04 Ch12 - Electronic Commerce Systems

Chapter 12
Electronic
Commerce
Systems
James A. Hall, Accounting Information Systems, 10th Edition. © 2019

Cengage. All Rights Reserved. May not be scanned, copied or
duplicated, or posted to a publicly accessible website, in whole or in part.
Learning Objectives
• Be acquainted with the topologies that are employed to achieve
connectivity across the Internet.
• Possess a conceptual appreciation of protocols and understand
the specific purposes that several Internet protocols serve.
• Understand the business benefits associated with Internet
commerce and be aware of several Internet business models.
• Be familiar with the risks associated with intranet and Internet
electronic commerce.
• Understand issues of security, assurance, and trust pertaining
to electronic commerce.
• Be familiar with the electronic commerce implications for the
accounting profession.
James A. Hall, Accounting Information Systems, 10th Edition. © 2019 Cengage. All Rights Reserved.
May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. 2
Intra-Organizational Networks and EDI
• Local area networks (LANs), wide area networks (WANs),

and EDI are electronic commerce technologies that have
been with us for decades.
Internet Commerce
• Internet commerce has enabled thousands of business
enterprises of all sizes, as well as millions of consumers,
to congregate and interact in a worldwide virtual shopping
mall.
INTERNET TECHNOLOGIES
• Packet Switching
• Packet switching is the division of messages into small
packets for transmission.
• Virtual Private Networks
• A virtual private network (VPN) is a private network within a
public network.
• Extranets
• An extranet is a password-controlled network for private users
rather than the general public.
Message Packet Switching
INTERNET TECHNOLOGIES (continued)
• World Wide Web
• A web page is a fundamental format for the World Wide Web.
• Text documents called web pages have embedded Hypertext
Markup Language (HTML) codes that provide the formatting
for the page as well as hypertext links to other pages.
• The embedded HyperText Markup Language (HTML)
provides the formatting for a web page as well as hypertext
links to other web pages. The linked pages may be stored on
the same server or anywhere in the world.
• Websites are computer servers that support Hypertext–
Transfer Protocol (HTTP). The pages are accessed and read
via a web browser such as Internet Explorer.
• HyperText Transfer Protocol (HTTP) is the communications
protocol used to transfer or convey information on the World
Wide Web.
INTERNET TECHNOLOGIES (continued)
• World Wide Web (continued)
• A uniform Resource Locator (URL) is an address of the
target site in the web browser to access the website.
• A home page is a typical point of entry for an Internet website.
• Internet Addresses
• E-MAIL ADDRESS
• URL ADDRESS: Protocol prefix is the general format for a
URL; i.e., http:// is a protocol prefix. A domain name is an
organization’s unique name combined with a top-level domain
(TLD) name. A subdirectory name is the general format for a
URL. A document name is a component of the URL that
indicates the name of the file/document.
• IP ADDRESS
PROTOCOLS
• A protocol is the rules and standards governing the
design of hardware and software that permit network
users to communicate and share data.
• What Functions Do Protocols Perform?
• The Layered Approach to Network Protocol
• The International Standards Organization is a voluntary group
composed of representatives from the national standards
organizations of its member countries. The ISO works toward the
establishment of international standards for data encryption, data
communications, and protocols.
• The Open System Interface (OSI) model provides standards by
which the products of different manufacturers can interface with
one another in a seamless interconnection at the user level.
INTERNET PROTOCOLS
• Transfer Control Protocol/Internet Protocol (TCP/IP) is
the basic protocol that permits communication between
Internet nodes.
• File Transfer Protocols
• File Transfer Protocol (FTP) is a protocol used to transfer text
files, programs, spreadsheets, and databases across the
Internet.
• TELNET is a terminal emulation protocol used on TCP/IP-
based networks.
• Mail Protocols
• A Simple Network Mail Protocol (SNMP) is a protocol for
transmitting e-mail messages. Post Office Protocol and
Internet Message Access Protocol are other protocols for
transmitting e-mail messages.
INTERNET PROTOCOLS (continued)
• Security Protocols
• Secure Sockets Layer (SSL) is a low-level encryption scheme
used to secure transmissions in higher-level HTTP format.
• Private Communications Technology (PCT) is a security
protocol that provides secure transactions over the World Wide
Web.
• Secure Electronic Transmission is an encryption scheme
developed by a consortium of technology firms and banks to
secure credit card transactions.
• Privacy Enhanced Mail (PEM) is a standard for secure e-mail
on the Internet. It supports encryption, digital signatures, and
digital certificates as well as both private and public key
methods.
INTERNET PROTOCOLS (continued)
• Network News Transfer Protocol
• Network News Transfer Protocol (NNTP) is the network used
to connect to Usenet groups on the Internet.
• HTTP and HTTP-NG
• HyperText Transport Protocol-Next Generation (HTTP-NG)
is an enhanced version of HTTP that maintains the simplicity of
HTTP while adding important features such as security and
authentication.
• HTML
INTERNET BUSINESS MODELS
• Three levels of Internet activity:
• The information level of activity is when an organization uses
the Internet only to display information about the company, its
products, services, and business policies.
• The transaction level is an Internet business model that uses
the Internet to accept orders from customer and/or to place
them with their suppliers.
• The distribution level is an Internet marketing model that
sells and delivers digital products to customers.
CLOUD COMPUTING
• Software-as-a-Service (SaaS) is a software distribution
model in which service providers host applications for
client organizations over a private network or the Internet.
• Infrastructure-as-a-Service (IaaS) is the provision of
computing power and disk space to client firms who
access it from desktop PCs. The client firm can configure
the infrastructure for storage, networks, and other
computing needs, including running operating systems
and data processing applications.
• Platform-as-a-Service (PaaS) enables client firms to
develop and deploy onto the cloud infrastructure
consumer-generated applications using facilities provided
by the PaaS vendor.
CLOUD COMPUTING (continued)
• Virtualization
• Virtualization is a technology that multiplies the effectiveness of
the physical system by creating virtual (software) versions of the
computer with separate operating systems that reside in the same
physical equipment. In other words, virtualization is the concept of
running more than one “virtual computer” on a single physical
computer.
• Network virtualization increases effective network bandwidth by
dividing it into independent channels, which are then assigned to
separate virtual computers. It optimizes network speed, flexibility,
and reliability; most importantly, it improves network scalability. It
is especially effective in networks that experience sudden, large,
and unforeseen surges in usage.
• Storage virtualization is the pooling of physical storage from
multiple network storage devices into what appears to be a single
virtual storage device. This pool is then managed from a central
server.
CLOUD COMPUTING (continued)
• Cloud Computing Implementation Issues
• Dynamic Virtual Organizations
• A dynamic virtual organization is the electronic partnering of
business enterprises sharing costs and resources for the
purpose of benefits to all parties involved.
Dynamic Virtual Organization
Risks Associated with Electronic Commerce
• Reliance on electronic commerce poses concern about

unauthorized access to confidential information.
• A risk is the possibility of loss or injury that can reduce or
eliminate an organization’s ability to achieve its objectives.
In terms of electronic commerce, risk relates to the loss,
theft, or destruction of data as well as the use of computer
programs that financially or physically harm an
organization.
INTRANET RISKS
• Interception of Network Messages
• Privileged Employees with Access to Corporate
Databases
• Reluctance to Prosecute
INTERNET RISKS
• Risks to Consumers
• THEFT OF CREDIT CARD NUMBERS
• THEFT OF PASSWORDS
• CONSUMER PRIVACY: Cookies are files containing user
information that are created by the web server of the site being
visited and are then stored on the visitor’s own computer hard
drive.
• Risks to Businesses
• IP spoofing is a form of masquerading to gain unauthorized
access to a web server and/or to perpetrate an unlawful act
without revealing one’s identity.
• A denial of service attack (DoS) is an assault on a web
server to prevent it from servicing its legitimate users.
INTERNET RISKS (continued)
• Risks to Businesses (continued)
• A SYNchronize-ACKnowledge (SYN-ACK) is what is
returned when a receiving server acknowledges the request.
SYN flood attack is a server that keeps signaling for
acknowledgement until the server times out.
• A smurf attack is a DOS attack that involves three parties: the
perpetrator, the intermediary, and the victim. A ping is an
Internet maintenance tool used to test the state of network
congestion and determine whether a particular host computer
is connected and available on the network. An IP broadcast
address is a 32-bit number that identifies each sender or
receiver of information sent in packets across the Internet.
Smurf Attack
INTERNET RISKS (continued)
• Risks to Businesses (continued)
• A distributed denial of service (DDoS) attack may take the
form of a SYN flood or smurf attack. The distinguishing feature
of the DDoS is the sheer scope of the event. Internet Relay
Chat (IRC) is an interactive Internet service that lets thousands
of people from around the world engage in real-time
communications via their computers. Botnets are collections
of compromised computers.
• MOTIVATION BEHIND DOoS ATTACKS
• OTHER MALICIOUS PROGRAMS
Distributed Denial of Service Attack
Security, Assurance, and Trust
• Trust is the catalyst for sustaining electronic commerce.
• Both consumers and businesses are drawn to
organizations that are perceived to have integrity.
• Organizations must convey a sense that they are
competent and conduct business fairly with their
customers, trading partners, and employees.
ENCRYPTION
• Caesar cipher was the earliest encryption method; Julius
Caesar is said to have used it to send coded messages to
his generals in the field.
• The key is a mathematical value that the sender selects
for the purpose of encrypting or decoding data.
• An algorithm is the procedure of shifting each letter in the
cleartext message by the number of positions that the key
value indicates.
• Advanced encryption standard (AES), also known as
Rijndael, is a private key encryption technique.
ENCRYPTION (continued)
• Private key, also called symmetric key, is a single key
used in an encryption algorithm to both code and decode
a message.
• Public key encryption is a technique that uses two
encryption keys: one for encoding the message, the other
for decoding it.
• Rivest-Shamir-Adleman (RSA) is one of the most
trusted public key encryption methods. This method,
however, is computationally intensive and much slower
than private key encryption.
• A digital envelope is an encryption method in which both
DES and RSA are used together.
Public Key Encryption
DIGITAL AUTHENTICATION
• A digital signature is an electronic authentication
technique that ensures the transmitted message
originated with the authorized sender and that it was not
tampered with after the signature was applied.
• A digital certificate is a sender’s public key that has been
digitally signed by trusted third parties.
• Certification authorities (CAs) are trusted third parties
that issue digital certificates.
• Public key infrastructure (PKI) constitutes the policies
and procedures for administering public key management
for digital authentication.
FIREWALLS
• A firewall is software and hardware that provide a focal
point for security by channeling all network connections
through a control gateway.
• The network-level firewall is the system that provides
basic screening of low-security messages (for example, e-
mail) and routes them to their destinations based on the
source and destination addresses attached.
• An application-level firewall provides high-level network
security.
SEALS OF ASSURANCE
• Better Business Bureau
• TRUSTe
• Verisign, Inc.
• International Computer Security Association
• AICPA/CICA WebTrust
• AICPA/CICA SysTrust
Implications for the Accounting Profession
• As mission-critical functions—such as inventory

procurement, sales processing, shipping notification, and
cash disbursements—are performed automatically,
digitally, and in real time, auditors are faced with the
challenge of developing new techniques for assessing
control adequacy and verifying the occurrence and
accuracy of economic events.
PRIVACY VIOLATION
• Privacy is full control of what and how much information
about an individual is available to others and to whom it is
available.
• The Safe Harbor Agreement implemented in 1995 is a
two-way agreement between the United States and the
European Union establishing standards for information
transmittal.
• NOTICE
• CHOICE
• ONWARD TRANSFER
• SECURITY AND DATA INTEGRITY
• ACCESS
• ENFORCEMENT
CONTINUOUS AUDITING
• Continuous auditing techniques need to be developed that
will enable the auditor to review transactions at frequent
intervals or as they occur.
• Intelligent control agents are computer programs that
embody auditor-defined heuristics that search electronic
transactions for anomalies.
ELECTRONIC AUDIT TRAILS
• Value-added network (VAN) is a hosted service offering
that acts as an intermediary between business partners
sharing standards-based or proprietary data via shared
business processes.
CONFIDENTIALITY OF DATA
• Accountants need to assess the quality of encryption tools
used and the effectiveness of key management
procedures that CAs use.
• The term mission-critical defines a set of information that
extends beyond the traditional financial concerns of
accountants.
AUTHENTICATION
• In electronic commerce systems, determining the identity
of the customer is not a simple task.
• Accountants must develop the skill set needed to
understand digital signatures and digital certificates to
perform the assurance function.
NONREPUDIATION
• Accountants are responsible for assessing the accuracy,
completeness, and validity of transactions that constitute
client sales, accounts receivable, purchases, and
liabilities.
DATA INTEGRITY
• To assess data integrity, accountants must become
familiar with the concept of computing a digest of a
document and the role of digital signatures in data
transmissions.
ACCESS CONTROLS
• Controls need to be in place that prevent or detect
unauthorized access to an organization’s information
system.
A CHANGING LEGAL ENVIRONMENT
• Legal issues relating to taxes, privacy, security, intellectual
property rights, and libel create new challenges for the
accounting profession, which must provide its clients with
rapid and accurate advice on a wide range of legal
questions.
Appendix - Intra-organizational Electronic
Commerce
• Network Topologies
• LOCAL AREA NETWORKS AND WIDE AREA NETWORKS
• NETWORK INTERFACE CARDS
• SERVERS
• STAR TOPOLOGY
• HIERARCHICAL TOPOLOGY
• RING TOPOLOGY
• BUS TOPOLOGY
• CLIENT-SERVER TOPOLOGY
LAN with File and Print Servers
Bridges and Gateways Linking LANs and WANs
Star Network
Hierarchical Topology
Ring Topology
Bus Topology
Client-Server Topology
Commerce (continued)
• Network Control
• DATA COLLISION: Data collision is the collision of two or more
signals due to simultaneous transmission that destroys both
messages from the transmitting and the receiving nodes.
• Polling: Polling is actively sampling the status of an external
device by a client program as a synchronous activity.
• Token Passing
• Carrier Sensing
• Electronic Data Interchange
• Electronic data interchange (EDI) is the intercompany exchange
of computer-processable business information in standard format.
• EDI Standards
• Benefits of EDI
• Financial EDI
Polling Method of Controlling Data Collisions
Token-Passing Approach to Controlling Data
Collision
Overview of EDI
Value-Added Network and EDI
The X.12 Format
Relationship Between X.12 Format and a
Conventional Source Document
EFT Transactions between Trading Partners
Commerce (continued)
• Open System Interface Network Protocol
• LAYER FUNCTIONS:
1. Physical Layer
2. Data Link Layer
3. Network Layer
4. Transport Layer
5. Session Layer
6. Presentation Layer
7. Application Layer
The OSI Protocol

04 Ch12 - Electronic Commerce Systems

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

04 Ch12 - Electronic Commerce Systems

Uploaded by

Copyright:

Available Formats

Chapter 12

James A. Hall, Accounting Information Systems, 10th Edition. © 2019

• Local area networks (LANs), wide area networks (WANs),

• Reliance on electronic commerce poses concern about

• As mission-critical functions—such as inventory

You might also like