
MOBILE Commerce
Mobile commerce, also known as m-commerce, involves using wireless handheld devices like
cellphones and tablets to conduct commercial transactions online, including the purchase and sale
of products, online banking, and paying bills.
Embracing a consumer-first approach can help you boost your conversion rates and revenue. Not to mention,
users’ experience matters a lot in the E Commerce industry. Providing a better user experience refers to improving
your mobile app so that it becomes easy for users to navigate products and services within the app.
In order to accelerate your sales and generate more revenue, your m-Commerce application should be:
Fast
Convenient
Interactive
Exclusive
Faster Purchases
Nowadays, having a mobile app/progressive web app rather than having a mobile version of your website has
become a necessity. Mobile apps/progressive web apps are 2x faster than mobile websites. For that reason,
investing in the right eCommerce design services is a must. Not only will it enhance the user experience, but it
will result in faster purchases which thereby increases the overall sales of the product.
In traditional marketing, your customer will enter the store, make a purchase, and leave. You will get no idea
about the customer’s preferences and what factors influenced their purchase.
68
But this is not the case with m-Commerce applications. It will give deep insights into the users’ data from the
moment of product discovery to making payment. You will get valuable knowledge about the purchase intention
and the preferences of your targeted audience.
Having a physical store is great, but how will you inform the visitors about the seasonal discount you’re offering
on your items?
m-Commerce applications allow business owners to directly communicate with their targeted audience through
push notifications, email newsletters, or social media.
While ignoring email is common, the same isn’t true for push notifications. Push notifications come with higher
open rates (more than 90%) and it is a perfect channel for letting your customers know about the discounts you’re
offering on your items.
Personalization
With a progressive web app or mobile app, you can reach out to a wider audience easily without running paid ads
on social media and other platforms.
If your app is integrated with social media, your audience will do their part in spreading the word, resulting in cost
reduction. Ads placed within your website can also help you earn additional revenue. Compared to a physical
store, the maintenance, development, and support expenses are lower when it comes to a mobile app. Therefore,
for new business owners, it’s high time to invest in the best eCommerce design services rather than paid
campaigns.
Geolocation
The biggest benefit of using m-Commerce applications is navigating users to the nearest stores in their vicinity via
GPS. This shortens the consumer’s time to find a store and make a purchase.
Geolocation works inside stores as well. For example, IKEA’s app allows customers to navigate to the products
they need easily. It is the newest mobile commerce trend, and most ecommerce businesses include maps and lists
of their products to help customers have the best experience while visiting physical stores.
Conclusion
Mobile commerce trend has become a powerful trend in the eCommerce market and it is predicted to grow even more in the
future. Overlooking this trend may result in missing out on valuable opportunities and low conversion rates.
69
Personalized User Profiles
..
70