ELECTRONIC PAYMENT SYSTEM

Electronic payment is an integral part of electronic commerce. Electronic payment is a financial exchange that takes place online between buyers and sellers. The content o this exchange is usually some form of digital financial instrument that is backed by a bank or an intermediary, or by a legal tender. Three factors are stimulating interest among financial institutions in electronic payment: decreasing technology costs, reducing operational and processing costs, and increasing online commerce. Checks and cash are physical and traditional modes of payment, whereas electronic payment refers to paperless monetary transactions. Payment through electronic modes has benefited e-commerce businesses and the supporting financial institutions. Electronic payment first emerged with the development of wire transfers. Early wire transfer services such as Western Union enabled an individual to deliver currency at one location who then instructed a clerk at another location to disburse funds to a party at that second location who was able to identify himself as the intended recipient. Cash was delivered to the customer only after identity was established. Authentication was provided only by a signature at the other end of the transmission that verified that the intended party had indeed received the funds. During the 1960s and early 1970s, private networking technology has enabled the development of alternative electronic funds transfer system. Many of the so called payment innovation over the past two decades have been aimed at minimizing banking costs such as reserve requirement, speeding up check clearing and minimizing fraud. Recent innovation in electronic commerce aims to affect the way consumers deals with, payments and appear to be in the direction of a real time electronic transmission, clearing and settlement system. Several innovations helped to simplify consumer payments. These include: Innovation affecting consumers: credit and debit card, ATMs electronic banking Innovation enabling online commerce: digital cash, electronic checks smart cards

Features of an ideal electronic payment system:1. Convenience: Electronic payment system should be user friendly and required the least amount of effort, special equipment and time to process the transaction. In contrast a less convenient system would require the customer and the merchant to go offline in order to process the transaction with a significant time delay. 2. Security: The payment system should be secure, covering following aspects of the transaction. The customer must be positively identified. Information related to the customer, such as credit card number must be protected from unauthorized access. 3. Anonymity: Another concern of online consumers is the confidentiality of transactions keeping payment activities private and preventing third parties from observing and tracking spending habits. 4. Universality: The payment system should have as few constraints on its use to allow adoption by any customer or merchant, regardless of what browser software they use or what country they are in. 5. Cost: The cost of a payment system to both the customer and the merchant should be low, especially if micro payments are supported. 6. Acceptability: Payment infrastructure need to be widely acceptable. 7. Convertibility: Digital money should be convertible to any type of fund.

8. Efficiency: Cost per transaction should be near to Zero. 9. Reliability: It should avoid single point of failure.

Types of Electronic payment:

In the early 1970s the emerging e-payment technology was labeled EFT. EFT is defined as any transfer of funds initiated through an electronic terminal telephonic instrument or computer so as to order, instruct or authorized on financial institution to debit/credit an account. Work on EFT can be segmented in three main categories:(A) Banking and financial payment: Large scale or whole sale payment Small scale or micro payment Home banking (B) Retailing payment: Credit cards Charge cards (C) Online e-commerce payment: Token based: Credit card based: Encrypted Third party E-cash E-check Smart card Debit card

1. E- Token: New form of financial instrument is called E-token in the form of e-cash, e-money, Echeck. E-tokens are equivalent to cash that is backed by bank. These can be of three types: Cash/real time: Transactions are settled with the exchange of electronic currency. Debit/prepaid: User pay in advance for the privilege to get information. Credit/post paid: Server authenticates the customer and verifies with the bank that funds are adequate before purchase. (a) Electronic Cash: Electronic cash combine computerized convenience with security and privacy that improve on paper cash. E-cash present some interesting characteristic that should make it an attractive alternative for payment over internet. E-cash focuses on weak less cash as the principle payment mode in consumer oriented e-payment. Cash remains the dominant form of payment for three reasons: Lack of consumer trust in the banking system; Ineffective clearing and settlement of non cash transactions Negative real interest rates paid on bank deposits. Electronic payment system needs to have some cash like qualities that current credit and debit cards lack. Cash is legal tender meaning that the payee is obligated to take it. Cash is a bearer instrument meaning that possession is proof of ownership.
Cash can be held and used by anyone even those without a bank account.

Finally cash places no risk on the part of the acceptor.

Properties of Electronic cash: Any digital cash system must incorporate a few common features. Digital cash must have the following four properties:

 Monetary value: It must be backed by cash, bank authorized credit, or a bank certified cashier check. When cash created by one bank is accepted by others, reconciliation must occur without any problems.
Interoperability:

Digital cash must be interoperability or exchangeable as payment for other digital cash, paper cash, goods or services, lines of credit, deposits in banking accounts.
Storable and retrievable:

Remote storage and retrieval would allow users to exchange digital cash from home or office or while traveling, the cash could be stored on a remote computers memory, in smart cards.

Security: Digital cash should not be easily to copy or tamper with while it is being exchanged. For this reason most system relies on post fact detection and punishment. Electronic or digital cash combines computerized convenience with security and privacy that improve on paper cash. The versatility of digital cash opens up a host of new markets and applications. Digital cash attempts to replace paper cash as the principal payment vehicle in online payments. Although it may be surprising to some, even after thirty years of developments in electronic payment systems, cash is still the most prevalent consumer payment instrument. Cash remains the dominant form of payment for three reasons: lack of consumer trust in the banking system; inefficient clearing and settlement of noncash transactions; and negative real interest rates on bank deposits. These reasons behind the prevalent use of cash in business transactions indicate the need to re-engineer purchasing processes. In order to displace cash, electronic payment systems need to have some cashlike qualities that current credit and debit cards lack. For example, cash is negotiable, meaning that it can be given or traded to someone else. Cash is legal tender, meaning that the payee is obligated to take it. Cash is a bearer instrument, meaning that possession is

proof of ownership. Cash can be held and used by anyone, even those without a bank account. Finally, cash places no risk on the part of the acceptor; the medium is always good. In comparison to cash, debit and credit cards have a number of limitations. First, credit and debit cards cannot be given away because, technically, they are identification cards owned by the issuer and restricted to one user. Credit and debit cards are not legal tender, given that merchants have the right to refuse to accept them. Nor are credit and debit cards bearer instruments; their usage requires an account relationship and authorization system. Similarly, checks require either personal knowledge of the payer, or a check guarantee system. A really novel electronic payment method needs to do more than recreate the convenience that is offered by credit and debit cards; it needs to create a form of digital cash that has some of the proper-ties of cash. Properties of Electronic Cash Any digital cash system must incorporate a few common features. Specifically, digital cash must have the following four properties: monetary value, interoperability, retrievability, and security. Digital cash must have a monetary value; it must be backed by cash (currency), bankauthorized credit, or a bank-certified cashiers check. When digital cash created by one bank is accepted by others, reconciliation must occur without any problems Without proper bank certification, digital cash carries the risk that when deposited, it might be returned for insufficient funds. Digital cash must be interoperable or exchangeable as payment for other digital cash, paper cash, goods or services, lines of credit, deposits in banking accounts, bank notes or obligations, electronic benefits transfers, and the like. Most digital cash proposals use a single bank .In practice, not all customers are going to be using the same bank or even be in the same country, and thus multiple banks are necessary for the widespread use of digital cash. Digital cash must be storable and retrievable. Remote storage and retrieval (such as via a telephone or personal communications device) would allow users to exchange digital cash (withdraw from and deposit into banking accounts) from home or office or while travelling. The cash could be stored on a remote computers memory, in smart cards, or on other easily transported standard or special-purpose devices. As it might be

easy to create and store counterfeit cash in a computer, it is preferable to store cash on an unalterable dedicated device. This device should have a suitable inter-face to facilitate personal authentication using passwords or other means, and a display for viewing the cards contents. Digital cash should not be easy to copy or tamper with while it is being exchanged. It should be possible to prevent or detect duplication and double-spending of digital cash. Double spending, the electronic equivalent of bouncing a check, is a particularly tricky issue .For in-stance, a consumer could use the same digital cash simultaneously to buy items in Japan, India, and England. It is particularly difficult to prevent double-spending if multiple banks are involved in the transactions. For this reason, most systems rely on post-fact detection and punishment.

(b) Electronic checks: Electronic checks are designed to accommodate the many individuals and entities that might prefer to pay on credit or through some mechanism other than cash. Electronic checks are modelled on paper checks, except that they are initiated electronically, use digital signature for signing and endorsing, and require the use of digital certificate to authenticate the payer, the payers bank and bank account. Electronic checks are delivered either by direct transmission using telephone lines, or by public networks such as the internet. Electronic check payments (deposits) are gathered by banks and cleared through existing banking channels such as automated clearing houses networks. Benefits of electronic checks: Electronic checks have the following advantages: Electronic checks work in the same way as traditional checks, thus simplifying customer education. Electronic checks are well suited for clearing micro payments: the conventional cryptography of electronic checks makes them easier to process than system based on public-key cryptography (like digital cash). Electronic checks can serve corporate markets. Final can use electronic checks to complete over the networks in a more cost-effective manner than present alternatives. Electronic checks create float and the availability of float is an important requirement for commerce. The third party accounting server can earned revenue by charging the buyer and seller a transaction fee or a flat rate fee, or it can act as a bank and provide deposit accounts and make money from the deposit account pool. Electronic check technology links public networks to the financial payments and bank clearing, leveraging the access of public networks with the exiting financial payment infrastructure.

Electronic check process works in the following ways:

 Electronic check users must register with a third-party account server before they are able to write electronic check Once registered, a consumer can then contact a seller of goods and services. Using e-mail or to other transport methods, the buyer sends an electronic check to the seller for a certain amount of money. When deposited the check authorized the transfer of account balances from the account against which the check was drawn to the account to which the check was deposited.

Payer

send check

Payee

Verify check Notify

statement

Accounting server

authorize fund transfer

Payee bank

Electronic checks are designed to accommodate the many individuals and entities that might prefer to pay on credit or through some mechanism other than cash. Electronic checks are modelled on paper checks, except that they are initiated electronically, use digital signatures for signing and endorsing, and require the use of digital certificates to authenticate the payer, the payers bank, and bank account. The security/authentication aspects of digital checks are supported via digital signatures using public-key cryptography. Ideally, electronic checks will facilitate new online services by: allowing new payment flows (the payee can verify funds availability at the payers bank); enhancing security at each step of the transaction through automatic validation of the electronic signature by each party (payee and banks); and facilitating payment integration with widely used EDI-based electronic ordering and billing processes. Electronic checks are delivered either by direct transmission using telephone lines, or by public networks such as the Internet. Electronic check payments (deposits) are gathered by banks and cleared through existing banking channels, such as automated clearing houses (ACH) networks. This integration of the existing banking infrastructure with public networks. This integration provides an implementation and acceptance path for banking, industry, and consumers to build on existing check processing facilities. Benefits of Electronic Checks Electronic checks have the following advantages: Electronic checks work in the same way as traditional checks thus simplifying customer education. By retaining the basic characteristics and flexibility of paper checks while enhancing the functionality, electronic checks can be easily understood and readily adopted. Electronic checks are well suited for clearing micro payments; the conventional cryptography of electronic checks makes them easier to process than systems based on public-key cryptography (like digital cash). The payee and the payees and payers banks can authenticate checks through the use of public-key certificates. Digital signatures can also be validated automatically. Electronic checks can serve corporate markets. Firms can use electronic checks to complete payments over the networks in a more cost-effective manner than present alternatives. Further, since the

contents of a check can be attached to the trading partners remittance information, the electronic check will easily integrate with EDI applications, such as ac-counts receivable. Electronic checks create float, and the availability of float is an important requirement for commerce. The third-party accounting server can earn revenue by charging the buyer or seller a transaction fee or a flat rate fee, or it can act as a bank and provide deposit accounts and make money from the deposit account pool. Electronic check technology links public networks to the financial pay-ments and bank clearing networks, leveraging the access of public net-works with the existing financial payments infrastructure. Online Credit Card-Based Systems Credit card payment negotiation involves two steps: The merchant presents the customer with product/ service price, order confirmation and status, de-livery notifications, and payment options accepted by the merchant; and the buyer presents the merchant with payment choice and associated information in a secure manner. As of yet, there is no standard way of sending secure payment instructions over the Web. Currently, consumers can shop-look at content and read product descriptions-in the Web environment, but have to go off-line in order to use their credit cards to actually make their purchases. Recently, several companies, including Cyber Cash, VISA, and First Virtual, have implemented payment systems. Different vendors have lined up behind different proposed security measures, each fighting to be the dominant standard. As vendors continue to wage security standards battles, it is perfectly reasonable for consumers to be cautious about making online purchases. Until consumers feel as comfortable using heir credit cards online as they do over the telephone, Web based commerce will languish rather than flourish. The different payment schemes require customers to set up special ac-counts, and/or buy or download and install special software for their personal computers. However, not all banks can handle different payment systems. In order to avoid losing customers by selecting one payment method over another, Some merchants sidestep the confusion caused by multiple payment standards by verifying credit card transactions manually. They take credit card numbers over the Internet, and

then, at the end of the day, batch the verification process. If there is a problem, they send email to the customers informing them of the problem. Safe credit card-based commerce will not be possible until security standards are in place. Security standards ensure the negotiation of payment schemes and protocols, and the safe transport of payment instructions. Microsoft/VISA and Netscape contends that they can vastly simplify the payment process by developing software for both banks and merchants. The bank software would allow banks to use their existing computer systems to verify and process encrypted credit cards coming from the online world. The merchant software would allow merchants to buy one single package integrated with a Web server that serves as a storefront and payment system. The customer can simply continue to use his or her current browser to interact with the electronic storefront (c) Smart cards: A smart card looks similar to the credit and debit cards. It ahs a plastic body and a microprocessor chip embedded in it. A smart card chip had the capacity to store data. Thus, users also use it as a mini database for storing their personal and work related information, identification details, and medical details and address books. Cards were also used to store a value of money, which decreased with use. Smart card can be accessed only with the unique PIN of an individual. Smart cards are secure because they are in an encrypted form and a user can personally encrypt or decrypt the data stored in the chip of a card. Smart cards, also called stored value cards, use magnetic stripe technology or integrated circuit chips to store customer-specific information, including electronic money. The cards can be used to purchase goods or services, store information, control access to accounts and perform many other functions. Smart cards offer clear benefits to both merchants and consumers. They reduce cashhandling expenses and losses caused by fraud, expedite customer transaction at the checkout counter and enhance consumer convenience and safety. Many state and federal governments are considering stored value cards as an efficient option for dispersing government entitlements. Other private sector institutions market stored value products to transit riders, university students, telephone customers and retail customers. Smart cards, also called stored value cards, use magnetic stripe technology or integrated circuit chips to

store customer-specific information, including electronic money. The cards can be used to purchase goods or services, store information, control access to accounts, and perform many other functions. Smart cards offer clear benefits to both merchants and consumers. They reduce cash-handling expenses and losses caused by fraud, expedite customer transactions at the checkout counter, and enhance consumer convenience and safety. In addition, many state and federal governments are considering stored value cards as an efficient option for dispersing government entitlements. Other private sector institutions market stored value products to transit riders, university students, telephone customers, vending customers, and retail customers. One successful use of stored value cards is by New Yorks Metropolitan Transportation Authority (MTA). The MTA is the largest transportation agency in the United States and, through its subsidiaries and affiliates, operates the New York City subway and public bus system, the Long Island Railroad and Metro-North commuter rail systems, and nine tolled intrastate bridges and tunnels. These facilities serve four million customers each workday. In 1994, the MTA began the operation of an automated fare-collection system based on a plastic card with a magnetic stripe. The Metro Card is either swiped through a card reader at subway stations or dipped into a fare box onuses are the fare is decremented. All 3,600 MTA buses became operational in 1996. The full complement of 467 subway stations is expected to be operational by mid-1997. By 1999, he MTA anticipates more than 1.2 billion electronic fare collection transactions a year on subway and bus lines. The management challenges created by smart card payment systems are formidable. Institutions such as the MTA have made a considerable investment in the stored value card processing network, and to get a good return on investment must identify new and innovative ways to achieve additional operating efficiencies and value. For example, many commuters in the New York area use two or three different mass transit systems to get to and from work. Each of these systems bears the expense of maintaining its own proprietary network. In addition, the customer ends up having to manage two or three different fare media, and make two or three times as many free purchase transactions. New regional initiatives will be necessary to integrate the multiple networks, and to make it cost effective and possible to implement a region wide transportation fare payment system that will link all of the transit providers in that region. The Federal Reserve recently created Payments System Research group to define the key public policy issues related to the evolution of the smart card payments system. Some of the questions being studied include: When is an account deposit insured? Is the account still

insured when the value has been loaded on a smart card? Is the value on a smart card considered cash? Is a smart card more like a travellers check or a credit card? one reason for the success of stored value cards is that the application focus is narrow and they build upon existing infrastructure such as: credit, debit, and ATM cards; funds clearing and settlement mechanisms; regional and national ATM networks; and retail, corporate, and government customer relationships. It remains to be seen how the integration between smart cards and online commerce will takes place.

Disadvantage of Smart cards: A smart card reader, a device used to access a smart card is comparatively expensive and required for using a smart card. People around the world are not aware of the technology behind smart card and its use Type of Smart cards: Integrated circuit microprocessor cards: Microprocessor cards generally referred to as chip cards or IC cards by the industry, offer greater memory storage and security of data than a traditional magnetic stripe card. Generally chip card has an eight bit processor, 512 bytes of RAM and 16 KB ROM. These cards are used for a variety of application, especially those that have cryptography built in, which requires manipulation of large number. Like: stored value cards,

Integrated circuit memory cards: IC memory cards can hold up to 1-4 KB of data, but have no processor on the card with which to manipulate that data. Thus they are dependent on the card reader for their processing. For example: prepaid phone card.

Optical memory cards:

These can store up to 4MB of data. But once written, the data cannot charge or removed, therefore making application limited to record keeping. For Example: medical files, driving records.

(d) Debit cards: The fastest growing numbers of electronic transactions today are debit cards. Such transactions occur when a customer uses a debit card to make a purchase from a merchant. The transaction works much like a credit card transaction. For example: a customer gives an ATM card to the merchant for the purchase. The merchant swipes the card through a transaction terminal, which reads the information: the customer enters his personal identification number and the terminal routes the transaction through the ATM network back to the customers bank for the authorization against the customers demand deposit account. The funds once approved are transferred from customers bank to the merchant bank. These transactions occur within the banking system and safety of payment is measured. The third party processors who provide services for merchants are also examined by the federal regulators for system integrity. Both transmitted inter-bank with in the payment system. Authentication is provided by the use of the digital signature or PIN numbers, just as it is at ATMs. Debit cards can also be used extensively for electronic benefits transfer. Electronic benefits transfer uses debit cards for the electronic delivery of benefits and entitlements to individuals who otherwise may not have bank accounts. In an EBT system, recipients access their benefits in the same way that consumers use debit cards to access their bank accounts electronically: the card is inserted into or swiped through a card reader and the cardholder must enter a PIN associated with that card. The benefit recipient can then access his or her benefits to make a purchase or obtain cash.

Benefits that can be delivered via EBT generally fall into three categories:

 Federally funded, but state administered benefits State funded and state administered benefits Benefits that are both federally funded and federally administered.

2. Credit card based: Credit card payment negotiation involves two steps: the merchant presents the customer with product/service price, order confirmation and status, delivery notifications, and payment options accepted by the merchant: and the buyer presents the merchant with payment choice and associated information secure manner. It is perfectly reasonable for consumers to be cautious about making online purchase. Until consumers feel as comfortable using their credit cards online as they do over the telephone, web based commerce will languish rather than flourish. The different payment schemes require customers to set up special accounts and/or buy or download and install software for their personal computers. However not all banks can handle different payment systems. In order to avoid losing customers by selecting one payment method over another, some merchants sidestep the confusion caused by multiple payment standards by verifying credit card transactions manually. Microsoft/Visa and Netscape/Verifone contend that they can vastly simplify the payment process by developing software for both banks and merchants. The bank software would allow banks to use their existing computer systems to verify and process encrypted credit cards coming from the online world. The merchant software would allow merchants to buy one single package integrated with a web server that serves as a storefront and payment system Type of credit card payments: Payment using encrypted credit card details Payments using third party verification

(a) Payment using encrypted credit card details: Encryption is initiated when credit card information is entered into a browser or other electronic commerce device and sent securely over the network from buyer to seller as an encrypted message. To make credit card transaction truly secure and non refutable the following sequence of steps must occur before actual goods service or funs flows: A customer presents his or her credit card information securely to the merchant. The merchant validates the customers identity as the owner of the credit card account. The merchant relays the credit card charge information and digital signature to his or her bank or online credit card processor. The bank or processing party relays the information to the customers bank for authorization approval. The customers bank returns the credit card data, charge authentication and authorization to the merchant. One company that has implemented the preceding process is Cyber Cash. Cyber Cash transaction moves between three separate software programs: one program that resides on the consumers PC, one that operates as part of the merchant server, and one that operates within the Cyber Cash servers. Cyber Cash can also be used for micro payment, that is, people pay small change-usually a nickel or a dime- as they click on icons, which could be information or files. The user download free Wallet software t o their PC and load it up electronically with a credit card cash advance. The plan for micro payments is to create a small change version which would dip from a checking account as well as a credit card. After selecting a game to play to item to buy an invoice comes on screen. The consumer clicks on a pay button and a transaction is encrypted that transfers money out of a coin purse icon and into the vendors account which is setup on a Cyber Cash server. (b) Payment using third party verification: The internet payments system was formed by First virtual holding and gets around the credit card security problem by ensuring that the credit card number never travels over the internet. The fully operational system relies on existing mechanisms to enable the buying and selling of information via the internet. First virtual makes servers available to sellers lacking the computer capacity or warehouse internet servers to handle their sales directly.

The following seven steps process captures the essence of the first virtual system: The consumer acquire an account number by filling out a registration form which gives FV a customer profile that is backed by a traditional financial instrument such as a credit card. To purchase an article product to other information online the consumer requests the item from the merchant by quoting her FV account number. The purchase can take place in one of two ways: the consumer can automatically authorize the merchant via browser settings to access her FV account and bill her or she can type in the account information. The merchant contacts the first virtual payment server with the customers account number. The first virtual payment server verifies the customers account number for the vendor and checks the sufficient funds. The first virtual payment server sends an electronic message to the buyer. This message could be an automatic www form or a simple e-mail. If the first virtual payment server gets a Yes from the customer, the merchant is informed and the customer allowed downloading the material immediately. First virtual will not debit the buyers account until it receives confirmation of purchase completion. Buyers who receive information or a product and decline to pay must have their accounts suspended.

Types of Credit Card Payments Credit card-based payments can be divided into three categories: Payments Using Plain Credit Card Details The easiest method of credit card payment is the exchange of unencrypted credit cards over a public network such as telephone lines or the Internet. The low level of security inherent in the design of the Internet makes this method problematic (any hacker can read a credit card number and there are programs that scan the Internet traffic for credit card numbers and send the numbers to their programmers).Authentication is also a significant problem, and the vendor is usually responsible for ensuring that the person using the credit card its owner.

Payments Using Encrypted Credit Card Details Even if credit card details are encrypted before they are sent over the Internet, there are still certain factors to consider before sending them out. One such factor is the cost of a credit card transaction itself, which might prohibit low-value payments(micro payments ). Payments Using Third-Party Verification One solution to security and verification problems is the introduction of a third party to collect and approve payments from one client to another. Payments Using Encrypted Credit Card Details Encryption is initiated when credit card information is entered into a browser or other electronic commerce device and sent securely over the network from buyer to seller as an encrypted message. This practice, however, does not meet important requirements for an adequate financial system, such as non refutability, speed, safety, privacy, and security. To make a credit card transaction truly secure and no refutable, following sequence of steps must occur before actual goods, services, or funds flow: 1. A customer presents his or her credit card information (along with an authentic signature or other information such as mothers maiden name) securely to the merchant. 2. The merchant validates the customers identity as the owner of the credit card account. 3. The merchant relays the credit card charge information and digital signature to his or her bank or online credit card processor. 4. The bank or processing party relays the information to the customers bank for authorization approval. 5. The customers bank returns the credit card data, charge authentication, and authorization to the merchant. One company that has implemented the preceding process isCyberCash (www.cybercash.com). CyberCash transactions movebetween three separate software programs: one program that resides on the con-sumers PC (called a wallet), one thatoperates as part of the merchant server, and one that operates within the CyberCash servers. The process works in the following manner: The consumer selects items for purchase and fills out the merchants order form,

complete with necessary shipping information. The merchant server presents an invoice to the consumer and requests payment. The consumer is given the option to launch the Cyber Cash Wallet, a software program that does the encryption, if they al-ready have it. When then consumer clicks on the PAY button, the Cyber Cash software on the merchant server sends a special message to the consumers PC that awakens the Cyber Cash Wallet. The consumer simply chooses which credit card to pay with and clicks on it. The rest of the process is a series of encrypted automatic messages that travel between the three parties on the Internet and the conventional credit card networks that are connected directly to the Cyber Cash servers. Since the Cyber Cash Wallet is a separate piece of software, the consumer can use virtually any browser to shop at a merchant on the Web. Cyber Cash can also be used for micro payments, that is, people pay small change-usually a nickel or a dime-as they click on icons, which could be information or files. The process is an offshoot of Cyber Cashs Wallet technology. Currently, users download free Wallet software to their PC and load it up electronically with a credit card cash advance. The plan for micro payments is to create a small change version, which would dip from a checking account as well as a credit card. After selecting a game to play or item to buy, an invoice comes on screen. The consumer clicks on a Pay button, and a transaction is encrypted that transfers money out of a coin purse icon and into the vendors account, which is-set up on a Cyber Cash server. Cyber Cash will make its money by selling the technology as well as by offering payment authentication and aggregation services. The company believes it can process payments as low as ten cents. Secure Electronic Transactions (SET) Secure electronic transactions is a protocol for encrypted credit card payment transfers. Announced in February, 1996, by VISA and MasterCard, SET establishes a single technical standard for protecting payment card purchases made over the Internet and other open networks. Participants in the SET consortium include Microsoft, Netscape, GTE, IBM, SAlC, Terisa Systems, and Verisign. SET is based on public-key encryption and authentication technology from RSA Data Security. The objectives of payment security are to: pro-vide authentication of cardholders, merchants, and acquirers; provide confidentiality of payment data; preserve the integrity of payment data; and define the algorithms and protocols necessary for these security services.

Why Do We Need SET? One of the benefits of the Internet is that it enables users to tap into information around the clock, from just about anywhere in the world. However, it does pose some practical drawbacks. The potential for fraud and deception is far greater online. When the other person is merely a blip on a computer screen, it is difficult to determine whether or not they hold a valid account. And how can a real merchant feel comfortable accepting a credit card account number without some form of identification? It is also difficult to trust a merchant you have never actually seen. After all, the merchants store may exist only on a remote hard drive. In order to combat fraud there has been increasing focus on authentication on the Web. Web authentication requires the user to prove his or her identity for each requested service. Various vendors in the e-commerce market are attempting to provide an authentication method that is easy to use, secure, reliable, and scalable. Third-party authentication services must exist within a distributed network environment in which a sender cannot be trusted to identify him- or herself correctly to a receiver. In short, authentication plays an important role in the implementation of business transaction security. What Features does SET Specify? The following objectives are ad-dressed by SET specifications: confidentiality of information, integrity of data, consumer account authentication, merchant authentication, and interoperability. Confidentiality of Information To facilitate and encourage financial transactions, it will be necessary for merchants and banks to assure consumers that their payment information is safe and accessible only by the intended recipient. Therefore, credit card account and payment information must be se-cured as it travels across the network, preventing interception of account numbers and expiration dates by unauthorized individuals. SET provides confidentiality by the use of message encryption. Integrity of Information SET ensures that message content is not altered during the transmission between originator and recipient. Payment information sent from consumers to merchants includes order information, personal data, and payment instructions. If any component is altered in transit, the transaction will not be processed accurately. In order to eliminate this potential source of fraud and/or error, SET provides the means to ensure that the contents of all order and payment messages received match the contents of messages sent. Information integrity is ensured by the use of digital signatures. Consumer Account Authentication Merchants need a way to verify that a consumer is a legitimate user of a valid account number. Digital signatures and digital certificates ensure consumer account authentication by providing a mechanism that links a consumer to a specific account number. SET designates a third party called a certificate authority to authenticate the sender and receiver. Merchant Authentication The SET specifications provide a way for consumers to confirm that a merchant has a relationship with a financial institution that allows that merchant to accept bank card payments. Merchant authentication is ensured by the use of digital signatures and merchant certificates.

Interoperability The SET specifications must be applicable on a variety of hardware and software platforms, and must not prefer one over another. Any consumer with compliant software must be able to communicate with any merchant software that also meets the defined standard. Interoperability. By the use of standard protocols and message formats. For the technical underpinnings of the SET standard, please see the latest information published on Visas Web site, http://www.visa.com/.

OTHER EMERGING FINANCIAL INSTRUMENTS Several other electronic payment systems are currently being prototyped and tested. These include debit cards, electronic benefit transfer cards, and smart cards. Debit Cards at the Point of Sale (POS) The fastest growing number of electronic transactions today are debit card point-of-sale transactions. Such a transaction occurs when a customer uses a debit card to make a purchase from a merchant (supermarket, gas station, convenience store, or some other store that accepts such cards instead of using cash, check, or credit card). The transaction works much like a credit card transaction. For example, a customer gives an ATM card to the merchant for the purchase. The merchant swipes the card through a transaction terminal, which reads the information; the customer enters his personal identification number (PIN); and the terminal routes the transaction through the ATM network back to the customers bank for authorization against the customers demand deposit account. The funds, once approved, are transferred from the customers bank to the merchants bank. These transactions occur within the banking system, and safety of payment is assured. The third-party processors who provide services for merchants are also examined by the federal regulators for system integrity. Both the consumer and the merchant maintain bank accounts, and the funds are transmitted inter-bank within the payment system. Authentication is provided by the use of the digital signature or PIN numbers, just as it is at ATMs. Further, PIN s are sent through the system in an encrypted form, and the PIN pads and terminals are tamper-proof. Dedicated lines are also often used for transmission, particularly by larger merchants. Debit Cards and Electronic Benefits Transfer Debit cards are being used extensively for electronic benefits transfer (EBT). Electronic benefits transfer uses debit cards for the electronic delivery of benefits to individuals who otherwise may not have bank accounts. In an EBT system, recipients access their benefits in the same way that consumers use debit cards to access their bank accounts electronically: the card is inserted into or swiped through a card reader and the cardholder must enter a PIN associated with that card. The benefit recipient can then access his or her benefits to make a purchase or obtain cash. For example, food stamp purchases are charged against the participants allotment, and other purchases or cash distributions are charged against the participants cash assistance program allotment.

Benefits that can be delivered via EBT generally fall into three categories:

federally funded, but state administered benefits (such as food stamps, Aid to Families with Dependent Children programs); state-funded and State-administered benefits (such as general assistance, heating assistance, refugee assistance, and supplemental or emergency payments); and benefits that are both federally funded and federally administered (such as Social Security and Veterans benefits).

Through EBT, existing networks and technologies can provide benefit recipients with online access to their funds at pas devices and ATMs. In an EBT process, no paper changes hands, except for the receipt printed for the purchaser by the pas device or the ATM. Recipients can access cash through any number of establishments, including grocers, drugstores, and financial institutions, as well as ATMs. Certain cash payments can also be facilitated by installing pas devices in housing authority and utility company offices to accept rent and bill payments. Electronic benefits transfer has several advantages over paper based, benefit distribution systems. First, EBT is less costly. Currently, many recipients of federal and state benefits must pay significant fees (three or more dollars) to cash their checks. EBT systems are designed to provide no-cost or low-cost access methods. Second, EBT is more convenient than paper methods. EBT eliminates the need to carry food stamp coupons, stand in long lines to cash checks, or accept the entire benefit amount at one time. EBT programs also provide recipients with toll-free customer service lines and multilingual support to handle questions or problems. EBT is safer than cash or coupons, which can be lost or stolen. In EBT, benefits are stored electronically, and can be used only when needed and in the amounts required. Recipients control all ac-cess to their benefits through their cards and PIN s. They can also deactivate lost or stolen cards immediately and request a replacement card by a toll free phone call. Third, EBT is convenient for retailers. It eliminates the time consuming task of handling food stamp coupons, making grocery checkout procedures faster and easier. By eliminating checks and coupons, EBT reduces losses associated with theft, forgery, and fraud. Finally, EBT is convenient for the government. Its inherent audit and tracking advantages enhance investigations into suspicious conduct by retailers. EBT improves benefit program management by creating an audit trail and record of benefit usage, ensuring that programs are working properly and effectively.

ELECTRONIC PAYMENT MECHANISM

The primary payment mechanism for traditional commerce are cash checks credit cards debit card and electronic fund transfer. Some of the alternative electronic payment mechanisms are variations on traditional commerce payment methods while others are substantially different. Many different electronic commerce payment mechanisms are emerging and consumers will ultimately decide which form of payment they prefer. The payments system includes credit card, magnetic card, smart card, electronic checks, debit card and electronic cash. Some of these electronic payment mechanisms are not being used solely for internet applications; they are being marked and used as alternatives to carrying physical cash. Further a protocol, secure Electronic Transaction (SET) which was designed with secure data transmission as its primary objective is discussed. SET PROTOCOL The set protocol was developed jointly by MasterCard and visa with the goal of providing a secure payment environment for the transmission of credit card data. The set specification version 1.0 was published in May 1997. MasterCard and visa once again joined force in December 1997 to form SETCO to lead the implementation and promotion of the set application. An enabled version of set protocol is projected by some industry members to become the standard specification of secure transmission of electronic commerce payment mechanism although some skeptics disagree with the need for the set protocol. Feature of the set specification version 1.0 are: Confidentially of information through the use of encryption Integrity of data through the use of digital signature or message digests. Cardholder account authentication through the use of digital signature and certificates. Merchant authentication through the use of digital signature and certificate Interoperability through the use of defined protocol and message formats.

SET v/s SSL: The initial version of the SET protocol version 1.0 is considered to be a stronger security mechanism that other transmission protocols such as the secure sockets layer (SSL) protocol because of its stronger authentication feature. Server SSL is good at providing confidentiality during the transmission of sensitive data, but alone it does not authenticate either the sender or the receiver of the message. If mutual authentication is used , authentication of the client is possible but this is not a standard practice today. Both protocols provide confidentiality of data

transmitted over the internet via encryption. The SET protocol mandates the use of digital certificate that are tied to the purchasers financial institution to help identify authorized purchasers and their accounts. It also use digital certificates that are tied to the merchants financial institutions and their accepted methods of payment brands. The SET protocol used dual signatures on the digital certificates to allow the user to transmit only necessary information to the merchant which is not always inclusive of credit card account information.

Version 1.0 The strong authentication provided by the SET protocol requires some mechanism for identification and verification of the customer, merchant and banks. The SET protocol requires that all parties involved in the transaction hold a valid digital certificate and use either digital signature or message digest. This means that both the buyer and seller must have a registered certificate from an approved certificate authority. A simplified depiction of the SET credit card purchase model consist five entity types which are: Cardholder, merchant, payment gateway, certificate authority and certificate trust chain. Payment gateway: An acquirer or some other designed third party is necessary in order to authorize and process the transaction. The third party that performs these functions is called the payment gateway. Some credit card services that are owned by financial institutions may perform more than one role such as issuing the credit card and cardholder certificates and serving as the acquirer/payment gateway. Some institutions may outsource some of these functions to a third party and thus many different models are available.

Certificate issuance: The two certificate authorities depicted the scenario in which the merchant and customer certificates are signed by different certificate authorities; however the cardholder and merchant could have received their certificated from the same certificate authority. The credit card company or a third party agency representing the credit card company issues certificates to the cardholders that are digitally signed by a financial institution. The account number expiration

date of the card and a secret value determined by the cardholder similar to a personal identification number (PIN) are encoded in the certificate using a one way hashing algorithm so that the information cannot be revealed by verified. Certificate trust chain: A hierarchy of trust us used to verify the certificate used in SET transaction. The hierarchy of trust chain is traversed to locate the next appropriate certificate authority for authentication. SET Co makes the root key certificates available to approved software. The SET root certificate authority is off line and performs four main functions: Generate and securely store the SET root certificate authority public and private keys Generate and self sign the SET root certificate authority certificates. The process brand certificate request and generate SET brand certificate authority certificate. Generate and distribute certificate revocation lists. Cryptography methods: The set protocol used both randomly generated symmetric keys and public private key pairs. The combination of these two methods is frequently used to combine the efficiency of symmetric key encryption for the encoding of messages and the power of public private keys to provide authentication. The customer payment message is encrypted using a randomly generated symmetric key. Because the random key is needed to decrypt the payment information it is encrypted using the public key of the merchant acquirer. Both the encrypted message and the encrypted key are sent from the customer to the merchant in what is called a digital envelope. This combination of methods: Ensure message confidentially during transmission. Assures that only the intended recipient can decode the digital envelope; Authenticates the sender

Dual signatures: The SET protocol used a unique application of dual signature. Dual signature incorporates the use of the generation of two messages one for the acquirer and one for the merchant. Each message contains only the information that is essential to that particular party in order to protect privacy of as much information as possible. The message to the acquirer contains account information and payment authorization in the case that the auction house accepts. Both messages are encrypted and a message digest is created for each message. To provide an authentication procedure both of the message digest are encrypted with private key. The acquirer is also sent the dual signature. The dual signature is created by combining the two messages digest and creating a new digest the dual signature message digest. Compliance testing: Compliance testing is necessary for each SET component. The four SET components are: Cardholder wallet: this wallet holds the cardholder digital certificate and card account information. This component performs the authentication of the cardholder and provides secure transmission of cardholder data. Merchant server: this component performs the authentication of the merchant and its accepted payment brand. Payment gateway: this component provides the security of data transmission to/from the acquirer and processed the payment request and authentication process. Certificate authority: this component issues and manages the cardholders merchant and root key certificates.

MAGNETIC STRIP CARDS: A magnetic strip card is a small plastic card that has some form of magnetically encoded strip or strips on its exterior. Magnetic strip card are widely used for applications such as bank debit cards, credit cards, telephone cards, employees identification cards and cards for building and machine access privileges, vending machines and copy machines. To the extent that these cards are used as an electronic purse allowing the cardholder to use the card to purchase goods and service, these cards support a form if electronic commerce. Magnetic strip card are typically used of two types:

Online Magnetic Strip Card Offline Magnetic Strip Card

Electronic money (also known as e-money, electronic cash, electronic currency, digital money, digital cash or digital currency) refers to money or scrip which is exchanged only electronically. Typically, this involves use of computer networks, the internet and digital stored value systems. Electronic Funds Transfer (EFT) and direct deposit are examples of electronic money. Also, it is a collective term for financial cryptography and technologies enabling it. While electronic money has been an interesting problem for cryptography (see for example the work of David Chaum and Markus Jakobsson), to date, use of digital cash has been relatively low-scale. One rare success has been Hong Kong's Octopus card system, which started as a transit payment system and has grown into a widely used electronic cash system. Singapore also has an electronic money implementation for its public transportation system (commuter trains, bus, etc), which is very similar to Hong Kong's Octopus card and based on the same type of card (FeliCa). A very successful implementation is in the Netherlands, known as Chipknip.

VALUE ADDED NETWORK

A value added network is defined as a telecommunication network, primary for data that processes or transforms data and information in some way and thereby provides services beyond simple transport of information. In the context of EDI a Van is a communication network that typically exchanges EDI messages among trading partners. It also provides other services, including holding messages in electronic mailboxes, interfacing with other VANs and supporting many telecommunication modes and transfer protocols. A VANs electronic mailbox is a software feature into which a user deposits EDI transactions and then retrieves those messages when convenient. In addition to receiving, storing and sending electronic messages, a VAN also arranges to provide audit information. A value-added network (VAN) is a hosted service offering that acts as an intermediary between business partners sharing standards based or proprietary data via shared business processes. VANs traditionally transmitted data formatted as Electronic Data Interchange but increasingly they also transmit data formatted as XML and Binary. VANs usually service a given vertical or industry and provide value-added services such as data transformation between formats. At one extreme a VAN hosts only horizontal business-to-business application integration services, hosting general-purpose integration services for any process or industry. At the other extreme a VAN also hosts process-specific or industry-specific pre-defined integration capabilities e.g., data synchronization services as part of the Global Data Synchronization Network and applications e.g., supply chain order visibility. Traditionally, most VANs primarily only supported general-purpose B2B integration capabilities focused on EDI but these service providers are quickly evolving to become more process- and industryspecific over time, particularly in industries such as retail and hi-tech manufacturing. VANs today require a global footprint with capabilities, tools and people to service supply chains that extend from Shanghai to New York, Thailand to Hungary. Modern Value-Added Networks today are also referred to as trading grids. A VAN not only receives, stores, forwards messages but also adds audit information to the messages, it modifies the data (automatic error detection and correction, protocol conversion) and then transport the information

Digital library

A digital library is a library in which collections are stored in digital formats (as opposed to print, microform, or other media) and accessible by computers.[1] The digital content may be stored locally, or accessed remotely via computer networks. A digital library is a type of information retrieval system. The first use of the term digital library in print may have been in a 1988 report to the Corporation for National Research Initiatives[2] The term digital libraries was first popularized by the NSF/DARPA/NASA Digital Libraries Initiative in 1994.[3] The older names electronic library or virtual library are also occasionally used, though electronic library nowadays more often refers to portals, often provided by government agencies, as in the case of the Florida Electronic Library. The DELOS Digital Library Reference Model[4] defines a digital library as: An organization, which might be virtual, that comprehensively collects, manages and preserves for the long term rich digital content, and offers to its user communities specialized functionality on that content, of measurable quality and according to codified policies.

SMART CARD A smart card, chip card, or integrated circuit card (ICC), is any pocket-sized card with embedded integrated circuits which can process data. This implies that it can receive input which is processed by way of the ICC applications and delivered as an output. There are two broad categories of ICCs. Memory cards contain only non-volatile memory storage components, and perhaps some specific security logic. Microprocessor cards contain volatile memory and microprocessor components. The card is made of plastic, generally PVC, but sometimes ABS. The card may embed a hologram to avoid counterfeiting. Using smartcards also is a form of strong security authentication for single sign-on within large companies and organizations.

Benefits Smart cards can be used for identification, authentication, and data storage.[1] Smart cards provide a means of effecting business transactions in a flexible, secure, standard way with minimal human intervention. Smart card can provide strong authentication[2] for single sign-on or enterprise single sign-on to computers, laptops, data with encryption, enterprise resource planning platforms such as SAP, etc.

Credit card and emerging financial instruments, B2B e-commerce

Credit card

A credit card is part of a system of payments named after the small plastic card issued to users of the system. The issuer of the card grants a line of credit to the consumer (or the user) from which the user can borrow money for payment to a merchant or as a cash advance to the user. A credit card is different from a charge card, where a charge card requires the balance to be paid in full each month. In contrast, credit cards allow the consumers to 'revolve' their balance, at the cost of having interest charged. Most credit cards are issued by local banks or credit unions, and are the same shape and size as specified by the ISO 7810 standard How credit cards work Credit cards are issued after an account has been approved by the credit provider, after which cardholders can use it to make purchases at merchants accepting that card. When a purchase is made, the credit card user agrees to pay the card issuer. The cardholder indicates his/her consent to pay, by signing a receipt with a record of the card details and indicating the amount to be paid or by entering a Personal identification number (PIN). Also, many merchants now accept verbal authorizations via telephone and electronic authorization using the Internet, known as a 'Card/Cardholder Not Present' (CNP) transaction. Electronic verification systems allow merchants to verify that the card is valid and the credit card customer has sufficient credit to cover the purchase in a few seconds, allowing the verification to happen at time of purchase. The verification is performed using a credit card payment terminal or Point of Sale (POS) system with a communications link to the

merchant's acquiring bank. Data from the card is obtained from a magnetic stripe or chip on the card; the latter system is in the United Kingdom and Ireland commonly known as Chip and PIN, but is more technically an EMV card. Other variations of verification systems are used by eCommerce merchants to determine if the user's account is valid and able to accept the charge. These will typically involve the cardholder providing additional information, such as the security code printed on the back of the card, or the address of the cardholder. Each month, the credit card user is sent a statement indicating the purchases undertaken with the card, any outstanding fees, and the total amount owed. After receiving the statement, the cardholder may dispute any charges that he or she thinks are incorrect (see Fair Credit Billing Act for details of the US regulations). Otherwise, the cardholder must pay a defined minimum proportion of the bill by a due date, or may choose to pay a higher amount up to the entire amount owed. The credit provider charges interest on the amount owed if the balance is not paid in full (typically at a much higher rate than most other forms of debt). Some financial institutions can arrange for automatic payments to be deducted from the user's bank accounts, thus avoiding late payment altogether as long as the cardholder has sufficient funds.

ELECTRONIC DATA INTERCHANGE

Electronic Data Interchange (EDI) is a set of standards for structuring information that is to be electronically exchanged between and within businesses, organizations, government entities and other groups. The standards describe structures that emulate documents, for example purchase orders to automate purchasing. The term EDI is also used to refer to the implementation and operation of systems and processes for creating, transmitting, and receiving EDI documents. Electronic Data Interchange can be formally defined as 'The transfer of structured data, by agreed message standards, from one computer system to another without human intervention'. Most other definitions used are variations on this theme. Generally speaking, EDI is considered to be a technical representation of a business conversation between two entities, either internal or external. Note, there is a perception that "EDI" consists of the entire electronic data interchange paradigm, including the transmission, message flow, document format, and software used to interpret the documents. EDI is considered to describe the rigorously standardized format of electronic documents. The EDI standards were designed to be independent of communication and software technologies. EDI can be transmitted using any methodology agreed to by the sender and recipient. This includes a variety of technologies, including modem, FTP, Email, HTTP, AS1, AS2, etc. It is important to differentiate between the EDI documents and the methods for transmitting them. While comparing the bisynchronous protocol 2400 bit/s modems, CLEO devices, and value-added networks used to transmit EDI documents to transmitting via the Internet, some people equated the non-Internet technologies with EDI and predicted erroneously that EDI itself would be replaced along with the non-Internet technologies. These non-internet transmission methods are being replaced by Internet Protocols such as FTP, telnet, and e-mail, but the EDI documents themselves still remain. EDI documents generally contain the same information that would normally be found in a paper document used for the same organizational function. For example an EDI 940 shipfrom-warehouse order is used by a manufacturer to tell a warehouse to ship product to a retailer. It typically has a ship to address, bill to address, a list of product numbers (usually a UPC code) and quantities. It may have other information if the parties agree to include it. However, EDI is not confined to just business data related to trade but encompasses all fields such as medicine (e.g., patient records and laboratory results), transport (e.g., container and

modal information), engineering and construction, etc. In some cases, EDI will be used to create a new business information flow (that was not a paper flow before). This is the case in the Advanced Shipment Notification (856) which was designed to inform the receiver of a shipment, the goods to be received and how the goods are packaged. Organizations that send or receive documents from each other are referred to as "trading partners" in EDI terminology. The trading partners agree on the specific information to be transmitted and how it should be used. This is done in human readable specifications (also called Message Implementation Guidelines). While the standards are analogous to building codes, the specifications are analogous to blue prints. (The specification may also be called a mapping but the term mapping is typically reserved for specific machine readable instructions given to the translation software.) Larger trading "hubs" have existing Message Implementation Guidelines which mirror their business processes for processing EDI and they are usually unwilling to modify their EDI business practices to meet the needs of their trading partners. Often in a large company these EDI guidelines will be written to be generic enough to be used by different branches or divisions and therefore will contain information not needed for a particular business document exchange. For other large companies, they may create separate EDI guidelines for each branch/division. Advantages of EDI over paper systems EDI and other similar technologies save company money by providing alternative to or replacing information flows that require a great deal of human interaction and materials such as paper documents, meetings, faxes, etc. Even when paper documents are maintained in parallel with EDI exchange, e.g. printed shipping manifests, electronic exchange and the use of data from that exchange reduces the handling costs of sorting, distributing, organizing, and searching paper documents. EDI and similar technologies allow a company to take advantage of the benefits of storing and manipulating data electronically without the cost of manual entry or scanning. Barriers to implementation There are a few barriers to adopting electronic data interchange. One of the most significant barriers is the 1. Accompanying business process change. Existing business processes built around slow paper handling may not be suited for EDI and would require changes to accommodate automated processing of business documents. For example, a business may receive the bulk of their goods by 1 or 2 day shipping and all of their invoices by mail. The

existing process may therefore assume that goods are typically received before the invoice. With EDI, the invoice will typically be sent when the goods ship and will therefore require a process that handles large numbers of invoices whose corresponding goods have not yet been received. Another significant barrier is 2 The cost in time and money in the initial set-up. The preliminary expenses and time that arise from the implementation, customization and training can be costly and therefore may discourage some businesses. The key is to determine what method of integration is right for your company which will determine the cost of implementation. For a business that only receives one P.O. per year from a client, fully integrated EDI may not make economic sense. In this case, businesses may implement inexpensive "rip and read" solutions or use outsourced EDI solutions provided by EDI "Service Bureaus". For other businesses, the implementation of an integrated EDI solution may be necessary as increases in trading volumes brought on by EDI force them to re-implement their order processing business processes. The key hindrance to a successful implementation of EDI is the perception many businesses have of the nature of EDI. Many view EDI from the technical perspective that EDI is a data format; it would be more accurate to take the business view that EDI is a system for exchanging business documents with external entities, and integrating the data from those documents into the company's internal systems. Successful implementations of EDI take into account the effect externally generated information will have on their internal systems and validate the business information received. For example, allowing a supplier to update a retailer's Accounts Payables system without appropriate checks and balances would be a recipe for disaster. Businesses new to the implementation of EDI should take pains to avoid such pitfalls. Increased efficiency and cost savings drive the adoption of EDI for most trading partners. But even if a company would not choose to use EDI on their own, pressures from larger trading partners called hubs often force smaller trading partners to use EDI.

Introduction to Electronic Data Interchange All Organization and administrative association with large information system faces a situation where typing and printing of all information arriving or leaving their domain is no longer

feasible. Everyone who works in a business organization where hundreds and thousands of standard forms, (e.g. invoices) and received and responded to, knows how difficult it is to manage this task. These forms should be entered in the computer for processing, and response, should be generated and posted to the concerned parties. The whole process is time-consuming and prone to human errors during data entry and expensive to operate. Electronic Data Interchange (EDI) is the electronic exchange of business documents in a standard, computer process able, and universally accepted format between-trading partners. EDI is quite different from sending electronic mail, messages or sharing files through a network. In EDI, the computer application of both the sender and the receiver, referred to as Trading Partners (TPs) have to agree upon the format of the business document which is sent as a data file over an electronic messaging services. Refer figure 5.1, it illustrates how EDI messages can be used to totally automate the procurement process between two trading partners.

The two key aspects of EDI that distinguish it from other forms of electronic communication, such as electronic mail, are: The information transmitted is directly used by the recipient computer without the need for human intervention is rarely mentioned but often assumed that EDI refers to interchange between businesses. It involves two or more organization or parts of organization communicating business information with each other in a common agreed format. The repeated keying of identical information in the traditional paper-based business. Communication creates a number of problems that can be significantly reduced through the usage of EDI. These problems include: Increased time Low accuracy High labour charges Increased uncertainty. To take full advantage of EDIs benefits, a company must computerize its basic business applications. Trading partners are individual organization that agrees to exchange EDI transactions. EDI cannot be undertaken unilaterally but requires the cooperation and active participation of trading partners. Trading partners normally consists of an organizations principal suppliers and wholesale customers. Since large retail stores transact business with a large number of suppliers they were among the early supporters of EDI In the manufacturing sector, EDI has enabled the concept of Just-In-Time inventory to be implemented. JIT reduces inventory and operating capital requirements. Costs and Benefits Wherever the EDI has been implemented, computers electronically exchange business documents with each other, without human intervention. This only reduces the operating costs, administrative errors, and delivery delays. The benefits accruing from EDI implementation can be broadly classified into direct benefits and long-term strategic benefits. Direct Benefits The transfer of information from computer to computer is automatic. Cost of processing EDI documents is much smaller than that of processing paper documents. Customer service is improved. The quick transfer of business documents and marked decrease in errors allow orders to be fulfilled faster. Information is managed more effectively. There is an improved job satisfaction among the data entry operators, clerks etc. When redeployed in more creative activities.

Strategic Benefits Customer relations are improved through better quality and speed of services. Competitive edge is maintained and enhanced. Reduction in product costs can be achieved. Business relations with trading partners are improved. More accurate sales forecasting and business planning is possible due to information availability at the right place at the right time. Networking Infrastructure for EDI For the successful functioning EDI, it assumes availability of a wide area network to which organization can subscribe. All organization that is willing to join EDI services must subscribe to the common network. In addition, all organization participating in a EDI service-group that they will use, and load appropriate EDI software on their compute systems. This software is responsible for providing translation services. EDI services and network access services as shown in figure 5.2.

When a senders computer system produces a message and passes it to the translation service software. This translates the message into the common agreed structure and passes it to EDI service software. EDI service software executes necessary functions and procedures to send the message, track it in the network and ensure that it reaches its destination. EDI services, in addition, may include procedures to ensure security functions, billing and accounting functions and generate necessary logs for auditing purposes. Network access services are responsible for actually controlling the interaction with the network that transports messages from one site to another. The transport network provides a powerful electronic messaging service to support EDI services. Transport network uses a store and forward mechanism and messages are sent to mail boxes that are managed by the network service provider. The originator can send his messages at any time independent of the recipients system status, Le. whether or not it is ready for receiving. The recipient systems periodically check their mailboxes and transfer messages from network mailboxes to their own memory. Thus a transfer cycle is completed. The receiving computer applies necessary translator and converts the received message into a format understandable by its application software. The application software is programmed to recognize various messages and take necessary actions such as generating response to receive messages and updating other database. Functioning of EDI Any organization using EDI communicates with their Trading partners, in one of the two ways: Exchange of date with several trading partners directly. Interaction with multiple companies through a central informationclearing house.

In the latter case, all transaction takes place through a third partys computer system, which then sends them to the appropriate receivers computer. This enables the sender to communicate with an unlimited number of trading partners

without worrying about the proprietary system audit trails, variables transmission speeds, and general computer compatibility. EDI Works in the Following Manner: Prior to any computer work, representatives of two companies interested in exchanging data electronically meet to specify the application in the EDI standards, which they will implement. The two companies exchange data electronically in the standard formats. Each company-adds EDI program to its computer to translate the company data into standard formats for transmission, and for the reverse translation in the data it receives. The sender transmits the database formatted in the EDI standards tot he receiver who then translates the formatted message to a computer record to be processed and used internally. All transmission is checked both electronically and functionally and the protocol includes procedure for the error detection and correction. Once a company has established standardized communications with another company, it is now in a position to communicate with any other company that is also using the EDI standards. The Flow of Information in EDI is as Follows Collection of data for its own operational or statistical requirements, which is edited to be added to its own database. Extraction of Pertinent information by the company from its database, summarized if necessary and constructed into EDI transaction sets, and finally it is transmitted to the company or organization requiring it for valid reasons. The frequency of preparing this information is determined by the operational requirements of each recipient. A communication link for transmission is established according to the standard communication protocol. The Receiver receives the information transmission, checks for its physical characteristics (parity, checks character, transmission mode), and requests for retransmission if an error is detected in the physical characteristics of the transmission. Checking the functional characteristics of the data by the receiver and an acknowledgement sent to the original sender for receiving the transmission and to identify any errors detected. To process the information received by the receiver according to its own internal procedures and timing requirement.

EDI Components A typical EDI system converts generic EDI messages (in EDIFACT or any other EDI standards) format to RDBMS format and from RDBMS format to EDI format. RDBMS database contains the data to be translated into EDI format and where EDI data to be converted (and written) to. EDI configuration programs do these translations. There are three main components of an EDI system as shown in figure 5.4. 1. Application Service. 2. Translation Service 3. Communication Service

EDI Services The three EDI services all performs three different tasks. Application Service The Application Service provides the link between a business application and EDI. It allows us to send document to, and receive documents from an EDI system. A set of callable routines is used to transfer documents from the business application into EDI. Documents destinations can is either intra-company or to external companies, Le., trading partners. The EDI Application Service holds each incoming and outgoing

document as a single internal format file. EDI converts the document to a standard format and sends it to be the trading partner the relevant communication protocol. A number of different standards and communication protocols are available. The below list describes what happens in the Application Services: For Outgoing Documents: The business application uses the callable routines to send a document from the business application to the Application Service. The document is now in the EDI system and is called internal format file. The Application Service sends the document in the internal format file to the Translation Service. For Incoming Documents: The Application Service receives an internal format file from the Translation Service. The Application Service makes the data in the internal format file available in database so that the business application can fetch the document from EDI. A callable interface is used to do this. The figure 5.5, it displays the application service:

Translation Service Refer figure 5.6, where Translation service: Converts outgoing documents from an internal format file to an agreed external format. Translates incoming documents from an external format to the EDI internal format file. The external document standards that an EDI system supports are EDIFACT, X12, TDCC, and ODETTE. For outing documents: The Translation Service receives a document in the internal format file from the Application Service. It converts the internal format file from the Application Service. It converts the internal format file to the appropriate external standard (either EDIFACT,X12, TDCC, or ODETTE) to the internal format file. The file is now an internal format file. The Translation Service combines one or more external format file into a transmission file. The Translation Service now sends the transmission file to the communication Services.

For incoming documents: The translation Service receives a document in the transmission file from the communication Service. Separates the transmission file to produce external format files. It translates each external format file, which may be in an external standard (either EDIFCT, X12, TDCC, or ODETTE) to the internal format file. The file is now an internal format file. The Translation Service now sends the internal format file to the Application Service.

Communication Service The communication Service sends and receives transmission files to and form the trading partners either directly or by using a third party service called a Value Added Network (VAN). The list below describes what happens in the Communication Service: For outgoing Documents: The Communication Service receives a transmission file

from the Translation Service. It checks the file to see which trading partner it has be sent to. When it has identified the type of connection to be used for this trading partner it determines which gateway to use. The Communication Service sends the Transmission file to the Translation Service. For Incoming Documents: The Communication Service receives a transmission file from the trading partner. The file arrives through one of the gateways that EDI support. The Communication Service sends the transmission file to the Translation Service. Refer figure 5.7, shows the Communication service.

File Types in EDI EDI creates the following files as a document passes through

the system.. Internal Format File (IFF) External Format File (EFF) Transmission File (TF) Internal Format File Internet Format File (IFF) contains a single document for a single trading partner. Internal Format File is principally for EDIs own use. External Format File External Format File (EFF) contains the same data as the internal format file translated into the appropriate standard document format. Transmission File Transmission file contains. one or more documents for the same trading, partner. Documents of the same type are packaged together in functional groups. The functional groups going to one trading partners are packaged into an interchange set. An interchange set contains one or more functional groups of documents with the same sender and receiver. Refer figure 5.8, it represents a transmission file.

Electronic Fund Transfer (EFT)

Electronic Fund Transfer (EFT) system involves the electronic movement of funds and funds information between financial institutions. The transfers are based on EDI technology transfer of funds involves. minimum amount of data interchange between two parties. There are two major worldwide EFT networks: the Clearing House Interbank Payments System (CHIPs) and FedWire (the Oldest EFT in the US.). In 1993,these networks moved an. estimated US $ 1.5 billion each banking day. A third major network the society for World -Wide interbank Financial Telecommunication (SWIFT) is capable of handling nearly 1 million massages per day. EDI has been widely adopted by financial institutions and service sectors in the western world. Insurance brokers can send EDI messages to the computers of various insurance companies and get details on specific policies. Even though EDI can be useful for almost any sector, banks have been the primary user for EDI services till now. EDI Massages- Security Security is used as a blanket term to cover many different needs according to the data and use to which it is being put. Basic reference model 7898/2 specifies an internationally adopted security architecture for end-to End security in network interconnection. The five services defined in the model are: Authentication: This service verify the identity of communication entities in a network. Access control: It restrict access to the information and processing capabilities of a network to authorised entities.

 Confidentiality: It prevents the unauthorised modification of information. Integrity: It detects whenever there is unauthorised modification. Non-repudiation: Prevents denial by one of the entities involved in a communication of having participated in all or part of the communication. X.400 in its present version of 1988 offers some features of security which are indispensable in business communication. Security in computer networks is provided with the use of cryptography technique. Two types of cryptography are available :private key cryptography(conventional cryptography) and public key cryptography. The private key cryptography to communicating parties share a single encryption and decryption key. The sender encrypts the message before transmission using its. encryption key. The receiver decrypts the message using the reverse process. The US DES (Data-encryption Standard) algorithm has traditionally been used to secure EDI messages. It used 64 or 128-bits encryption or decryption key. The public key cryptography make use of two speared keys for encryption and decryption. The transmeter encrypts the message using its encription key known as its private key and receiver decrypts the message using corresponding decryption key called public key. Since both keys are registered with a registration authority the message becomes a digital signature of the sender as no one else knows the private key of the pair allotted to the transmitter. Public key is made available to all receivers in the network.

The Possible Methods Used for Security Purposes of EDI Messages are: Authentication-creation of digital signature. Confidentiality-any method, DES or Rivett, Shamir and Adleman alogorithm (RSA) is acceptable. Non-repuditable-Only public key cryptography can provide this feature. VSNL now offers Gateway Electronic Data Interchange Service (GEDIS) trade net to Indian subscribers.