Вы находитесь на странице: 1из 31

E-COMMERCE Commerce is the management process responsible for identifying, anticipating and satisfying customer requirements profitably.

Thus marketing is used to create t he customer, keep the customer and satisfy customer. The Internet The internet refers to a global interconnection of networks of computers. Intern et marketing is a modern business methodology which integrates communication bas ed processes to inform and persuade potential customers on newly identified need s and how they can be conveniently satisfied. Internet marketing is also referre d to as web marketing or E-Marketing. Generally the term will refer to marketing of products and services over the internet. Evolution of E-Commerce The business fraternity is undergoing fundamental transformation from an industr ial to an information based society. Information age technologies are increasing ly pervading all industrial and societal activities consequently accelerating th e globalization of economies. This growth of global computer networks has occasi oned a paradigm shift in the way individuals and firms shop for products and ser vices. The evolution of E-Commerce can be attributed to a combination of various regula tory and technological advancements. The liberalization of the communication sec tor and innovations such as optic fiber technologies have significantly helped t o expand the volume and capacity as well as the pace of internet based marketing .. There are various areas in which companies can conduct business online 1. Direct marketing and selling IT serves as an important stepping stone to complex commercial transactions. 2. Online banking and billing. Consumers and small businesses can save time and money by doing their banking el ectronically, payment of bills and transfer between accounts. 3. Information distribution Information is the most valuable asset in business. The electronic model enables businesses to reach huge new markets as well as to safeguard the flow of inform ation. 4. Value chain integration. The electronic platform promises to increase business efficiency by reducing rep orting errors and increasing information accuracy as well as enhancing inventory and production line management. Traditional versus E-Commerce Internet marketing is much more than the simple creation or promotion of a websi te. Rather it involves the calculated blending of utility with technical aspects of the internet including design, development, advertising and sales. The inter net has brought unique benefits to marketing which were previously inexistent un der traditional business set up. These include: 1. lower entry cost With a limited budget, internet advertising can be much more within reach compar ed to traditional methods 2. Personalized approach. Marketing messages can be directly targeted to reach customers personally e.g. s earch marketing where advertisements are based on key words entered by the user

onto a search engine. 3. Focus to specific interests Internet marketing targets specific behavior or interests rather than reaching o ut broadly to undefined demography as is the case with traditional marketing app roaches. Online marketers have the benefit of targeting by activity e.g. a beaut y products firm can post adverts on relevant websites such as those of beauty sc hools. 4. Cost significance Internet marketing is fairly inexpensive hence companies can reach a wide audien ce at a smaller fraction of traditional advertising budgets. 5. Improved conversion tracking Its fairly possible to obtain an objective idea of the number of people who get t he internet adverts as opposed to traditional means like newspapers, televisions , bill board adverts whose audience scope is difficult to establish. 6. Quick results and performance feedback The effectiveness of the electronic strategy can promptly be ascertained since t he efforts of the marketing campaigns can be statistically traced, measured and tested. 7. Convenient management of digital customer data. This is mainly achieved through the use of electronic customer relationship mana gement systems. Limitations of E-Commerce 1. Newness of E-marketing technology. Internet marketing requires customers to use new technology unlike traditional m edia. Customers may not be adequately familiar with the technological skills and tools upon which electronic marketing is underpinned. 2. Low inter-connection speeds Delays as manifested by low download and upload speed are more pronounced when d ial up connections or mobile devices are used to access the internet. 3. Security. Information security is an imperative concern to both companies and consumers. L ots of customers hesitate to purchase items over the internet because they do no t sufficiently trust the internet media. 4. Challenge of engineering appropriate online business models. There is no substitute for old fashioned customer service. Most internet markete rs lack basic skills in customer service and thus online visitors may develop a negative attitude about a company by merely interacting with the site. ELECTRONIC DATA INTERCHANGE (EDI) EDI refers to the structured transmission of electronic means. It entails the transfer or companies or organizations using value added nd more firms get connected to the internet, ming an important mechanism for companies to mation. data between organizations through exchange of data between different networks or the internet. As more a electronic data interchange is beco buy and sell as well as trade infor

ELECTRONIC COMMERCE It consists of buying and selling of goods and services through electronic syste ms such as the internet or other computer networks. E-Commerce rides on the inn ovations of electronic funds transfer, supply chain management, online transacti on processing, inventory management systems and automated data collection system

s. Types of e- commerce 1. Business to business. It refers to the electronic exchange transactions between commercial firms e.g. web retailers and wholesalers 2. Business to Consumer Here the transaction involves a trading firm on one end and product/service end user on the other. 3. Consumer to Consumer. This is where end users engage in commercial transactions amongst themselves e.g . through online auctions. 4. Intra-business This involves persons working within a particular firm through the use of compan y intranets. Electronic business Its the utilization of information and communication technology to support the ac tivities and functions of business. E-business implies a strategic focus on the functions and operations of business that can be enhanced by incorporating the c apabilities of electronic systems. E-Business enhances the overall efficiency an d flexibility such that firms for instance are able to work more closely with su ppliers to satisfy the needs and expectations of customers. Mobile Commerce (M-Commerce) / Ubiquitous (U-Commerce) M-Commerce denotes the ability to conduct commercial activities or business tran sactions using a mobile device e.g. cell phone, PDA, Palmtops and laptops. Mobil e commerce denotes any transaction involving the transfer of ownership rights of goods or services which is initiated or completed through the use of mobile dev ices. M-Commerce is variously depicted as ubiquitous commerce since its executed through mobile devices which can be used anywhere or anytime irrespective of geo graphical location as long as there is network connectivity. ISSUES IN IMPLEMENTING E-COMMERCE Although its simple to describe their benefits, its not generally easy to develop and deploy electronic systems. Firms can face significant implementation issues such as: 1. Cost: E-Commerce requires significant investment in new technologies that tou ch many of the companys core business processes. Electronic systems require consi derable investments in hardware, software, staffing and training. Businesses the refore require comprehensive solutions with effective deployment. 2. Security: the internet provides universal access to information. However firm s need to protect their assets against accidental or malicious misuse in additio n to customer privacy and confidentiality. Systems security should nevertheless not create complexities or reduce flexibility. 3. Value proposition: businesses must only seek investments in systems that prod uce a suitable return as well as aid the principal business objective such as le ad time reduction, process automation and cost reduction. 4. Inter operability Only when systems from two or more organizations are able to facilitate the exch ange of business information can firms achieve cost reduction, improved performa nce and dynamic value chains.

5. Leveraging on existing systems. Most firms rely on internet technologies to facilitate activities such as order management, billing and customer service. Since the internet represents an alter native route to doing business, its important that electronic commerce systems in tegrate existing systems in a manner that avoids duplication of functionality bu t which allows for usability and availability. ECONOMIC POTENTIAL OF E-MARKETING The business landscape is rapidly changing and consumers are continuously gettin g sophisticated thus pushing retailers to the wall in demand for lower prices, h igh quality and a wide range of variety and choice. On their end retailers are responding by reducing profit margins, making huge in vestments in technology and reducing cycle time/ lead times. Further measures in use include: revamping of distribution channels to ensure that warehousing cost s are lowered, reducing of the average inventory period as well as coordinating the consumer demand and supply features. Business Process Reengineering (BPR) BPR refers to the radical rethinking and redesign of business process to achieve the fundamental attributes of quality, efficiency and speed. With the rapid adv ancement of E-marketing trends, companies are under pressure to rethink the exis ting strategies of doing business. The result has been the emergence of approach es such as target marketing, relationship marketing and event marketing. Target marketing involves isolating and focusing on a segment of market populati on. Relationship marketing involves building and sustaining long-term relationsh ips with potential or existing customers while event marketing involves setting up of virtual outlets where interested persons can accomplish their transactions . In addition modern firms are steadily moving towards cross functional business s ystems as they cross the boundaries of traditional business activities. Integrat ed functional applications in widespread use include: i) Enterprise Resource planning (ERP) ERP serves as a framework to integrate and automate the business processes that need to be accomplished within the manufact uring, logistics, accounting, finance among other organizational functions. ii) Supply chain management- Supply chain is a collection of entities such as ma nufacturing plants, distribution centers, outlets, people and information that i ntegrate within the procurement and logistics processes to realize the efficient flow of goods and services from source to consumption. iii) Customer Relationship Management Systems (CRM) - CRM utilizes information t echnology resources to create a cross functional enterprise system that integrat es and automates customer service processes such as sales, marketing, customer t racking, response management and customer guidance on product usage. Assessing the strategic Value of E-Commerce Before venturing into internet markets, a firm should undertake an internal and external audit of itself and its environment to discover the model that adds str ategic business value to its activities and processes. A suitable approach that can help businesses assess how electronic channels may help to build business va lue is the online strategy matrix. Table 1: E-Commerce Strategy Matrix External Status challenge, strategic action plans, Target outcomes Competitiveness status exchange markets Internet needs. Competitive intelligence interactive marketing product development. Strategic focus

customer relationship Product marketing. Internal. Current information. Information and access gaps. Communication flows. Networks resources Internal web sports Collaborative work flows. Integrated information Universal information access. Organizational creativity and efficiency. The internet can be viewed as having various strategic capabilities that support a variety of key applications that add business value to a firm. These include: 1. Global dissemination. Since most firms have internet connectivity, global communications have become a fact of life in todays business. E-mail, websites and other internet services ha ve made international dissemination of information significantly faster, cheaper and easier. This yields strategic business value through increased cost saving, efficiency of communications and ability to provide service to new or expanded international markets. 2. Enhanced Interactions These may take the form of interactive web based discussion forums and interacti ve forms for customer orders, feedback and technical support. 3. Customization This includes the ability to automatically provide information and services tai lored to an individuals preference. Customer information can be accessed and dete rmined from networks based on quality of use characteristics. 4. Collaboration. The electronic resources facilitate easy and convenient access to shared data an d other network resources e.g. project information can be easily shared using we b facilities. Other groups ware tools help to coordinate projects and manage inf ormation on cross linked websites. This enhances the collaboration process among teams, work groups and business partners. 5. Integration. Commercial networks provide interfaces for external online activities with inter nal business processes. This provides detailed and up-to-date information that c an be used to support electronic commerce applications. Key incentives of E-Marketing Technology is steadily transforming consumer choices which in turn transform the dynamics of the market place. The vital role of the online marketer therefore i s to find ways to keep customers coming back for repeat business. Factors that c an optimize the internet marketing trends include. 1. Performance and service Customers prefer an efficient system when engaging in electronic transactions. T hey should not be kept waiting when browsing, selecting or paying for products i n the electronic shops. A site should be efficiently designed with sufficient se rver power and telecommunication capacity to make it easy to access. Ordering an d customer service process must be also be helpful, quick and user friendly

2. Personalization Sites should be configured in such a manner that customers can register their pe rsonal interest profiles. 3. Socialization Online customers with similar interests or belonging to a unique group of likemi nded individuals should be provided with a common platform to help enhance custo mer loyalty and value. 4. Look and feel Advanced web logistics offer an attractive virtual set up ranging from modern sh opping experience to a more traditional look and feel. E.g. several online based companies allow shoppers to browse through products and pay virtually for the p roducts. 5. Security and reliability Customers must be made to feel confident that their credit card information and personal details of transactions are secure from any unauthorized use. IMPACT OF E- COMMERCE ON MARKETING AND BUSINESS TRENDS E-Platforms are rapidly revolutionalizing the mode of doing business. They have led to emergence of new markets and business practices as well as a new role for intermediaries. The key functional areas that continue to undergo change includ e; 1. Business processes They have transformed the way products and services are created and delivered. 2. Marketing procedures Through interactive marketing, the electronic channels enhance market developmen t through quality personalized service and support. 3. Business use of the internet. Businesses are broadening their use of internet from simple applications like em ail to commercial aspects such as sales on the World Wide Web. They are also dep loying a range of applications that give them strategic capabilities in enterpri se communication and collaboration. 4. Business value of the internet. Companies are deriving business value from the internet in form of strategic cap abilities which enable them to disseminate information globally, communicate cus tomized information and foster integration of business processes within enterpri ses. DRIVERS AND CONSTRAINTS OF E-COMMERCE The rapid growth of internet use continues to create new and exciting opportunit ies for firms. Some merits accruing from the use of internet include: 1. Speed The electronic media gives businesses opportunities to exchange messages or comp lete transactions almost instantaneously. Even with slow connections, doing busi ness electronically is much faster than traditional modes. With increased speed of communication devices, transactions are expedited making the whole transactio n environment more efficient. 2. Cost Savings By using the internet distribution channel, postage and printing costs among oth ers can be reduced. Businesses can be started in a cyber space with low finance implications and extra funds can then be directed to marketing and advertising o f products and services.

3. Borderless transacting environment. Cyber space knows no boundary. Since the internet connects everyone, informatio n is transmitted globally to everyone who is linked. This capability offers an a ttractive proposition to customers seeking to acquire products from any part of the world. 4. Commercial networking platforms Electronic channels allow people to easily meet, gather data and information as well as stay in touch at low cost. This enables participants to build their exis ting assets such as brand names and operational infrastructure while still enhan cing customer relationships and distribution channels. Some of the key fundamental forces behind the rapid advancement of internet mark eting include. (i) Global customers Availability of global infrastructure has ensured that people can do business an ywhere around the world. The internet platform additionally provides a fast and convenient service mode to traveling customers. (ii) Global Products Since most products in use throughout the world are similar or are assembled by subsidiaries based on economic and other conditions, global technology provides the geographical flexibility needed to ensure that products have a global access . (iii) Global Operations. Most firms have spread out their operations on a global scale to diversify the r isk or to increase the scope of economies of scale. Electronic based strategies support operational flexibility. (iv) Global resources. The use of common equipment, facilities and people by firms has encouraged elect ronic based trading since it enables businesses to keep track of shared resource s. (v) Global Collaboration. Knowledge and expertise of workers across the globe can be efficiently accessed, shared and organized to support individual or group efforts. This enhances ente rprise collaboration. Motivation of E-Commerce to customers Among the principal attributes that may propel customers towards an internet bas ed platform are the following: 1. Reduced prices- Costs of products or services are reduced since stages along the value chain are decreased. 2. Global market base- Consumers can freely shop anywhere in the world. Accordin g to the world trade organization there is no custom duty imposed on products tr aded electronically. This reality provides a wide selection platform within reas onable price considerations. 3. 24 hour access- Online businesses never shut down as compared to those operat ed in brick and mortar premises. Internet marketers are able to carry out busine ss activities without the barriers of time and distance. 4. Wide variety and choice- Internet marketing provide consumers with a broader range of choices e.g. before making any purchase a customer can explore multiple brands and features of any item whose description is elaborately done through o nline media.

5. Quicker delivery- This is especially more pronounced with digitized products which can be conveniently paid for and downloaded through global networks. 6. Internet marketing allows customers to interact with other customers and elec tronic communities hence providing a platform for exchanging ideas as well as co mparing of experiences. Motivation of E-Commerce to Business Benefits accruing to firms using this model include: 1. Increased market share. 2. Lower cost of advertising 3. Lower barriers to entry. 4. Effective linkage with clients and business partners 5. Strategic benefit in the form of reduced delivery time, labor cost, document preparation, supervision, errors and so on. 6. Enhanced market analysis since the organization gets faster feedback from cus tomers electronically. Challenges to Internet oriented marketing Although the list of electronic marketing merits is long the operating environme nt is far from perfection. In fact some impediments may occasion considerable mi sfortunes to both consumers and businesses which include: 1. Hidden costs Online purchases are often accompanied by unstated costs such as high shipping a nd stocking costs in addition to warranty issues. 2. Network unreliability With a high user population the internet is a very busy information highway. The re are usually incidents of network failure which may be occasioned by factors s uch as: a) Equipment failure within network connections or the end of the Internet servi ce provider (ISP) b) Long response time due to increased network traffic. c) Accidental problems caused by nature or human error. 3. Cost of sustaining investments. While operational cost savings tend to lower entry barriers, it implies increase d competition due to ease of industry access. This compels businesses to operate within low profit margins or to make heavy investment outlays to remain competi tive. 4. Security challenges Customers are increasingly getting cautious about providing personal financial i nformation over the internet. As issues relating to hacking continue to generat e concern many customers take time before fully committing to electronic based t ransaction modes. 5. Privacy concerns Customers are keen about the privacy implication of data gathered by organizatio ns because even at the simplest data levels this information can easily get expo sed to cyber criminals. E-COMMERCE INFRASTRUCTURE The implementation of E-marketing brings a unique set of challenges in relation to network infrastructure. Key issues of concern revolve around server capacity , scalability in addition to site availability. Web managers must have the right tools so as to be in command of the infrastructure behind the sites including t he servers, networks, applications and content. A site is not only a means to s ell products but an opportunity to build brand equity for the company. If a site is difficult to access or constantly keeps sending back error messages the firm looses the opportunity to build a brand status through a positive online experi ence.

Networks A network is a group of computers and peripherals connected together through som e media for the purpose of exchanging information. The connection can be direct e.g. through a cable or indirect e.g. through a modem. Networks are usually clas sified on the basis of various characteristics and properties such as: 1. Topology Topology specifies the geometric arrangement of the network i.e. the ways of con necting to a particular network. There and three major network topologies i.e. r ing topology, star topology and bus topology. a) Ring Topology This topology features a logically closed loop. Data packets travel in a single direction around the ring from one network device to the other. Each network dev ice acts as a repeater meaning that it accentuates the signal as it passes to th e next node.

b) Star Topography In a star topology each node has a dedicated set of cables connecting it to a ce ntral network hub. Since all traffic passes through the hub, the hub becomes a c entral point for isolating network problems and gathering network statistics.

c) Bus topology In this topology, nodes in a series connect to common network backbone

2. Protocol Protocol specifies the common set of rules, procedures and signals that computer s and networks use to communicate. Protocols provide formulae for passing messag es, specifying the details of message format and describing how to handle error conditions. 3. Architecture Refers to the configuration that determines how one network device communicates

with another in a local area network. There are three key types of architectures namely master-slave communication, peer-peer communication and client-server co nnection. Master - slave communication - Refers to a relationship where a single node init iates and controls a session with one or more devices (slaves). In peer to peer communication both devices have a similar capacity for initiatin g, maintaining and terminating a session. Client-Server communication refers to a relationship whereby dedicated servers s upport the clients that are attached to them. 4. Spatial distance In this case networks can be deemed as local area networks (LANs), metropolitan area networks (MANs), or wide area networks (WANs). 5Data transmission technology This characterization relates to whether the network carries voice, data, or bot h kinds of signals for example a Transmission Control Protocol (TCP) or an Inter net Protocol (IP). 6. Users of the network Depending on the persons authorized to use the network it can be described eithe r as public or private. 7. Nature of its connections A network can either be dial-up or switched, dedicated or non-switched 8. Types of physical links These may include optical fiber, coaxial cable, and Unshielded Twisted Pair. Common Network Terminology 1. World Wide Web WWW/W3 Refers to the information space on the internet where hyper media documents are stored and can be retrieved by means of a unique address scheme. 2. Website. This is a collection of web pages stored through hyper media format so as to be accessed from any computer in the network by means of hyper text links. 3. Home page It is the first page of a website from where other pages of the site can be acce ssed. 4. Domain name Its the address of the website where the web pages are stored. The last three let ters or two second last letters of the domain specify the type of website e.g. . com for commercial sites, .edu for academic institutions, .org for non commercia l entities. Two letters at the end indicate a customized (localized) domain tit le e.g. .ac.ke, .co.ke, .or.ke 5. File transfer Protocol This refers to the data exchange system that facilitates the copying or movement of files from one site to another. Network access and distribution Equipment 1. Hubs These act as common connection points for devices within a network and are usual ly represented by small unmarked rectangular box because they are often invisibl e to the network. 2. Switches

They filter and forward packets between local area network segments and are usua lly represented by a box marked with an X 3. Routers This connects to a number of local area networks. They are usually depicted by a square with a unidirectional cross-pattern marks. 4. File Servers They provide a centralized file repository for local area network users and are usually depicted by files overlying a server device. 5. Network Management Stations (NMS) They support local area network management services and are usually depicted by an NMS terminal overlying a server device. 6. Cables There are various types of cables used for networks i.e. coaxial cable, fiber op tic cable and twisted cable. Coaxial cables are made up of a solid centre wire with a braided metal shield an d a plastic sheathing to protecting the wire. Fiber optic cables are transmission channels that use light properties to convey signals. They are highly popular owing to their high bandwidth capacity. Furthe r they are not affected by electoral magnetic interference. Twisted pair is derived from pairs of wires enclosed inside a plastic sheath. Th e purpose of the shield is to protect the wires from external interference or in terference from amongst themselves. Network Technology Choices There are three main network technology alternatives: 1. Direct Connectivity 2. Value added networks 3. Internet Direct Connectivity This is the traditional way of building business networks and it provides firms and trading partners with the most direct control over the network. The circuit may take the form dial-up and private lines or other circuitry such as fiber opt ic and microwave transmission. Value added networks A value added network is provided by a vendor who not only furnishes the circuit but who also provides many of the services necessary to use the circuit for ele ctronic data interchange e.g. the vendor may provide electronic interchange soft ware as well as assist in training of trading partners. Internet The internet makes available a global communication network that not only links trading partners but consumers as well. The Need for appropriate network infrastructure A proper network infrastructure is necessary to avert the following potential pr oblems that become rampant with the use of substandard network infrastructure. 1. Server failure This is where the server becomes unavailable due to hardware or operating system failure. 2. Software failure Individual applications may hang up or stop responding even though other applica tions may remain operational.

3. Content failure The server and application may be working properly but could be responding to cu stomer requests with error messages such as the 404 object not found error. 4. Network unavailability The link between the server and outside world may be lost thus making the server unreachable. E-COMMERCE ENVIRONMENT To succeed in todays competitive market place; companies must focus on customer c entered practices so as to win clients from competitors. This is in addition to keeping or retaining them and growing the volumes by delivering greater value. F or this to be possible marketers should: i) Develop competitive market strategies ii) Build sustainable customer relationships iii) Comprehensively analyze the environment and iv) Develop superior technological strategies. The strategic role of internet based marketing systems involves the use of infor mation technology to develop products, services and capabilities that give a com pany major advantages over its competitors. Properly designed systems should thu s enable the firm to counter the competitive forces it faces in the global marke t place. Internet systems for marketing should be designed in such a manner as to support or shape the competitive position of an E-business enterprise. They should help organizations to acquire competitive advantage, reduce competitive disadvantage or meet other strategic enterprises objectives. A firm can survive and succeed in the long run if it successfully develops strat egies to confront the forces that shape the structure of competition within its industry environment. According to Michael E Porter the structure of competition in a given industry c an be viewed as a composite of five fundamental forces 1. Rivalry amongst existing industry players 2. Threat of new entrants 3. Potential development of substitutes 4. Bargaining power of suppliers o r sellers 5. Bargaining power of buyers or customers. 1. Rivalry amongst existing industry pairs This is the most powerful of the competitive forces. Strategies assumed by one f irm will be successful only to the extent that they provide competitive advantag e over strategies pursued by rival firms. Changes in strategy by one firm may be met with retaliation through measures such as lowering prices, enhancing qualit y, adding extra features, extending warranties and increasing the advertising in tensity. Rivalry among competing firms tends to intensify as the number of comp etitors increases. Rivalry is also highly pronounced in situations where consume rs can easily switch brands or where barriers to enter or leave the market are l ow. As rivalry increases, industry profits decline almost to a point where the i ndustry becomes inherently unattractive. 2. Threats of New Entrants When an industry can be easily be accessed by new players, its competitiveness i s compromised. This is because arrival of new entrants works to dilute the profi t share of existing participants. In order to minimize entry of new players, fir ms may introduce entry barriers through actions such as: a) Acquisition of patents or trading rights. b) Enhancing technology and knowledge management capacity

c) Exploiting economies of scale. d) Monopolizing access to raw materials by entering into exclusive agreements wi th suppliers. In spite of these barriers, new firms can enter the industry through high qualit y products, lower prices and use of substantial marketing resources. 3. Potential Development of Substitutes For most industries, availability of substitute products imposes a ceiling on th e price that can be charged for a related product without occasioning a customer switch to alternative products. The competitive strength of substitutes is best measured by the market interest it elicits as well as the market share the prod uct scoops in the long run. 4. Bargaining power of suppliers When a large number of suppliers exist the industry is bound to be unattractive since customers can seek products from the alternative suppliers. In a scenario where there only few suppliers the switching cost will be high and hence the ind ustry remains attractive. To overcome the challenges arising out of strong suppl ier bargaining power, firms may pursue a backward integration strategy. This wil l imply that firms get involved in sourcing or generation of raw materials. The strategy is especially effective when a) Suppliers are unreliable b) Suppliers are too costly c) Suppliers are incapable of meeting the firms needs on a considerable basis. 5. Bargaining Power of Customers When customers are concentrated or buy in large volumes their bargaining power b ecomes a major force. Whenever the bargaining power of customers is substantial, rival firms may offer extended warranties or special services to gain customer loyalty at a low consideration. Bargaining power of customers may also be high w hen products being purchased are unstandardized or differentiated. In such a cas e customers normally negotiate the buying price, warranty coverage and accessory packages to a great extent. Electronic Tools for Strategic Advantage Businesses can counter the threats of competitive forces within the environment by implementing various competitive strategies. Some viable approaches may inclu de: 1. Cost leadership A firm that employs this strategy becomes a low cost producer of goods and servi ces in the industry. A firm realizes this by finding ways to help suppliers and customers reduce their cost or increase the cost of their competitors. Internet based technologies result in efficient processes that substantially reduce the cost of business operations thus achieving low production and distribution cost. This effectively leads to lower prices than those of competitors and hence a la rger market share. 2. Differentiation Technology can be used to device ways of distinguishing a firms products from tho se of competitors. This allows a firm to focus on products and services that yie ld advantage in particular segments or niches of a market. 3. Innovation strategy This entails finding new ways of doing business. It may involve the development of new products and services or entry into unique markets or market niches. It a lso involves the use of technology to make radical changes to the business proce sses for producing or distributing products and services in ways that are so dis tinct from the previous mode of doing business such that they alter the fundamen tal structure of an industry. Innovation also involves creation of new products or services that include IT components.

4. Growth Strategies This involves significant expansion of a companys capacity to produce goods and s ervices, expansion into global markets, diversification into new products or int egration into related products and services. A firm may for instance use interne t technologies to manage regional and global business expansion. 5. Alliance Strategies This entails establishment of new business linkages and alliances with customers , suppliers, competitors and other companies. Such linkages may include the form ation of virtual companies or other marketing, manufacturing or distribution agr eements between a business and its trading partners. A firm could also develop inter enterprise information systems linked by the internet that support strateg ic business relationships with customers and suppliers. 6. Locking in Customers/Suppliers Investments in technology can allow a business to lock in customers and supplier s by building valuable relationships with them. This can deter both customers an d suppliers from abandoning a firm for its competitors. 7. Building Switching Costs Investments in sophisticated technological systems can make customers or supplie rs dependent on the continued use of mutually beneficial innovative business sys tems. Customers thus become reluctant to pay the cost in terms of time, money, e ffort and inconvenience that it would take to shift to a companies competitors. 8. Raising barriers to entry By utilizing investment in technology to improve operations or promote innovatio ns, a firm may discourage or delay other companies from entering a market. This is typically realized by increasing the amount of investments or the complexity of the technology required to effectively compete in an industry or a market seg ment. 9. Building strategic technological capabilities This mainly results when a firm invests in advanced computer based information s ystems which make it possible for the organization to take advantage of strategi c opportunities as well as to improve the efficiency of the business process. ELECTRONIC CUSTOMER RELATIONSHIP MANAGEMENT (ECRM) From output to outcomes, from value propositions to value conversations, from dif ferentiated products to products that make a difference, from value chains to va lue cycles, from competitive advantage to constructive advantage, Electronic Customer Relationship Management is a customer centric business strat egy that uses information technology to create a cross functional enterprise sys tem that integrates and automates customer service processes. ECRM systems crea te an IT framework that integrates all processes related to sales and marketing within the companys business operations. ECRM system consists of a family of sof tware modules that perform the business activities involved in front office proc esses. CRM software provides the tools that enable a business and its employees to provide a fast, convenient and dependable service to customers. Application Components of ECRM 1. Sales management CRM software tracks customer content and the lifecycle events of customers e.g. CRM systems may be used to alert a bank sales representative to get in touch wit h customers who make large deposits so as to sell them premium credit card progr ams and investment options. 2. Direct Marketing and Fulfillment CRM software can automate tasks such as response management, scheduling of sales

contacts and providing information to prospects and customers. 3. Customer Service and Support CRM helps customer service managers to quickly create, assign and manage service requests e.g. help desk software assists customer service representatives in he lping customers to resolve problems with products or services through provision of relevant service, data and suggestions for resolving problems. 4. Retention and Loyalty Programs These programs deal with provision of dedicated services to customers so that th ey do not loose confidence and interest in a companys services or products. 5. Contact Management ECRM systems facilitate the creation of effective contacts with new customers wh ile still maintaining the established contacts with the older customers. 6. Storefront and field services These systems deal with the maintenance of proper inventory records and quantiti es so that effective service can be provided to customers. Benefits of ECRM 1. It allows a company to find and target their best customers i.e. those who ar e most profitable to the business so that they can be retained as lifelong custo mers for greater and more profitable services. 2. CRM enables a real time customization and personalization of products and ser vices based on customer needs, buying habits and life cycles. 3. CRM enables a company to provide a consistent customer experience and superio r service as well as support across all contact points a customer chooses. 4. CRM on the whole provides strategic business value to its customers. The need for CRM arises in part from the following realities derived from observed custo mer behavior a) It costs about six times more to transact with a new customer than to with ex isting customer. b) A typical dissatisfied customer will tell at least six people about a bad sho pping experience. c) A company can boost its profits by over 70% by increasing customer retention by just 10%. d) 75% of complaining customers will do business with the firm again if it quick ly takes care of their complaints. e) Over 80% of companies do not have the necessary sales and service integration to support E-marketing. Guidelines for Successful E-CRM The most critical feature of any E-CRM solution is the ability to transform cust omer data collected form a wide variety of sources into detailed customer inform ation around which a company can build sustainable business relationships. The f ollowing guidelines can help obtain successful E-CRM solutions. 1. Define fewer higher priority business requirements. Goals may revolve around key issues like reducing attrition and turnover of the most valuable customers or increasing revenue per customer. 2. Communicate immediate objectives to every member of the team regardless of de partments. Employees should clearly understand the business rationale and desire d results of the ECRM action plan. 3. Undertake something short term that demonstrates payback. To win the support of senior management and key investors, achievement of short term goals with mea surable results is crucial. WEB SECURITY ISSUES RELATED TO MARKETING Introduction E-commerce is growing at a tremendous speed. Its ability to conduct business on

a public network has strong attraction and the potential for big savings. But it has also brought in its share of problems and that are, of secrecy and integrit y of the transaction across the net. In the beginning of the growth of Internet, electronic mail was one of the most popular uses. But even then people were wor ried that e-mail messages might be intercepted by a business rival. Today, the s takes are much higher as credit card numbers, financial records, and other impor tant information are not encrypted and can be intercepted by any savvy internet hacker (a severe problem for anyone planning to perform commerce over the net). The consequence of a competitor having unauthorized electronic commerce, in part icular, brings to the forefront long-held information security concerns. Electronic commerce usually uses a public switched telephone network (PSTN) and is often between entities which are not known at one another. Ensuring security of communication between the entities participating in e-commerce is hence an im portant requirement. Apart from ensuring the security of messages on the PSTN ne twork, an organization should protect data stored in computer which are connecte d to a local area network (LAN) from malicious damage. It is also necessary to b e able to authenticate the messages received via the internet- Security on web t hus assumes importance as in other fields. GOAL OF WEB ATTACKERS Nearly all attackers on the World Wide Web have the same goal: they want to make your computers do things that you don t want them to do. For example: 1. They want to scan your system for confidential documents, which they will tra nsmit to other systems. 2. They want to corrupt the information on your computer, or even reformat your computer s hard disk drive. 3. They want to use your system to store pirated software, MP3 music files, or p ornographic images for later access by them and their friends. 4. They want to modify your computer s operating system, leaving traps, creating new security holes, ofr simply causing your system to crash. 5. They want to use home-banking applications or credit card numbers residing on your computer to transfer money from your bank account to theirs. 6. They want to be able to selectively block access to your system as they wish, or use it in a coordinated attack to deny access to someone else. 7. They want to install some form of server, such as an IRC (Internet Relay Chat ) server they can access without slowing down their own machines. 8. They want to see the press coverage that results from their triumphs and your misfortune. WEB SECURITY ISSUES RELATED TO E-COMMERCE The World Wide Web (www) was initially intended as a means to share distributed information amongst individuals. Now the www has become the preferred environmen t for a multitude of e-services: e-commerce, e-banking, e-voting, e-government, etc. The electronic commerce framework is built on the World Wide Web architecture. The World Wide Web server functions can be categorized into information retrieva l, data and transaction management, and security. The web security has not alway s been considered during the development of many web technologies. This has the unfortunate consequence that a number of potential security issues can be identi fied as follows: It is possible for an attacker to eavesdrop the communication between a user s b rowser and a web server. Sensitive information, such as a credit card number, or any other confidential d ata, could thus be obtained. An attacker could try to impersonate entities in order to get information, which

is normally not disclosed without authorization; for example, an attacker could spoof a web-banking application, hereby gathering users* PIN codes. A substantial amount of confidential information is made available via the www. Any unauthorized access to this information should be prevented. Websites have become an organization s or a company s public face; "defacement" by hackers is clearly not desired. Web pages and e-mail can contain executable c ontent, some of which might be malicious. For example, an attacker could lure a user into surfing to its web page, which contains a program that installs a Troj an horse. As people are getting more and more online, their privacy is at stake; the web i ncludes ideal technologies with which user profiles can be maintained. Finally, the web provides an excellent means for exchanging (any) information, including illicitly distributing copyright protected or explicit material. E-COMMERCE THREATS Electronic commerce security requirements can be studied by examining the overal l sale/purchase processbeginning with the consumer and ending with the commerce s erver. When you consider each logical link in the "commerce chain", the assets t hat must be protected to ensure secure electronic commerce include client comput ers, the messages traveling on the communication channel, and the web and commer ce servers including any hardware attached to the servers. To ensure trust and confidence to trade business online, total end-to-end securi ty should be assured over the complete network. Lack of this is hindering the gr owth of e- commerce- If the dreams of e-commerce have to come true, then e-secur ity assumes paramount importance- E-security holds the key to e-commerce. Follow ing are the some important security threats for e-commerce. Communication Channel Threats Secrecy Threats Integrity Threats Necessity Threats Server Threats Web Server Threats Database Threats Communication Channel Threats The Internet serves as the electronic chain linking a consumer to an electronic commerce resource. The Internet is not at all secure. Messages travel in any num ber of different paths from the source node to the destination node. The message s then passed through any number of intermediate computers and the path can vary each time a message is sent. It is impossible to guarantee that every computer on the Internet through which messages pass is safe, secure, and non-hostile. It is very likely that some person can reach the message, alter the contents or co mpletely eliminate it from the network. Secrecy Threats Secrecy and privacy are linked to each other and both receive more than adequate attention. Secrecy and privacy, though similar, are different issues. Secrecy i s the prevention of authorized information disclosure. Privacy is the protection of individual rights to nondisclosure. Secrecy is a technical issue requiring s ophisticated physical and logical mechanisms, whereas the law enforces privacy p rotectionAn example of the difference between secrecy and privacy is e-mail. By encryptio n technique, a company s e-mail messages may be protected against secrecy violat ion. In encryption a message is encoded into an unintelligent form that can only be transcribed back into the original message by the proper recipient. Secrecy is the job of protecting outgoing messages. On the other hand, privacy issues co ncern whether or not a supervisor can be permitted to read employee e-mail messa

ges. A significant danger of conducting electronic commerce is theft of sensitive or personal information, including credit card numbers, names, addresses, and perso nal preferences. This can occur any time to anyone who files out a form or submits credit card in formation over the Internet, because it is not difficult for an ill-intentioned person to record information packets (a secrecy violation) from the Internet for later examination. The same problems can occur in e-mail transmissions. Integrity Threats An integrity threat occurs when an unauthorized person alters a message stream o f information. It takes place mainly in the banking sector where unprotected ban king transactions such as deposit amount transmitted over Internet are changed w ithout the user s knowledge. However, an integrity violation implies in a secrec y violation, because an intruder who alters information can read and interpret t hat information. Unlike secrecy, where a viewer simply sees information he or sh e should not, integrity threats can cause a change in the actions a person or co rporation takes, because a mission critical transmission has been altered. Necessity Threats The purpose of these threats is to disrupt normal computer processing or to deny processing entirely. The computers experiencing a necessity threat slows down p rocessing to a very slow speed. For example, if the processing speed of a single ATM machine transaction slows from 1 or 2 seconds to 30 seconds, users will aba ndon ATM machines entirely. Slowing down of an Internet service will drive custo mer to competitor s web or commerce sites. Therefore, slowing of processing can lead to service being unusable or unattractive. Server Threats The server is highly vulnerable and forms the threat link in the Client-Internet - Server Group serving the electronic commerce path between the commerce server and a user. Any person determined to cause destruction or to illegally acquire i nformation can do so easily through the server. The entry parts are web servers and its software, any packet program containing data, such as the database and i ts server. The most dangerous entry points are utility programs residing on the server or common gateway interface (CGI) programs. It is next to impossible to b uild a system which is completely safe. We have to make sure that security polic ies are documented and considered in every part of the electronic commerce syste m. Web Server Threats Web server software is designed with web service and convenience as the main des ign goal. On most machines web servers can be set up to run at various privilege levels. The highest privilege level provides the most flexibility and allows pr ograms, including web servers, to execute all machine instructions and to have u nlimited access to any part of the system, including highly sensitive and privil eged areas. Correspondingly, the lowest privilege levels provide a logical fence around a running program, preventing it from running whole classes of machine i nstructions and disallowing its access to all but the least sensitive areas of c omputer storage. The program is given the least privilege it needs to do its job . The system administrator s job is to set up accounts and passwords for user s needs. It is a high privileged level also called superuser in the UNIX environme nt and its job is to modify sensitive and valuable areas for the system. A web s erver threat is caused when we set up a web server to run in high privilege stat us. Ordinarily a web server provides ordinary services and regular tasks which c an be carried out with a very low privilege level. If a web server is running at a high privileged level, a hacker can exploit the web server and subsequently e xecuting instructions in privileged mode.

Database Threats Electronic commerce systems store user data and get product information from dat abases which are connected to this web server. Databases connected to the web se rver have valuable and personal information and if it is accessed by malicious u sers it can damage the company. Hence, modern systems use extensive database sec urity features to protect their large databases in the form of user names and pa sswords. The database is built in such a way that even authenticated users canno t have full access to the database. Only selected versions of the database are v isible to the user. Even the operations to be performed on the database are rest ricted. This is enforced in the form of privileges which are stored in the datab ases. But in spite of today s break-ins many do not store user/password pairs in a secured manner else many failed to provide security in any manner and relay o n the web server to enforce security. If someone gains access to the user authen tication information then he can act as a legitimate user and reveal or download information which might prove costly to the company. Trojan horse programs hidd en within the database system can also reveal information by downgrading it (rel easing sensitive information to a less protected area of the database that every one can perusal). When information is downgraded, all users have access- includi ng potential intruders. WWW-BASED SECURITY SCHEMES Several methods can provide security the web framework irrespective of e-commerc e. These include the following: Secure HTTP (S-HTTP) S-HTTP (secure HTTP) is an extension to the Hypertext Trans fer Protocol that allows the secure exchange of files on the World Wide Web. Eac h S-HTTP file is either encrypted, that contains a digital certificate, or both. For a given document, S-HTTP is a alternative to the other well-known security protocol, Secure Sockets Layer (SSL). Secure Sockets Layer (SSL): SSL is a protocol that uses RSA security to wrap sec urity information around TCP/IP based protocols. This implementation, while diff erent from S-HTTP, accomplishes the same task. SHEN: SHEN is a security scheme for the web sponsored by the W3 consortium. It i s similar to S-HTTP but is a non-commercial or more research oriented security. The benefit of SSL over S-HTTP is that SSL is not restricted to HTTP only. It ca n also be used for FTP and TELNET, among other Internet services. A major differ ence is that S-HTTP allows the client to send a certificate to authenticate the user whereas using SSL, only the server can be authenticated. S-HTTP is more lik ely to be used in situations where the server represents a bank and requires aut hentication from the user that is more secure than a user ID and password. IMPLEMENTING SECURITY FOR E-COMMERCE Protecting electronic assets that comprise electronic commerce systems is not an option but a necessity if commerce is to grow strong. The electronic world will always have to deal with viruses, worms, Trojan horses, eavesdroppers, and dest ructive programs whose goals are to disrupt, delay, or deny communications and i nformation flow between consumers and producers. Billions of dollars are at stak e, and security protection must continually be developed to provide consumers wi th confidence in the online systems with which they interact and through which t hey conduct business. One of the widely used security methods for e-commerce are firewall and encryption of transaction data E-COMMERCE TRANSACTIONS A key element of e-commerce is information processing for all steps of commerce except for production, distribution, and the delivery of physical goods, or form s of information gathering, processing, manipulation and distribution. Computers and networks are perfectly suited to handle the information processing activiti es that are usually in the form of business transactions for which several broad categories can be observed as follows:

Transactions between a company and a consumer over public networks for the purpo se of home shopping or home banking using inscription for security and electroni c cash, credit, or debit tokens for payment. Transaction with trading partners using EDI. Transaction for information gathering such as market research using bar code sca nners information processing for managerial decision making or organization prob lem solving and information manipulation for operations and supply chain managem ent. Transaction for information distribution with prospective customer including int eractive advertising, sales and marketing. PROBLEMS OF TRANSACTION SECURITY The lack of data and message security on the internet has become a high profile problem due to the increasing number of individuals trying to spur commerce on t he global network. For instance credit card number in the plain text form create s a risk when transmitted across the Internet where the possibility of the numbe r falling into the wrong hands is relatively high. Just thought of "sniffer" pro gram that collects credit card numbers and is enough to keep merchants away from online shopping. This raises the possible law suits and other liability issues. In short, the lack of business transaction security is widely acknowledged as a major impediment to widespread e-commerce. The security problems plaguing network administrators resemble the problems fac ing transaction based e-commerce. A growing threat on networks is the theft of p asswords and other information that passes over them. TYPES OF SECURITY ATTACKS RELATED TO TRANSACTIONS Attacks can be clubbed under two categories; 1. Passive attacks. In passive attacks, the transmissions on the network are eav esdropped on or monitored. The motive of the attacker is to obtain the informati on being transmitted. Passive attacks are difficult to detect as the data is not altered. Hence, the e mphasis is on prevention of such attacks rather than detecting them. For example , data can be scrambled using an encryption technique so that even if the intrud er is able to intercept the message, no meaningful information can be extracted from it. 2. Active attacks. Active attacks involve mutation of data or generation of coun terfeit message. The motive of the attacker is to prevent the messages from reac hing their intended destination, or to masquerade as another entity and get acce ss to restricted information, or to feed another user with falsified information with the aim of misleading the person. The Internet is a channel over which the information flows from source to desti nation. However, this information is vulnerable to specific attacks as it traverses acro ss the net. The attacks can belong to four general classes. 1. Interruption. In this type of attack the information is destroyed enroute or becomes unavailable at the destination. This attack is on the availability of in formation. 2. Interception. The information is captured or accessed by an unauthorized pers on through wiretapping on the network or by illegally copying the information at an intermediate node on the route with the help of a program. The confidentiali ty of the information is compromised in type of attack.

3. Modification. The information on the network is not only captured or accesse d by an intruder, but also tampered with. The altered message is then forwarded to the original destination. This is an attack on the integrity of the informati on. 4. Fabrication. In this type of attack, an unauthorized person generates fraudul ent message and passes it on to the destination. The spurious data is purported to be sent by a genuine user. The authenticity of information is attacked in fab rication. Active attacks are easier to detect as compared to their passive counterparts. F or example, a cryptographic checksum can accompany each message. If the message is altered during the passage in any manner, the tampering can be detected becau se of notation of the checksum. SECURITY SERVICES RELATED TO TRANSACTIONS Authentication. Authentication is the process of verifying that the communicatio n is authentic. In case of a single message, authentication assures the recipien t that the communication partner is who it is supposed to be and not an imposter and that the text of the message itself has not been altered. In case of an ongoing interaction, such as connection of a remote terminal to a host, there are two aspects of this service: 1. At the time of initiation of connection, the verification of the two entities , i.e., each is that entity that it claims to be. 2. The connection is not interfered with in such a way that a third party can ma squerade as one of the two legitimate parties for the purposes of unauthorized t ransmission or reception. Integrity. Integrity means that it should be possible for the receiver of a mess age to verify that the message has not been tampered with while in transit. An i ntruder should not be able to substitute a false message for a legitimate one. Nonrepudiation. Nonrepudiation prevents either sender or receiver from denying a transmitted message, files or data, when in fact they did. When a message is se nt, the receiver can prove that the message was in fact sent by the alleged send er. Similarly, when a message is received, the sender can prove that the message was in fact received by the alleged receiver. Confidentiality. Confidentiality is the protection of transmitted data from pass ive attacks. When a message is transmitted over the communication channel, it ca n be intercepted at any point in between through wiretapping or with the help of computer programs. Confidentiality ensures that the contents of a message are n ot leaked or revealed to a hacker as it travels to its destination. Authorization. Authorization pertains to the permissions granted to a person or a process to do certain things. Privileges are associated with sensitive informa tion stored in the database. Authorization ascertains the rights of the person t o access the information before presenting the data to him. Need of Secure Transactions As consumers face the mounting threats posed by the insecure environment- of the Internet, such as identity theft, phishing, and account takeovers, just to name a few they are becoming more aware of the intrinsic value of strong security. Consumers are demanding stronger security and are willing to pay for the peace o f mind it can provide. Savvy companies are creating a competitive advantage by o

ffering their customers the strong authentication solutions and enhanced transac tion security they require to protect themselves against escalating fraud threat s. As more robust security measures gain acceptance in the market, businesses can a chieve a positive return on security investments. By deploying tokens that suppo rt enhanced transaction security, businesses can reduce operational and fraud ex penses while leveraging the resulting secure online channels to finally breakdow n the barriers and open new online revenue opportunities. Protection against the latest online threats can only be provided by strong auth entication solutions that can protect the integrity of transaction and are less easily compromised than traditional passwords or one-time password tokensTechnology Used for Transaction Security Encryption is the basis for Data and Message Security. It is discussed in detai l below. Cryptography, Encryption and Decryption Cryptography is a collection of mathematical techniques for protecting informati on. Using cryptography, you can transform written words and other kinds of messages so that they are unintelligible to anyone who does not possess a specific mathem atical key necessary to unlock the message. The process of using cryptography to scramble a message is called encryption. The process of unscrambling the messag e by use of the appropriate key is called decryption. The original message prior to encryption is known as plain text while the encrypted message is known as ci pher text (See the following figure).

Plain text Plain text


Clipher text


Fig.1 Encryption and Decryption Processes Cryptography is used to prevent information from being accessed by an unauthoriz ed recipient. In theory, once a piece of information is encrypted, that informat ion can be accidentally disclosed or intercepted by a third party without compro mising the security of the information, provided that the key necessary to decry pt the information is not disclosed and that the method of encryption will resis t attempts to decrypt the message without the key. For example, here is a message that you might want to encrypt: This is an encrypted messageAnd here is the message after it has been encrypted: @1^W-G=/#@@W} If the decryption key is not shown, it should not be practical to take the prece ding line of gibberish and turn it back into the original message. Encryption Techniques Encryption works by encoding the text of a message with a key. Fundamentally, th ere are two kinds of encryption algorithms: 1. Symmetric key algorithms

2. Asymmetric key algorithms Symmetric Key Algorithms With these algorithms, the same key is used to encrypt and decrypt the message. Symmetric key algorithms are sometimes called secret key algorithms and sometime s called private key algorithms. Unfortunately, both these names are easily conf used with public-key algorithms, which are unrelated to symmetric key algorithms . Secret key algorithm involves the use of a shared key for both encryption by the transmitter and decryption by the receiver (see the following figure). It suffe rs from the problem of key distribution, since shared keys must be securely dist ributed to each pair of communicating parties. Secure key distribution becomes c umbersome in large networks. The generation, transmission and storage of keys is called key management, all c ryptosystems must deal with key management system. The DES (Data Encryption Standard) algorithm is an example of symmetric key algo rithm. Problems with Symmetric Key Symmetric key techniques are somewhat easier to implement. Unfortunately, symmet ric key algorithms have three problems that limit their use in the real world: For two parties to securely exchange information using a symmetric key algorithm , those parties must first exchange an encryption key. Alas, exchanging an encry ption key in a secure fashion can be quite difficult. As long as they wish to send or receive messages, both parties must keep a copy of the key. This doesn t seem like a significant problem, but it is. If one part y s copy is compromised and the second party doesn t know this fact, then the se cond party might send a message to the first party, and that message could then be subverted using the compromised key. If each pair of parties wishes to communicate in private, then they need a uniqu e key. This requires (N2 - N)/2 keys for N different users. For 10 users, that i s 45 keys. This may not seem like much, but consider the Internet with perhaps 3 00,000,000 users. If you want to be able to communicate with each of them, you d need to store 299,999,999 keys on your system in advance. And if everyone wante d to communicate privately with everyone else, that would require 44,999,999,850 ,000,000 unique keys (almost 45 quadrillion) Public key algorithms overcome these problems. Instead of a single key, public k ey algorithms use two keys: one for encrypting the message, the other for decryp ting the message. Asymmetric Key Algorithms It is also known as public key algorithm. With these algorithms, one key is used to encrypt the message and another key to decrypt it. The encryption key is nor mally called the public key in some algorithms because it can be made publicly a vailable without compromising the secrecy of the message or the decryption key. The decryption key is Dally called the private key or secret key. Systems that are used in this fashio n are called public key systems. Sometimes, people call all asymmetric key syste ms "public key," but this is not correctthere is no requirement that one key be m ade public.

This system can also he used to create unforgeable digital signatures. Fig.3 Public-key cryptography RSA algorithm is the example of public-key encryption technique. Problem with Public Key Public-key algorithms have a significant problem of their own: they are computat ionally expensive. In practice, public key encryption and decryption require as much as 1000 times more computer power than an equivalent symmetric key encryption algorithm. Uses of Public Key Encryption Two of the most common uses of public-key cryptography are encrypted messaging and digital signatures: With encrypted messaging, a person who wishes to send an encrypted messageto a p articular recipient encrypts that message with the individual s public key. The message can then only be decrypted by the authorized recipient. With digital signatures, the sender of the message uses the public key algorithm and a private key to digitally sign a message. Anyone who receives the message c an then validate the authenticity of the message by verifying the signature with the sender s public key. Most practical implementations of secure Internet encryption actually combine th e traditional symmetric and the new asymmetric schemes. Public-key encryption is used to negotiate a secret symmetric key that is then used to encrypt the actua l dataSince commercial ventures have a critical need for secure transmission on the we b, there is very active interest in developing schemes for encrypting the data t hat passes between browser and server. Comparison between Public-Key and Private-Key Encryption Methods Public-key methods offer several advantages over its private-key counterpart. Mo stly the combination of keys required to provide private messages between enormo us numbersof people is small. For example if N people want to share a secret wit h one another, then only N unique public-key pairs are required which is far les s than an equivalent private key system. Another reason is that key distributio n is not a problem. Each persons public key can be posted in the subway if necess ary. It does not require any special handling to distribute. Thirdly, and most i mportantly, public key systems make implementation of digital signatures possibl e. This means that an electronic document can be signed and sent to any recipien t with non-repudiation. That is, with public-key techniques, it is not possible for anyone other than the signer to have electronically produced the signature i n addition, the signer cannot later deny electronically signing the electronic d ocument There are some disadvantages in public-key systems- Public-key encryption and de cryption is significantly slower than private-key systems. This extra time can a dd up quickly as you and your customers conduct e-commerce- In conclusion, publi c-key system aren t meant to replace private-key systems but to complement them. Data Encryption Standard (DES) and Triple DES The DfeS standard was adopted by the U.S. government in 1977 and is suitable for encrypting large blocks of data- Both the sender and receiver must know the sam e seen key to encrypt and decrypt the message. Computationally, it s difficult b ut not impossible for an enemy to decrypt an intercepted message without knowled ge of the secret h There is, however, no convenient way over TCP/IP wires to ship the private key a uthorized participants.

DES, therefore, is unsuitable by itself for use on the Internet because a networ k eavesdropper might compromise the secret key as it is being transmitted. The re is a way though, to use DES effectively, as explained in the next section on RSA public-key cryptography. DES operates on 64-bit blocks with a 56-bit secret key. Designed for hardware im plementation, its operation is relatively fast and works well for large bulk doc ument or encryption. Instead of defining just one encryption algorithm, DES defi nes a whole family of them. With a few exceptions a different algorithm is gener ated for each secret key- This means that everybody can be told about the algori thm and your message will still be secure. You just need to tell others your sec ret keys, a number less than 256 A new technique for improving the security of DES is triple encryption (triple D E! i.e., encrypting each message blocks using three different keys in succession . Triple DES thought to be equivalent to doubling the key size of DES, 112 bits. If you use DES three times on the same message with different secret keys, it i s virtually impossible to break it using existing algorithm. RSA and Public-Key Cryptography Public-key cryptography is asymmetric; each person who wants to share secure inf ormation on the network is given one public key and one private key. The private keys are never transmitted on the network. If an encrypted message is sent, the senders public key is transmitted along with the message, and only the recipients private key can be to decrypt it. Therefore, the message can be sent on an inse cure transmission medium. For example, the Internet and the eavesdroppers who sn iff out the data packets cant benefit because they dont possess the recipients priv ate key. Digital Signature An important related concept is the digital signature. In e-commerce, the value of digital signature is same as that of the value of handwritten signature in tr aditional or manual commerce. A traditional i.e., hand-written signature has the following properties: 1. It verifies the author, the date and the time of the signature. 2. It authenticates the contents, at the time of signature. 3. It can be verified by the third parties in case of disputes. The above properties are also placed in the digital signature. Thus, a digital s ignature can be denned as a digital code that can be attached to an electronical ly transmitted message that uniquely identifies the sender. Like a written signa ture, the purpose of a digital signature is to guarantee that the individual sen ding the message is really who he or she claims to be. Digital signatures are es pecially important for electronic commerce and are a key component of most authe ntication schemes. To be effective, digital signatures must be unforgeable. To a chieve the basic purposes of signatures outlined above, a signature must have th e following attributes: Signer authentication: A signature should indicate who signed a document, messag e or record, and should be difficult for another person to produce without autho rization. Document authentication: A signature should identify what is signed, making it i mpracticable to falsify or alter either the signed matter or the signature witho ut detection. How does digital signature work?

In digital signature, the sender uses his or her private key and the contents of the message itself, and pipes these two pieces of data into an algorithm. The o utput of the algorithm is the digital signature, which is relatively short (a fe w hundred bytes long). The recipient can verify the digital signature by using the sender s public key and the message. The digital signature is secure in the sense that it would be v irtually impossible for an "enemy" computer to find another message (that is, on e distinct from the message actually sent) to produce the identical digital sign ature; the task is beyond realistic computational limits. Because each user has the responsibility of protecting the private key, the digital signature is nonrepudiatable. Moreover the senders can t claim that they did not send the messag e in question. It s important to realize that, unlike DES, RSA is not an efficient way to encry pt large blocks of data. Therefore, a good hybrid approach to securely transmit a large amount of data is to encrypt the data with DES and then encrypt the DES secret key with the receiver s RSA public key. The fingerprint The fingerprint is a variant of the digital signature. It is also called as MD5, and it is present, for example, in a RIPEM-enhanced FTP file. The sender s publ ic key can be used to decrypt the MD5 fingerprint (and this public key is availa ble from the RIPEM repository or by issuing a blind Finger command to the sendin g machine). The fingerprint is encrypted within the sender s private key and can t be forged by network eavesdrop] Again, as with RSA, the basic security precaution is for all network participant to securely store their private keys. RIPEM never transmits them over TCP/IP wi res. RIPEM is quite different from PGP; they are non-interoperable. Over time, s tandards committees might address the issue of differences among the range of In ternet security offerings and find a middle ground to bring the packages closer together. Some Other Technologies for Transaction Security Kerberos The Kerberos Network Authentication System was developed at MIT in 1985 and 1986 . Kerberos provides tickets (for network identification) and secret cryptographi c keys (for secure network communication) to users or services on the network. T he ticket few hundred characters long, is embedded in network protocols such as FTP or Telnet, and is used with the secret keys to mutually authenticate a netwo rk connection. The RSA Labs FAQ points out that Kerberos keeps a central databas e of the secret keys; therefore, in contrast to a digitally-signed message provi ded by RSA technology, a Kerbenrose-authenticated message would not be legally s ecure. The sender could claim that the central database had been compromised. Pretty Good Privacy (PGP) and Privacy-Enhanced Mail (PEM) Both PGP and PEM are programs to communicate securely on the network; both use R SA encryption techniques. The U.S. government controls the export of RSA encrypt ic technology and, in fact, classifies some of the algorithms in the same catego ry as munitions. Munitions often wind up in the wrong place, though, and so do t he RSA code and applications that use it, such as PGP and PEM. These packages ha ve found their way to Europe and Asia. PGP, according to author Phil Zimmerman, is now a "worldwide de-facto standard f or e-mail encryption" and can handle other kinds of data transfer as well. NCSA httpd and PGP/PEM Some work has been done to implement both PGP and PEM protocols with the NCSA httpd server and the NCSA Mosaic clienthaving the server and the client "hoo k" into the RSA encryption routines to implement security. The initial work, how

ever, did not establish a certificate authority or a trusted public-key reposito ry, so the developers did not have a simple solution for how the sender and reci pient could exchange their public keys with certainty. If a bogus public key is forged and accepted by a recipient, the forger can send bogus e-mail using the f alse public key and fool the recipient. Riordan s Privacy-Enhanced Mail (RIPEM) Mark Riordan has written RIPEM, a software package to "sign" documents or data, and to encrypt and decrypt them. The RIPEM package allows users to do the follow ing: Optionally acquire protection against document disclosure, using RSA encryption Authenticate the originator of a message, using a digital fingerprint Ensure message integrity Ensure nonrepudiation of the message RIPEM, because it uses RSA code, is subject to the same export restrictions as P GP and PEM. It has been ported to many platforms (UNIX, Microsoft Windows, Macin tosh, and so on) and is supported by some popular mail packages, for example, th e freely available Gnu Emacs mail program and Elm. Use of Cryptography in E-commerce Cryptography makes secure websites and electronic safe transmissions possible. F or a website to be secure all the data transmitted between the computers where t he data is kept and where it is received must be encrypted. This allows people t o do online banking, online trading, and make online purchases with their credit cards, without worrying that any of their account information is being compromi sed. Cryptography is very important to the continued growth of the Internet and electronic commerce. E-commerce is increasing at a very rapid rate. By the turn of the century, comme rcial transactions on the Internet are expected to total hundreds of billions of dollars a year. This level of activity could not be supported without cryptographic security. It has been said that one is safer using a credit card over the Internet than with in a store or restaurant. It requires much more work to seize credit card number s over computer networks than it does to simply walk by a table in a restaurant and lay hold of a credit card receipt. These levels of security, though not yet widely used, give the means to strengthen the foundation with which e-commerce c an grow. People use e-mail to conduct personal and business matters on a daily basis. E-m ail has no physical form and may exist electronically in more than one places at a time. This poses a potential problem as it increases the opportunity for an e avesdropper to get hold of the transmission. Encryption protects e-mail by rende ring it very difficult to read by any unintended party. Digital signatures can a lso be used to authenticate the origin and the content of an e-mail message. POLICY AND REGULATORY AGENDA FOR E-COMMERCE Need of e-commerce laws The rapid development of information and communication technologies over the pas t decade has revolutionized business practices. Transactions accomplished throug h electronic meanscollectively "electronic commerce"have created new legal issues. The shift from paper-based to electronic transactions has raised questions conc erning the recognition, authenticity and enforce ability of electronic documents and signatures, Challenges before Lawmakers for E-Commerce Laws The challenge for lawmakers has been to balance the sometimes conflicting goals of safeguarding electronic commerce and encouraging technological development. W

e know that e-commerce transactions are conceptually similar to paper-based (tra ditional) transactions. The sellers present their products or items, prices and terms and conditions to the prospective buyers. The buyers select products, nego tiate prices/terms and conditions (if possible), place orders and make payment. After receiving payment, the seller or vendor delivers the purchase products. Th e mechanism for different types of transactions in the sale and purchase of prod ucts may differ between traditional commerce and electronic commerce. Key Questions for Electronic Transactions With legislation in place that authorizes the use of electronic records and elec tronic signatures in lieu of paper records and handwritten signatures, the next question becomes: what are the legal requirements that must be satisfied in orde r to create valid and enforceable electronic transactions. Although existing law s diverge on this issue, there are three fundamental questions to consider: What requirements are imposed by e-transaction laws? Do the parties trust the message? What rules govern doing the transaction in electronic form? Electronic contracts raise various issues: 1. Are they enforceable in court? 2. What terms and conditions are included within them? 3. Can they be proven, in court? 4. How must they be recorded for tax purposes? 5. To what extent is a VAN liable if it loses an acceptance message and thereby prevents a contract from being formed? Such above issues can be solved with the help of forms of agreement. Agreements play an important role in e-commerce. In the absence of relevant laws regarding the e-commerce trade practices and security standards, the agreements serve to s upport the certainty of e-commerce. Agreements provide a first line of defense f or parties trading over Internet and with partners with whom long-term, trusted relationships have to be developed. The E-commerce agreement can cover the following matters: Product or Service. What is the product or service to be marketed on the website ? Is it a whole category of products or services or only specific items? Fees, What fee or commission will the website owner get if the products or servi ces are sold through the site? Customer Payment. How will customers pay for the purchases? Is the mechanism to be run through the website owner s site or through the third party? Who handles credit card related issues? Customer Information. Who will be deemed to "own" the customer and the informati on provided by the customer? Ideally, the website owner would "own" the customer as it was through its efforts that the customer was obtained. The third party, however, will often insist upon ownership rights. A compromise that is sometimes employed is that the parties "co-own" the customer or that each party has certa in rights to use the customer information. Of course, this should all be consist ent with the site s "Privacy Policy" and applicable law. PURPOSE OF THE E-COMMERCE LAWS The law should aim to facilitate the development of a secure regulatory environm

ent for electronic commerce by providing a legal infrastructure governing electr onic contracting, security and integrity of electronic transactions, the use of digital signatures and other issues related to electronic commerce. Legal procedures should seek to effectuate the following purposes: (a) To facilitate electronic communications by means of reliable electronic rec ords; (b) To facilitate and promote electronic commerce, to eliminate barriers to elec tronic commerce resulting from uncertainties over writing and signature requirem ents, and to promote the development of the legal and business infrastructure ne cessary to implement secure electronic commerce; (c) To facilitate the electronic filing of documents with government agencies an d statutory corporations, and to promote efficient delivery of government servic es by means of electronic records; (d) To minimize the incidence of forged electronic records, intentional and unin tentional alterations of records, and fraud in electronic commerce and other ele ctronic transactions; (e) To promote public confidence in the integrity and reliability of electronic records, electronic signatures and electronic commerce; (f) To establish uniform rules and standards regarding the authentication and in tegrity of electronic records; and (g) To create a legal infrastructure for the use of digital signatures. The World Wide Web server functions can be categorized into information retrieval, data and transaction management, and security. The web security has not always been considered during the development of many web technologies. The unfortunate consequence is that a number of potential security issues have emerged. Discuss the quoted statement and point out possible interventions Server threats can be classified by the means used to obtain unauthorized access into the server: The Web server and its software Back-end programs and servers such as ones for a database Common Gateway Interface (CGI) programs Other utility programs residing on the server Security levels Web servers running on most machines can be set to run at various privilege leve ls. The highest one allows access to any part of the system, including sensitive ar eas. The lowest level provides a logical fence that prevents access to sensitive are as. The rule is to use the lowest level needed to complete a given task. Setting up a Web server to run in high privilege mode can cause potential threa ts. Entering passwords Web servers that require usernames and passwords can compromise security by reve aling them. Because the Web server needs the information as it moves from page to page, it may place that in a cookie on the clients machine. The server must be careful not to request that the cookie be transmitted unprot ected. Username/password pairs Web servers may keep files with username/password pairs to use for authenticatio n.

If these files are compromised then the system can be attacked by people masque rading as others. Users who choose passwords badly also pose a threat to Web server security. Pa sswords that are easily guessed, such as birth dates, child or pet names, are po or choices. Administrators often run programs that attempt to guess users passwords as a pre ventative measure

Database threats Because databases hold valuable information, attacks on them are particularly tr oubling. Security features rely on usernames/passwords. Security is enforced using privileges. Databases that fail to store usernames/passwords in a secure manner or fail to enforce privileges can be compromised. During an attack, information may be moved to a less protected level of the dat abase, giving full access Common Gateway Interface (CGI) threats CGI implements the transfer of information from a Web server to another program. Like Web servers, CGI scripts can be set to run unconstrained (with high privil ege). Defective or malicious CGI scripts can access or destroy sensitive information. Old CGI scripts that have been replaced can be loopholes for access into the sy stem. CGI scripts can reside anywhere and are difficult to track. Possible interventions to securing the server 1. Access control Controlling who and what has access to the server; includes both users and other servers. Authentication via digital certificates and signatures. Usernames/passwords Usernames are stored as clear text Passwords are stored as encrypted text A password entered is encrypted and compared against the encrypted password. An access control list gives the users that can access certain files and folder s in the system. Read, write, and execute permissions may be set separately. 2. Use of Firewalls Inside: Network and machines protected by the firewall. Outside: All other networks. All traffic from the outside must pass through it. Only authorized traffic is allowed to pass. The firewall should be immune to attack. Operates at the application layer. Trusted networks are inside; untrusted ones outside. Can be used to separate divisions of a company. The same policies should apply to all firewalls. Unnecessary software should be stripped off Types of firewalls Packet filters: Filters traffic according to source and destination (IP address) based on a set of rules. Gateway servers: Filter traffic according to the application requested. Example

: Incoming FTP requests granted but out-going requests denied. 3. Proxy Servers Along with a firewall, a proxy server provides additional security. The proxy se rver acts on behalf of either a server or client. It takes packet requests and p rocess them through a firewall, if one is present, and passes the results back t o the original requestor. This handing off provides a shield to the client that uses the proxy server by masking and filtering requests. This looks like a firew all, but a firewall does not provide alias identities to its usersonly filtering. A single computer might run multiple servers, with each server connection ident ified by a port number. A proxy server, like an HTTP server or an FTP server, oc cupies a port. Typically, a connection uses standardized port numbers for each p rotocol. For example, HTTP is 80, and FTP is 21. Unlike common server protocols, however, the proxy server has no default port. Many of today s proxy servers also provide caching capabilities. The caching cap ability gives the end user the impression of wider bandwidth. This is because it takes information that has been passed and saves it in cache. When the user req uests the information again, it is provided via the cache instead of going onto the Internet. Proxy servers also can be used in exclusive intranet situations in which the use of the caching capability has more significance. There are curren tly no proxy servers for the NT system. 4. Secure Sockets Layer Security Secure Sockets Layer (SSL) security is enabled and disabled by using Internet Se rvice Manager. SSL is a protocol submitted to the W3C working group on security for consideration as a standard security approach for World Wide Web clients and servers on the Internet. SSL provides a security handshake that is used to init iate the TCP/IP connection. This handshake results in the client and server agre eing on the level of security that they will use, and it fulfills any authentica tion requirements for the connection. From then on, SSL s only role is to encryp t and decrypt the information that is being passed between the client and server via the Internet. 5. Specifying Permissions for Directories and Files You specify permissions for directories and files through File Manager. By highl ighting a file, series of files, or directories, you can have highly granular co ntrol over your files. This is where IIS offers a significant advantage over oth er products. It is fully integrated with the NT security system. You do not have to maintain separate sets of clearances for your system. You can use it to set private sections and pages on the Web. Remember, though, if you set up a secure area on the Web, make sure that all the associated objects used in the secure ar ea have their permissions set accordingly. 6. IP Level security IP level security is straightforward. You can grant access to all computers exce pt for those with specific IP address, or you can deny access to all computers e xcept for those with specific IP addresses. Securing a system at the IP level ca n provide an extremely high level of security, but it is a double-edged sword. Y ou can inadvertently lock out the general public, which is not consistent with W orld Wide Web practices. Likewise, security is difficult to test. You cannot tes t whether unauthorized people have gained access to a system unless you catch th em as they come in. 7. The Usage Log Among them is the ability to track the usage of your pages for marketing purpos es. This enables you to know whether you are providing the kinds of information and services that your market wants. There are several formats for HTTP logs, an d they all are similar in structure. The file is basically a comma-separated tex t file of 15 columns. The differences come from what is in each column. If you p ut in the results of other HTTP server log files, they would be practically indi stinguishable from one another.