E-COMMERCE

UNIT – I

E-COMMERCE –Meaning –Evolution in India- Traditional commerce VS E-Commerce- Factors Driving the
growth of E-commerce- Benefits and limitations- Business models for E-commerce- E-commerce opportunities
in India and challenges.

UNIT- II

Electronic Data Interchange- Benefits- EDI Legal, Security and Privacy issues- EDI software implementation-
Value Added Network- Internal Information Systems- Work flow atomization and Coordination- Customization
and internal commerce.

UNIT – III

Network security and firewalls- Client Server Network Security- Emerging client server security threats-
Firewalls and network security- Data and message security- Encrypted documents and electronic mail-
Hypertext publishing- Technology behind the web- Security and the web.

UNIT – IV

Consumer Oriented Electronic Commerce: Consumer Oriented Applications- Mercantile Process Models-
Mercantile Models from the Consumers Perspective- Mercantile Models from the Merchants Perspective.

Web advertisement: online advertising methods- advertising strategies and promotions.

UNIT – V

Electronic Payment Systems- Types- Digital Token Based Electronic Payment System- Smart Card & Credit
Card Electronic Payment Systems- Risk- Designing Electronic Payment System.Mobile Commerce –Benefits-
Products and services of M-commerce.

REFERENCE BOOKS:
1. Frontiers of Electronic Commerce – Ravi Kalakota & Andrew B.Whinston,Dorling Kindersley (India) Pvt
Ltd,- 2006
2. Electronic commerce - Bharat Bhasker, Tata Mc Graw Hill Publishing Co Ltd,New Delhi-2006
3. Web Commerce Technology Handbook – Daniel Minoli, Emma Minoli, Tata Mc Graw Hill Publishing Co
Ltd, New Delhi-2006 4.
E-Commerce & E-Business - Dr.C.S.Rayudu, Himalaya Publishing House, New Delhi
5. E-Commerce – The Cutting Edge of Business- Kamalesh K Bajaj, Debjani Nag TMH, New Delhi

1
 UNIT I
ECOMMERCE

E-commerce (electronic commerce) is the buying and selling of goods and services, or the transmitting of funds or
data, over an electronic network, primarily the internet. These business transactions occur either as business-to-
business (B2B), business-to-consumer (B2C), consumer-to-consumer or consumer-to-business.

The terms e-commerce and e-business are often used interchangeably. The term e-tail is also sometimes used in
reference to the transactional processes that make up online retail shopping.

Evolution IN India or History:

 The history of Ecommerce seems rather short but its journey started over 40 years ago in hushed science
labs.
 In the 1960s, very early on in the history of ecommerce, its purpose was to exchange long distance
electronic data. in these early days of ecommerce, users consisted of only very large companies, such as
banks and military departments, who used it for command control communication purposes. This was
called edi, and was used for electronic data interchange.
 Originally, electronic commerce was identified as the facilitation of commercial transactions
electronically, using technology such as Electronic Data Interchange (EDI) and Electronic Funds Transfer
(EFT). These were both introduced in the late 1970s, allowing businesses to send commercial documents
like purchase orders or invoices electronically.
 The growth and acceptance of credit cards, automated teller machines (ATM) and telephone banking in
the 1980s were also forms of electronic commerce.
 In 1982 Transmission Control Protocol and Internet Protocol known as TCP & IP was developed. This
was the first system to send information in small packets along different routes using packet switching
technology, like today's Internet! As opposed to sending the information streaming down one route.
 Beginning in the 1990s, electronic commerce would include enterprise resource planning systems (ERP),
data mining and data warehousing.
 In 1995, with the introduction of online payment methods, two companies that we all know of today took
their first steps into the world of Ecommerce. Today Amazon and eBay are both amongst the most
successful companies on the Internet.

2
Traditional Commerce VS E Commerce:

BASIS FOR
TRADITIONAL COMMERCE E-COMMERCE
COMPARISON

TRADITIONAL COMMERCE IS A
E-COMMERCE MEANS
BRANCH OF BUSINESS WHICH
CARRYNG OUT COMMERCIAL
FOCUSES ON THE EXCHANGE OF
TRANSACTIONS OR
MEANING PRODUCTS AND SERVICES, AND
EXCHANGE OF INFORMATION,
INCLUDES ALL THOSE ACTIVITIES
ELECTRONICALLY ON THE
WHICH ENCOURAGES EXCHANGE, IN
INTERNET.
SOME WAY OR THE OTHER.

PROCESSING OF
MANUAL AUTOMATIC
TRANSACTIONS

ACCESSIBILITY LIMITED TIME 24×7×365

GOODS CANNOT BE
PHYSICAL GOODS CAN BE INSPECTED
INSPECTED PHYSICALLY
INSPECTION PHYSICALLY BEFORE PURCHASE.
BEFORE PURCHASE.

CUSTOMER
FACE-TO-FACE SCREEN-TO-FACE
INTERACTION

SCOPE OF
LIMITED TO PARTICULAR AREA. WORLDWIDE REACH
BUSINESS

PROVIDES A UNIFORM
INFORMATION NO UNIFORM PLATFORM FOR
PLATFORM FOR INFORMATION
EXCHANGE EXCHANGE OF INFORMATION.
EXCHANGE.

RESOURCE
SUPPLY SIDE DEMAND SIDE
FOCUS

BUSINESS
LINEAR END-TO-END
RELATIONSHIP

MARKETING ONE WAY MARKETING ONE-TO-ONE MARKETING

CREDIT CARD, FUND

PAYMENT CASH, CHEQUE, CREDIT CARD, ETC.
TRANSFER ETC.

DELIVERY OF
INSTANTLY TAKES TIME
GOODS

3
Factors driving the growth of E- Commerce:

The critical factors that contribute the growth of electronic commerce are:

Growth of Internet:  The Internet has seen a tremendous growth in the past five years making it a potential place for
communicating to many customers both efficiently as well as cost effectively. The process of e marketing by which a
customer over the Internet is reached through electronic mails or other form of adverts in the websites that attract the
attention of the target customers eventually conducting a potential sale. The fact that the Internet can effectively
communicate to a mass segment of people irrespective of age, cast, color or sex makes it a potential tool to promote the
products and services offered by n organization.

Security and Data Protection:  The presence of strict laws enforcing the data protection and privacy of information along
with the legal restrictions and guidance to conduct transactions over the Internet in a secured fashion is the major
accelerating force for the growth of electronic commerce especially by providing the customers with the confidence and
faith of severe action against any fraudulent activities.

Growth in Technology:  The growth of Internet was mainly due to the tremendous growth and innovation in Information
Technology products that enable secure and fast transaction over the Internet. The growth of high-speed communication
systems like Integrated Services Digital Network (ISDN) and security systems like Asynchronous Transfer Mode (ATM)
etc., has immensely contributed for the unrivaled growth of Internet and Internet based business initiatives across the globe.

Convenience Factor:  The customers opt for electronic transactions more due to the convenience associated with the
process of shopping itself thus reducing the snag of commuting to the high street shops and eliminating congestion in busy
places like London. Alongside, the authors further stress that the convenience is not only the physical rest but mainly the
time factor whereby a customer can place the order for a product over the Internet at anytime he/she finds it convenient thus
eliminating the major issue of time keeping and scheduling more important activities effectively.

Innovation in Business and Competition:  The growth of information technology has also opened the doors for innovative
methods like data mining and Customer Relationship Marketing whereby an organization can identify potential customers
and tailor its products based on the customer needs purely by means of the customer information held in their databases has
apparently increased the competition to sky-high levels in every sphere of business across the globe.

Reduced Operating Costs:  The costs involved with the operating of the stores in the high-streets and costs associated with
the labor are greatly reduced by the one-time investment on the electronic commerce technology to deploy a robust and
secure system in their company websites for conducting commercial transactions. 

Benefits and limitations:

 Time-Saver – Consumers can buy or sell the product at any instance of time as its available 24×7.
 Low Cost – E-commerce avoids the expense of maintaining stores or warehouses for the products.
 Wide availability – E-commerce helps the brands and customers’ products to a wide range of people across various
regions and borders. 
 Convenience – All the purchases and sales can be made from the comfort sitting home or working place.
 Information – Customers can find relevant information about the products and services from the comfort of home
or working place.
 Personalized Recommendations – With the help of data analytics e-commerce sites track this information to show
the product desired to your needs.
 Easy Customer Service – Customer service is available with just a click, either phone or chat with a representative
both features are available to fix the issue.
Limitation of E-Commerce:
There are various limitations of e-commerce such as

4
  Increase in competition with emerging new technologies.
 A threat of an increase in cybercrimes.
 Negotiation is not possible on online platforms.
 Creates social differences as technical knowledge is a must for using e-commerce.
 Cost of internet and equipment to access the e-platforms.

Types of E-Commerce/ E-Commerce Market Models:

  Business To Business (B2B)

  Business To Consumer (B2C)

  Consumer To Business (C2B)

  Consumer To Consumer (C2C)

  Business To Government (B2G)

 Business To Business (B2B):- Business to Business or B2B refers to e-commerce activities between businesses. An E-
Commerce company can be dealing with suppliers or distributers or agents. These transactions are usually carried out
through Electronic Data Interchange (EDI). EDI is an automated format of exchanging information between businesses
over private networks.
 For e.g. manufacturers and wholesalers are B2B Companies.
By processing payments electronically, companies are able to lower the number of clerical errors and increase the speed of
processing invoices, which result in lowered transaction fees.
In general, B2Bs require higher security needs than B2Cs.
With the help of B2B E-commerce, companies are able to improve the efficiency of several common business functions,
including supplier management, inventory management and payment management.
Business To Customer (B2C):- Business to Customer or B2C refers to E-Commerce activities that are focused on
consumers rather than on businesses.
For instance, a book retailer would be a B2C company such as Amazon.com. Other examples could also be purchasing
services from an insurance company, conducting on-line banking and employing travel services.
Customer To Business (C2B):-
Customer to Business or C2B refers to E-Commerce activities which use reverse pricing models where the customer
determines the prices of the product or services.
In this case, the focus shifts from selling to buying. There is an increased emphasis on customer empowerment.
In this type of E-Commerce, consumers get a choice of a wide variety of commodities and services, along with the
opportunity to specify the range of prices they can afford or are willing to pay for a particular item, service or commodity.
Customer To Customer (C2C):-
Customer to Customer or C2C refers to E-commerce activities, which use an auction style model. This model consists of a
person-to-person transaction that completely excludes businesses from the equation.
Customers are also a part of the business and C2C enables customers to directly deal with each other.
An example of this is peer auction giant ebay.
Business To Government (B2G):- It is a new trend in E-Commerce. This type of E-Commerce is used by the government
departments to directly reach to the citizens by setting up the websites.
These websites have government policies, rules and regulations related to the respective departments.
Any citizen may interact with these websites to know the various details. This helps the people to know the facts without
going to the respective departments.
This also saves time of the employees as well as the citizens .
E-Commerce opportunities in India and Challenges:
E-commerce has come a big long way since its inception and is only getting bigger. As
technology continues to grow rapidly, e-commerce retailers are adopting newer techniques to
facilitate the sellers and buyers to sell and buy online more efficiently, thanks to ever dropping
rates of internet surfing – both for web and mobile interfaces- which is completely to the soaring
population of internet users.
It has hence become the key force behind driving the trend for
5
Commerce. The rise of social networks and mass adoption of mobile devices is acting as a Catalyst to accelerate
this drives further, shaping the e-commerce trends in the Indian market.

E-commerce is one of the most exciting

spaces for today’s global online community,
and
India’s young startup economy is along
for the ride. In the less than three months
of
2011, Indian venture capitalists have already invested over $50 million in seven e-
commerce companies, a 400 percent increase over the same period just last year, which
reflects the potential of e-commerce industry in India for the upcoming years.
• E-commerce in India has a long, road ahead, and e-commerce infrastructure and best
practices are in their infancy. India’s 7 to 9 percent internet penetration lags far behind
the 30 to 40 percent china and Brazil enjoy, and while India’s estimated 100 million
internet users still comprise the third largest online production, the total Indian e-
commerce market was approximately 3 percent of the U.S market last 7 year

A recent report by internet and mobile association of India reveals that’s e-commerce market is
Growing at an average rate 70 percent annually, and has grown over 500 percent in the past three
years alone.
Challenges in the E-commerce:
In India, cash on delivery is the preferred payment mode: In India, most of the people prefer
to pay cash on delivery due to the lower credit card diffusion and low trust in online transactions.
Not like electronic payments, manual cash collection is quite perilous, expensive and laborious.
Infrastructural problems: Internet is the backbone of e-commerce. Internet penetration in India
is still very low (38.4%) compared to other countries. The quality of connectivity is poor in
several regions. But both these are real threats for the growth e-commerce market in India.
Incorrect postal address: When the customer places an online order, he will get a call from the
company, asking about his exact location. The given address is not enough because there is
always a little standardization while writing post address. It is also one of the biggest challenges
that faced by e-commerce in India.
Privacy and security concerns: In case of start up and small business, business owners fail to
take the initial steps to secure and protect their online business through the installation of
authentic protection services like antivirus and firewall product, which indeed a crucial step for
successful business players. Usage of unauthorized softwares will not protect the customer.
Shopping Challenges: Issues related to lack of supply chain integration, higher delivery charges
for products. Delay in delivery and lack of proper courier services in some areas also make.

~~~~~~~~~~~~~~~ UNIT I COMPLETED ~~~~~~~~~~~~~~

6
 UNIT II
ELECTRONIC DATA INTERCHANGE
EDI stands for Electronic Data Interchange. EDI is an electronic way of transferring business documents in an
organization internally, between its various departments or externally with suppliers, customers, or any
subsidiaries. In EDI, paper documents are replaced with electronic documents such as word documents,
spreadsheets, etc.
EDI Documents
Following are the few important documents used in EDI −
 Invoices
 Purchase orders
 Shipping Requests
 Acknowledgement
 Business Correspondence letters
 Financial information letters
Steps in an EDI System
Following are the steps in an EDI System.

A program generates a file that contains the processed

document. The document is converted into an agreed standard
format.
The file containing the document is sent electronically on the
network. The trading partner receives the file.
An acknowledgement document is generated and sent to the originating organization.
Advantages of an EDI System
Following are the advantages of having an EDI system.
Reduction in data entry errors. − Chances of errors are much less while using a computer for data entry.
Shorter processing life cycle − Orders can be processed as soon as they are entered into the system. It reduces
the processing time of the transfer documents.
Electronic form of data − It is quite easy to transfer or share the data, as it is present in electronic format.
Reduction in paperwork − As a lot of paper documents are replaced with electronic documents, there is a huge
reduction in paperwork.
Cost Effective − As time is saved and orders are processed very effectively, EDI proves to be highly cost
effective.

7
Standard Means of communication − EDI enforces standards on the content of data and its format which
leads to clearer communication.

BENEFITS OF EDI
 Minimal paper usage. EDI reduces associated expenses of storage, printing, postage, mailing
and recycling.
 Enhanced quality of data. EDI minimises data entry errors, improves accounts payable/receivable
times as processes become streamlined and can be used for forecasting.
 Improved turnaround times.
 Cost & time savings, Speed, Accuracy, Security, System Integration, Just-In-Time
 Support.
 Reduced paper-based systems, i.e. record maintenance, space, paper, postage costs
 ecommerce

 Improved problem resolution & customer service

 Expanded customer/supplier base or suppliers with no EDI program lose business

EDI LEGAL
 Liability and contractual information. Amazon, easily the most recognizable face of the e-
commerce industry, has had to navigate the treacherous world of regulation for years. ...
 Data protection and privacy. ...
 Managing fraud and securing electronic transactions.
 To understand the legal framework, let’s take a look on three modes of communication
types: Instantaneous communication, delayed communication via the U.S. Postal
Service (USPS), & delayed communication via non-USPS couriers;
 Instantaneous. If the parties are face to face or use an instantaneous
communication medium such as the telephone
 Delayed (USPS). The “mailbox rule” provides that an acceptance communicated
via USPS mail is effectively when dispatched
 Delayed (non-USPS). Acceptances transmitted via telegram, mailgram, &
electronic messages, are communicated & operable upon receipt.

SECURITY AND PRIVACY ISSUSES

8
  privacy – information exchanged must be kept from unauthorized parties
 integrity – the exchanged information must not be altered or tampered with
 authentication – both sender and recipient must prove their identities to each other and
 non-repudiation – proof is required that the exchanged information was indeed received
Digital Signatures & EDI
 Digital signatures might be time-stamped or digitally notarized to establish dates & times
 If digital signatures are to replace handwritten signatures, they must have the same
legal status as handwritten signatures.
 It provides a means for a third party to verify that notarized object is authentic

EDI & Electronic Commerce

• New types of EDI are traditional EDI & open EDI
Traditional EDI
• It replaces the paper forms with almost strict one-to-one mappings between parts
of a paper form to fields of electronic forms called transaction sets.
• It covers two basic business areas:
1. Trade data Interchange (TDI) encompasses transactions such as purchase orders,
invoice & acknowledgements.
2. Electronic Funds Transfer (EFT) is the automatic transfer of funds among banks
& other organizations
• It is divided into 2 camps: old EDI & new EDI.
• Old EDI is a term created by those working on the next generation of EDI
standards in order to differentiate between the present & the future.
Old EDI
• Automating the exchange of information pertinent to business activity
• It is referred as the current EDI-standardization process where it allows every
company to choose its own, unique, proprietary version
New EDI
• It is refocusing of the standardization process.
• In this, the structure of the interchanges is determined by the programmer who writes
a program.
• It removes long standardization process.
Open EDI

9
• It is a business procedure that enables e-commerce to occur between organizations
where the interaction is of short duration.
• It is process of doing EDI without the upfront trading partner agreement that
is currently signed by the trading partners.
• The goal is to sustain ad hoc business or short-term trading relationships using
simpler legal codes.
• It is a law of contract within the context of e-commerce where transactions
are not repeated over long period of time.
Standardization & EDI
Standards translation
• Specifies business form structure so that information can be exchanged
• Two competing standards
– American National Standards Institute (ANSI) X12
– EDIFACT developed by UN/ECE, Working Party for the Facilitation
of International Trade Procedures
Structure of EDI transactions
– Transaction set is equivalent to a business document, such as a purchase order
– Data Segments are logical groups of data elements that
together convey information
– Data elements are individual fields, such as purchase order no.
Comparison of EDIFACT & X.12 Standards
• These are comprised of strings of data elements called segments.
• A transaction set is a set of segments ordered as specified by the standard.
• ANSI standards require each element to have a very specific name, such as order
date or invoice date.
EDI SOFTWARE IMPLEMENTATION
EDI software has 4 layers:
1. Business application
2. Internal format conversion.
3. EDI Translator.
4. EDI envelope for document messaging
• These 4 layers package the information & send it over the value-added network to
the target business, which then reverses the process to obtain the original

10
information

11
EDI Business Application Layer
1. It creates a document, an invoice.
2. Sends to EDI translator, reformats the invoice into an EDI standard.
3. If there are on the same type of computer, the data move
faster. Ecommerce

EDI Envelope for Message

Transport The X.400 & X.435
Envelopes
• The X.400 standard was meant to the universal answer to e-mail interconnectivity
• It promises much & to date, delivers little.
• The work on X.400 began in1980
• It is the open standard for mail interchange
• The standard exists in 3 versions: 1984, 1988, & 1992.
EDI Software Implementation
• The X.435 inserts a special field in an X.400 envelope to identify an EDI message
• It includes data encryption; integrity; notification of message delivery & non delivery;
& Non repudiation of delivery.
• It is secure, reliable way to send EDI & accompanying files within the same message.
• Purchase orders, invoices, drawings, e-mail- all could be sent with end-toend acknowledgment of message
receipt.

VALUE-ADDED NETWORKS (VANS)

12
• A VAN is a communication network that typically exchanges EDI messages

13
among trading partners.
• It provides services, including holding messages in “electronic mailboxes”,
interfacing with other VANs
• Disadvantage is EDI-enabling VANs is that they are slow & high-priced, charging by
the no. of characters transmitted.

Internet-Based EDI
Several factors make internet useful for EDI:
• Flat-pricing that is not dependent on the amount of information transferred
• Cheap access with low cost of connection- often a flat monthly fee for leased line
0r dial- up access
• Common mail standards & proven networking & interoperable systems
• Security--public-key encryption techniques are being incorporated in various
electronic mail systems.

INTERNAL INFORMATION SYSTEMS

The computer age introduced a new element to businesses, universities, and a multitude of other
organizations: a set of components called the information system, which deals with collecting and organizing
data and information. An information system is described as having five components.
Computer hardware
This is the physical technology that works with information. Hardware can be as small as a smartphone
that fits in a pocket or as large as a supercomputer that fills a building. Hardware also includes the peripheral
devices that work with computers, such as keyboards, external disk drives, and routers. With the rise of the
14
Internet of things, in which anything from home appliances to cars to clothes will be able to receive and
transmit data, sensors that interact with computers are permeating the human environment.
Computer software
The hardware needs to know what to do, and that is the role of software. Software can be divided into
two types: system software and application software.
The primary piece of system software is the operating system, such as Windows or iOS, which manages
the hardware’s operation. Application software is designed for specific tasks, such as handling a spreadsheet,
creating a document, or designing a Web page.
Telecommunications
This component connects the hardware together to form a network. Connections can be through wires,
such as Ethernet cables or fibre optics, or wireless, such as through Wi-Fi.
A network can be designed to tie together computers in a specific area, such as an office or a school,
through a local area network (LAN). If computers are more dispersed, the network is called a wide area network
(WAN). The Internet itself can be considered a network of networks.
Databases and data warehouses
This component is where the “material” that the other components work with resides. A database is a
place where data is collected and from which it can be retrieved by querying it using one or more specific
criteria.
A data warehouse contains all of the data in whatever form that an organization needs. Databases and
data warehouses have assumed even greater importance in information systems with the emergence of “big
data,” a term for the truly massive amounts of data that can be collected and analyzed.
Human resources and procedures
The final, and possibly most important, component of information systems is the human element: the
people that are needed to run the system and the procedures they follow so that the knowledge in the huge
databases and data warehouses can be turned into learning that can interpret what has happened in the past and
guide future action.

WORKFLOW AUTOMIZATION AND COORDINATION

Workflow Automation Coordination
In last decade, a vision of speeding up or automating routine business tasks has come to be known
as “work-flow automation.
This vision has its root in the invention of the assembly line and the application of Taylor's scientific
management principles.

15
 Today, a similar trend is emerging in the automation of knowledge-based business processes called
work-flow automation
The goal of work-flow automation is to offer more timely, cost-effective,and integrated ways to make
decisions.
Typically, work-flows are decomposed into steps or tasks, which are task oriented. Work-flows can be
simple or complex.
Simple work-flows typically involve one or two steps or tasks. Another way of looking at work-flow is
to determine the amount of cross-functional activity.In other words, companies must adopt an integrated
process view of all the business elements.
Organizational integration is extremely complex and typically involves three steps
Improving existing processes by utilizing technology where appropriate.
 Integrate across the business function offer identifying the information needs for each process.
 Integrating business functions, application program interface, and database across departments
and groups.
 Complex work-flows involve several other work-flows, some of which Executes simultaneously.
Work-Flow Coordination:
The key element of market-driven business is the coordination of tasks and other resources throughout
the company to create value for customer. To this end, effective companies have developed horizontal
structures around small multifunctional teams that can move more quickly and easily than businesses that use
the traditional function-by-function, sequential approach.
Some of the simplest work-flow coordination tools are electronic forms routing applications such as
lotus notes. As the number of parties in the work flow increases, good coordination becomes crucial.
Work-flow related technologies:
Technology must be the “engine” for driving the initiatives to streamline and transform business
interactions. Large organizations are realizing that they have a middle-management offer all the drawn sizing
and reorganization of fast few years.
Pressures for more comprehensive work-flow systems are building rapidly. Work-flow system are
limited to factory like work process.
Middleware is maturing:
By this users or third-party providers need to learn how to develop work-flow applications within
middleware environment.
Organizational memory is becoming practical:

16
 The new tools for memory becoming advancing towards what can be called the “corporate digital
library”.

CUSTOMIZATION AND INTERNAL COMMERCE

Technology is transforming consumer choices, which in turn transform the dynamics of the marketplace
and organizations themselves. Technology embodies adaptability, programmability, flexibility, and other
qualities so essential for customization.
Customization is explained as:

Mass customization, in marketing, manufacturing, and management, is the use of flexible computer-
aided manufacturing systems to produce custom output. Those systems combine the low unit costs of mass
production processes with the flexibility of individual customization"Mass Customization" is the new frontier in
business competition for both manufacturing and service industries.
Implementation:
Many implementations of mass customization are operational today, such as software- based product
configurations which make it possible to add and/or change functionalities of a core product or to build fully
custom enclosures from scratch. Companies which have succeeded with mass-customization business models
tend to supply purely electronic products. However, these are not true "mass customizers" in the original sense,
since they do not offer an alternative to mass production of material goods.
Four types of mass customization:
Collaborative customization - Firms talk to individual customers to determine the precise product
offering that best serves the customer's needs.
Adaptive customization - Firms produce a standardized product, but this product is customizable in the
hands of the end-user.

17
 Transparent customization - Firms provide individual customers with unique products, without
explicitly telling them that the products are customized.
Cosmetic customization - Firms produce a standardized physical product, but market it to different
customers in unique ways.
Most of the written materials and thinking about customization has neglected technology. It has been
about management and design of work processes.
Today technology is so pervasive that it is virtually impossible to make clear distributions among
management, design of work, and technology in almost all forms of business and industry.
Technology has moved into products, the workplace, and the market with astonishing speed and
thoroughness.
Mass customization, not mass production. Today the walls that separated functions in manufacturing
and service industries alike are beginning to fall like dominoes. Customization need not be used only in the
production of cars, planes, and other traditional products.

~~~~~~~~~~~~~~~ UNIT II COMPLETED ~~~~~~~~~~~~~~

18
 UNIT III
NETWORK SECURITY AND
FIREWALLS FIREWALLS

Almost every medium and large-scale organization has a presence on the Internet and has an organizational
network connected to it. Network partitioning at the boundary between the outside Internet and the internal
network is essential for network security. Sometimes the inside network (intranet) is referred to as the “trusted”
side and the external Internet as the “un-trusted” side.

Types of Firewall

Firewall is a network device that isolates organization’s internal network from larger outside network/Internet.
It can be a hardware, software, or combined system that prevents unauthorized access to or from internal
network.

All data packets entering or leaving the internal network pass through the firewall, which examines each
packet and blocks those that do not meet the specified security criteria.

Deploying firewall at network boundary is like aggregating the security at a single point. It is analogous to
locking an apartment at the entrance and not necessarily at each door.

Firewall is considered as an essential element to achieve network security for the following reasons −

 Internal network and hosts are unlikely to be properly secured.

 Internet is a dangerous place with criminals, users from competing companies, disgruntled ex-
employees, spies from unfriendly countries, vandals, etc.

 To prevent an attacker from launching denial of service attacks on network resource.

 To prevent illegal modification/access to internal data by an outsider attacker.

Firewall is categorized into three basic types −

19
  Packet filter (Stateless & Stateful)

 Application-level gateway

 Circuit-level gateway

These three categories, however, are not mutually exclusive. Modern firewalls have a mix of abilities that may
place them in more than one of the three categories.

Stateless & Stateful Packet Filtering Firewall

In this type of firewall deployment, the internal network is connected to the external network/Internet via a
router firewall. The firewall inspects and filters data packet-by-packet.

Packet-filtering firewalls allow or block the packets mostly based on criteria such as source and/or
destination IP addresses, protocol, source and/or destination port numbers, and various other parameters within
the IP header.

The decision can be based on factors other than IP header fields such as ICMP message type, TCP SYN and
ACK bits, etc.

Packet filter rule has two parts −

 Selection criteria − It is a used as a condition and pattern matching for decision making.

 Action field − This part specifies action to be taken if an IP packet meets the selection criteria. The
action could be either block (deny) or permit (allow) the packet across the firewall.

Packet filtering is generally accomplished by configuring Access Control Lists (ACL) on routers or switches.
ACL is a table of packet filter rules.

As traffic enters or exits an interface, firewall applies ACLs from top to bottom to each incoming packet, finds
matching criteria and either permits or denies the individual packets.
20
Stateless firewall is a kind of a rigid tool. It looks at packet and allows it if its meets the criteria even if it is
not part of any established ongoing communication.

Hence, such firewalls are replaced by stateful firewalls in modern networks. This type of firewalls offer a
more in-depth inspection method over the only ACL based packet inspection methods of stateless firewalls.

Stateful firewall monitors the connection setup and teardown process to keep a check on connections at the
TCP/IP level. This allows them to keep track of connections state and determine which hosts have open,
authorized connections at any given point in time.

They reference the rule base only when a new connection is requested. Packets belonging to existing
connections are compared to the firewall's state table of open connections, and decision to allow or block is
taken. This process saves time and provides added security as well. No packet is allowed to trespass the
firewall unless it belongs to already established connection. It can timeout inactive connections at firewall after
which it no longer admit packets for that connection.

Application Gateways

An application-level gateway acts as a relay node for the application-level traffic. They intercept incoming and
outgoing packets, run proxies that copy and forward information across the gateway, and function as a proxy
server, preventing any direct connection between a trusted server or client and an untrusted host.

The proxies are application specific. They can filter packets at the application layer of the OSI model.

Application-specific Proxies

21
An application-specific proxy accepts packets generated by only specified application for which they are
designed to copy, forward, and filter. For example, only a Telnet proxy can copy, forward, and filter Telnet
traffic.

If a network relies only on an application-level gateway, incoming and outgoing packets cannot access services
that have no proxies configured. For example, if a gateway runs FTP and Telnet proxies, only packets
generated by these services can pass through the firewall. All other services are blocked.

Application-level Filtering

An application-level proxy gateway, examines and filters individual packets, rather than simply copying them
and blindly forwarding them across the gateway. Application-specific proxies check each packet that passes
through the gateway, verifying the contents of the packet up through the application layer. These proxies can
filter particular kinds of commands or information in the application protocols.

Application gateways can restrict specific actions from being performed. For example, the gateway could be
configured to prevent users from performing the ‘FTP put’ command. This can prevent modification of the
information stored on the server by an attacker.

Transparent

Although application-level gateways can be transparent, many implementations require user authentication
before users can access an untrusted network, a process that reduces true transparency. Authentication may be
different if the user is from the internal network or from the Internet. For an internal network, a simple list of
IP addresses can be allowed to connect to external applications. But from the Internet side a strong
authentication should be implemented.

22
An application gateway actually relays TCP segments between the two TCP connections in the two directions
(Client ↔ Proxy ↔ Server).

For outbound packets, the gateway may replace the source IP address by its own IP address. The process is
referred to as Network Address Translation (NAT). It ensures that internal IP addresses are not exposed to the
Internet.

Circuit-Level Gateway

The circuit-level gateway is an intermediate solution between the packet filter and the application gateway. It
runs at the transport layer and hence can act as proxy for any application.

Similar to an application gateway, the circuit-level gateway also does not permit an end-to-end TCP
connection across the gateway. It sets up two TCP connections and relays the TCP segments from one network
to the other. But, it does not examine the application data like application gateway. Hence, sometime it is
called as ‘Pipe Proxy’.

SOCKS

SOCKS (RFC 1928) refers to a circuit-level gateway. It is a networking proxy mechanism that enables hosts
on one side of a SOCKS server to gain full access to hosts on the other side without requiring direct IP
reachability. The client connects to the SOCKS server at the firewall. Then the client enters a negotiation for
the authentication method to be used, and authenticates with the chosen method.

The client sends a connection relay request to the SOCKS server, containing the desired destination IP address
and transport port. The server accepts the request after checking that the client meets the basic filtering criteria.
Then, on behalf of the client, the gateway opens a connection to the requested untrusted host and then closely
monitors the TCP handshaking that follows.

The SOCKS server informs the client, and in case of success, starts relaying the data between the two
connections. Circuit level gateways are used when the organization trusts the internal users, and does not want
to inspect the contents or application data sent on the Internet.

Firewall Deployment with DMZ

A firewall is a mechanism used to control network traffic ‘into’ and ‘out’ of an organizational internal network.
In most cases these systems have two network interfaces, one for the external network such as the Internet and
the other for the internal side.
23
The firewall process can tightly control what is allowed to traverse from one side to the other. An organization
that wishes to provide external access to its web server can restrict all traffic arriving at firewall expect for port
80 (the standard http port). All other traffic such as mail traffic, FTP, SNMP, etc., is not allowed across the
firewall into the internal network. An example of a simple firewall is shown in the following diagram.

In the above simple deployment, though all other accesses from outside are blocked, it is possible for an
attacker to contact not only a web server but any other host on internal network that has left port 80 open by
accident or otherwise.

Hence, the problem most organizations face is how to enable legitimate access to public services such as web,
FTP, and e-mail while maintaining tight security of the internal network. The typical approach is deploying
firewalls to provide a Demilitarized Zone (DMZ) in the network.

In this setup (illustrated in following diagram), two firewalls are deployed; one between the external network
and the DMZ, and another between the DMZ and the internal network. All public servers are placed in the
DMZ.

With this setup, it is possible to have firewall rules which allow public access to the public servers but the
interior firewall can restrict all incoming connections. By having the DMZ, the public servers are provided
with adequate protection instead of placing them directly on external network.

24
Intrusion Detection / Prevention System

The packet filtering firewalls operate based on rules involving TCP/UDP/IP headers only. They do not attempt
to establish correlation checks among different sessions.

Intrusion Detection/Prevention System (IDS/IPS) carry out Deep Packet Inspection (DPI) by looking at the
packet contents. For example, checking character strings in packet against database of known virus, attack
strings.

Application gateways do look at the packet contents but only for specific applications. They do not look for
suspicious data in the packet. IDS/IPS looks for suspicious data contained in packets and tries to examine
correlation among multiple packets to identify any attacks such as port scanning, network mapping, and denial
of service and so on.

Difference between IDS and IPS

IDS and IPS are similar in detection of anomalies in the network. IDS is a ‘visibility’ tool whereas IPS is
considered as a ‘control’ tool.

Intrusion Detection Systems sit off to the side of the network, monitoring traffic at many different points, and
provide visibility into the security state of the network. In case of reporting of anomaly by IDS, the corrective
actions are initiated by the network administrator or other device on the network.

Intrusion Prevention System are like firewall and they sit in-line between two networks and control the traffic
going through them. It enforces a specified policy on detection of anomaly in the network traffic. Generally, it
drops all packets and blocks the entire network traffic on noticing an anomaly till such time an anomaly is
addressed by the administrator.

Types of IDS
There are two basic types of IDS.
25
  Signature-based IDS
o It needs a database of known attacks with their signatures.
o Signature is defined by types and order of packets characterizing a particular attack.
o Limitation of this type of IDS is that only known attacks can be detected. This IDS can also
throw up a false alarm. False alarm can occur when a normal packet stream matches the
signature of an attack.
o Well-known public open-source IDS example is “Snort” IDS.
 Anomaly-based IDS
o This type of IDS creates a traffic pattern of normal network operation.
o During IDS mode, it looks at traffic patterns that are statistically unusual. For example, ICMP
unusual load, exponential growth in port scans, etc.
o Detection of any unusual traffic pattern generates the alarm.
o The major challenge faced in this type of IDS deployment is the difficulty in distinguishing
between normal traffic and unusual traffic.
NETWORK SECURITY

Information and efficient communication are two of the most important strategic issues for the success of
every business. With the advent of electronic means of communication and storage, more and more businesses
have shifted to using data networks to communicate, store information, and to obtain resources. There are
different types and levels of network infrastructures that are used for running the business.

It can be stated that in the modern world nothing had a larger impact on businesses than the networked
computers. But networking brings with it security threats which, if mitigated, allow the benefits of networking
to outweigh the risks.

Role of Network in Business

Nowadays, computer networks are viewed as a resource by almost all businesses. This resource enables them
to gather, analyze, organize, and disseminate information that is essential to their profitability. Most businesses
have installed networks to remain competitive.

The most obvious role of computer networking is that organizations can store virtually any kind of information
at a central location and retrieve it at the desired place through the network.

Benefits of Networks

26
Computer networking enables people to share information and ideas easily, so they can work more efficiently
and productively. Networks improve activities such as purchasing, selling, and customer service. Networking
makes traditional business processes more efficient, more manageable, and less expensive.

The major benefits a business draws from computer networks are −

 Resource sharing − A business can reduce the amount of money spent on hardware by sharing
components and peripherals connected to the network.
 Streamlined business processes − Computer networks enable businesses to streamline their internal
business processes.
 Collaboration among departments − When two or more departments of business connect selected
portions of their networks, they can streamline business processes that normally take inordinate
amounts of time and effort and often pose difficulties for achieving higher productivity.
 Improved Customer Relations − Networks provide customers with many benefits such as convenience
in doing business, speedy service response, and so on.
There are many other business specific benefits that accrue from networking. Such benefits have made it
essential for all types of businesses to adopt computer networking.
Necessity for Network Security

The threats on wired or wireless networks has significantly increased due to advancement in modern
technology with growing capacity of computer networks. The overwhelming use of Internet in today’s world
for various business transactions has posed challenges of information theft and other attacks on business
intellectual assets.

In the present era, most of the businesses are conducted via network application, and hence, all networks are at
a risk of being attacked. Most common security threats to business network are data interception and theft, and
identity theft.

Network security is a specialized field that deals with thwarting such threats and providing the protection of
the usability, reliability, integrity, and safety of computer networking infrastructure of a business.

Importance of Network Security for Business

 Protecting Business Assets − This is the primary goal of network security. Assets mean the
information that is stored in the computer networks. Information is as crucial and valuable as any other
tangible assets of the company. Network security is concerned with the integrity, protection, and safe
access of confidential information.

27
  Compliance with Regulatory Requirements − Network security measures help businesses to comply
with government and industry specific regulations about information security.
 Secure Collaborative Working − Network security encourages co-worker collaboration and facilitates
communication with clients and suppliers by offering them secure network access. It boosts client and
consumer confidence that their sensitive information is protected.
 Reduced Risk − Adoption of network security reduces the impact of security breaches, including legal
action that can bankrupt small businesses.
 Gaining Competitive Advantage − Developing an effective security system for networks give a
competitive edge to an organization. In the arena of Internet financial services and e-commerce,
network security assumes prime importance.

CLIENT SERVER NETWORK SECURITY

A Computer networking model where one or more powerful computers (servers) provide the different
computer network services and all other user'of computer network (clients) access those services to perform
user's tasks is known as client/server computer networking model.
• In such networks, there exists a central controller called server. A server is a specialized computer
that controls the network resources and provides services to other computers in the network.
• All other computers in the network are called clients. A client computer receives the requested services from
a server.
• A server performs all the major operations like security and network management.
• All the clients communicate with each other via centralized server
• If client 1 wants to send data to client 2, it first sends request to server to seek permission for it. The
server then sends a signal to client 1 allowing it to initiate the communication.
• A server is also responsible for managing all the network resources such as files, directories, applications
& shared devices like printer etc.
• If any of the clients wants to access these services, it first seeks permission from the server by sending
a request.
• Most Local Area Networks are based on client server relationship.
Client-server networking became popular in the late 1980s and early 1990s as many applications were
migrated from centralized minicomputers and mainframes to computer networks of persona computers.
Client Server Relationship
The design of applications for a distributed computing environment required that they effetely be
divided into two parts: client (front end) and server (back end).

28
 The network model on which they were implemented mirrored this client-server model with a user's PC
(the client) typically acting as the requesting machine and a more powerful server machine to which it was
connected via either a LAN or a WAN acting as the supplying machine.
It requires special networking operating system. It provides user level security and it is more expensive.
Advantages of Client Server Networks
1. Centralized back up is possible.
2. Use of dedicated server improves the performance of whole system.
3. Security is better in these networks as all the shared resources are centrally administered.
4. Use of dedicated servers also increases the speed of sharing resources.
Disadvantages of Client Server Networks
1. It requires specialized servers with large memory and secondary storage. This leads to increase in the cost.
2. The cost of network operating system that manages the various clients is also high.
3. It requires dedicated network administrator.
Security is an essential part of any transaction that takes place over the internet. Customers will lose
his/her faith in e-business if its security is compromised. Following are the essential requirements for safe e-
payments/transactions −

Confidentiality − Information should not be accessible to an unauthorized person. It should not be intercepted
during the transmission.
Integrity − Information should not be altered during its transmission over the network.
Availability − Information should be available wherever and whenever required within a time limit specified.
Authenticity − There should be a mechanism to authenticate a user before giving him/her an access to the
required information.
Non-Repudiability − It is the protection against the denial of order or denial of payment. Once a sender sends a
message, the sender should not be able to deny sending the message. Similarly, the recipient of message should
not be able to deny the receipt.
Encryption − Information should be encrypted and decrypted only by an authorized user.
Auditability − Data should be recorded in such a way that it can be audited for integrity requirements.

EMERGING CLIENT SERVER SECURITY THREATS

 Malicious data or code in the form of Trojan Horses, Viruses, Worms and Deviant.
 Eavesdropping without proper authorization.

29
  Denial of services and alteration in the data packets received.
 Hackers use these tools to interrupt the activities of an e-commerce website.
 They can capture user details including password or make the site unavailable for an undefined period
of time.
 Client threats mainly includetrojan horses, malicious codes and data.
 There could be worms in the servers as well that can replicate a programme without requiring a host
for it.
 Server threats include unauthorized eavesdropping that can lead to unwanted people getting
hold of secret and important information.
 Denial of services and the modification of the incoming data packets are also some of the
leading threats.
DATA AND MESSAGE SECURITY
E data and message security ensured in e-business via:
Encryption: This technology deploys a public key and a private key infrastructure to ensure security. The
public key can be distributed but the private key remains only with the user and the service provider. So,
it works just like the username and password system of your e-mail account.
Digital signatures: This technology requires a recipient’s password to decode the encrypted data. The sender’s
authentication gets confirmed through a digital certificate, issued by credible authorities such as Verisign and
Thawte.
Secure socket layers (SSL): This process involves both public key and digital certificate technologies to ensure
privacy and authentication. To initiate the process, a client asks for authentication from the server, which is
done through a digital certificate. Then, both the client and server design session keys for data transfer. The
session will expire following any modification or prolonged period of inactivity.
Firewalls: This includes both software and hardware that protects the network against hackers and viruses.
Installing premium quality anti-virus programs and spyware helps to fortify e-commerce protection from
malicious threats.
Access control: Restricting user access to information on the site is an effective way to control the site’s
security. Researches show that most e-commerce malfunctions occur due to users’ ignorance.
data security is important and it is essential for any transaction that is carried. While doing a transaction,
the basic requirements needs for a secured transaction are Encryption, Authenticity, Availability, Integrity,
Confidentiality, Non- Repudiability.
The measures that can be taken for security purposes are Security Certificates, digital signature and
encryption.

30
 Message security is the kind of security which provides the safety of companies. This type of security
includes IP address to find the malware and email intrusion etc.

ENCRYPTED DOCUMENTS AND ELECTRONIC MAIL

Email Security
Authenticity
Many people assume that the name given as the sender of an email message identifies who actually sent
it. In fact, this depends on the honesty of the sender and the flexibility of their mail package.
For example, the Netscape Navigator mail function allows people to enter their own description of who
they are, and what their email address is. While this will not allow them to receive mail that is not properly
addressed to them, they can still send mail.
Integrity
When you send a message via email, there is no guarantee that it will be received, or that what is
received is exactly what you sent. You have no way of knowing that your message was not read or forwarded
by third parties. This is due to the passing of messages from machine to machine, between your email server
and that of the intended recipient.
At any point along the way, the mail server could lose the message, or the staff supporting the server
could read and/or alter it. This is obvious if you consider that a mail message is only a file that gets passed from
person to person along a delivery chain. Any person in the chain can drop the whole file in the garbage, or copy,
add, delete, or replace documents in it. The next person in the chain doesn't know it's coming, what's in it, or
how big it should be. These people don't work for the same company, and quite possibly aren’t even on the
same continent.
Reliability
As a sender, you have no way of knowing when a message was delivered. It could have been delayed
due to system problems at an intermediate link in the delivery chain. Also, there is no standard way of
requesting a receipt when the message is read. If you request a return receipt, and the receiver’s mail system
does not recognize that function, it will not send you an email note confirming delivery.
Because of the wide-spread nature of these problems, a number of competing solutions are being
developed that address the authentication and integrity issues. The general consensus is to use some form of
public-key cryptography, so that messages can be decrypted only by the intended recipient, are unalterable, and
can be verified as coming from the sender.
Pretty Good Privacy, PGP, and Privacy-Enhanced Mail, PEM, are both “systems” that provide secrecy
and non-repudiation of data that is sent over the Internet, mostly by email (figure 1).

31
Pretty Good Privacy (PGP)
Pretty Good Privacy (PGP) is a popular program used to encrypt and decrypt email over the Internet. It
can also be used to send an encrypted digital signature that lets the receiver verify the sender's identity and
know that the message was not changed en route. Available both as freeware and in a low-cost commercial
version, PGP is the most widely used privacy-ensuring program by individuals and is also used by many
corporations. Developed by Philip R. Zimmermann in 1991, PGP has become a de facto standard for e-mail
security. PGP can also be used to encrypt files being stored so that they are unreadable by other users or
intruders.
PGP can be used basically for 4 things:
 Encrypting a message or file so that only the recipient can decrypt and read it. The sender, by
digitally signing with PGP, can also guarantee to the recipient, that the message or file must have
come from the sender and not an impostor.
 Clear signing a plain text message guarantees that it can only have come from the sender and not
an impostor.
 Encrypting computer files so that they can't be decrypted by anyone other than the person who
encrypted them.
 Really deleting files (i.e. overwriting the content so that it can't be recovered and read by anyone
else) rather than just removing the file name from a directory/folder.
Privacy-Enhanced Mail (PEM)
Privacy-Enhanced Mail (PEM) is an Internet standard that provides for secure exchange of electronic
mail. PEM employs a range of cryptographic techniques to allow for confidentiality, sender authentication, and
message integrity.
The message integrity aspects allow the user to ensure that a message hasn't been modified during
transport from the sender. The sender authentication allows a user to verify that the PEM message that they
have received is truly from the person who claims to have sent it. The confidentiality feature allows a message
to be kept secret from people to whom the message was not addressed.
Originator Authentication
32
 In RFC 1422 an authentication scheme for PEM is defined. It uses a hierarchical authentication
framework compatible X.509, ``The Directory --- Authentication Framework.''
Central to the PEM authentication framework are certificates, which contain items such as the digital
signature algorithm used to sign the certificate, the subject's Distinguished Name, the certificate issuer's
Distinguished name, a validity period, indicating the starting and ending dates the certificate should be
considered valid, the subject's public key along with the accompanying algorithm. This hierarchical
authentication framework has four entities.

HYPERTEXT PUBLISHING
Web provides a functionality necessary for e-commerce. The web has become an umbrella for wide
range of concepts and technology that differ markedly in purpose and scope which include hypertext publishing
concept, the universalreader concept and the client server concept.
Hypertext publishing promotes the idea of seamless information world in which all
online information can be accessed and retrieved. In a constant and simple way hypertext
publishing is a primary application of web interest in hypermedia. On the internet ( called
distributed or global hypermedia).
As accelerated shortly following the success of web media and browser. This success has been aided by
more powerful work station high resolution graphic display faster network communication and decreased cost
for large online service.
Hypertext Vs hypermedia:
Hype rtext
Hypertext is an approach information management in which data are shared in the network of document
connect by links (this link represents relationship between nodes.

Hypermedia
A hypermedia system is made up of nodes (documents) and links (pointers). A node generally
represents a simple concept and idea. Nodes can contain texts, graphics, audio, video images etc. nodes are
connected to other nodes by links. The movement between nodes is made by activating links which connect
related concept or nodes links can be bidirectional.
Hypertext is a simple context based on the association of nodes through links. A node from which a link
is originated is called the reference or the anchor link and a node at which a link ends is called referent. The
movement between the links is made possible by activating links. The promise of hypertext lies in the ability to
produce large complex richly connected and

33
crossed reference bodies of information.
Benefits of Hypermedia:
1. hypermedia documents are much more flexible than conventional documents.
2. hypermedia documents offer video sequences animation and even compute programs.
3. its power and appeal increases when it is implemented in computing environments that
include network , micro computers , work stations, high resolution displays and large
online storage.
4. it provides dynamic organization.
5. hypermedia systems provides non-linear innovative way of accessing and restricting
network documents.
Technology behind the web:
Information providers ( publishers ) run programs called servers from which the browsers can obtain
information. These programs can either be web servers that understand the hypertext transfer protocol (
HTTP ) , “gateway” programs that convert an existing information format to hypertext, or a non-HTTP
server that web browsers can access i.e FTP or Gopher servers.
Web servers are composed of two major parts.
1. the hypertext transfer protocol ( HTTP ) for transmitting documents between servers
and clients .
2. HTML format for documents.
The link between HTML files & HTTP server is provided by Uniform Resource Locator (URL ).

Uniform Resource Locator:

The documents that the browsers display are hypertext that contains pointers to other documents.The
browser allows us to deal with the pointer in a transparent way that is select the pointer weare presented with a
text to which it points. This pointer is implemented by using a concept which is central to web browser known
as URL.
URL’s are streams used as address of objects ( documents, images etc ) on the web. URL marks the
unique location on the internet so that a file or a service can be found. URL’s follow a consistent pattern that the
first part describes the type of the resources, second part gives the name of the server posting the resources and
the third part gives the full name of resources.
e.g : FTP://server.address / complete file.name

34
 URL are central to web architecture. That fact is that it is easy to address an object anywhere on the
internet is essential for the system to scale & for the information space to be independent os network and server
topology.
Hype rtext Transfer Protocol ( HTTP ):
It is the simple request response protocol that is currently run over TCP and is the basis of WWW.
HTTP is a protocol for transferring information efficiently between the requesting client and server. The data
transferred may be plain text , hypertext images or anything else. When a user browses the web objects are
retrieved in rapid succession from often widely dispersed servers.
HTTP is used for retrieving documents in an unbounded & extensible set of formats. It is an internet
protocol. It is similar in its readable, text based style to the file transfer ( FTP ) & the
network news (NNTP) protocols that have been used to transfer files and news on the internet
for many years.
When objects are transferred over network, information about them is transferred in HTTP Header. The
set of headers is an extension of the multi purpose internet mail extension ( MIME ) set. This design decision
was taken to open the door to integration of hypermedia mail , news and information access.
HTTPD Servers ( Hype rtext transfer protocol domain )
The server that are used to publish information via WWW servers are called HTTPD servers. While
choosing a web server flexibility, ease of administrator, security features, familiarity and performance are
considered.
It is important to evaluate the tasks for which the web server is used. A server used for internet based
marketing & technical support task will need more powerful server than the web server used internally within a
firewall for distributing memos and bulletins. HTTPD servers are ideal for companies that want tp provide
multitude of services ranging from product information to technical support.
HTML ( Hypertext markup language )
At the heart of the web is a simple page description language called HTMl. It is a common basic
language of interchange for hypertext that forms the fabric of the web. It is based on an international
electronic document standard called Standard generalized markup
language (SGML)
HTML enables document orientation for the web by embedding control codes in ASCII (
American standard code for information interchange ) text to designate titles, headings, graphics
and the hypertext links, making links of SGML’s powerful linking capabilities. HTML was meant to be a
language of communication which actually flows over the network HTML was designed to be sufficiently
simply as to be produced easily by the people and automatically

35
generated by the programs.
HTML Forms
Forms support is an important element for doing online business. Forms are necessary
for gathering user information conducting surveys and also providing interactive services.
Forms make web browsing an interactive process for the user and the provider. They provide the means
to collect and act upon the data entered by end users. Forms also open up a number of possibilities for online
transactions such as restricting specific news articles, specifying such as request , soliciting customer feedback
or ordering products. The number of features are available for building forms including text boxes, radio
buttons, check boxes.

TECHNOLOGY BEHIND THE WEB

INTRODUCTION
In the first chapter, we argued that organizations need to make a metamorphosis. They have to abandon existing
business practices to create new ways of interacting with stakeholders. This chapter will provide you with the
wherewithal to understand the technology that enables an organization to make this transformation.
INTERNET TECHNOLOGY
Computers can communicate with each other when they speak a common language or use a common
communication protocol. Transmission Control Protocol/Internet Protocol (TCP/IP) is the communication
network protocol used on the Internet. TCP/IP has two parts. TCP handles the transport of data, and IP performs
routing and addressing.
Data transport
The two main methods for transporting data across a network are circuit and packet switching. Circuit
switching is commonly used for voice and package switching for data. Parts of the telephone system still
operate as a circuit-switched network. Each link of a predetermined bandwidth is dedicated to a predetermined
number of users for a period of time.
The Internet is a packet switching network. The TCP part of TCP/IP is responsible for splitting a
message from the sending computer into packets, uniquely numbering each packet, transmitting the packets,
and putting them together in the correct sequence at the receiving computer. The major advantage of packet
switching is that it permits sharing of resources (e.g., a communication link) and makes better use of available
bandwidth.
Routing
Routing is the process of determining the path a message will take from the sending to the receiving computer.
It is the responsibility of the IP part of TCP/IP for dynamically determining the best route through the network.

36
Because routing is dynamic, packets of the same message may take different paths and not necessarily arrive in
the sequence in which they were sent.
Addressability
Messages can be sent from one computer to another only when every server on the Internet is uniquely
addressable. The Internet Network Information Center (InterNIC) manages the assignment of unique IP
addresses so that TCP/IP networks anywhere in the world can communicate with each other. An IP address is a
unique 32-bit number consisting of four groups of decimal numbers in the range 0 to 255 (e.g., 128.192.73.60).
IP numbers are difficult to recall. Humans can more easily remember addresses like aussie.mgmt.uga.edu. A
Domain Name Server (DNS) converts aussie.mgmt.uga.edu to the IP address 128.192.73.60. The exponential
growth of the Internet will eventually result in a shortage of IP addresses, and the development of next-
generation IP (IPng) is underway.

INFRASTRUCTURE
Electronic commerce is built on top of a number of different technologies. These various technologies created a
layered, integrated infrastructure that permits the development and deployment of electronic commerce
applications (see Exhibit 9). Each layer is founded on the layer below it and cannot function without it.

National information infrastructure

This layer is the bedrock of electronic commerce because all traffic must be transmitted by one or more of the
communication networks comprising the national information infrastructure (NII). The components of an NII
include the TV and radio broadcast industries, cable TV, telephone networks, cellular communication systems,
computer networks, and the Internet. The trend in many countries is to increase competition among the various
elements of the NII to increase its overall efficiency because it is believed that an NII is critical to the creation
of national wealth.
Message distribution infrastructure

37
This layer consists of software for sending and receiving messages. Its purpose is to deliver a message from a
server to a client. For example, it could move an HTML file from a Web server to a client running Netscape.
Messages can be unformatted (e.g., e-mail) or formatted (e.g., a purchase order). Electronic data interchange
(EDI), e-mail, and hypertext text transfer protocol (HTTP) are examples of messaging software.
Electronic publishing infrastructure
Concerned with content, the Web is a very good example of this layer. It permits organizations to publish a full
range of text and multimedia. There are three key elements of the Web:

 A uniform resource locator (URL), which is used to uniquely identify any server;
 A network protocol;
 A structured markup language, HTML.
Notice that the electronic publishing layer is still concerned with some of the issues solved by TCP/IP for the
Internet part of the NII layer. There is still a need to consider addressability (i.e., a URL) and have a common
language across the network (i.e., HTTP and HTML). However, these are built upon the previous layer, in
the case of a URL, or at a higher level, in the case of HTML.
Business services infrastructure
The principal purpose of this layer is to support common business processes. Nearly every business is
concerned with collecting payment for the goods and services it sells. Thus, the business services layer supports
secure transmission of credit card numbers by providing encryption and electronic funds transfer. Furthermore,
the business services layer should include facilities for encryption and authentication (see See Security).
Electronic commerce applications
Finally, on top of all the other layers sits an application. Consider the case of a book seller with an on-line
catalog (see Exhibit 6). The application is a book catalog; encryption is used to protect a customer’s credit card
number; the application is written in HTML; HTTP is the messaging protocol; and the Internet physically
transports messages between the book seller and customer.

Electronic publishing

38
Two common approaches to electronic publishing are Adobe’s portable document format (PDF) and HTML.
The differences between HTML and PDF are summarized in Exhibit 7.
Exhibit 7. HTML versus PDF

PDF
PDF is a page description language that captures electronically the layout of the original document.
Adobe’s Acrobat Exchange software permits any document created by a DOS, Macintosh, Windows, or Unix
application to be converted to PDF. Producing a PDF document is very similar to printing, except the image
is sent to a file instead of a printer. The fidelity of the original document is maintained–text, graphics, and
tables are faithfully reproduced when the PDF file is printed or viewed. PDF is an operating system
independent and printer independent way of presenting the same text and images on many different systems.
PDF has been adopted by a number of organizations, including the Internal Revenue Service for tax
forms. PDF documents can be sent as e-mail attachments or accessed from a Web application. To decipher a
PDF file, the recipient must use a special reader, supplied at no cost by Adobe for all major operating systems.
In the case of the Web, you have to configure your browser to invoke the Adobe Acrobat reader whenever a
file with the extension pdf is retrieved.
HTML
HTML is a markup language , which means it marks a portion of text as referring to a particular type of
information.6 HTML does not specify how this is to be interpreted; this is the function of the browser. Often the
person using the browser can specify how the information will be presented.
For instance, using the preference features of your browser, you can indicate the font and size for
presenting information. As a result, you can significantly alter the look of the page, which could have been
carefully crafted by a graphic artist to convey a particular look and feel. Thus, the you may see an image
somewhat different from what the designer intended.
39
ELECTRONIC COMMERCE TOPOLOGIES
There are three types of communication networks used for electronic commerce (see Exhibit 8), depending on
whether the intent is to support cooperation with a range of stakeholders, cooperation among employees, or
cooperation with a business partner. Each of these topologies is briefly described, and we discuss how they can
be used to support electronic commerce.
Exhibit 8. Electronic commerce topologies

The Internet is a global network of networks. Any computer connected to the Internet can communicate with
any server in the system (see Exhibit 5). Thus, the Internet is well-suited to communicating with a wide variety
of stakeholders. Adobe, for example, uses its Web site to distribute software changes to customers and provide
financial and other reports to investors.

Exhibit 9.: The Internet

Many organizations have realized that Internet technology can also be used to establish an intra-organizational
network that enables people within the organization to communicate and cooperate with each other. This so-
called intranet (see Exhibit 10) is essentially a fenced-off mini-Internet within an organization. A firewall (see
See Firewall) is used to restrict access so that people outside the organization cannot access the intranet.
While
40
an intranet may not directly facilitate cooperation with external stakeholders, its ultimate goal is to improve an
organization’s ability to serve these stakeholders.

Exhibit 10.: An Intranet

Exhibit 11.: An extranet

The Internet and intranet, as the names imply, are networks. That is, an array of computers can connect to each
other. In some situations, however, an organization may want to restrict connection capabilities. An extranet
(see Exhibit 7) is designed to link a buyer and supplier to facilitate greater coordination of common activities.
The idea of an extranet derives from the notion that each business has a value chain and the end-point of one
firm’s chain links to the beginning of another’s.
Internet technology can be used to support communication and data transfer between two value chains.
Communication is confined to the computers linking the two organizations. An organization can have
multiple extranets to link it with many other organizations, but each extranet is specialized to support
partnership coordination.

41
 SECURITY AND THE WEB
Security is an essential part of any transaction that takes place over the internet. Customers will lose his/her
faith in e-business if its security is compromised. Following are the essential requirements for safe e-
payments/transactions −
Confidentiality − Information should not be accessible to an unauthorized person. It should not be intercepted
during the transmission.
Integrity − Information should not be altered during its transmission over the network.
Availability − Information should be available wherever and whenever required within a time limit specified.
Authenticity − There should be a mechanism to authenticate a user before giving him/her an access to the
required information.
Non-Repudiability − It is the protection against the denial of order or denial of payment. Once a sender sends a
message, the sender should not be able to deny sending the message. Similarly, the recipient of message should
not be able to deny the receipt.
Encryption − Information should be encrypted and decrypted only by an authorized user.
Auditability − Data should be recorded in such a way that it can be audited for integrity
requirements. MEASURES TO ENSURE SECURITY
Major security measures are following −
Encryption − It is a very effective and practical way to safeguard the data being transmitted over the
network. Sender of the information encrypts the data using a secret code and only the specified receiver can
decrypt the data using the same or a different secret code.

Digital Signature − Digital signature ensures the authenticity of the information. A digital signature is an e-
signature authenticated through encryption and password.
Security Certificates − Security certificate is a unique digital id used to verify the identity of an individual
website or user.
SECURITY PROTOCOLS IN INTERNET
We will discuss here some of the popular protocols used over the internet to ensure secured online transactions.
SECURE SOCKET LAYER (SSL)
It is the most commonly used protocol and is widely used across the industry. It meets following security
requirements −
 Authentication
 Encryption
 Integrity

42
  Non-reputability
"https://" is to be used for HTTP urls with SSL, where as "http:/" is to be used for HTTP urls without SSL.
Secure Hypertext Transfer Protocol (SHTTP)
SHTTP extends the HTTP internet protocol with public key encryption, authentication, and digital signature
over the internet. Secure HTTP supports multiple security mechanism, providing security to the end-users.
SHTTP works by negotiating encryption scheme types used between the client and the server.
Secure Electronic Transaction
It is a secure protocol developed by MasterCard and Visa in collaboration. Theoretically, it is the best security
protocol. It has the following components −
Card Holder's Digital Wallet Software − Digital Wallet allows the card holder to make secure purchases
online via point and click interface.
Merchant Software − This software helps merchants to communicate with potential customers and financial
institutions in a secure manner.
Payment Gateway Server Software − Payment gateway provides automatic and standard payment process. It
supports the process for merchant's certificate request.

Certificate Authority Software − This software is used by financial institutions to issue digital certificates to
card holders and merchants, and to enable them to register their account agreements for secure electronic
commerce.

~~~~~~~~~~~~~~~ UNIT III COMPLETED ~~~~~~~~~~~~~~

43
 UNIT IV
CONSUMER-ORIENTED APLLICATIONS
• The wide range of applications envisioned for the consumer marketplace can be
broadly classified into:
(i) Entertainment
(ii) Financial Services and Information
(iii) Essential Services
(iv) Education and Training

1. Personal Finance and Home Banking Management

(i) Basic Services
(ii) Intermediate Services
(iii) Advanced services
2. Home Shopping
(i) Television-Based Shopping
(ii) Catalog-Based Shopping
3. Home Entertainment
(i) Size of the Home Entertainment Market
(ii) Impact of the Home Entertainment on Traditional Industries
4. Micro transactions of Information

1. PERSONAL FINANCE AND HOME BANKING MANAGEMENT:

• The newest technologies are direct deposit of payroll, on-line bill payment and telephone transfers
• The technology for paying bills, whether by computer or telephone, is infinitely more sophisticated
than anything on the market a few years ago

44
• In 1980s were the days of “stone age” technology because of technology choices for accessing services
were limited
• For home banking, greater demands on consumers and expanding need for information, it’s services are often
categorized as basic, intermediate and advanced
(i) Basic services
• These are related to personal finance
• The evolution of ATM machines from live tellers and now to home banking
• The ATM network has with banks and their associations being the routers and the ATM machines being the
heterogeneous computers on the network.
• This interoperable network of ATMs has created an interface between customer and bank that changed the
competitive dynamics of the industry. See in next figure
• Increased ATM usage and decrease in teller transactions

Intermediate Services
• The problem with home banking in 1980 is, it is expensive service that requires a PC, a modem and
special software
• As the equipment becomes less expensive and as bank offers broader services, home banking develop into a
comprehensive package that could even include as insurance entertainment
• Consider the computerized on-line bill-payment system
• It never forgets to record a payment and keeps track of user account number, name, amount and the date
and we used to instruct with payment instructions. See in Fig;

45
iii)Advanced Services
• The goal of advanced series is to offer their on-line customers a complete portfolio of life, home, and auto
insurance along with mutual funds, pension plans, home financing, and other financial products
• The Figure explains the range of services that may well be offered by banks in future
• The servic3es range from on-line shopping to real-time financial information from anywhere in the world
. In short, home banking allows consumers to avoid long lines and gives flexibility.
2. HOME SHOPPING:
• It is already in wide use.
• This enable a customer to do online shopping

46
(i) Television-Based Shopping:
• It is launched in 1977 by the Home Shopping Network (HSN).
• It provides a variety of goods ranging from collectibles, clothing, small electronics, house wares, jewelry,
and computers.
• When HSN started in Florida in 1977, it mainly sold factory overruns and discontinued items
• It works as, the customer uses her remote control at shop different channels with touch of button. At this
time, cable shopping channels are not truly interactive
(ii) Catalog-Based Shopping
• In this the customer identifies the various catalogs that fit certain parameters such as safety, price, and quality
• The on-line catalog business consists of brochures , CD-ROM catalogs, and on-line interactive catalogs
• Currently, we are using the electronic brochures.
3. HOME ENTERTAINMENT:
• It is another application for e-commerce
• Customer can watch movie, play games, on-screen catalogs, such as TV guide.
• In Home entertainment area, customer is the control over programming
4. MICRO TRANSACTIONS OF INFORMATION:
• One change in traditional business forced by the on-line information business is the creation of a
new transaction category called small-fee transactions for micro services
• The customer by giving some information away for free and provide information bundles that cover the
transaction overhead.
• The growth of small-money transfers could foster a boom in other complementary information services
• The complexity is also increased in micro services when an activity named, reverification is entered.
• It means checking on the validity of the transaction after it has been approved
Desirable Characteristics of an Electronic marketplace
• Critical mass of Buyers and sellers: To get critical mass, use electronic mechanisms Opportunity for
independent evaluations and for customer dialogue and discussion: Users not only buy and sell products, they
compare notes on who has the best products and whose prices are outrageous
• Negotiation and bargaining: Buyers and sellers need to able to haggle over conditions of mutual
satisfaction, money, terms & conditions, delivery dates & evaluation criteria
• New products and services: Electronic marketplace is only support full information about new services
• Seamless interface: The trading is having pieces work together so that information can flow seamlessly
• Resource for disgruntled buyers: It provide for resolving disagreements by returning the
product. Opportunity for independent evaluations and for customer dialogue and

47
discussion: Users

48
not only buy and sell products, they compare notes on who has the best products and whose prices are
outrageous
• Negotiation and bargaining: Buyers and sellers need to able to haggle over conditions of mutual
satisfaction, money, terms & conditions, delivery dates & evaluation criteria
• New products and services: Electronic marketplace is only support full information about new services
• Seamless interface: The trading is having pieces work together so that information can flow seamlessly
• Resource for disgruntled buyers: It provide for resolving disagreements by returning the product.

MERCANTILE MODELS FROM THE CONSUMERS PERPECTIVE

MERCANTILE PROCESS MODELS:
It defines the interaction between the consumer and the merchant for online commerce. This is necessary
because to buy and sell goods a buyer, a seller and other parties must interact in ways that represent standard
business process.
A well established standard process for processing credit card purchasers has contributed to the wide
spread dissemination of credit cards. The establishment of common mercantile process model is expected to
increase the convenience for consumers.
MERCANTILE MODELS FROM THE CONSUMERS PERSPECTIVE:
The online consumer expects quality and convenience, value, low price etc. to meet their
expectations and understand the behaviour of online shopper there is a need for the business process models that
provides the standard product / service purchasing process. The process model for a consumer point of view
consists of seven activities that can be grouped into three phases. They are
1. Pre phase
2. purchase consumption
3. post purchase interaction phase.
Steps taken by customer in
purchasing:

49
1. Pre purchase Determination: this phase includes search and discovery for a set of products in the larger
information space applicable of meeting customers requirements and product selection from the smaller set of
products based on attribute comparision.
2. Purchase Consumption: this phase includes mercantile protocols that specify the flow of information and
documents associated with purchasing and negotation with merchants for suitable terms such as price
availability and delivery dates.
3. Post Purchase interaction: this phase includes customer service and support
to addresses customers complaints, product returns & product defects.
PRE PURCHASE PREPARATION:
From the consumer point of view any major purchase can be assumed to involve some amount of pre
purchase deliberation. Pre purchase deliberation is defined as elapsed time between the consumer’s first
thinking about buying and actual purchase itself.
Information search should constitute the major part of duration but comparison of
alternatives and price negotiations would be included in continuously evolving information search and deliver
process.
To deliberate, consumers have to be watchful for the new or existing information which

50
are essential for purchase decision process. Information on consumer characteristics with reduced purchase
deliberation time can be quite valuable when attempting to target, selective communications to desired audience
properly.
Thus not much attention have been paid to this important research area which may dictate success or
failure of online shopping.
Consumers can be categorized into three types
1. Impulsive buyers
2. Patient buyers
3. Analytical buyers
1. Impulsive buyers: these buyers purchase the product quickly.
2. Patient buyers: who purchase products after making some analysis or comparision.
3. Analytical buyers: who do substantial research before making the decision to purchase product or
services. Marketing researchers have isolated several types of purchasing.
1. Specifically planned purchase: the need was recognized on entering the store
and the shopper brought the exact item planned.
2. Generally planned purchases: the need was recognized, but the shopper decided instore on the actual
manufacture of the item to satisfy the need.
3. reminder purchases: the shopper was reminded of the need by some store
influence. This shopper is influenced by in-store advertisements and can substitute
products readily.
4. Entirely unplanned purchases: the need was not recognized entering the store.
PURCHASE CONSUMPTION:
After identifying the product to be purchased by the buyer and the seller must interact in
some way ( e-mail, on-line) to carry out the mercantile transactions. The mercantile transaction is defined as the
exchange of information between the buyer and seller followed by necessary payment depending upon the
payment model mutually agreed on, they may interact by exchanging currently i.e. backed by the third party
such as the central bank, master card, visa card etc.
A single mercantile model will not be sufficient to meet the needs of everyone. In very
general terms a simple mercantile protocol would require the following transaction where the basic flow
remains the same .
1. Through e-mail, online the buyer contacts the vendors to purchase a product or service. This might be done
online through e-mail (or) through e-catalogue etc.
2. Vendor states the price.

51
3. Buyer and vendor may or may not engage in a transaction.
4. If satisfied buyer authorizes payment to the vendor with an encrypted transaction containing the
digitalsignature.
5. Vendor contacts the billing service of the buyer to verify the encrypted authorization for authentication.
6. Billing service decrypts the authorization and checks the buyer account balance and puts a hole on the
amount transfer.
7. Billing service give the vendor green signal to deliver the product.
8. On notification of adequate funds to cover financial transaction, vendor delivers the goods to buyer or in the
case of information purchase provides a crypto key to unlock the file.
9. on receiving the goods the buyer signs and delivers receipt. Vendors then tell billing service to complete the
transaction.
10. At the end of the billing cycle buyer receives a list of transactions.
The following are the two types of mercantile protocols where the payment is in the form of
electronic cash and credit cards.
1. Mercantile process using digital cash: a bank mints ( prints ) electronic currency or ecash. Such a currency
is simply a series of bits that the issuing bank can be verified to be valid. This currency is kept secured by the
use of cryptographic techniques. After being issued some e-cash a buyer can transfer to a seller in exchange for
goods upon receiving a e-cash the sellers can verify authenticity by sending it to the issuing bank for
verification.
E-cash issuing banks make money by charging either buyer or seller or both. A transaction fee for the
use of their E-cash. E-cash is similar to paper currency and has the benefits of being anonymous ( hidden ) and
easily transmitted electronically. It still entails the risk of theft or loss. However, and so requires significant
security by the buyer when storing e-cash.
2. Mercantile Transaction Using Credit Cards: two major components of credit card transaction in the
mercantile process are
 Electronic Authorization
 Settlement
In the authorization process in the retail transaction, the 3 rd party processor (tpp) captures the
information at the point of sale and transmit the information to the credit card issue for authorization,
communicated a response to the merchant and electronically stores the information for the settlement and
reporting. Once the information leaves the merchants premises the entire process takes few seconds. The
benefits of electronic processing include a reduction of credit card losses, lower merchant transaction costs,
faster consumer checkout.

52
POST PURCHASE INTERACTION:
As long as there is payment for services there will be references, disputes, other customer service issues
that need to be considered. Returns and claims are an important part of purchasing process that impact the
administrative costs, scrap and transportation expenses and customers relations.
To overcome these problems many companies design their mercantile process for one way i.e., returns
and claims must flow upstream.
The following are the complex customer service challenges that arise in the customized retaining
which have not fully understood or resolved.
1. Inventory Issues: to serve a customer properly a company should inform a customer right
from when an item is ordered to it is sold out, otherwise the company will have a disappointed customer.
2. database Access and Compatibility Issues: unless the customer can instantly access all the
computers of all the direct response vendors likely to advertise on the information super highway on a real time
basis, with compatible software to have an instant access to the merchants inventory and database.
3. Custome r service issues: Customers often have questions about the product such as colour,
size, shipment etc. and other things in mind can resolved only by talking to an order entry
operator.

MERCANTILE PROCESS MODEL FROM MERCHANTS PERSPECTIVE:

E-commerce order management cycle:
To order to deliver cycle from the merchant perspective has been managed with an eye towards
standardization and cost. This is based on assumption that an organization must create a set of operating
standard for service and production. They perform to those standards while minimizing the cost.
To fully realize and maintain a competitive advantage in the online environment it is necessary to
examine the order management cycle (OMC) that also includes the traditional order
to delivery cycle. However the OMC has the following generic steps.
1. PRE SALE INTERACTION:
a) Orde r planning and order generation:
The business process begins long before an actual order placed by the customer. The
production planners develops the final forecast used to high workers and built inventory.
Order planning leads into order generation. Orders are generated into number of
wages into e-commerce environment such as sales force broad cast. Since personalized e-mail to customer or
creates WWW web page.

53
b) Cost Estimation and Pricing:

54
 Pricing is the bridge between the customer needs and company capabilities pricing at
the individual order level depends on understanding value to the customer i.e, generated by each order etc.
through order based pricing it is difficult to generate greater profits that are indicated by pricing.
2. PRODUCT SERVICE PURCHASE AND DELIVERY:
a) Order Receipt and entry:After the acceptable price code the customer enters the order receipts and entries
paid in OMC.
b) Orde r selection and prioritization: customer service representatives are responsible for choosing which to
accept and order to decline. Not all customer order created equal, some or better business and some are fit into
the companies capabilities and offers healthy profits. Companies also make gains by the way they handle over
priority i.e, to check which orders to execute faster.
c) Order Scheduling: during this phase prioritized orders get slotted into an actual production or operational
sequence. Production people seek to minimize equipment change over communication between various function
units is most essential in this
phase of OMC.
d) Order fulfillment and delivery: during order fulfillment and delivery the actual provision of product or
service is made. While the details vary from industry to industry in almost in every company this step has
become increasingly complex.
Often order fulfillment involves multiple functions and location. Different parts of any order may be
created in different manufacturing facilities and merged yet another site or order may be manufactured in one
location warehoused in a second and installed in the third. In some businesses fulfillment includes third party
vendor.
In service operations it can mean sending individuals with different talent to the customers site. The
more complicated task the more coordination required across the organization.
e) Order billing and payment : after the order has been fulfilled and delivered billing is typically handled by
the finance staff who view their job as getting the bill out effectively and collecting quickly i.e, the billing
function is designed to serve the needs of the company not the customer service.
POST SALE INTERACTION:
a) Customer service and support: this phase plays an interestingly important role in all Elements of a
company’s profit equation, customer value, price and cost. Depending on the specifications of business it can
include elements such as physical installation of a product, repair and maintenance, customer training,
equipment upgrading and disposal.

55
 Thus post sale service can affect customer satisfaction and company profitability of the year. But in
most companies the post sale service people are not linked to any marketing operation, internal product
development effort or quality assurance team.

Web advertisement
Online advertising:
Online Advertising is the art of using the internet as a medium to deliver marketing messages to an identified and
intended audience. It is helpful for attracting website traffic and brand exposure, but first and foremost, online advertising
is designed to persuade the targeted customer to engage in a specific action - like, making a purchase.

The different types of Online Advertising

There are many different types of online advertising - or internet advertising/web advertising as it is otherwise known - and
it can be difficult to know where to start. To help, we have highlighted some of the most important types of online
advertising for you to consider:

1. Social Media Advertising

2. Content Marketing

3. Email Marketing

4. SEM (Search Engine Advertising) - including PPC

5. Display Advertising - including banner advertising & retargeting

6. Mobile Advertising
 Social Media Advertising

Once you have established a clear social media marketing strategy, you can start to consider advertising on social media
platforms. Most social media sites now easily allow advertisers to utilise their reach and promote their products from within
the platform. They also include good analytics tools to assess the success of the investment made. This might include a
promoted tweet or post, a promotion of user-generated content or even an entire campaign that is released across multiple
social channels. , you can start to consider advertising on social media platforms.

Content Marketing

Content Marketing is another great way to get a brand and message in front of the right people. It’s primary focus is to
attract organic traffic to a website by improving a site’s SEO, but once you have the strategy and content in place, you can

56
increase its reach and engagement by paying for the content to feature on relevant websites. Paid advertising can help to
increase the ROI of content marketing - i.e. without promotion, the production costs can often outweigh the potential return.

Email Marketing 

Email Marketing should be an integral part of your online communications as it’s an important way to keep in touch with
your existing customers. As such, consideration and investment should certainly be on your radar. Whether you love or
loathe Amazon, they are undoubtedly one of the leaders when it comes to sending targeted email campaigns and we can all
learn a lot from them in this respect. We have gone into the concept of email marketing in more detail on this page.

Search Engine Marketing (SEM) 

Search Engine Marketing is designed to increase the visibility of your website on the search engine results pages (SERP) by
paying to appear on search engines, such as Google. It is not to be confused with SEO (search engine optimisation), which
is the art of appearing as high as possible within the search engines without having to pay for it. 

Display Advertising

Display advertising is when your advert - usually made up of branded photos, videos, graphics or rich media content - are
placed on third party websites, which when clicked, refer the user back to your own website. It’s important to consider the
journey the user takes when they click on an ad as it would be a waste of time, effort and money to attract web traffic that
doesn’t convert to business because the UX on the landing page hasn’t been properly thought out.

Mobile Advertising

With so many of us spending such a big part of our day using our smartphones, it’s no wonder advertisers are using mobile
advertising to reach their customers. However, this is becoming an increasingly regulated way to market products and
services, so it should be approached with caution. 

Advertising strategies and promotion

57
Promotional strategy is a method used by companies to advertise, promote & sell their goods. A company chooses its
promotional strategy based on factors like product type, marketing budget, target audience etc.

Promotion

Promotion is when a business decides which forms of communication it wants to use in their marketing plan. Research is
done that details market research, segmentation, and budget. Large companies might choose to do a national campaign,
especially if the brand is already familiar to the consumer. Smaller businesses, with fewer resources, might use direct selling
until they have a larger budget for advertising.

The first step for the marketer is to develop a marketing communications strategy. The strategy will define the consumer, the
best way to reach them, and what the message should be. This process is called the marketing mix. The process goes through
the following steps

Segmentation

By dividing consumers into segments, the marketer is better able to meet consumer needs, and increase positive response.
During the promotion process, the marketing team will decide which segments to target, and why. Market research will be
able to ascertain all of this information for the team.

2. Targeting

Targeting is the best way to communicate with the chosen segments. The marketer will want to ensure the best possible
customer response. The marketing plan must detail how to target the intended audience, and define any marketing
objectives.

3. Positioning

Positioning is the process of defining an image for the company, or developing the "brand." Positioning is key to this
process, but all aspects of the marketing mix help define the brand. To position a business successfully, the company must
meet or exceed all expectations and look good in the eyes of the consumer.

Positioning will also take competitors into account, and will give the company an opportunity to set itself apart from other
similar products.

4. Developing the Message

The marketer has the segments, the target, and the position; what is next? He needs the message. What does he want to say
to influence his potential customers? The marketer's objectives should be aligned with the marketing strategy, and will fit
into one of the following categories:

1. Inform – Increase awareness of the product and brand, and try to gain an advantage.

2. Persuade – Attempt to gain an immediate response to drive sales.

58
3. Remind – To maintain an interest in the product or brand.

The best results come from clear and distinctive promotions, so it is important the marketing works together to formulate a
clear message for the targeted audience. The best message won't work if it doesn't get to the proper audience.

~~~~~~~~~~~~~~~ UNIT IV COMPLETED ~~~~~~~~~~~~~~

59
 UNIT V
ELECTRONIC PAYMENT
SYSTEM
An e-payment system is a way of making transactions or paying for goods and services through an
electronic medium, without the use of checks or cash. It’s also called an electronic payment system or online
payment system.
The electronic payment system has grown increasingly over the last decades due to the growing spread
of internet-based banking and shopping. As the world advances more with technology development, we can see
the rise of electronic payment systems and payment processing devices. As these increase, improve, and
provide ever more secure online payment transactions the percentage of check and cash transactions will
decrease.
Electronic payment methods
One of the most popular payment forms online are credit and debit cards. Besides them, there are also
alternative payment methods, such as bank transfers, electronic wallets, smart cards or bitcoin wallet (bitcoin is
the most popular cryptocurrency).
E-payment methods could be classified into two areas, credit payment systems and cash payment systems.
1. Credit Payment System
Credit Card — A form of the e-payment system which requires the use of the card issued by a financial
institute to the cardholder for making payments online or through an electronic device, without the use of cash.
E-wallet — A form of prepaid account that stores user’s financial data, like debit and credit card information to
make an online transaction easier.
Smart card — A plastic card with a microprocessor that can be loaded with funds to make transactions; also
known as a chip card.
2. Cash Payment System
Direct debit — A financial transaction in which the account holder instructs the bank to collect a specific
amount of money from his account electronically to pay for goods or services.
E-check — A digital version of an old paper check. It’s an electronic transfer of money from a bank account,
usually checking account, without the use of the paper check.
E-cash is a form of an electronic payment system, where a certain amount of money is stored on a client’s
device and made accessible for online transactions.
Stored-value card — A card with a certain amount of money that can be used to perform the transaction in the
issuer store. A typical example of stored-value cards are gift cards.
Pros and cons of using an e-payment system

60
E-payment systems are made to facilitate the acceptance of electronic payments for online transactions. With
the growing popularity of online shopping, e-payment systems became a must for online consumers — to make
shopping and banking more convenient. It comes with many benefits, such as:
 Reaching more clients from all over the world, which results in more sales.
 More effective and efficient transactions — It’s because transactions are made in seconds (with one-
click), without wasting customer’s time. It comes with speed and simplicity.
 Convenience. Customers can pay for items on an e-commerce website at anytime and anywhere. They
just need an internet connected device. As simple as that!
 Lower transaction cost and decreased technology costs.
 Expenses control for customers, as they can always check their virtual account where they can find the
transaction history.

ELECTRONIC PAYMENT SYSTEM TYPES

When you purchase goods and services online, you pay for them using an electronic medium. This
mode of payment, without using cash or cheque, is called an e-commerce payment system and is also known as
online or electronic payment systems.
The growing use of internet-based banking and shopping has seen the growth of various e-commerce
payment systems and technology has been developed to increase, improve and provide secure e-payment
transactions.
Paperless e-commerce payments have revolutionised the payment processing by reducing paper work,
transaction costs, and personnel cost. The systems are user-friendly and consume less time than manual
processing and help businesses extend their market reach.
The different types of e-commerce payments in use today are:
Credit Card The most popular form of payment for e-commerce transactions is through credit cards. It
is simple to use; the customer has to just enter their credit card number and date of expiry in the appropriate
area on the seller’s web page.
To improve the security system, increased security measures, such as the use of a card verification
number (CVN), have been introduced to on-line credit card payments. The CVN system helps detect fraud by
comparing the CVN number with the cardholder's information.
Debit Card Debit cards are the second largest e-commerce payment medium in India. Customers who
want to spend online within their financial limits prefer to pay with their Debit cards. With the debit card, the
customer can only pay for purchased goods with the money that is already there in his/her bank account as

61
opposed to the credit card where the amounts that the buyer spends are billed to him/her and payments are made
at the end of the billing period.
Smart Card It is a plastic card embedded with a microprocessor that has the customer’s personal
information stored in it and can be loaded with funds to make online transactions and instant payment of bills.
The money that is loaded in the smart card reduces as per the usage by the customer and has to be reloaded
from his/her bank account.
E-Wallet E-Wallet is a prepaid account that allows the customer to store multiple credit cards, debit
card and bank account numbers in a secure environment. This eliminates the need to key in account
information every time while making payments. Once the customer has registered and created E-Wallet profile,
he/she can make payments faster.
Netbanking This is another popular way of making e-commerce payments. It is a simple way of paying
for online purchases directly from the customer’s bank. It uses a similar method to the debit card of paying
money that is already there in the customer’s bank.
Net banking does not require the user to have a card for payment purposes but the user needs to register
with his/her bank for the net banking facility. While completing the purchase the customer just needs to put in
their net banking id and pin.
Mobile Payment One of the latest ways of making online payments are through mobile phones.
Instead of using a credit card or cash, all the customer has to do is send a payment request to his/her service
provider via text message; the customer’s mobile account or credit card is charged for the purchase.
To set up the mobile payment system, the customer just has to download a software from his/her service
provider’s website and then link the credit card or mobile billing information to the software.
Amazon Pay Another convenient, secure and quick way to pay for online purchases is through Amazon
Pay. Use your information which is already stored in your Amazon account credentials to log in and pay at
leading merchant websites and apps. Your payment information is safely stored with Amazon and accessible on
thousands of websites and apps where you love to shop.

DIGITAL TOKEN BASED ELECTRONIC PAYMENT SYSTEMS

The digital token based payment system is a new form of electronic payment system which is based on
electronic tokens rather than e-cheque or e-cash. The electronic tokens are generated by the bank or some
financial institutions. Hence we can say that the electronic tokens are equivalent to the cash which are to be
made by the bank.
Categories of Electronic Tokens:-
I. Cash or Real Time:-

62
In this mode of electronic tokens transactions takes place via the exchange of electronic currency (e-cash).
2. Debit or Prepaid:-
In this electronic payment system the prepaid facilities are provided. It means that for transactions of
information user pay in advance. This technology are used in smart card, electronic purses etc.
3. Credit or Postpaid;-
These types of electronic token based on the identity of customers which issue a card, their authentication
and verification by a third party. In this system the server authenticate the customers and then verify their
identity through the bank. After all these processing the transaction take place. Example is E-Cheques.
The Digital Token based system have following issues for which they are established:-
1. Nature of transaction for which instrument is designed:-
In this category, the design issues of token take place. It may be designed to handle micro payments. It may be
designed for conventional products. Some tokens are designed specifically and other generally. The design issue
involve involvement of parties, purchase interaction and average amount.
2. Means of Settlement:- The Digital Tokens are used when their format must be in cash, credit, electronic
bill payments etc. Most transaction settlement methods use credit cards while other used proxies for values.
3. Approach to Security, Anonymity and Authentication:-
Since the electronic token are vary from system to system when the business transaction take place. So it is
necessary to secure it by intruders and hackers. For this purpose various security features are provided
with electronic tokens such as the method of encryption. The encryption method use the digital signatures
of the customers for verification and authentication.
4. Risk Factors:-
The electronic tokens may be worthless and if the customer have currency on token than nobody will accept it,
If the transaction has long time between delivery of products and payments to merchants then merchant
exposes to the risk. so it is important to analysis risk factor in electronic payment system.

SMART CARD & CREDIT CARD ELECTRONIC PAYMENT SYSTEMS

E-commerce sites use electronic payment, where electronic payment refers to paperless monetary
transactions. Electronic payment has revolutionized the business processing by reducing the paperwork,
transaction costs, and labor cost. Being user friendly and less time-consuming than manual processing, it helps
business organization to expand its market reach/expansion. Listed below are some of the modes of electronic
payments −

63
  Credit Card
 Debit Card
 Smart Card
 E-Money
 Electronic Fund Transfer (EFT)
CREDIT CARD
Payment using credit card is one of most common mode of electronic payment. Credit card is small plastic card
with a unique number attached with an account. It has also a magnetic strip embedded in it which is used to
read credit card via card readers. When a customer purchases a product via credit card, credit card issuer bank
pays on behalf of the customer and customer has a certain time period after which he/she can pay the credit card
bill. It is usually credit card monthly payment cycle. Following are the actors in the credit card system.
 The card holder − Customer
 The merchant − seller of product who can accept credit card payments.
 The card issuer bank − card holder's bank
 The acquirer bank − the merchant's bank
 The card brand − for example , visa or Mastercard.
Credit Card Payment Process

64
 SMART CARD
Smart card is again similar to a credit card or a debit card in appearance, but it has a small
microprocessor chip embedded in it. It has the capacity to store a customer’s work-related and/or personal
information. Smart cards are also used to store money and the amount gets deducted after every transaction.
Smart cards can only be accessed using a PIN that every customer is assigned with. Smart cards are
secure, as they store information in encrypted format and are less expensive/provides faster processing. Mondex
and Visa Cash cards are examples of smart cards.
RISK IN ELECTRONIC PAYMENT SYSTEMS

Electronic payments allow you to transfer cash from your own bank account to the bank account of the
recipient almost instantaneously. This payment system relies heavily on the internet and is quite popular due to
the convenience it affords the user. It would be hard to overstate the advantages of electronic payment
systems, but what about the risks? Certainly they exist, both for financial institutions and consumers.
The Risk of Fraud
Electronic payment systems are not immune to the risk of fraud. The system uses a particularly
vulnerable protocol to establish the identity of the person authorizing a payment. Passwords and security
questions aren’t foolproof in determining the identity of a person.
So long as the password and the answers to the security questions are correct, the system doesn’t care
who’s on the other side. If someone gains access to your password or the answers to your security question,
they will have gained access to your money and can steal it from you.
The Risk of Tax Evasion
The law requires that businesses declare their financial transactions and provide paper records of them
so that tax compliance can be verified. The problem with electronic systems is that they don’t fit very cleanly
into this paradigm and so they can make the process of tax collection very frustrating for the Internal
Revenue Service.
It is at the business’s discretion to disclose payments received or made via electronic payment systems
in a fiscal period, and the IRS has no way of knowing if it’s telling the truth or not. That makes it pretty easy
to evade taxation.
The Risk of Payment Conflicts
One of the idiosyncrasies of electronic payment systems is that the payments aren’t handled by humans
but by an automated electronic system. The system is prone to errors, particularly when it has to handle large
amounts of payments on a frequent basis with many recipients involved.

65
 It’s important to constantly check your pay slip after every pay period ends in order to ensure
everything makes sense. Failure to do this may result in payment conflicts caused by technical glitches and
anomalies.

The Risk of Impulse Buying

Impulse buying is already a risk that you face when you use non-electronic payment systems. It is
magnified, however, when you’re able to buy things online at the click of a mouse. Impulse buying can
become habitual and makes sticking to a budget almost impossible.

DESIGNING ELECTRONIC PAYMENT SYSTEMS

1. BASIC REQUIREMENTS
Designing an electronic payment system should have the requirements assessed:
1. Technological Requirements
 When designing an electronic payment system, the system’s ability of the effectiveness and
the security of each transaction and the degree of compatibility with the online shop must be
taken into consideration.
 A payment system requires the greatest level of security in electronic commerce transactions .
 It must have confidentiality, authenticity, integrity and non-repudiation of transactions.
2. Economic Requirements
 These deal with the cost of transaction which refers to the amount paid by the client.
 Economic assessments include also atomic exchange which means that the consumer will
pay money or something equivalent in value.
 An electronic payment system must also be accessible in all countries of the world, to all ages
(user range) or currency in equal value and must not be restricted to the company that created
the value.
 Economic needs also deal with financial risks ,because consumers and merchants are
very concerned about the degree of security involved in online transactions.
 Return On Investment(ROI) is a economic parameter and a performance measure used
to evaluate the efficiency of an investment.
3. Social Requirements
 Payment system must prevent companies or financial institutions from tracing user
information and must be simple and user-friendly.As social needs, electronic payment
methods should also be accessible anywhere.

66
4. Legal Requirements
 Electronic payment system must abide by governmental regulations and the law and guaranty
all necessary proofs (digital signature, contracts,...)to protect users performing
domestic/international transactions.
2. COMPONENTS THAT MAKE E-PAYMENT SYSTEM
1. DATABASE INTEGRATION
 An integration database is a database which acts as the data store for multiple applications,
and thus integrates data across these applications (in contrast to an ApplicationDatabase).
 An integration database needs a schema that takes all its client applications into account.
 Each record should be kept in separate database. Each database must be linked together
to access from anywhere.
2. BROKERS
 The role of electronic brokers facilitate financial transactions electronically. The information
superhighway directly connects millions of people, each both a consumer of information and
a potential provider. If their exchanges are to be efficient, yet protected on matters of privacy,
sophisticated mediators are required.
 Electronic brokers play this important role by organizing markets that promote the
efficient production and consumption of information.
 Electronic brokers will be required to permit even reasonably efficient levels and patterns of
exchanges. Their ability to handle complex, albeit mechanical, transactions, to process
millions of bits of information per second, and to act in a demonstrably even-handed fashion
will be critical as this information market develops.
 Electronic brokers can also run pricing systems, charging and crediting slight amounts
to individual accounts as bits careen along the superhighway.
3. STANDARDS
 The e-payment standards enable payment users to link with various networks and other
payment systems.
 Standards for interoperability which enable users to buy and receive information regardless
of which bank is managing their money.
4. PRICING
o Payment card networks, such as Visa, require merchants' banks to pay substantial
"interchange" fees to cardholders' banks, on a per transaction basis.

67
 o Consumers make two distinct decisions (membership and usage) whereas merchants make
only one (membership).
5. PRIVACY
o Protecting the privacy of evaluators and their information is another important policy concern
of e-payment system.
o Contemporary standards of fairness require that many documents, ranging from letters to
the editor to personnel evaluations, be signed, and that one's accuser be identified in court.
o Signed evaluations are less likely to be unfair and, over time, people can identify
trustworthy evaluators.
MOBILE Commerce
Mobile commerce, also known as m-commerce, involves using wireless handheld devices like
cellphones and tablets to conduct commercial transactions online, including the purchase and sale
of products, online banking, and paying bills.

Benefits of mobile commerce:

As the usage of mobile devices is increasing rapidly, the mobile commerce industry is
becoming more and more popular. In the coming years, m-Commerce will become a leading
method of marketing and selling amongst businesses.
 Better User Experience

Embracing a consumer-first approach can help you boost your conversion rates and revenue. Not to mention,
users’ experience matters a lot in the E Commerce industry. Providing a better user experience refers to improving
your mobile app so that it becomes easy for users to navigate products and services within the app.

In order to accelerate your sales and generate more revenue, your m-Commerce application should be:

 Fast
 Convenient
 Interactive
 Exclusive

 Faster Purchases

Nowadays, having a mobile app/progressive web app rather than having a mobile version of your website has
become a necessity. Mobile apps/progressive web apps are 2x faster than mobile websites. For that reason,
investing in the right eCommerce design services is a must. Not only will it enhance the user experience, but it
will result in faster purchases which thereby increases the overall sales of the product.

Get Deeper Analytics

In traditional marketing, your customer will enter the store, make a purchase, and leave. You will get no idea
about the customer’s preferences and what factors influenced their purchase.

68
But this is not the case with m-Commerce applications. It will give deep insights into the users’ data from the
moment of product discovery to making payment. You will get valuable knowledge about the purchase intention
and the preferences of your targeted audience.

Promoted Direct Communication With Customers

Having a physical store is great, but how will you inform the visitors about the seasonal discount you’re offering
on your items?

m-Commerce applications allow business owners to directly communicate with their targeted audience through
push notifications, email newsletters, or social media.

While ignoring email is common, the same isn’t true for push notifications. Push notifications come with higher
open rates (more than 90%) and it is a perfect channel for letting your customers know about the discounts you’re
offering on your items.

Personalization

With a progressive web app or mobile app, you can reach out to a wider audience easily without running paid ads
on social media and other platforms.

If your app is integrated with social media, your audience will do their part in spreading the word, resulting in cost
reduction. Ads placed within your website can also help you earn additional revenue. Compared to a physical
store, the maintenance, development, and support expenses are lower when it comes to a mobile app. Therefore,
for new business owners, it’s high time to invest in the best eCommerce design services rather than paid
campaigns.

Geolocation

The biggest benefit of using m-Commerce applications is navigating users to the nearest stores in their vicinity via
GPS. This shortens the consumer’s time to find a store and make a purchase.

Geolocation works inside stores as well. For example, IKEA’s app allows customers to navigate to the products
they need easily. It is the newest mobile commerce trend, and most ecommerce businesses include maps and lists
of their products to help customers have the best experience while visiting physical stores.
Conclusion

Mobile commerce trend has become a powerful trend in the eCommerce market and it is predicted to grow even more in the
future. Overlooking this trend may result in missing out on valuable opportunities and low conversion rates.

Products and services of mobile commerce:

Retail Integration.
Flash Sales & Discounts.
Location Tracking.
Detailed Product Descriptions.
Optimized Product Images.
Social Media Integration.
Fast Checkout, Secure Payment.

69
Personalized User Profiles
..

~~~~~~~~~~~~~~~ UNIT V COMPLETED ~~~~~~~~~~~~~~

70