Module IV AND VI

E-CommerceConcepts and
Security Issues

BOOKS
1. E-Commerce, Ritendra Goel, New age
international publishers, ISBN no.:
8122420443
2. E-Commerce, Jibitesh Mishra, Macmillan
publishers
India
Ltd.,
ISBN
no.:
0230331416

TOPICS TO BE COVERED
Meaning, definition, concept of ecommerce,
Features, function of E-Commerce,
E-Commerce practices v/s traditional
practices,
Scope and basic models of E-Commerce,
Limitations of E-Commerce,
Precaution for secure E-Commerce, proxy
services.
Concept of EDI,

TOPICS TO BE COVERED

Advantages of EDI,
Application areas for EDI,
Action plan for Implementing EDI,
Factors influencing the choice of EDI,
Software Concept of Electronic Signature,
Access Control.

DEFINITION OF E-COMMERCE
E-commerce is defined as modern
business methodology that addresses the
needs of
i) Organizations
ii) Merchants
iii) Consumers
to cut costs while improving the quality
of goods & services and increasing the
speed of service delivery, by using
internet.

DEFINITION OF E-COMMERCE
(cont.)

E- Commerce refers to electronic

transactions such as buying; selling,
information flow and funds transfer over
the internet.
E- Commerce broadly encompasses all
business activities taking place over the
internet. It consists of electronic retailing
(e-tailing), electronic data interchange
(EDI), and electronic funds transfer (EFT).

FEATURES OF E-COMMERCE

Improve responsiveness
Timely information flow
Co-ordinates sale efforts
Effectiveness and efficiency
Close contact with clients (fast process)
Planning and execution of meetings
Payment

TRADITIONAL COMMERCE
Manual Method
Lots of paperwork
Fund
can
transfer
only
through
purchasing and selling product
Time consuming and less efficient
Difficult to spread business allover the
world
Delay in finalizing transaction
Higher labor cost

ELECTRONIC COMMERCE
Automates manual
No paper work \ paperless exchange.
Virtual Product promotion with Global
products for comparison.
Fund can be transfer from EDI, E fund or
other network based technology
Increased productivity and efficiency
wider choice
No delay in finalizing transaction of EDI,
Email

ADVANTAGES OF E-COMMERCE
To Organizations
To Consumers
To Society

ADVANTAGES OF E-COMMERCE
(cont.)

To Organizations:
E-Commerce expands the market place to
national and international markets.
E-Commerce decreases the cost of
creating, processing, distributing, storing,
retrieving paper based information.
Ability for creating highly specialized
business.
Improved Customer Service
Low cost advertising

ADVANTAGES OF E-COMMERCE
(cont.)

Increased Productivity
Eliminating paper
Reduced Transportation Costs
Increased Flexibility

ADVANTAGES OF E-COMMERCE
(cont.)

To Consumers:
Customer can do business transactions 24 hours
a day, all year around from almost any location.
E-Commerce provides customers with more
choices.
Customer can interact with other customers in
electronic communities and exchange ideas as
well as compare experiences.
E-Commerce facilitates competition, which
results in substantial discounts.
Reduced price.
Global products.

ADVANTAGES OF E-COMMERCE
(cont.)

To Society:
Work at home and to do less traveling for
shopping, resulting in less traffic on the
roads and lower air pollution.
E-Commerce allows some merchandise to be
sold at lower prices, so less affluent people
can buy and increase their standard of living.
E-Commerce facilitates delivery of public
services, such as health care, education and
distribution of government social services at
a reduced cost and / or improved quality.

LIMITATIONS OF E-COMMERCE
Technical Limitations
Non-Technical Limitations

LIMITATIONS OF E-COMMERCE
(cont.)

Technical Limitations:
There is lack of system, security, reliability,
standards.
The software development tools are still
developing and changing rapidly.
Insufficient bandwidth in many countries.
Vendors may need special web server and
other infrastructure in addition to the network
servers.
Some E-Commerce software might not fit with
some hardware or may be compatible with
some operating system or other components.

LIMITATIONS OF E-COMMERCE
(cont.)

Non-Technical Limitations:
Lack of trust and user resistance
Security and privacy
Time for delivery of physical products
Privacy and legal issues yet to be
resolved
Cost of developing E-Commerce in-house
can be very high, and
Mistakes due to lack of experience may
results in delay.

FRAMEWORK OF E-COMMERCE

FRAMEWORK OF E-COMMERCE
(cont.)

Multimedia Contents And Network

Publishing; for creating a product
and means to communicate it:
HTML (Hypertext Markup Language),
Java, www, ASP.Net

FRAMEWORK OF E-COMMERCE
(cont.)

Messaging and information distribution

infrastructure; as a means of sending
and retrieving information : (EDI, E-mail,
HTTP)
Information content transferred over the
network consists of text, numbers, pictures,
audio and video.
Electronic data interchange (EDI) is a
document
standard
which
when
implemented acts as common interface
between two or more computer applications
in terms of understanding the document

FRAMEWORK OF E-COMMERCE
(cont.)

Hypertext Transfer Protocol (HTTP) is

an application protocol for distributed,
collaborative, hypermedia information
systems. HTTP is the foundation of data
communication for the World Wide Web.
(e.g.) https://www.google.co.in

FRAMEWORK OF E-COMMERCE
(cont.)
Common business services
infrastructure, for
facilitating the buying and selling
process:
Security
Authentication
Encryption
Electronic Payments

FRAMEWORK OF E-COMMERCE
(cont.)

Security: (Card number, username, password,

account number, Card Verification Value (CVV)
number, e-mail etc.)
Major concern for doing business on the Internet.
Businesses feel vulnerable to attack.
Concerns remain for e-commerce transactions
since there are numerous examples of data and
privacy issues.
Authentication:
Authentication is the security process of verifying
that a user is who he or she says they are.
Passwords are the most common type of
authentication.

FRAMEWORK OF E-COMMERCE
(cont.)

It is important that users understand strong

passwords.
Digital signatures are now gaining popularity
for authenticating transmitted information.
(Fingerprint verification, Voice recognition
system, Visual recognition, Hand geometry,
Vein recognition)
Authentication: Digital Signature
Digital signatures take the place of ordinary
signatures in online transactions to prove
that the sender of a message is who he or
she claims to be.

FRAMEWORK OF E-COMMERCE
(cont.)

Digital signatures are also sent in encrypted

form to ensure they have not been forged.
Encryption:
Encryption systems translate data into a secret
code (many types of encryption used).
Encryption systems include 4 main components:
Plaintext: the unencrypted message.
An encryption algorithm: that works like the locking
mechanism to a safe.
A key that works like the safes combination.
Cipher text is produced from the plaintext message
by the encryption function.

FRAMEWORK OF E-COMMERCE
(cont.)

Decryption is the same process in reverse

(like a modulation/demodulation), but it
doesnt always use the same key or
algorithm.
Plaintext
results
from
decryption.

FRAMEWORK OF E-COMMERCE
(cont.)

Public Policy, to govern such issues as

universal access, privacy.
Technical Standards, to dictate the
nature o information publishing, user
interfaces, and transport in the interest of
compatibility across the entire network.
(Website hang, user-friendly, )

APPLICATIONS OF E-COMMERCE
1. Internet bookshops
i. www.amazon.com
ii. www.bol.com
iii. www.bookshop.blackwell.co.uk

2. Grocery supplies
i. www.peapod.com
ii. www.homestore.com
iii. www.tesco.net

3. Electronic newspaper
i. www.timesofindia.com
ii. www.dainikjagran.com

APPLICATIONS OF E-COMMERCE
(cont.)
4. Internet banking

i. www.sbi.co.in
ii. www.axisbank.com

5. Electronic auctions
i. www.ebay.com
ii. www.auctionindia.com

EDI

EDI (Electronic Data Interchange) is the

computer to computer exchange of
business information in a structured,
pre-defined standard format.

It
helps
to
exchange
information
electronically
Much faster,
More cheaply,
More accurately that is impossible using
paper-based system.

 Electronic Data Interchange (EDI)

a major part of Electronic Commerce (EC),
is the computer-to-computer exchange of
business data in a standard, machineprocessable format. The information is
generally patterned after a conventional
paper document, such as a purchase
order or invoice. It is a paperless
trading

EDI (cont.)
EDI is widely used in these industries:
Manufacturing
Shipping
Warehousing
Pharmaceuticals
Construction
Petroleum
Food processing
Healthcare

EDI (cont.)
Problems
with
the
traditional
information interchange:
Example:
1. A company XYZ wants to purchase some
material.
2. Create purchase orders and bill of
materials (BOM).
3. Purchase order is then mailed to the
supplier ABC company.
4. Supplier then manually enters item
information to their customer shipping

EDI (cont.)
5. Information includes:

Customer name (XYZ company)

Order date
Order items
Quantities
Required delivery date
Agreed price
Payment method

6. This information is mailed back to

purchaser along with the items.

EDI (cont.)

EDI (cont.)
Problems:
1. Increase in processing time:
Physical transmission of documents between
trading partners.
Re-enter data.
Some information might get entered twice.

2. Low accuracy:
Data is entered again and again.
Some information might get entered twice
which will greatly increases the possibilities
of errors.

EDI (cont.)
3. High labor cost: Input of

Purchase order
Invoice
Delivery note
Items get collected and so on..

4. Increased uncertainty.

EDI (cont.)
1. Instead of printing a hardcopy of the
order and mailing it (letter), the
purchase order will be transmitted
directly to the supplier through internet.
2. On supplier's end, copy of order will be
received and he looks for stocks in
database on his computer.
3. The supplier can deliver the items on the
same date they received the order.
4. Payment is done online.

EDI (cont.)
How EDI works:
1. Buyer prepares an order in his purchase
system.
2. EDI order is translated into an EDI
document
format
called
an
EDI
purchase order.
3. EDI purchase order is then transmitted
to the supplier via internet or VAN (Value
Added Network).
4. VAN is like an electronic post office that
interconnects with suppliers VAN. VANs

EDI (cont.)
5. To access EDI purchase order send by
buyer seller has to password and user id.
6. When its are packed supplier will send
EDI invoices to buyer.

EDI (cont.)
Benefits of EDI:
1. Delay
associated
with
physical
transmission of documents and time
required to read and re-enter data is
eliminated.
2. Chance of error is greatly reduced, since
data is Not entered repeatedly.
3. Labor costs is reduced.
4. You can order the goods from any
country.

EDI (cont.)
Cost of implementing EDI:
1. Translation software
2. Software maintenance (updates)
3. Internal software development cost
(Operating system, supporting software)
4. Hardware costs (UPS, modem, internet
wire, printer etc.)
5. Training costs
6. Networking costs
7. Consulting costs

EDI-Components
Trading Partner
A trading partner is any company,
government department, or
commercial or non-commercial entity
with whom an organization regularly
exchanges documents of formatted
data (not just letters or memos).

EDI-Components
Trading Partner Agreement
A signed document between trading
partners outlining all the conditions that
will allow electronic communication.
The agreement states that the parties
intend to be legally bound in the same
manner as though they were
exchanging paper documents. The
signature on the agreement serves as a
substitute for signatures on paper
documents.

EDI-Components
Mapping
The process of taking data from a
company-specific format and fitting it
into the EDI standard electronic format
(as defined by a particular transaction
set).

Transaction Set
An EDI standard electronic format for a
business document.

EDI-Components
Translation Software
Software used to take information from
a flat data file and convert it into an EDI
standard electronic format.

Value Added Network (VAN)

A third party network performing
services beyond the transmission of
data. For example, VANs provide
mailbox, data security, and data
archiving services. Many also offer email services.

EDI-Components
VAN Interconnection
The connection between two VANS that
allows messages from one VANs
customers to be communicated to the
customers on the other.

Types or models of ecommerce

Types of ecommerce

B2B (Business-to-Business)
It means business to business. It is the
types of e-commerce in which buyer and
seller, both are businesses. In this, one
business is sells its products or services
while other business buys these products
or services.
Examples:
Alibaba.com,
globalsource.com,
hellotrade.com

Types of ecommerce

B2C (Business-to-Consumer)
It means business to consumers. It is the
type of e-commerce in which business
sells its services or products to
consumers, through internet or computer
network.
Examples:
Amazon.com, priceline.com etc.

Types of ecommerce

B2G(Business to government)
It means business to government. It is a
type of e-commerce in which business sells
its services or products to government. For
example, a government has a projects, it
needs
some
material,
so
different
companies fill the tender, and one of them
gets contract from government. Then, that
company will provide the material for the
government project. If all these processes
are taking place through websites, then it
will be B2G e-commerce.
For example, B2G companies can provide

Types of ecommerce

C2B (Consumer-to-Business)
It means consumer to business. It is a types
of e-commerce in which customers sells their
products or services to businesses. Its
common example is the advertisement that
people put on different sites.
A consumer posts his project with a set
budget online and within hours companies
review the consumer's requirements and bid
on the project. The consumer reviews the
bids and selects the company that will
complete the project. It empowers consumers
around the world by providing the meeting

Types of ecommerce

C2C (Consumer-to-Consumer)
It means consumer to consumer. It is
the type of e-commerce in which one
consumer sells its products to other
consumer,
through
internet
or
computer network.
Examples:
Quikr.com
OLX.com.

Types of ecommerce
C2G (Consumer to government)
It's where people interact with the
government on the Internet. It covers the
areas such as election, votes, and
taxation. One example of C2G is
www.whitehouse.gov
that
exchanges
information between the White House
and the public.

Types of ecommerce
G2B(government to business)
It means government to business. It is type
of e-commerce in which government sells its
information or services to businesses. This
process takes place on some special
government websites.
www.incometaxindia.gov.in

(e.g.) rules related to Tax, different forms,

and facility for submission of online tax
returns.

Types of ecommerce
G2C (government-to-consumer)
This is how the government provides
information to people electronically. It is
also where people can download forms,
submit applications online and even
renew their passports. One example
www.uscis.gov is the place for immigrants
to make appointments with the local INS
office, searching for immigration laws,
print out applications, and check their
case status, etc.

Types of ecommerce
G2G (government-to-government)
This is how governments around the
globe interact with each other on the
internet. Due to the uneven level of
technology development around the
world and the difference ofinformationsharing scope, this G2G stage still needs
improvement.However,
it
helps
governments fighting against crimes and
terrorists.

E-SIGNATURE
An electronic signaturecan be as basic as
a typed name or a digitized image of a
handwritten signature.Consequently, esignatures are very problematic with
regards to maintaining integrity and
security,
as
nothingprevents
one
individual from typing another individual's
name. Due to this reality, an electronic
signature that does not incorporate
additional measures of security (the
waydigital signatures do)is considered

Electronic payment system

ameansofmakingpaymentsover
anelectronicnetworksuch as the
Internet
Electronic Payment is a financial
exchange that takes place online
between buyers and sellers. The
content of this exchange is usually
some form of digital financial
instrument (such as encrypted credit
card numbers, electronic cheques or

CREDIT CARD-BASED ELECTRONIC

PAYMENT SYSTEM
Payments using encrypted credit card details:
Online
Credit
Verify
Clients
Card
Authorize
Bank
Processor
Monthly
Statement Send encrypted credit

Clien
t

Check for
credit card
OK info.

card information
Along with digital signatureMercha
Send Information

nt

Components of Online payment

Processing
For accepting credit cards on your
website, you need to procure the
following things first:
(1)a credit card processor
(2)a payment gateway service
(3)an electronic shopping cart
system and
(4)an Internet merchant account
issued by a bank or other financial
institution or service bureau.

Components of Online payment

Processing
Credit Card Processor:It is an
electronic data center that processes
the credit card transactions coming
from the gateway company. It
ensures the validity of charge and
then settles the funds in your
merchant account.
Internet Merchant Account:It is
an account in which funds from
online sales are deposited by the
processor. These accounts are
usually issued by banks that are

Components of Online payment

Processing
Payment Gateway Service:It is an ecommerce
service
that
authorizes
payments for e-businesses and online
retailers and is linked with a huge network
of credit card issuing banks. The payment
gateway service acts like a middleman
who comes in act when a customer
submits his/her credit card information to
the web page form. Then the websites
shopping
cart
checkout
system
electronically submits the credit card to
the gateway service. It further routes the

Components of Online payment

Processing
Shopping Cart System:A shopping
cart system allows the customer to
select and purchase products from
the website. It consists of mainly
three components: the product
catalog, the shopping cart, and the
checkout/payment system

Security Issues in E-Commerce

Globally E-commerce is growing; however it comes with a risk that

some part of the transaction is compromised which may lead to
financial loss or unindented shared private information (a breach
inprivacy). It is therefore the security of e-commerce
transactions that is a critical part of the ongoing success and
growth of E-commerce.
Any eCommerce system must meet four integral requirements:
a) privacy information exchanged must be kept from

unauthorized parties
b) integrity the exchanged information must not be
altered or tampered with
c) authentication both sender and recipient must
prove their identities to each other and
d) non-repudiation proof is required that the
exchanged information was indeed received

Threats from hackers and the risks

to business

Some of the more common threats that hackers

pose to e-commerce systems include:
carrying out denial-of-service (DoS) attacks that
stop access to authorised users of a website, so
that the site is forced to offer a reduced level of
service or, in some cases, ceases operation
completely
gaining access to sensitive data such as price
lists, catalogues and valuable intellectual
property, and altering, destroying or copying it
altering your website, thereby damaging your
image or directing your customers to another site
gaining access to financial information about your
business or your customers, with a view to
perpetrating fraud

PRECAUTION FOR SECURE ECOMMERCE

Security has three main concepts:
1. Confidentiality,
2. Integrity, and
3. Availability

PRECAUTION FOR SECURE ECOMMERCE (cont.)

Confidentiality allows only authorized
parties to read protected information. For
example, if the postman reads your mail,
this is a breach of your privacy.
Integrity ensures data remains as is
from the sender to the receiver.
Availability ensures you have access
and are authorized to resources. If the
post office destroys your mail or the
postman takes one year to deliver your
mail, he has impacted the availability of

PRECAUTION FOR SECURE ECOMMERCE (cont.)

Players:

PRECAUTION FOR SECURE ECOMMERCE (cont.)

1. Shopper who uses his browser to locate
the site.
2. The site is usually operated by a
merchant, also a player, whose
business is to sell merchandise to make
a profit.
3. As the merchant business is selling
goods and services, not building
software, he usually purchases most of
the software to run his site from thirdparty software vendors.

PRECAUTION FOR SECURE ECOMMERCE (cont.)

Security features:
Authentication: Verifies who you say
you are. It enforces that you are the only
one allowed to logon to your Internet
banking account.
Authorization: Allows only you to
manipulate your resources in specific
ways. This prevents you from increasing
the balance of your account or deleting a
bill.
Encryption: Deals with information

PRECAUTION FOR SECURE ECOMMERCE (cont.)

Auditing: Keeps a record of operations.
Merchants use auditing to prove that you
bought a specific merchandise.

PRECAUTION FOR SECURE ECOMMERCE (cont.)

Points the attacker can target
Shopper
Shopper' computer
Network connection between shopper
and Web site's server
Web site's server
Software vendor

PRECAUTION FOR SECURE ECOMMERCE (cont.)

PRECAUTION FOR SECURE ECOMMERCE (cont.)

Shopper:
1. Common challenge question used by
numerous sites. (Pet name, Mothers
name)
2. Attacker calls the shopper, pretending to
be a representative from a site visited,
and extracts information. (Can call as a
customer service representative)
3. Famous fraud sites to collect
authentication and registration
information. (http://www.ibm.com/shop is

PRECAUTION FOR SECURE ECOMMERCE (cont.)

Shopper's computer:
1. Software and hardware vendors, in their
quest to ensure that their products are
easy to install, will ship products with
security features disabled. In most
cases,
enabling
security
features
requires a non-technical user to read
manuals written for the technologist.
2. SATAN, to perform port scans on a
computer that detect entry points into
the machine. Based on the opened ports

PRECAUTION FOR SECURE ECOMMERCE (cont.)

Sniffing the network:
1. Attacker monitors the data between the
shopper's computer and the server. He
collects data about the shopper or steals
personal information, such as credit card
numbers.

E-commerce security
techniques
Encryption and decryption
Digital signature

What is encryption?
A process that converts original information,
also called plain text into a difficult-tointerpret form called ciphertext.

Done by using an encryption algorithm, a formula

used to turn plain text into ciphertext.

Two types: Asymmetric and Symmetric

SYMMETRIC KEY CRYPTOGRAPHY

Message

Message
Secret
Key

ENCRYPT

DECRYPT

(LOCK)

(UNLOCK)

(Sender)
Ciphertext

(Receiver)

Ciphertext

ASYMMETRIC KEY CRYPTOGRAPHY

Cleartext

Cleartext
Public
Key

Private
Key

ENCRYPT

DECRYPT

(LOCK)

(UNLOCK)

Ciphertext
(Sender)

Ciphertext
(Receiver)

Asymmetric Encryption

Symmetric Encryption

Which one is better?

Although, symmetric encryption is fast, it is
not as safe as asymmetric encryption
because someone could steal the key and
decode the messages. But because of its
speed, it's commonly used for e-commerce
transactions.
Asymmetric encryption is more complex--and more
secure. Asymmetric encryption's added safety
comes at a price: More computation is required, so
the process takes longer.

Whos using encryption?

If you use a computer and the internet,
youre using encryption!

Enables all organizations regardless of their size, to

be both user-and-IT friendly.

Why use encryption?

Authentication
Protects personal data such as passwords.

Privacy
Provides for confidentiality of private
information.
Integrity
Ensures that a document or file has not been
altered.
Accountability
Prevents denial or plagiarism.

DIGITAL SIGNATURE

DIGITAL CERTIFICATE
Digital Identity that establishes
your
credentials
when
doing
business or other transactions on
the Web
Issued by a Certifying Authority
(CA)
Contains

your

name,

serial

CERTIFYING AUTHORITY
Trusted Third Party
An organization which issues public
key certificates
Assures the identity of the parties
to whom it issues certificates
Maintains online access to the
public key certificates issued

PUBLIC KEY CERTIFICATION

User Certificate
Serial No.
User
User
Name
Name &
&
other
other
credentials
credentials

Certificate
Request
Users
Users
Public
Public
key
key

Public
Private

Key pair
Generation

Public

Certificate
Database

User Name
Signed
by using
CAs
private
key

Users Email
Address
Users
Public Key
CAs Name
Certificate
Class
Validity
Digital
Signature
of CA

Publish

License issued
by CCA

User 1 certificate
User 2 certificate
.

Web site of CA

DIGITAL SIGNATURE STANDARDS

Uses secure hash algorithm

Condenses message to 160 bit
Key size 512-1024 bits
Proposed by NIST in 1991
Adopted

WHY DIGITAL SIGNATURE

AUTHENTICATION

INTEGRITY

NONREPUDIATI
ON

DIGITAL SIGNATURE

Paper signatures v/s Digital

Signatures
Parameter

V/s

Paper

Electronic

Authenticity

May be forged

Can not be copied

Integrity

Signature
independent of the
document

Signature depends
on the contents of
the document

Nonrepudiation

a.
b.

Handwriting a.
expert needed
Error prone
b.

Any
computer user
Error free

Than