Upload File

e commerce bsit 62

26
Advantages of E-Commerce Some advantages of e-commerce are discussed below: Global reach: An e-commerce website is accessible to a global audience. Only an Internet connection is required to connect to an e-commerce website. Therefore, billions of users who browse the Internet have access to the products and services displayed on an e-commerce website. This is in contrast to the traditional methods of conducting commerce in which the customers include only the people living in and around the place where the seller sells the products or services. Instant availability: An e-commerce website is available 24 hours a day and 365 days a year. However, in traditional way of conducting commerce, customers can purchase the products only during working hours. Systematic communication: An e-commerce website displays the information of the products it is selling in a systematic and organized manner. For example, if you are looking for information about a book on a website, you can get additional information such as the contents of the book, the reviews of the book, and the author’s views on the book. You’ll also get information on the price and availability of the book. All this information highly influences your buying decision. Reduced paperwork: A customer on the web specifies the required information only to make a transaction. This information is far less than the paperwork done in traditional commerce. For example, earlier when a business organization exported its products overseas, it was required to fill in several pages of information, which was not only time-consuming but also frustrating. However, with the evolution of e-commerce where limited information is required, which is transferred electronically, the paperwork has reduced significantly. Easier entry into new markets: E-commerce enables new business houses to easily enter into new geographical areas and start selling. For this, the business house doesn’t need to set up branch offices at all geographic locations. Business organizations can now present corporate data online. For example, publishers can expose their catalog of books on www.amazon.com from where any potential buyer can buy the book. Lower transaction cost: The overall cost involved is less because most of the transactions take place online. In addition, customer service can be provided over e-mail. When a business house plans to go online, it needs to invest money in setting the infrastructure that includes creating and maintaining a website. However, this investment is compensated by the increased number of customers on the web, which in turn, increases the revenue for the organization. Flexibility: An e-commerce website gives organizations the flexibility to build an order over several days, compare prices offered by other shops, and search large catalogs. Larger catalogs: An e-commerce website has large catalogs, which a customer can browse through. It is practically not possible and potentially more expensive for company to deliver large catalogs in an ordinary mailbox. However, the large catalogs on an e-commerce site provide you with extensive and organized information about the product. In addition, you can compare similar products from catalogs of several vendors. Disadvantages of E-Commerce The disadvantages of e-commerce are: Hackers use various techniques to hack sites and steal information. For example, hackers can steal credit card information. It is difficult to trust vendors offering products over the Internet because there is no personal contact with the vendor. M-Commerce Another major step in the evolution of e-commerce is the ability to conduct commerce by using mobile devices. This form of e-commerce is called m-commerce. M-commerce allows you to connect your mobile device to an e-commerce website and conduct business. M-commerce provides you with the flexibility of doing business at all times and from all places, without even requiring a PC with an Internet connection.

Upload: rachit-khandelwal

Post on 08-Nov-2015

20 views

Category:

Documents


0 download

Report

DESCRIPTION

bscit ku

TRANSCRIPT

  • Advantages of E-Commerce

    Some advantages of e-commerce are discussed below:

    Global reach: An e-commerce website is accessible to a global audience. Only an Internet connection is required to connect to an e-commerce website. Therefore, billions of users who browse the Internet have access to the products and services displayed on an e-commerce website. This is in contrast to the traditional methods of conducting commerce in which the customers include only the people living in and around the place where the seller sells the products or services.

    Instant availability: An e-commerce website is available 24 hours a day and 365 days a year. However, in traditional way of conducting commerce, customers can purchase the products only during working hours.

    Systematic communication: An e-commerce website displays the information of the products it is selling in a systematic and organized manner. For example, if you are looking for information about a book on a website, you can get additional information such as the contents of the book, the reviews of the book, and the authors views on the book. Youll also get information on the price and availability of the book. All this information highly influences your buying decision.

    Reduced paperwork: A customer on the web specifies the required information only to make a transaction. This information is far less than the paperwork done in traditional commerce. For example, earlier when a business organization exported its products overseas, it was required to fill in several pages of information, which was not only time-consuming but also frustrating. However, with the evolution of e-commerce where limited information is required, which is transferred electronically, the paperwork has reduced significantly.

    Easier entry into new markets: E-commerce enables new business houses to easily enter into new geographical areas and start selling. For this, the business house doesnt need to set up branch offices at all geographic locations. Business organizations can now present corporate data online. For example, publishers can expose their catalog of books on www.amazon.com from where any potential buyer can buy the book.

    Lower transaction cost: The overall cost involved is less because most of the transactions take place online. In addition, customer service can be provided over e-mail. When a business house plans to go online, it needs to invest money in setting the infrastructure that includes creating and maintaining a website. However, this investment is compensated by the increased number of customers on the web, which in turn, increases the revenue for the organization.

    Flexibility: An e-commerce website gives organizations the flexibility to build an order over several days, compare prices offered by other shops, and search large catalogs.

    Larger catalogs: An e-commerce website has large catalogs, which a customer can browse through. It is practically not possible and potentially more expensive for company to deliver large catalogs in an ordinary mailbox. However, the large catalogs on an e-commerce site provide you with extensive and organized information about the product. In addition, you can compare similar products from catalogs of several vendors.

    Disadvantages of E-Commerce

    The disadvantages of e-commerce are:

    Hackers use various techniques to hack sites and steal information. For example, hackers can steal credit card information.

    It is difficult to trust vendors offering products over the Internet because there is no personal contact with the vendor.

    M-Commerce

    Another major step in the evolution of e-commerce is the ability to conduct commerce by using mobile devices. This form of e-commerce is called m-commerce. M-commerce allows you to connect your mobile device to an e-commerce website and conduct business. M-commerce provides you with the flexibility of doing business at all times and from all places, without even requiring a PC with an Internet connection.

  • Mobile phones can now connect to the Internet and bring information to you when you are far from your PC. By using this technology, people can connect their notebooks, laptops, handheld PCs, and other devices to the web.

    Wireless Application Protocol (WAP) is one of the technologies that have made m-commerce possible. WAP is the transfer protocol that allows you to access a mobile web application or an Internet site from a wireless device, such as a mobile phone.

    As mobile phone usage experiences unprecedented growth, m-commerce is expected to develop significantly. M-commerce is fast gaining popularity among mobile users because wireless devices offer fast, secure, and scalable data delivery.

    Some of the industries that have benefited by m-commerce include:

    Financial services, such as mobile banking and brokerage services. With the development of m-commerce, it is possible for you to connect to the website of your bank from your mobile device and know your account balance. Similarly, you can get the latest stock exchange details on your mobile device, which you can then use to buy and sell stocks instantly.

    Telecommunications sector, in which a handheld device can be used for services such as bill payment and account reviews. For example, it is now possible for you to pay your telephone bills from your mobile device.

    Information services, where a mobile device can deliver information on varied areas such as sports and traffic. You can log on to various entertainment websites including sports, horoscopes, news, and so on and get updated information on your mobile device.

    FAQs

    1. List the risks associated with e-commerce.

    Ans: Various risks associated with e-commerce are as follows:

    Security risks: A person has to provide confidential data, like credit card number, for buying products over the Internet. This data can be hacked. Therefore, e-commerce faces security risks.

    Risk of buying unsatisfactory products: A person is not able to physically look and feel a product before purchasing it. The purchased item may not satisfy the buyer.

    2. Is e-commerce all about buying and selling of goods online?

    Ans:

    No, e-commerce is more than the buying and selling of goods online. E-commerce also includes the following activities:

    Buying and selling of information Exchange of business-to-business information Payment for bills Making donations to charities Sharing business information and maintaining business relationships

    3. What is the difference between traditional commerce and e-commerce? Ans:

    In traditional commerce, the buyer and the seller interact face-to-face with each other. The buyer can also physically feel a product before purchasing it. In addition, in traditional commerce, a buyer may not have to provide his/her personal information, like address, to the seller. On the other hand, in e-commerce, a person purchases a product without any interaction with the buyer. A buyer is also not able to see and feel the product before purchasing it. In addition, in e-commerce, a buyer has to provide personal information, like his/her address, to the e-commerce website.

  • Virtual Mall

    A virtual mall is a website for small-sized and medium-sized businesses. A virtual shopping mall offers a standardized environment in which products and services from several companies or stores are displayed on a single website.

    A virtual mall is an online marketplace that a customer can reach, browse, and shop easily. Usually, a virtual mall displays all related products. For example, several computer hardware companies can come together to set up a virtual mall.

    In addition, the mall can contain products from various suppliers. Therefore, the consumer can get the advantage of comparing products from several vendors and get all required products on a single website. On the other hand, vendors benefit from a wide range of potential customers, who might be interested in buying their products or services. Hence, as with real malls, virtual malls provide an opportunity to benefit both businesses and consumers. For example, a virtual store, which is part of a virtual mall, may catch the attention of a consumer who originally comes to the mall to buy goods from another store. Thus, consumers benefit from the opportunities for integration and coordination of goods and services on the mall.

    Some of the features of a virtual mall are:

    Always open for business: A virtual mall is nothing but a website. Therefore, unlike real malls, a virtual mall is open for business round the clock. A customer can visit a virtual mall any time to make an online purchase.

    Secure administration: Each owner of a store in a virtual mall is provided a password to protect and secure administration. Therefore, owners can safely display their products without the fear of their products and services being misused.

    Comprehensive design: Virtual malls are comprehensively designed to include detailed information about the products and services so that customers are able to make a quick purchasing decision. In addition, the customers can compare and choose products and services offered by several business houses participating in the virtual mall. Each store in a virtual mall may have a completely unique design, inventory, and checkout process.

    Electronic payment: Virtual malls allow customers to purchase products and services electronically. Also, the payments made for the purchase are sent electronically over the Internet. There are several modes of payment supported by virtual malls that include electronic cash, electronic checks, and credit cards.

    Product and Service Categories As in traditional commerce, goods sold in e-commerce can be categorized as hard goods, soft goods, and services.

    Hard Goods

    Hard goods are physical items such as:

    Books Auctioned items Computer hardware Amazon.com (http://www.amazon.corn) and ebay (http://www.ebay.com) are two popular sellers of books and other items. Companies such as CompUSA (http://www.compusa.corn) sell computer hardware over the Web.

    Soft Goods

    Examples of soft goods include:

    Software Music and videos Online documents

  • The Web is becoming a primary means for selling software such as games, productivity applications, and antivirus packages. Organizations such as the International Standards Organization (http://www.iso.eh) sell standards documents online.

    Services

    Some examples of services include:

    Stock trades Airline or travel reservations Employment services E-mail services

    Discount stockbrokers are no longer the only stock traders option, customers can also perform stock transactions over the Web. Similarly, airlines have found that many passengers prefer to reserve tickets electronically. This helps in saving their time and effort spent in buying tickets manually. Therefore, almost every airline now offers services on the Web that allows customers to buy tickets online.

    Employment services, such as the Monster Board (http://www.monster.com), have become extremely popular e-commerce sites. In fact, many organizations have begun to offer e-commerce services on their sites with an aim to become the predominant Web portal.

    Meeting Customer Expectations with Archetypes

    Most e-commerce customers expect an e-commerce website to present standard elements called archetypes. These archetypes help make a customer's experience more interesting and generate repeat visits. Several e-commerce site archetypes are summarized in the table below.

    Archetypes Description and Usage

    Catalog/shopping cart

    Best suited for hard and soft goods. This archetype is very popular and operates on the premise of choosing items for purchase by adding them to the customer's virtual shopping cart.

    Time-based or usage-based

    This archetype is best suited for selling services. A website that serves as a game server might charge on the basis of user connection time. A law firm might charge based on connection time to its databases.

    Subscription This archetype works equally well with either soft goods or services. In many ways, this model uses a fixed time period over which a fee is charged for the right to access information or services, independent of actual usage. Many online magazines and dating services are using this model.

    Advertising This archetype is most often used for services but also workable with soft goods. Many e-commerce sites base their revenue on charging for advertising based on the number of users who visit the website in a given period.

    E-Commerce Archetypes

    FAQs

    1. What is a shopping cart program?

    Ans:

    A shopping cart program allows you to offer products to your customers with an easy to use interface that generally allows them to go to different web pages within your website and select items to put in their

  • virtual shopping cart. When they have finished selecting the products, the customers check out and the shopping cart program calculates the total.

    2. List some electronic banking channels.

    Ans:

    Some of the electronic banking channels are ATMs, the Internet, telephones, and cell phone.

    3. List various ways through which home entertainment can be accomplished.

    Ans: Home entertainment can be accomplished through hard drive DVD recorders and pocket-size MP3 players. Apart from this, a number of hard drive-based home audio systems are available from specialist retailers. The advent of multimedia PCs is an added advantage.

    E-Commerce Models

    The first step in the development of an e-commerce website is to identify the e-commerce model. Depending on the parties involved in the transaction, e-commerce can be classified into four models:

    Business-to-Business (B2B) Model

    The B2B model involves electronic transactions for ordering, purchasing, as well as other administrative tasks between two business houses. It includes trading goods such as business subscriptions, professional services, manufacturing, and wholesale dealings. Sometimes in the B2B model, business may exist between virtual companies, neither of which may have any physical existence. In such cases, business is conducted only through the Internet. The following figure represents the B2B model.

    B2B Business Model

    Business-to-Consumer (B2C) Model

    The B2C model involves transactions between business organizations and consumers. These websites display product information in an online catalog and store it in a database. The B2C model also includes services such as online banking, travel services, and health information. The B2C model of e-commerce is more prone to the security threats because individual consumers provide their credit card and personal information to the website of a business organization. In addition, consumers might be doubtful about their information being secured at the business organization. The following figure represents the B2C model.

    B2C Business Model

  • Consumer-to-Consumer (C2C) Model

    The C2C model involves transaction between consumers. Here, a consumer sells directly to another consumer. eBay is an example of an online auction website that allows a consumer to advertise and sell their products online to another consumer. However, it is essential that both the seller and the buyer must register with the auction site. While the seller needs to pay a fixed fee to the online auction house to sell its products, the buyer can bid without paying any fee.

    The following figure represents the C2C model.

    C2C Business Model

    Consumer-to-Business (C2B) Model

    The C2B model involves a transaction that is conducted between a consumer and a business organization. It is similar to the B2C model, however, the difference is that in this case the consumer is the seller and the business organization is the buyer. In this kind of a transaction, the consumer decides the price of a particular product rather than the supplier.

    This category includes individuals who sell products and services to organizations.

    The following figure represents the C2B model.

    C2B Business Model

    In addition to the models discussed so far, five new models are being worked on that involves transactions between the government and other entities, such as consumer, business organizations, and other governments. All these transactions that involve government as one entity are called e-governance. The various models in the e-governance scenario are:

    Government-to-Government (G2G) Model: This model involves transactions between two governments. For example, if the United States government wants to buy oil from the Saudi Arabian government, the transactions will be categorized as G2G.

    Government-to-Consumer (G2C) Model: In this model, the government transacts with an individual consumer. For example, a government can enforce laws pertaining to tax payments on individual consumers over the Internet.

    Consumer-to-Government (C2G) Model: In this model, an individual consumer interacts with the government. For example, consumers pay income tax and house tax.

    Government-to-Business (G2B) Model: This model involves transactions between a government and business organizations. For example, the government plans to build a flyover. It requests for tenders from various contractors. Government can do this over the Internet by using the G2B model.

    Business-to-Government (B2G) Model: In this model, the business houses transact with the government. For example, business houses can also pay their taxes through the Internet.

  • E-Commerce Architecture

    The e-commerce architecture, when explained with respect to the technology, can be divided into three layers: client, middle-tier, and back-end systems.

    Client

    The client constitutes a personal computer or a mobile device and a browser, such as Internet Explorer or Netscape Navigator for surfing the Internet. The client forms the first tier of e-commerce architecture. The browser provides a Graphical User Interface (GUI), which is the medium through which the user interacts with the server. The client then requests the server to perform a specific task. It receives the content from the server and displays it to the user.

    Middle-Tier

    When a client requests for information, the server retrieves it from a storage location such as a database or any other data source and sends it back to the client. The server acts as an intermediary layer between a client and a database, and therefore, forms the middle-tier of the technology domain. The components of the middle tier are:

    Application servers Web servers Web services Commerce servers Server-side scripting languages

    Back-End Systems

    Databases form the third tier of the e-commerce architecture. The database stores the details of all products and services that are displayed on the web page of an e-commerce website. It also stores the information regarding the customers such as customer name, address, products ordered for, mode of payment, and mode of delivery.

    Technology Domain

    FAQs

    1. What is market-link transaction?

    Ans:

    Market-link transaction is another name for business-to-business transactions.

    2. What is encrypted e-mail?

  • Ans: Encrypted e-mail is encrypted by the sender's e-mail program, which renders it unreadable until the recipient decrypts it.

    3. What are electronic bulletin boards?

    Ans:

    Electronic bulletin boards are online communication systems where one can share, request, or discuss information on any topic. They are also known as message boards or computer forums.

    E-Commerce Transaction

    E-commerce transaction is an exchange that occurs when one economic entity sells a product or service to another entity over the Internet. It takes place when a product or service is transferred across a technologically separable interface that links a customer with a producer. E-commerce transaction follows a seven-step process that is as follows:

    Step 1: Browsing for a Product

    An e-commerce transaction begins when a customer visits an e-commerce website. In this step, the customer searches, discovers, and compares one product with another for purchase. At the end of this step, a potential customer may be tempted to buy products that are on sale or on promotion. For example, consider that you need to buy a digital camera. You can visit several websites that sell digital cameras. You can then search for detailed information about cameras on all these websites and also compare the features of various models of cameras sold over the same or different websites.

    Step 2: Identifying and Listing the Products

    In this step, the customer selects the products, negotiates or determines their total price, and then adds them to their shopping cart. The list consists of products that the customer has selected, their quantities, prices, attributes, such as color and size, and any other feature related to the product. A customer can always clear the list, remove individual items from it, and also update quantities of the products. Continuing with the example discussed in the previous step, in this step, you add the digital camera that you selected to your shopping cart, which might already include several other products.

    Step 3: Placing the Order

    When the customers complete selecting the items for purchase from an e-commerce site, they proceed to place an order. The website displays a form to the customers to enter their personal details, shipping and billing address information, and the mode of delivery. It also allows the customer to choose the shipping mode. The customers might also add some additional information for ancillary services such as gift, greeting, and gift-wrapping. In this step, you place an order for the digital camera. This includes filling in the registration and the order form. You also need to specify the mode of shipping.

    Step 4: Confirming the Order

    In this step, the e-commerce website calculates the taxes and shipping charges applicable to the product to be delivered. Next, the order is confirmed and the customer is intimated about the total payment to be made for receiving the products. The final cost is displayed to the customer and the payment information is requested. The validity of the information entered by the customer is then verified in the background. If the information is correct and acceptable, order confirmations are created. Once the verification is done, the order is confirmed.

    Step 5: Making the Payment

  • In this step, the customer makes the payment for the products. The mode of payment varies with the type of transaction. There are various modes of payment such as credit cards, electronic checks, and electronic cash.

    Step 6: Verifying and Approving the Purchase

    In this step, the mode of payment is verified. Consider an example in which a customer makes the payment through a credit card. Now, the validity of the credit card needs to be verified. It is checked whether the credit card account contains sufficient funds and the number entered is correct. The authorization of the credit card is also verified. After the verification is over, the business website approves the purchase of the product and the customer is supplied with a proof of payment. The credit card information that you specify for the payment of the digital camera is verified with the help of a third party, and if it is fine, the purchase is approved.

    Step 7: Processing the Order

    The last step in an e-commerce transaction is to process the order, after which the products ordered by the customer are delivered or shipped by using the mode of delivery chosen.

    FAQs

    1. What is OMC cycle?

    Ans:

    OMC cycle refers to the order-to-delivery cycle from the merchants perspective. It consists of eight steps namely order planning and order generation, cost estimation and pricing, order receipt and entry, order selection and prioritization, order scheduling, order fulfillment and delivery, order billing and account/payment management, and post-sales service.

    2. List the phases involved in the business process model from the consumers perspective.

    Ans:

    There are three phases in the business process model from the consumers perspective. They are as follows:

    1. Prepurchase determination: It involves searching and selecting a product after comparing its features from various sites.

    2. Purchase consummation: It involves placement of the order, authorization of payment, and receipt of payment.

    3. Postpurchase interaction: It involves providing feedback to the e-commerce site based on the purchase.

    Digital Cash

    Digital cash is the electronic equivalent for currency. Digital cash is either stored on the chip of a smart card or on the PC of a consumer. Digital cash has gained popularity with the increase in the volume of electronic business. It combines computerized convenience with security and privacy. The versatility of digital cash opens up a host of new markets and applications.

    Digital Cash is the leader in the electronic cash system. It has implemented secure transactions with the use of cryptography. Although it is a software-based program, Digicash requires the user to possess an account with an online bank.

    Digital cash is based on cryptographic systems called digital signatures. This method uses very large integers known as numeric keys. These keys exist as a pair and always work together, one for encryption or locking and the other for decryption or unlocking. Only the decryption key of the pair can unlock whatever is locked by the encryption key. The encryption key remains private while the decryption key is

  • made public. Banks provide their buyers and sellers with the public key. Therefore, the customers can decode any currency that has been encoded with the banks private key.

    Digital cash can be implemented by using the Wallet and point-of-sale programs. Wallet is a program that stores digital cash. When a wallet is used in a digital transaction, both the buyer and the seller need to implement the same type of wallet. This is because wallets do not follow a standard format. The point-of-sale program integrates the website, the wallet program of the buyer, and the wallet program of the seller. This program also initiates the transfer of funds between the buyer and seller, validates, and logs the transaction.

    Properties of Digital Cash

    To act as an effective medium of payment, digital cash must have the following properties:

    Monetary value Interoperability Accessibility Security

    Monetary value: Digital cash must have a monetary value. It must be supported by cash, bank-authorized credit, or a bank-certified cashiers check. The creation and acceptance of digital cash between any two banks must take place smoothly. A bank certification is very important for digital cash to be valid. If there is no bank certification, it could imply that the customer who is making the purchase does not have enough funds in his or her account.

    Interoperability: Digital cash must be interoperable. In other words, it should be possible to exchange digital cash with another type of digital cash, goods, or services. All the banks must provide support for digital cash to promote its use.

    Accessibility: People using digital cash should be able to store it as well as withdraw it whenever required. Digital cash can be stored on a remote computer or portable devices such as a Personal Digital Assistant (PDA) along with proper security measures. There should be a provision for an authentication process, such as the use of passwords.

    Security: When digital cash is exchanged, there should be no scope for malpractices such as copying or manipulating it. The security aspect of digital cash should be able to prevent or detect duplication and double spending. Sometimes, a consumer might use the same digital cash simultaneously for carrying out transactions in different countries. This is an instance of double spending.

    Electronic Wallet

    An electronic wallet serves a function similar to a physical wallet. It holds credit cards, electronic cash, owner identification, and owner contact information. Some electronic wallets also contain an address book.

    Electronic Checks

    The electronic check, also known as digital check, is an electronic document containing information like name of the payer, his/her account number, the name of the bank, the name of the payee, and the amount to be transferred. It has a digital signature equivalent to the signature on a traditional check.

    Electronic checks are the same as paper checks except that digital signatures are used for signing and approving them. In addition, digital certificates are used to authenticate the payers, their banks, and their accounts. Digital checks that use digital signatures implement cryptography to maintain the security and authenticity of digital checks.

    Electronic checks facilitate online services in the following ways:

    The seller can verify the validity of the available funds at the buyers bank. Security is enhanced at every stage of the transaction process through automatic validation of the

    electronic signature by the seller and the bank. The EDI-based electronic transaction facilitates payment integration.

  • Electronic checks are transferred through direct telephone lines or the Internet. These payments are collected by the banks and cleared through their networks.

    Processing of Electronic Checks

    The steps involved in the processing of electronic checks are:

    1. The electronic check users register with a third-party accounts server before they are able to write electronic checks. For example, Jack wants to transact with IBG, Inc. by using electronic checks. To be able to do this, Jack first needs to register with a third party.

    2. After the registration process is complete, a consumer can contact a seller to buy products or services. Consumers send an electronic check to the seller by using e-mail. For example, after registering, Jack can make an online purchase from IBG Inc.

    3. After the electronic check is deposited, funds are transferred from the account of the buyer to that of the seller. For example, when the electronic check signed by Jack is deposited, the third party makes the payment to IBG, Inc. by withdrawing funds from Jacks account.

    Credit Card

    The following processes take place during a credit card transaction:

    Authentication: It ensures that the credit card accepted from the customer is valid, has actually been issued, and is not reported stolen.

    Authorization: It ensures that the card has sufficient credit available for the purchase. If the card has sufficient credit, the credit limit of the customer is temporarily reduced by the value of the transaction. Authorization can be obtained in the following ways:

    Manual: The storeowner downloads the details of the transaction from the web server, and then requests authorization by using various methods such as a point of sale (POS) terminal or a personal computer (PC) program.

    Automatic: The server obtains online authorization by communicating directly with the computer of the credit card processing company. Although automatic authorization is mostly preferred, it is more complex and costly.

    Settlement: Once the products are shipped or delivered to the customers, the company informs the banks by issuing a capture request, which is a request for settlement. The banks then release the previously reserved funds, and the money is transferred to the account of the company through numerous banks and intermediaries.

    Security plays a very important role when using credit cards for online transactions. Many companies have offered various software, such as iAuthorizer by Atomic Software, for conducting a secure transaction while using credit cards.

    Several vendors have developed software for both the sellers and the banks. The software allows the sellers to buy a single package integrated with the Web server. This combination serves as an electronic store and a payment system. The buyers interact with the store to purchase any product by using their own browser. The software allows the banks to use their computer systems for verifying and processing the encrypted credit card information.

    The credit card payment process involves two steps:

    1. Sellers provide the buyer with the product or service price, confirmation of order, status, delivery process, and payment options.

    2. The buyers provide the seller with the payment choice and other essential information in a secured way.

  • Types of Credit Card Payments

    The payments made by credit cards can be of three types:

    Payments by using unencrypted credit card information: This is the easiest method of credit card payment. Here, payments are made through the exchange of unencrypted credit card information over public networks such as a telephone or the Internet. This method of exchange has a very low level of security. Any hacker can read a credit card number and use programs that scan the Internet traffic for credit card numbers.

    Payments by using encrypted credit card information: The first step towards entering the credit card information into a browser is the encryption of data. This helps to send the credit card number securely over the network from the buyer to the seller. To make a credit card transaction truly secure, the following steps should be performed: a. The buyer sends the credit card information securely to the seller. b. The seller validates the authenticity of the buyer. c. The buyer sends the credit card information to the bank or a processing party. d. The bank or the processing party sends the information to the buyers bank for approval of

    authorization. e. The buyers bank sends back the authenticated credit card information to the seller.

    Payments by using third-party verification: The introduction of a third party has helped to secure and solve problems related to credit card transactions. The third party collects and approves the payment scheme of the buyer. The third party secures the credit card transaction by ensuring that the credit card number is not transmitted over the Internet. The buyer or the seller here does not need to purchase any hardware or install any software to use this payment system. Sellers and buyers only need an Internet mailbox and a third-party account. Sellers who do not have Internet servers to handle the sales directly are supplied with a server by the third party. Payments by using third-party verification involve the following steps:

    1. The buyer fills up a registration form supplied by the third party and acquires an account number. This gives the third party a customer profile.

    2. When buyers make a purchase, they request the sellers for the item by giving their third-party account number.

    3. The sellers derive information about the buyers account number from the third-party payment server.

    4. The third-party payment server checks the buyers account balance and verifies their account numbers to the sellers.

    5. The third-party payment server sends an electronic message regarding the product to the buyer to which the buyer responds.

    6. If the buyer agrees to buy the product, the third-party payment server informs the seller and the buyer to download the materials immediately.

    7. After completing the purchase, the buyer sends a confirmation of the purchase to the third party. If a buyer does not pay for a product received, the buyers account is suspended.

    By using these methods, buyers can purchase goods and services on the Internet.

    Credit Cards Vs. Charge Cards

    A credit card enables you to make purchases for which you are billed later. Most credit card accounts allow you to carry a balance from one billing cycle to the next. However, you need to pay interest on that balance. Usually, you need to pay a minimum amount of your balance each time you receive a bill.

    A charge card is a specific kind of a credit card. The balance on a charge card account is payable in full when the statement is received and cannot be rolled over from one billing to the next. Because you cannot carry a balance, a charge card does not have a periodic or annual percentage rate.

  • Smart Card

    A smart card is a plastic payment card with a microchip. It holds private user information such as financial information and offers consumers more security than traditional methods. The design enables the card to serve many additional functions that the typical credit card cannot provide. A smart card can supplement SSL for improved security of Internet transactions. They can also serve as a convenient, portable storage medium of personal data. The primary advantages of smart cards are portability, security, and convenience.

    VeriSign

    VeriSign is a payment service. It simplifies e-commerce by providing payment connectivity over the Internet, between online customers, merchants, buyers, sellers, and the financial networks that move money between them. It is easy-to-use, secure, and cost-effective. From high volume businesses with complex online requirements to businesses just getting started on the web, it has a payment solution that fits everybodys needs.

    FAQs

    1. While using electronic checks, how can forgery be eliminated?

    Ans:

    Forgery can be virtually eliminated by electronic check through digital signatures, automatic verification, and PIN-protected hardware signing keys.

    2. What are the important points that need to be taken into consideration to make any payment method successful?

    Ans:

    The points that must be addressed for any new payment method to be successful are privacy, security, intuitive interface, database integration, brokers, pricing, and standard.

    3. List some of the desired characteristics of digital money.

    Ans:

    Some of the desirable characteristics of digital money are as follows:

    Universally accepted Electronically transferable Nonstealable Private

    4. What are the advantages and disadvantages of Payment Cards?

    Ans: Following are the advantages of payment cards:

    Payment cards provide fraud protection. Payment cards have worldwide acceptance. Payment cards are good for online transactions.

    The disadvantage is:

    Payment card service companies charge merchants per-transaction fees and monthly processing fees to the card holder.

  • Information Flow Without EDI

    Let us consider an example in which Harry sends a purchase order to a company called XYZ Ltd. without using EDI. The entire transactions without EDI are sequentially ordered as follows:

    1. Harry sends a purchase order to a company. 2. The relevant data to prepare the purchase order is extracted from the internal database and recorded

    on a hard copy. Then, the hard copy of the purchase order is sent to XYZ Ltd. 3. XYZ Ltd. receives the information through courier or fax. 4. The data entry operators of XYZ Ltd. manually enter this information into the internal information

    systems.

    Overheads Involved in the Above System

    The various overheads involved in the flow of information without implementing EDI are:

    This process is very time-consuming and involves overhead costs in transmitting documents manually.

    An error might be introduced while entering data manually in the internal information systems.

    Therefore, there was a need for automating the information flow and facilitating management of the business process. This can be achieved by using EDI.

    Benefits of EDI

    The benefits of EDI are as follows:

    It increases business opportunities, not only with the government, but also with many private sector trading partners.

    It improves the overall quality through:

    Better record-keeping

    Fewer errors in data Reduced processing time

    Less reliance on human interpretation of data Minimized unproductive time

    It permits faster and more accurate filling of orders. This helps reduce inventory and assists you in "Just-in-Time" inventory management.

    It reduces: Distribution time for mailing Elimination of lost documents

    Postage and other mailing costs Order time through faster order processing

    There is high customer satisfaction with faster response to orders, with less paper to handle. Orders are filled and delivered faster. It provides accurate information and audit trails for the transactions. This enables you to identify

    areas offering greatest potential for efficiency and improvement or cost reduction.

    FAQs

    1. How are digital signatures helpful in EDI transactions?

    Ans:

    Digital signatures are the most effective, secure, and easy-to implement method of providing accountability while enabling E transactions.

  • 2. How can a company use EDI?

    Ans: A company can use EDI by computerizing accounting records. The trading partners of the company should agree to exchange EDI transactions.

    3. What are the disadvantages of EDI?

    Ans:

    Following are the disadvantages of EDI:

    Expensive for low volume transactions. Not every partner is willing to participate. Complex to integrate all business processes.

    EDI Components

    The EDI system consists of four essential components:

    EDI agreements EDI standards EDI networks EDI implementation

    EDI agreements define the way a business will be pursued electronically. EDI agreements include two components, data interchange procedures and conflict resolution strategies. An agreement has two perspectives for these components, legal and technical. For example, if the legal requirement specifies that a message should expire within a certain period of time, then you also need to specify the technical requirements for ensuring that the message expires after that time.

    EDI standards aim at standardizing the data interchange between diverse trading partners. For example, a banking organization may have to interface with varying customers. Each of these customers might have a separate set of standards for sending data to the banking organization.

    Implementing EDI with diversity in standards is difficult. Therefore, an EDI system must define and follow standards. Desirable properties of an EDI standard are:

    Ready-to-use Able to integrate and adapt Hardware and software neutral Unbiased towards any specific trading partner

    XML has been an important breakthrough in the field of EDI standards as it satisfies all of the above properties.

    EDI network deals with EDI communication and transmission. EDI communication specifies the communication protocol. It specifies the type of encoding of the electronic documents between the trading partners. EDI transmission deals with the transmission medium to be used for EDI. This medium can be the Internet or VANs. Note that the EDI transmission medium should be independent of the protocol used for communication between the trading partners.

    EDI implementation refers to the actual implementation of software for EDI and its operation. The formatting, coding, decoding of electronic documents, implementation of standards and agreements, and interfacing with the EDI network are done by the EDI software. Apart from the above functions, nowadays vendors provide various additional EDI functions, such as support for multiple EDI standards of different countries or trade organizations, integration with non-EDI components, and various types of encryption and decryption schemes. EDI implementation interfaces between the EDI network and standards and the business application.

  • FAQs

    1. Where can you see a format for an EDI agreement?

    Ans: Various EDI agreements formats and samples are available on the web. For example, the URL www.gea.nu/edi/ediavt98/ediagre.pdf provides a template of an EDI agreement.

    2. Give an example of EDI standards.

    Ans: Trade organizations have developed standards for use in EDI for their sectors. For example, TRADACOM is a UK EDI standard, which is prevalent in the retail and catering sector. Another example is the ANSI X12 is a national standard used in North America.

    3. How do VANs work?

    Ans: VANs are protocol independent networks that support synchronous and asynchronous communication for EDI systems. VANs are store-and-forward systems that use the concept of postboxes and mailboxes where a sending endpoint, sends a message to a postbox where it is stored till it is forwarded to the receiving endpoints mailbox.

    4. Can we consider EDI Security as a component of EDI systems?

    Ans:

    Yes, we can consider EDI security as a component of EDI systems. Actually, EDI security is a subcomponent in all the components of EDI system from agreements to implementation. Security is a prime concern when business related documents are exchanged over vulnerable networks.

    Workflow Management and E-Commerce

    Workflow management is the process of definition, management, and automation of various business processes in an organization, where each business process is a sequence of work activities. Workflow management is essential for an organizations B2B e-commerce. An organization, which has successfully implemented intraorganization e-commerce through workflow management, has a higher probability of succeeding in the B2B domain.

    Within an organization, workflow management integrates varying operations of different business processes. An e-commerce system consists of three components: data management, workflow processes, and commercial operations. Workflow processes are collaborative actions where participants efficiently and effectively follow business procedures and regulations to achieve business objectives. To facilitate intraorganization e-commerce, a workflow management system must be capable of handling these workflow processes. In addition, workflow management systems should also be capable of handling commercial operations.

    SCM

    SCM is the process of planning and implementing supply chain operations in order to meet customer requirements. A supply chain is a system of activities and resources that helps in moving a product from the supplier to the customer. Key supply chain activities include production planning, purchasing, materials management, distribution, customer service, and sales forecasting.

    In the traditional supply chain model or the push model, the raw material suppliers are at one end of the chain. They are connected to the manufacturer and distributor, who in turn are connected to the retailer

  • and the end customer. Although the customer is the main source of profit in a supply chain, this model involves serving the other entities as much as the customer.

    In addition, this model involves a lot of paperwork. As a result, most organizations are shifting towards the pull model, which is driven by e-commerce. In the pull model, the members of the supply chain can establish direct electronic connections with the customer. The customers here are better informed and have a direct voice in the supply chain.

    E-commerce creates a much more efficient supply chain, which benefits both the customers and the manufacturers. Organizations can meet customer needs more efficiently, carry fewer inventories, and send goods to markets quickly.

    Impact of E-Commerce on SCM

    E-commerce and the Internet are fundamentally changing the nature of supply chains. The result has been the emergence of new B2B supply chains that are consumer-oriented rather than product-oriented. They also provide customized products and services.

    E-commerce impacts SCM in the following ways:

    Cost Efficiency: E-commerce allows organizations to handle documents without financial and time investments, as required in the traditional document delivery systems. Through e-commerce, organizations can reduce costs, improve accuracy of data, streamline business processes, accelerate business, and improve customer service.

    Flexibility in Distribution Systems: E-commerce allows businesses to flexibly manage the complex movement of data and products between businesses, suppliers, and customers.

    Customer Orientation: E-commerce helps organizations to provide better services to their customers. E-commerce allows customers to access product information, place delivery orders through the Internet, track shipment, and pay bills from any location.

    Freight Auditing: E-commerce ensures that each freight bill is reviewed efficiently for accuracy. This greatly reduces the risk of overpayment. It also eliminates countless hours of paperwork and the need for a third-party auditing firm. By intercepting duplicate billings and incorrect charges, a significant percent of shipping costs can be recovered.

    Shipping Documentation: E-commerce reduces the need for manual intervention because bills and other related shipment documents can be automatically produced. Paperwork is significantly reduced and the shipping department is therefore more efficient.

    Online Shipping Inquiry: E-commerce gives instant shipping information access to anyone in the company from any location. Parcel shipments can be tracked and proof of delivery quickly confirmed. A customer's transportation costs and performance can be analyzed, thus helping the customer to negotiate rates and improve service.

    FAQs

    1. What is the purpose of having a virtual organization structure?

    Ans: A virtual organization structure aims at integrating the economic activities and other business processes across the organizational hierarchy without hard-coding them. It is a flexible representation of the hierarchy of an organization. This facilitates integration of business processes.

    2. Are inter and intra organization e-commerce distinct and unrelated?

    Ans: No. Intraorganization e-commerce supports interorganization e-commerce.

    3. Is business-to-consumer e-commerce different from intraorganizational e-commerce?

    Ans:

  • Yes. Business-to-consumer e-commerce is the one that facilitates e-commerce operations between a business and its consumer. It is not restricted to within a business, as is the case with intraorganizational e-commerce.

    4. Is workflow management specific to intraorganization e-commerce?

    Ans:

    No. It applies to interorganization e-commerce also.

    SSL

    SSL is an encrypted communication protocol that you use to implement security by switching a website into the secure mode. SSL prevents transactions between a company and its customers from packet-sniffing attacks.

    Information is exchanged over the network in the form of data packets. A packet-sniffer can easily sniff these data packets. A packet sniffer is a utility that plugs into computer networks and sniffs the data packets without modifying them in any way. To prevent packet-sniffing, digital keys are used that allow the server to lock the data packets before sending them. This enables only a legitimate user to unlock the packets and view their contents.

    Another method of implementing security of the data transferred over the web is by using SSL. Using SSL into your system involves simply installing a digital certificate and turning on its SSL capabilities. Alternatively, you can enable SSL on the web server to implement secure mode encryption.

    Firewalls

    A firewall is a security mechanism that allows users with special rights to access a protected network. However, unauthenticated users are denied access to the protected websites on the Internet. It is important to note that a firewall can only prevent the corporate data against user threats, but it cannot protect against viruses.

    Firewalls are mainly used to protect sites that involve financial transactions. A selection basis is applied while granting access to external users. The selection procedure is based on the user name and password, Internet Protocol (IP) address, or domain name. For example, a vendor could permit entry to its website through the firewall only to those users with specific domain names belonging to customer companies.

    Firewall Between the Corporate Network and the Internet

    Notice that the firewall system is located at a point where a website connects the Internet. However, this can be located at internal points to provide protection for a smaller collection of host computers or subnets.

    CERT

    CERT is the Internetwide security organization that helps stop computer crime. Over a decade ago, a group of researchers met to study and eliminate the infamous Internet Worm attack. The National

  • Computer Security Center, part of the National Security Agency (NSA), initiated a series of meetings to figure out how to respond to future security breaks that might affect thousands of people. Soon after that meeting of security experts, DARPA (Defense Advanced Research Projects Agency) created the CERT Coordination Center (CERT/CC). CERT/CC provides information about the security of networked computing systems. CERT members are responsible for setting up an effective and quick communications infrastructure among security experts so that future security breakouts can be avoided or quickly terminated. In the first 10 years of its existence, CERT has responded to more than 14,000 security events and incidents occurring with the U.S. government and in the private sector.

    FAQs

    1. How do hackers pose a security threat to the organizational resources?

    Ans:

    Hackers can monitor traffic on networks by directly connecting to the organizations on a network. Hackers use search routines to move through packages across the Internet. They search for any password or code, which is being set by any business transaction. After tracing the route, they break into the systems that store sensitive information and data. For example, hackers can hack the data that contains personal information of their customers and then tamper with this data in several ways.

    2. What is a virus?

    Ans: A virus is a program that infects other programs by modifying these programs to include its copy. Viruses can easily replicate themselves to spread to other computer systems. Viruses are responsible for various security breaches. For example, they can alter data in files, change disk assignments, create bad sectors, decrease fee space on disk, destroy File Allocation Table (FAT), erase specific programs, format specific tracks or entire disk, hang the system, overwrite disk directory, suppress execution of RAM resident programs, write a volume label on the disk, and so on.

    3. What are worms and how are they different from viruses?

    Ans:

    Worms are programs that replicate themselves from system to system without the use of a host file. A worm is similar to a virus by its design, and is considered to be a subclass of a virus. Worms spread from computer to computer, but unlike a virus, it has the ability to travel without any help from a person. A worm spreads more rapidly than a virus.

    4. What are the advantages of Kerberos authentication mechanism?

    Ans:

    Various advantages of Kerberos authentication mechanism are as follows:

    It offers more security. It can work with any client logon method. It uses the standard Microsoft policy control. It is platform independent.

    S-HTTP Protocol

    S-HTTP provides a number of security features. These include:

    Client and server authentication Spontaneous encryption

    S-HTTP operates at the topmost layer of the protocol suitethe application layer. It provides:

    Symmetric encryption for maintaining secret communications.

  • Public-key encryption to establish client/server authentication. Message digests for data integrity.

    S-HTTP sets up security details with special packet headers that are exchanged in S-HTTP. The headers define the type of security techniques, including the use of private-key encryption, server authentication, client authentication, and message integrity. A secure envelope encapsulates a message and provides secrecy, integrity, and client/server authentication.

    Security Protocols

    Some of the security protocols are Open Buying on the Internet (OBI), Internet Open Trading Protocol (IOTP), and Transport Layer Security (TLS). These protocols are explained below.

    OBI

    OBI is sponsored by American Express and facilitated by Supply Works Inc. OBI ensures that the purchaser is appropriately identified and his or her spending capabilities are authorized before a purchase is completed. After purchasing, the invoicing and payment are handled electronically without user intervention. OBI uses EDI for purchase order transfer and invoicing. OBI follows the B2B model.

    IOTP

    IOTP defines trading protocol options. These options tell the consumer how the transaction will occur and the available payment options. The transaction details can be handled dynamically. For example, a vendor may give a discount if a consumer uses a credit card that is preferred by the store, or a certain item is purchased in bulk. IOTP can be used for B2B and B2C models. IOTP uses eXtensible Markup Language (XML) to describe transactions.

    TLS

    TLS is a security protocol that works largely in the same way as SSL. TLS protocol provides security to the information exchanged between clients and servers. By using TLS, the server can verify the identity of the client before allowing the user to log on to the server.

    Site Identity Certification

    For SSL to work, a company needs an authentication certificate, which is a digital ID from a trusted third-party source that can assure the customers of the companys identity. This certificate is either called SSL certificate or site identity certificate. SSL certificates allow a web browser to verify the identity of the company, and check the credentials of the website, which is being displayed to the customer. If hackers try to redirect the browser to their own sites, the certificate will not match with that of the hacker, and the browser will display an error.

    FAQs

    1. How does an applet pose a security threat to the computer system?

    Ans: Applets are the Java programs that are downloaded and executed into the clients computer. Thus, if a malicious applet gets introduced to the clients computer, it can perform various nefarious functions. These applets could corrupt data on your hard disk, reveal your private data to third parties, turn your machine into a hostile listening post, or infect your machine with a virus.

    2. What is the difference between SSL and S-HTTP?

    Ans:

  • The main difference between SSL and S-HTTP is the layer at which they operate. SSL operates at the transport layer while S-HTTP operates at the application layer. Encryption of the transport layer allows SSL to be application-independent, while S-HTTP is limited to the specific software implementing it. These protocols adopt different philosophies towards encryption as well. For example, with SSL, the entire communications channel is encrypted, whereas with S-HTTP, each message is encrypted independently. S-HTTP allows a user to produce digital signatures on any messages (not just specific messages during an authentication protocol), a feature that SSL lacks.

    E-Commerce Threats

    The various threats to e-commerce are:

    Communication Channel Threats: The data transmitted over a network is passed through several computers of various networks. The data passed is not safe and can be hacked. The message can be altered or completely removed from the network.

    Secrecy Threats: Both secrecy and privacy of the transactions need to be maintained. Secrecy is prevention of unauthorized information disclosure. Privacy is the protection of individual rights to disclosure. Hackers use special software called sniffer programs to record information that passes through a particular computer while traveling on the Internet.

    Integrity Threat: All the security measures should work together in order to prevent unauthorized disclosure, destruction, or modification of assets. Cyber vandalism, the electronic defacing of an existing website, is an example of integrity violation. Cyber vandalism occurs whenever individuals replace a websites regular content with their own. Masquerading or spoofing is another means of creating havoc on websites.

    Necessity Threats: The purpose of necessity threats is to disrupt normal computer processing or to deny processing entirely. A computer that has experienced a necessity threat slows processing to an intolerably slow speed.

    Server Threats: Servers have vulnerabilities that can be exploited by anyone determined to cause destruction or to illegally acquire information. One entry point is the Web server and its software. Other entry points are any back-end programs containing data, such as a database and its server. Perhaps the most dangerous entry points are Common Gateway Interface (CGI) programs or utility programs residing on the server. While no system is completely safe, the commerce server administrators job is to ensure that security policies are documented and considered in every part of the electronic commerce system. Web server software is designed to deliver Web pages by responding to HTTP requests. Servers are exposed to security threats continually because they are always online. A common and simple form of a threat to a server is a Denial-of-Service (DoS) attack. In this type of threat, the server is intentionally bombarded with so many false requests that the server is unable to respond to the real requests. In addition, an unauthorized user may gain access to a server either as an administrator and then modify the Web pages or copy sensitive data stored on the server.

    Database Threats: E-commerce systems store user data and retrieve product information from databases connected to the Web server. Besides product information, databases connected to the Web contain valuable and private information that should never be disclosed or altered. Most modern, large-scale database systems use extensive database security features that rely on usernames and passwords. Security is enforced in databases through the use of privileges that are stored in the database.

    Encryption

    Encryption refers to the coding of information by a mathematically based program and a secret key to produce a string of characters. The program that transforms text into cipher text is called an encryption program. Upon arrival, each message is decrypted by using a decryption program.

    The three types of encryption are:

    Hash Coding: It is a process that uses a hash algorithm to calculate a hash value from a message. Asymmetric Encryption: It is also known as public-key encryption. It encodes the messages by

    using two mathematically related numeric keys, a public key and a private key.

  • Symmetric Encryption: It is also known as private-key encryption. It encodes the message by using a single numeric key that is used to encode and decode the data.

    Asymmetric Encryption

    Asymmetric encryption is commonly known as public-key encryption. This type of encryption uses two keys for its functioning, one for encrypting the data and the other for decrypting the data. Here, two parties who are not known to each other can also conduct a transaction.

    Both the parties involved in the transaction are given a pair of keys. One key is given to encrypt a message and the other key to decrypt a message. The decryption is public, a common key that is widely distributed and is disclosed to the other party. The private key, on the other hand, is a secret key whose confidentiality is known only to its owner. In asymmetric encryption, the private key is not exchanged because communication takes place only through the public keys. The following figure shows asymmetric encryption.

    Asymmetric Encryption

    In the preceding diagram, both Maria (sender) and XYZ Ltd. (receiver) have a public key as well as a private key or secret key. Maria writes a message in plain text. She then obtains the public key of XYZ Ltd. from a public directory and uses it to encrypt the message. After encryption, the message changes to cipher text and is then sent to XYZ Ltd. After receiving the message, XYZ Ltd. uses its secret key to decrypt the message and reads it in plain text.

    Anyone who can access the recipients public key can send an encrypted message. However, when it comes to decryption, only the recipient can decrypt it by using the secret key. An encrypted message uses a public key and can only be decrypted by its corresponding private key. Therefore, the person who owns the private key can only decipher the data. This is a very secure method of transferring data over a network.

    Here is another example. Maria has sent a message to XYZ Ltd. Maria wants to convince XYZ Ltd. that the message sent is actually from her. In this case, she encrypts the message with the private or secret key. When XYZ Ltd. receives the message, it can decrypt it with the public key, which it can obtain from a public directory. In this case, all organizations or people who can obtain a public key for the corresponding private key can decrypt the message. As a result, this method is not very secure.

    Asymmetric encryption does not require a communication channel. In fact, messages can be safely sent to people whom you have never seen. This method can be used to exchange business documents and perform electronic transactions in a secure way.

    Features of Public-Key Encryption

    The features of public-key encryption are as follows:

    The combination of keys required to provide private messages between a large number of people is small.

    Key distribution is not a problem. It enables the implementation of digital signatures.

    Symmetric Encryption

    In symmetric encryption, also known as private-key encryption, both parties use a shared key for encryption and decryption. The transmitter and the recipient use the same key to encrypt and decrypt the information that is exchanged over the network. The following figure shows symmetric encryption.

  • Symmetric Encryption

    For example, Maria (sender) wishes to send a purchase order to XYZ Ltd (recipient). She wants to send it in such a way that only XYZ Ltd. can read it. Therefore, Maria writes the purchase order in plain text and uses a private key to encrypt the purchase order. After encryption, the plain text is converted to cipher text, which is then sent to XYZ Ltd. During the symmetric encryption process, the message is completely secured because it is made readable only to the person who decrypts it, that is, the recipient.

    After receiving the purchase order in cipher text, XYZ Ltd. decrypts by using a decryption key. XYZ Ltd. uses the same key used by Maria.

    To use symmetric encryption:

    A secure and proper channel is required between the two parties involved. Both parties should adopt a safe and reliable way to protect the key.

    However, data can be hacked if unauthorized users get access to the key. In addition, private key encryption faces the problems of key distribution, generation, transmission, and storage of keys. Therefore, it is not applicable in case of large networks.

    Features of Private-Key Encryption

    The features of private-key encryption are as follows:

    The private key is kept private. The owner of the private key never shares the private key with anyone. The private key is necessary for the recipient to decrypt the encrypted message. Only the bearer of the private key can decrypt the message. Even the person who encrypted the

    message cannot decrypt it because he does not hold the private key.

    Private-Key Encryption Versus Public-Key Encryption

    The following table compares private-key encryption and public-key encryption.

    Features Private-Key Encryption Public-Key Encryption

    Number of keys Single key A pair of keys Type of keys Private(secret) key One key is private and the

    other key is public

    Relative speeds Very Fast Slow

    Usage Used for bulk data encryption Used for encrypting small documents or signing messages

    Private-Key Encryption Vs. Public-Key Encryption

    Data Encryption Standard (DES)

    DES is an encryption standard adopted by the U.S. government. DES is the most widely used private-key encryption system.

    The DES implements certain mathematical algorithm in the encrypting and decrypting of binary information.

  • The system consists of an algorithm and a key. The key has a length of 64 bits, of which 56 are used as the key in the classical sense. The remaining eight bits are parity bits used for checking errors. Even with just 56 bits, there are over 70 quadrillion (2^56) possible keys. The digits in the key must be independently determined to take full advantage of 70 quadrillion possible keys. There is no way to break the DES algorithm.

    Digital Certificates

    The digital certificate is a way to send an encrypted message to the entity that sent the original web page or the e-mail message. Digital certificates are data files that are used to establish the identity of people and electronic assets on the Internet. They allow for secure, encrypted online communication, and are often used to protect online transactions.

    A certificate is similar to a drivers license, passport, permanent residential card, or a birth certificate that provides the identity of the owner. A digital certificate contains information about a persons public key that helps other users to verify whether the key is valid or not.

    Through the use of a common third-party, digital certificates provide an easy and convenient way to ensure the trust between participants in a commercial transaction. Certificates guarantee the identity of a users claim. The third party creates the certificate that contains the users identity and associated public key and then, signs the certificate using its private key. A digital certificate consists of the following:

    Public key Certificate information about the user name and user ID Digital signatures

    The following diagram shows a transaction using a digital certificate.

    Transaction Using a Digital Certificate

    Internet Explorer Security

    Internet Explorer helps to guard confidentiality on the Web by supporting the privacy policy of a website. The privacy policy of a website provides details on the type of information collected, the users to whom this information is given, and how this information is used by the website.

    Internet Explorer provides client-side protection rights inside the browser. Internet Explorer uses Microsoft Authenticode technology, which verifies that the program has a valid certificate.

    Web Client

    Secure Web

    Server

    1. User accesses website

    2. Web server requests users digital certificate

    3. Users digital certificate is presented to the Web browser

    4. CAs check the users digital certificate

    5. All session information is encrypted with users key

    6. Users Web browser decrypts the transmission with the websites private key

  • You can view the security settings of Internet Explorer by clicking Tools Internet Options Security in the Internet Explorer, as shown in the following figure.

    Activating the Security Tab

    You can alter the Privacy settings. For example, if you want to block all cookies, click Tools Internet Options Privacy and move the slider to the top, as shown in the following figure.

    Blocking All the Cookies

  • FAQs

    1. List the disadvantages of SET?

    Ans: Various disadvantages of SET are as follows:

    SET employs complex cryptographic mechanisms resulting in unacceptable transaction speed. Implementing SET is more costly than SSL/TLS for both consumers and merchants.

    2. List the advantages of dual signature.

    Ans: Various advantages of dual signature are as follows:

    Signature verification process can be centralized to a trusted third party. It provides a real-time response of acceptance of a signed file to the sender at the time of file

    submission. It eliminates the burden of certificate verification process from the recipient.

    3. What is the difference between online catalogs and electronic catalogs?

    Ans:

    Online catalogs are the ones that are placed on the Internet by the merchants. On the other hand, electronic catalogs are distributed over the electronic media such as diskettes or CD-ROM. With an online catalogue, the merchant has to be concerned about bandwidth and may choose to include fewer graphics or reduce the resolution of the graphics. By providing an offline catalogue, such constraints are significantly reduced.


BSIT Team 4

Bsit June 08

BSIT Nov Dec 2012 2nd Cycle

BSIT-63-Advance Computer

BSIT 4th sem Kuvempu University

BSIT 4TH on PEPSI

GROUP PHOTO OF BSIT-C

Bsit jun 2011

Prospectus BSIT for utilization - Bukidnon State University

Bsit May June 2014

BSIT narrative report format 3

BSIT 52 Previous Year Question Paper Solve

BSIT Worksheet Flowchart - ltu.edu

62 Bagger And Counting: An E-commerce Business That Actually Makes ...alphaideas.in/wp-content/uploads/2015/01/Teaching-Note-62-Bagger... · 1 62 Bagger And Counting: An E-commerce

WGU BSIT Programs

BSCS | BSIT Thesis Guidelines

Software Engineering BSIT 44

BSIT Request to Establish

XB24 BSIT 004 Digi International

Bsc it 62 E-Commerce

BSIT-43 New

Don Bosco BSIT Program

BSIT 62 - Ecommerce

Bsit narrative report format 2

Group 5 report bsit 3b

Sonico adrian carlo bsit 1-1_act 12

kuvempuuniversitydde.orgkuvempuuniversitydde.org/pdf/notification/2017/BSc IT... ·  · 2017-11-25(BSIT-62) 54135 54063 (BSIMS-E2) (BSIT-63 ... NOTE: -1 I) The Candidates should

Presentation_NetworkingTechnologies-Fundamentals n Concepts for BSIT-CT2_2014

Bsit May 2009

Group 5 ss12 bsit 3b

BSIT 51 Previous Year Question Paper Solve

Bsit sem 2 english (version last)

BSiT @ PICNIC 12 Team 14- briefing

Bsit Nov 2006

NIIT_ Graphics and Multimedia Subject Code_ BSIT-51