e-business & e-commerce basics
TRANSCRIPT
Objectives Of The Presentation.
■ The main aim of this presentation would be to try and know more about –
o E-Business
o E-Business Fundamentals
o E-Business Framework
o E-Business Application
o Technology Infrastructure for E-Business
o Payment Systems
o Security Environment
o Inter Organization E-Business (EDI)
Market Value of an Organization
Tangible Assets• Buildings
• Equipment
• Furniture
• Cash
Intangible Assets• Skills & competencies
• Motivation of employees
• Databases
• Information technologies
• Efficient & responsive processes
• Customer loyalty & relationships
Value of tangible assets1982 : 62%
1992 : 38%
2002 : 10-15%
2012 : 08-09%
Source: Brookings Institute
Major Industry trends
• Consumer trends
• Service / process trends
• Organizational trends
• Enterprise technology trends
Consumer Trends
• Speed of service
• Self-service
• Integrated solutions, not piecemeal products
Service / Process Trends
• Convergence of sales & service: customization
and integration
• Ease of use: make service consistent and
reliable
• Flexible fulfillment and convenient service
delivery: streamline your supply chain
Organizational Trends
• Contract manufacturing: becoming brand
intensive, not capital intensive
• Retain the core, outsource the rest: Business
process outsourcing
• Increasing process transparency and visibility
• Continuous innovation and employee retention
Enterprise Technology Trends
• Enterprise applications: Connect the corporation
• Infrastructure convergence: Increasing melding of
voice, data and video
• Multichannel integration: computer telephony
integration and voice recognition
• Wireless applications enter the mainstream
• Leveraging legacy investment: The rise of middleware
for systems integration
Business Drivers of the New Economy
• Global financial interdependence
• Deregulation
• Unrestricted capital flows
• Digitization
• Global communication and transportation
• New geopolitical realities
Key Business Challenges
• Agility and Speed
• Focus on core competencies and processes
• Customer centrality
• Mass customization
• Flexible IT architecture
• Interoperability of infrastructure and applications
portfolios
E-Business is All About Business
IT DrivingBusiness
BusinessDriving IT
E - Business
Major Benefits of e-Business
• Global reach
• Reduced cost
• Convenience
• Higher productivity and efficiency
What Is E-Business ?
■ E-business (electronic business) is the conduct of business
processes on the Internet.
■ These electronic business processes include :
■ buying and selling products, supplies and services;
■ servicing customers;
■ processing payments;
■ managing production control;
■ collaborating with business partners;
■ sharing information;
■ running automated employee services; recruiting; and more.
What is E-business?
e-business
Using internet technologies to
transform key business processes
WebUniversal Access
Standards
IT
Data
Applications
Core business processes
Reliability, securityand availablitiy
e-business = Business +Web + I/T
Are E-Business & E-Commerce Different?
■ E-Commerce has a narrower definition and only involves buying
and selling goods and services over the Internet.
■ E-business includes e-commerce but also covers internal
processes such as production, inventory management, product
development, risk management, finance, knowledge
management and human resources.
■ E-business strategy is more complex, more focused on internal
processes, and aimed at cost savings and improvements in
efficiency, productivity and cost savings.
Why E-Business ?
■ Anytime, anywhere commerce and services
■ Cost-effective in providing information.
■ Mobility, portability of services.
■ Availability of shared services.
■ Cost-effective utilization of services.
■ Better turn around time (for all parties involved).
• Web technologies
• Database technologies
• Integration technologies
• Networking technologies
• Security technologies
• Application Development technology
E-Business Technologies
E-Business Network
Intranet and
Extranet
E-Business
Network
Networking
Vendors
Network
Software
Network
Hardware
Enabling
Technology
E-Commerce
Applications
What is Important in an E-Business Network?
• Functionality
• Reliability
• Security
• Speed
• Scalability
• Access Control
Why Does an E-Business Network Matter to a User?
• To share knowledge and reap productivity gains by finding information
faster
• To communicate faster with clients and suppliers
• To provide options for teleworking
• To implement web services
• To enable teams to work collaboratively irrespective of geography
• To better automate business procedures
Why Does an E-Business Network Matter to an Enterprise?
• To create fundamental changes in business processes
• To enable fast responses and agile maneuvering
• To negotiate more effectively with suppliers
• To create competitive advantage
• To provide instant access to global markets
• To lower costs
• To enable the convergence of voice, data and video
• To use the e-business as a key to business operations
CEOs are Focusing on These E-Business Issues
• Building customer loyalty
• Achieving market leadership
• Streamlining business processes
• Creating new products/services
• Ascertaining compliance
• Reaching new markets
E-Business Best Practices
• Personalize relations
• Maintain visitor privacy
• Make your site easy to use
• Manage visitor perceptions
• Maintain site consistency
• Manage business knowledge
• Response quickly
1990-96 97 98 99 2000 01 02 03 04 05 06 07 08 09 2010
Tech Trigger
Peak of expectation
DisillusionmentEnlightenment
True E-businessWWW
Dot Com
Visibility
Source: Gartner Group
E-Business Hype Cycle
Global E-Readiness
• It describes the extent to which a country’s business environment is
conducive to Internet-based commercial opportunities
• EIU E-Readiness Assessment Model 2001 -
• Connectivity (30%)
• Business Environment (20%)
• E-Commerce Adoption (20%)
• Legal Environment (15%)
• Supporting E-Services (10%)
• Social and Cultural Environment (5%)
Grouping of Countries by E-readiness Ranking
.Source: The Economist Intelligent Unit, 2011
Electronic Markets
■ A market is a network of interactions and relationships where information, products, services, and payments are exchanged.
■ The market handles all the necessary transactions.
■ An electronic market is a place where shoppers and sellers meet electronically.
■ In electronic markets, sellers and buyers negotiate, submit bids, agree on an order, and finish the execution on- or off-line.
E-Business Model
■ A business model is the method of doing business by which a company can sustain
itself, that is, generate revenue.
■ The business model spells out how a company makes money by specifying where it is
positioned in the value chain.
■ In the new economy, companies are creating new business models and reinventing old
models.
■ Presently, there is no single, comprehensive and cogent taxonomy of Web business
models that one can point to.
■ Although there are many different ways to categorize e-business models, they can be
broadly classified as follows:
1. E-Business models based on the relationship of Transaction Parties
2. E-Business models based on the relationship of Transaction Types
E-business Models :
CONSUMERS
C2C
BUSINESS
B2B
GOVERNMENT
B2C
G2G
E-Business Model Based on Transaction Partners:
What is Business to Consumers (B2C) ?
■ B2B stands for transaction activities involving two business entities (business-to-
business transaction). B2C stands for transaction activities involving a business and a
consumer (business-to-consumer transaction).
■ Electronic commerce comprises commercial transactions, involving both organizations
and individuals.
■ From the technical point of view e-commerce is the processing and transmission of
digitized data.
■ Example: Flipkart,
Amazon etc.
What is Consumer to Business (C2B) ?
■ C2B stands for transaction activities involving customer (being the seller) and business
(being the buyer) (Customer-to-business transaction).
■ It is similar to the B2C model, however, the difference is that in this case the consumer
is the seller and the business organization is the buyer.
■ In this kind of a transaction, the consumers decide the price of a particular product
rather than the supplier.
■ E.g. – Naukri.com,
Monster.com.
What is Consumers to Consumers (C2C) ?
■ C2C stands for consumer to consumer electronic commerce.
■ The Internet has facilitated new types of C2C although it is important to note that this kind
of commerce -- in the form of barter, yard sales, flea markets, swap meets, and the like --
has existed since time immemorial.
■ Notably, most of the highly successful C2C examples using the Internet actually use
some type of corporate intermediary and are thus not strictly "pure play" examples of
C2C.
■ Example: OLX,
QUIKR etc.
What is Business to Business (B2B) ?■ B2B stands for "business-to-business," as in businesses doing business with other
businesses.
■ The term is most commonly used in connection with e-commerce and advertising, when
you are targeting businesses as opposed to consumers.
■ Business-to-business electronic commerce (B2B) typically takes the form of automated
processes between trading partners and is performed in much higher volumes than
business-to-consumer (B2C) applications.
■ E.g.: Indiamart.com,
Industrybuying.com,
Urjakart etc.
What is Government to Government (G2G) ?
■ Government to government (G2G) is the electronic sharing of
data and/or information systems between government agencies,
departments or organizations.
■ The goal of G2G is to support e-government initiatives by
improving communication, data access and data sharing.
■ Example: india.gov.in,
What is Business to Government (B2G) ?
■ B2G is the idea that government agencies and businesses can
use central Web sites to conduct business and interact with
each other more efficiently than they usually can off the Web.
■ Example for B2G are e-procurement websites (dhi.nic.in) and
trade facilitation websites (investindia.gov.in) etc.
What is Government to Customer (G2C) ?
■ The e-Governance scenario in India has come a long way since
computers were first introduced.
■ The focus now is on extending the reach of governance to have
a major impact on the people at large.
■ e-Governance is an important tool to enhance the quality of
government services to citizens, to bring in more transparency,
to reduce corruption and subjectivity, to reduce costs for citizens
and to make government more accessible.
■ For example: passportindia.gov.in, vahan.nic.in etc.
E-Business Models Based on Transaction Types:
■ Based on transaction type, different types of transactions can be identified as listed
below:
■ Brokerage
■ Aggregator
■ Info-mediary
■ Community
■ Value chain
■ Advertising
■ These transaction types take place in a variety of ways.
■ Moreover, any given firm may combine one or two of these as part of its web business
strategy.
Brokerage Model
■ Brokers are market-makers: they bring buyers and sellers together and facilitate transactions.
■ Brokers play a frequent role in business-to-business (B2B), business-to-consumer (B2C), or consumer-to-consumer (C2C) markets.
■ Usually a broker charges a fee or commission for each transaction it enables.
■ Types of Brokerage Models are:
– Marketplace Exchange
– Buy/Sell Fulfillment
– Auction
– Transaction
– Search
– Virtual Marketplace
Aggregator Model
■ Electronic commerce business model where a firm (that does not produce or
warehouses any item) collects (aggregates) information on goods and/or services
from several competing sources at its website.
■ The firm's strength lies in its ability to create an 'environment' which draws visitors to
its website, and in designing a system which allows easy matching of prices and
specifications.
■ Aggregator model includes:
■ Virtual Merchant
■ Catalog Merchant
■ Bit Vendor
■ Subscription model
Info-mediary Model
■ Data about consumers and their consumption habits are valuable, especially when that
information is carefully analyzed and used to target marketing campaigns.
■ Independently collected data about producers and their products are useful to consumers
when considering a purchase.
■ Some firms function as info-mediaries (information intermediaries) assisting buyers
and/or sellers understand a given market.
■ Info-mediary model includes:
■ Advertising Networks
■ Audience Measurement Services
■ Incentive Marketing
Community Model
■ The viability of the community model is based on user loyalty; Users have a high
investment in both time and emotion.
■ Revenue can be based on the sale of ancillary products and services or voluntary
contributions; or revenue may be tied to contextual advertising and subscriptions for
premium services.
■ The Internet is inherently suited to community business models and today this is one of
the more fertile areas of development, as seen in rise of social networking.
■ Types are :
– Open Source
– Open Content
– Public Broadcasting
– Social Networking Services
Value Chain Model
■ Value chain selling is supported through two business models: demand chain and a
supply chain; E-Commerce supports the transactions through both the demand chain
business model and supply chain business model.
■ Products, goods, services, or information are delivered through the parties of the value
chain from producers to end users.
■ A value chain also has relationship and administrative aspects, that is, you can manage
the relationship of the partners or enterprises in your value chain, as well as offer some
administrative services to those parties.
■ As a result, value chain business models must manage the two sides of their businesses:
their customers and direct sales, and their channel partners and suppliers; each requires
its own management channels and practices.
Advertising Model ■ The web advertising model is an extension of the traditional media broadcast model.
■ The broadcaster, in this case, a web site, provides content (usually, but not necessarily, for
free) and services (like email, IM, blogs) mixed with advertising messages in the form of
banner ads.
■ The banner ads may be the major or sole source of revenue for the broadcaster. The
advertising model works best when the volume of viewer traffic is large or highly
specialized.
■ Advertising model includes:
– Search Engine Portals
– Classifieds
– User Registration Content-based sites
– Contextual Advertising / Behavioral Marketing
E-Business Conceptual Framework
Media
Infrastructure
e-Business
Strategy
Public
Policy
Technology
Infrastructure
Capital
Infrastructure
HARDWARE SOFTWARE
INTERNET
ACCESS,
SERVICES,
E-payment,
CERTIFICATES,
ADVERTISEMENT
E-business Application Framework
E-Business Application
■ E-Business application can be sub-categorized as :
1. Internal Business Systems
2. Enterprise Communication & Collaboration
3. Electronic Commerce
Internal Business Systems
■ These include the internal systems and processes of a business like :
o customer relationship management
o enterprise resource planning
o document management systems
o human resources management.
Enterprise Communication and Collaboration
■ These include the communication systems and collaboration
processes that the business uses or might use :
o VoIP
o content management system
o e-mail
o voice mail
o Web conferencing
o business process management.
Electronic Commerce
■ These include the transactional part of e-business i.e. e-commerce :
o internet shop
o supply chain management
o online marketing
o Other e-marketing
E-business Categories
[ E-trade
[ E-consulting
[ E-transactions
[ E-learning
[ E-marketing
■ Access Control & Security
– Access control
– Authentication
– Security measures
■ Profiling & Personalizing
– Profile management & personalizing
– Behavior tracking
Essential E-commerce Processes
■ Catalog Management
– Pricing calculation
– Product configuration
– Catalog generation
■ Search Management
– Content-based search
– Parametric-based search
– Rule-based search
■ Content Management
– Dynamic content generation
– Data repository
Essential E-commerce Processes
Essential E-commerce Processes
■ Payment
– Shopping cart
– Payment method support
– Payment verification
■ Workflow Management
– Buying process automation
– Document management
– Rule & role-based content routing
E-Business Infrastructure Requirements
■ Web Hosting
■ Domain Name Services
■ Storage and Backup
■ Server Speed and Reliability
■ Management Information & Security
■ Technical Support & Advanced Solutions
■ Pricing
■ Selecting an Internet Service Provider
■ Location
■ Price
■ Internet Tool Kit
■ Internet Security
■ Internet Security Software
■ Anti-Virus Software
■ Firewall
■ Privacy Policy
■ Legal statement
■ Data sharing
■ Log files
■ Email addresses
E-Business Infrastructure Requirements
■ Broadband Internet Access
■ Narrowband
■ ISDN (Integrated Services Digital Network)
■ Broadband
■ Faster Uploads and Downloads
■ Affordability
■ Speed
■ Constant Internet Access
■ Reliability
E-Business Infrastructure Requirements
Electronic Payment System
What is Electronic Payment System ?
■ Electronic payment system is a system which helps the customer or user to make online payment for their shopping.
■ The content of this exchange is usually some form of digital financial instrument (such as encrypted credit card numbers, electronic cheques or digital cash) that is backed by a bank or an intermediary, or by a legal tender.
■ The various factors that have lead the financial institutions to make use of electronic payments are:
– Decreasing technology cost:
– Reduced operational and processing cost:
– Increasing online commerce.
Requirements for e-payments
■ Atomicity
– Money is not lost or created during a transfer
■ Good atomicity
– Money and good are exchanged atomically
■ Non-repudiation
– No party can deny its role in the transaction
Desirable Properties of Digital Money
■ Universally accepted
■ Transferable electronically
■ Divisible
■ Private (no one except parties know the amount)
■ Anonymous (no one can identify the payer)
Most Prevalent Methods Of EPS
■ The most widely used and prevalent methods of Electronic Payment System are:
1. NetBanking
2. PayPal
3. Electronic Cash
4. Software Wallets / E-Wallets
5. Smart Cards
6. Credit / Debit cards.
NetBanking
■ This is a system, well known in India, that does not involve any sort of physical
card used by customers who have accounts enabled with Internet banking.
■ Instead of entering card details on the purchaser's site, in this system the
payment gateway allows one to specify which bank they wish to pay from.
■ Then the user is redirected to the bank's website, where one can authenticate
oneself and then approve the payment.
■ Typically there will also be some form of two-factor authentication.
■ It is typically seen as being safer than using credit cards, with the result that
nearly all merchant accounts in India offer it as an option
PayPal■ PayPal is a global e-commerce business allowing payments and money transfers to
be made through the Internet.
■ Online money transfers serve as electronic alternatives to paying with traditional paper methods, such as cheques and money orders.
■ PayPal is an acquirer, a performing payment processing for online vendors, auction sites, and other commercial users, for which it charges a fee.
■ The fees depend on the currency used, the payment option used, the country of the sender, the country of the recipient, the amount sent and the recipient's account type.
■ The company also has significant operations in Omaha, Scottsdale, Charlotte and Austin in the United States; Chennai in India; Dublin in Ireland; Berlin in Germany; and Tel Aviv in Israel. From July 2007, PayPal has operated across the European Union as a Luxembourg-based bank
Electronic Cash (E-Cash)
■ A system that allows a person to pay for goods or services by transmitting a
number from one computer to another.
■ Like the serial numbers on real currency notes, the E-cash numbers are unique.
■ This is issued by a bank and represents a specified sum of real money. It is
anonymous and reusable.
■ Complex cryptographic algorithms prevent double spending
– Anonymity is preserved unless double spending is attempted
■ Serial numbers can allow tracing to prevent money laundering
E-Cash Process
1. Consumer buys e-cash from Bank
2. Bank sends e-cash bits to consumer (after charging that amount plus fee)
3. Consumer sends e-cash to merchant
4. Merchant checks with Bank that e-cash is valid (check for forgery or fraud)
5. Bank verifies that e-cash is valid
6. Parties complete transaction
E-Wallets The E-wallet is another payment scheme that operates like a carrier of e-cash
and other information.
The aim is to give shoppers a single, simple, and secure way of carrying
currency electronically.
Trust is the basis of the e-wallet as a form of electronic payment.
Most favored E-Wallets in India are Paytm, PayU Money, Mobikwik and Oxigen
Smart Cards■ Smart Cards are Plastic card containing an embedded microchip
■ So far not successful in U.S., but popular in Europe, Australia, and Japan.
Not at all used in India.
■ Success depends on:
– Critical mass of smart cards that support applications
– Compatibility between smart cards, card-reader devices, and
applications
Smart Cards Process
Credit / Debit Cards■ A credit card is a payment card issued to users (cardholders) to enable the
cardholder to pay a merchant for goods and services, based on the cardholder's
promise to the card issuer to pay them for the amounts so paid plus other
agreed charges.
■ The card issuer (usually a bank) creates a revolving account and grants a line of
credit to the cardholder, from which the cardholder can borrow money for
payment to a merchant or as a cash advance.
Credit Card Transactional Process
Payment Gateways
o A payment gateway is an e-commerce application service provider service thatauthorizes payments for e-businesses, online Shopping, etc.
o Payment gateway protects credit cards details encrypting sensitive information,such as credit card numbers, to ensure that information passes securelybetween the customer and the merchant and also between merchantand payment processor.
How Does Payment Gateway Work ?
Risks In Using E-Payment Systems
o Customer’s risks :
o Stolen credentials or password
o Dishonest merchant
o Disputes over transaction
o Inappropriate use of transaction details
o Merchant’s risk :
o Forged or copied instruments
o Disputed charges
o Insufficient funds in customer‘s account
o Unauthorized redistribution of purchased items
o Main issue: Secure payment scheme
E-Payment Issues
o Secure transfer across internet
o High reliability: no single failure point
o Atomic transactions
o Anonymity of buyer
o Economic and computational efficiency: allow micropayments
o Flexibility: across different methods of Ecommerce
o Scalability in number of servers and users
Designing E-Payment Systems
o It includes several factors:
o Privacy: A user expects to trust in a secure system; just as a telephone is a safe
o Security:A secure system verifies the identity of two-party transactions through “user authentication” & reserves flexibility to restrict information/services through access control
o Intuitive interfaces: The payment interface must be as easy to use as a telephone.
Designing E-Payment Systems (Contd..)
o Database integration:With home banking, for ex, a customer wants to play with all his accounts.
o Brokers:A “network banker” - someone to broker goods & services, settle conflicts, & financial transactions electronically, must be in place
o Pricing: One fundamental issue is how to price payment system services. For e.g., From cash to bank payments, from paper based to
e-cash. The problem is potential waste of resources.
o Standards:Without standards, the welding of different payment users into different networks & different systems is impossible.
Security Requirements Of E-Payment Systems
Authentication
Integrity
Non-repudiation
Privacy
Safety
Security Requirements of EPS
Security Environment
The E-commerce Security Environment
■ Overall size and losses of cybercrime unclear
– Reporting issues
■ 2009 CSI survey: 49% of respondent firms detected security
breach in last year
– Of those that shared numbers, average loss $288,000
■ Underground economy marketplace:
– Stolen information stored on underground economy servers
Types of Attacks Against Computer Systems (Cybercrime)
SOURCE: Based on data from Computer Security Institute, 2009
What Is Good E-commerce Security?
■ To achieve highest degree of security
– New technologies
– Organizational policies and procedures
– Industry standards and government laws
■ Other factors
– Time value of money
– Cost of security vs. potential loss
– Security often breaks at weakest link
The E-commerce Security Environment
E-Business General Security Issues
o Confidentiality
o Authentication
o Integrity
o Access Control
o Non-Repudiation
o Firewalls
Customer & Merchant Perspectives On The Different Dimensions Of E-Business Security
The Tension Between Security and Other Values
■ Ease of use:
– The more security measures added, the more difficult a site is to use, and the slower it becomes
■ Public safety and criminal uses of the Internet
– Use of technology by criminals to plan crimes or threaten nation-state
Security Threats in the E-commerce Environment
■ Three key points of vulnerability:
1. Internet communications channels
2. Server level
3. Client level
A Typical E-commerce Transaction
Vulnerable Points in an Typical E-commerce Environment
SOURCE: Boncella, 2000.
Most Common Security Threats in the E-commerce Environment
■ Malicious code
– Viruses
– Worms
– Trojan horses
– Bots, botnets
■ Unwanted programs
– Browser parasites
– Adware
– Spyware
Most Common Security Threats (cont…)
■ Phishing
– Deceptive online attempt to obtain confidential information
– Social engineering, e-mail scams, spoofing legitimate Web sites
– Use of information to commit fraudulent acts (access checking accounts), steal identity
■ Hacking and Cyber-vandalism
– Hackers
– Cyber-vandalism: Intentionally disrupting, defacing, destroying Web site
– Types of hackers: White hats, black hats, grey hats
■ Credit card fraud / theft
– Hackers target merchant servers; use data to establish credit under false
identity
■ Spoofing
■ Pharming
■ Spam / Junk Web sites
■ Denial of service (DoS) attack
– Hackers flood site with useless traffic to overwhelm network
– Distributed denial of service (DDoS) attack
Most Common Security Threats (cont…)
■ Sniffing
– Eavesdropping program that monitors information traveling over a network
■ Insider jobs
– Single largest financial threat
■ Poorly designed server and client software
■ Mobile platform threats
– Same risks as any Internet device
– Malware, botnets, vishing / smishing
Most Common Security Threats (cont…)
Technology Solutions
■ Protecting Internet communications (encryption)
■ Securing channels of communication (SSL, S-HTTP, VPNs)
■ Protecting networks (firewalls)
■ Protecting servers and clients
Tools Available to Achieve Site Security
Encryption
■ Transforms data into cipher text readable only by sender and receiver
■ Secures stored information and information transmission
■ Provides 4 of 6 key dimensions of e-commerce security:
1. Message integrity
2. Nonrepudiation
3. Authentication
4. Confidentiality
■ Examples of Encryption methods are –
1. Symmetric Key Encryption
2. Public Key Encryption & Public Key Using Digital Signatures
3. Digital Envelopes
4. Digital Certifications & Certification Authority
Public Key Encryption
■ Uses two mathematically related digital keys
– Public key (widely disseminated)
– Private key (kept secret by owner)
■ Both keys used to encrypt and decrypt message
■ Once key used to encrypt message, same key cannot be used to decrypt message
■ Sender uses recipient’s public key to encrypt message; recipient uses his/her
private key to decrypt it
Public Key Cryptography with Digital Signatures
Digital Envelopes
■ Address weaknesses of:
– Public key encryption
■ Computationally slow, decreased transmission speed,
increased processing time
– Symmetric key encryption
■ Insecure transmission lines
■ Uses symmetric key encryption to encrypt document
■ Uses public key encryption to encrypt and send symmetric key
Creating a Digital Envelope
Digital Certificates and Public Key Infrastructure (PKI)
■ Digital Certificates are a means by which consumers and businesses can utilize
the security applications of Public Key Infrastructure (PKI).
■ PKI comprises of the technology to enables secure e-commerce and Internet
based communication.
■ Digital certificate includes:
– Name of subject/company
– Subject’s public key
– Digital certificate serial number
– Expiration date, issuance date
– Digital signature of CA
■ Public Key Infrastructure (PKI):
– CAs and digital certificate procedures
– PGP Encryption (Pretty Good Privacy)
Digital Certificates & Certification Authorities
Limits to Encryption Solutions
■ Doesn’t protect storage of private key
– PKI not effective against insiders, employees
– Protection of private keys by individuals may be haphazard
■ No guarantee that verifying computer of merchant is secure
■ CAs are unregulated, self-selecting organizations
Securing Channels of Communication
■ Secure Sockets Layer (SSL):
– Establishes a secure, negotiated client-server session in which URL of requested document, along with contents, is encrypted
■ Secure - HTTP (“https”)
– Provides a secure message-oriented communications protocol designed for use in conjunction with HTTP
■ Virtual Private Network (VPN):
– Allows remote users to securely access internal network via the Internet, using Point-to-Point Tunneling Protocol (PPTP)
Secure Negotiated Sessions Using SSL
Protecting Networks
■ Firewall
– Hardware or software
– Uses security policy to filter packets
– Two main methods:
1. Packet filters
2. Application gateways
■ Proxy servers (proxies)
– Software servers that handle all communications originating from or being
sent to the Internet
Firewalls and Proxy Servers
Protecting Servers and Clients
■ Operating system security enhancements
– Upgrades, patches
■ Anti-virus software:
– Easiest and least expensive way to prevent threats to system integrity
– Requires daily updates
Management Policies, Business Procedures, & Public Laws
■ Indian firms and organizations spend about 12% of IT budget on security hardware, software, services.
■ Managing risk includes
– Technology
– Effective management policies
– Public laws and active enforcement (IT Act 2000, Cyber Law Under IPC)
A Security Plan: Management Policies
■ Risk assessment
■ Security policy
■ Implementation plan
– Security organization
– Access controls
– Authentication procedures, inc.
biometrics
– Authorization policies, authorization
management systems
■ Develop Security Protocol
■ Security audit
Ethical, Social & Political Issues in E-Business
Understanding Ethical, Social, and Political Issues in E-Business
■ Internet technology and its use in e-business disrupts existing social and businessrelationships and understandings
■ Costs and benefits of technology must be carefully considered, especially whenthere are as yet no clear-cut legal or cultural guidelines
A Model for Organizing the Issues
■ Issues raised by Internet and e-commerce can be viewed at individual,
social and political levels
■ Four major categories of issues:
– Information rights
– Property rights
– Governance
– Public safety and welfare
The Moral Dimensions of an Internet Society
Basic Ethical Concepts
■ Ethics
– Study of principles used to determine right and wrong courses of action
■ Responsibility & Accountability
■ Liability
– Laws permitting individuals to recover damages
■ Due process
– Laws are known, understood
– Ability to appeal to higher authorities to ensure laws applied correctly
Privacy
■ Privacy:
– Moral right of individuals to be left alone, free from surveillance or interference from other individuals or organizations
■ Information privacy:
– Includes both the claim that certain information should not be collected at all, as well as the claim of individuals to control the use of whatever information is collected about them
E-commerce and Privacy
■ Major ethical issue related to e-commerce and privacy:
– Under what conditions should we invade privacy of others?
■ Major social issue:
– Development of “expectations of privacy” and privacy norms
■ Major political issue:
– Development of statutes that govern relations between record-
keepers and individuals
Information Collected at E-commerce Sites
■ Personally identifiable information (PII):
– Data that can be used to identify, locate, or contact an individual
■ Anonymous information:
– Demographic and behavioral information that does not include any
personal identifiers
■ Almost all e-commerce companies collect PII and use cookies to track
clickstream behavior
Profiling and Behavioral Targeting
■ Profiling
– Creation of digital images that characterize online individual and group behavior
■ Anonymous profiles
– Identify people as belonging to very specific and targeted groups
■ Personal profiles:
– Add personal identifiers
■ Advertising networks can:
– Track consumer behavior and browsing behavior on the Web
– Dynamically adjust what user sees on screen
– Build and refresh high-resolution data images or behavior profiles of consumers
Profiling and Behavioral Targeting (cont…)
■ Deep packet inspection
– Records every keystroke at ISP level of everyone and uses information to make suggestions, target ads
■ Weblining:
– Charging some customers more for products based on profiles
■ Network advertising firms:
– Web profiling serves consumers and businesses
■ Critics:
– Profiling undermines expectation of anonymity and privacy
■ Consumers:
– Significant opposition to unregulated collection of personal information
The Internet and Government Invasions of Privacy
■ Various laws strengthen ability of law enforcement agencies to monitor
Internet users without knowledge and sometimes without judicial oversight
■ Government agencies are largest users of private sector commercial data
brokers
■ Retention by ISPs of user data a concern
Informed Consent
■ Consent given with knowledge of all the material facts needed to make a
rational decision
■ Two models:
– Opt-in
– Opt-out
■ Many E-Business firms merely publish information practices as part of
privacy policy without providing for any form of informed consent
Private Industry Self-Regulation
■ Safe harbor:
– Private, self-regulating policy and enforcement mechanism that meets
objectives of government regulations and legislation, but does not involve
government regulation or enforcement
– e.g. Privacy seal programs (TRUSTe, BBB Reliability Seal)
■ Industry associations include:
– Online Privacy Alliance (OPA)
– Network Advertising Initiative (NAI)
■ Privacy advocacy groups
– e.g. Epic.org
Technological Solutions to Privacy Invasion on the Web
■ Spyware, cookie, pop-up blockers
■ Platform for Privacy Preferences (P3P):
– Comprehensive technological privacy protection effort sponsored by W3C
– Standard for communicating to users a Web site’s privacy policy
– Compares site policy to user’s preferences or to other standards
– Works through user’s Web browser
Secure Electronic Transaction (SET) Protocol
■ Jointly designed by MasterCard and Visa with backing of Microsoft, Netscape, IBM and
others
■ Designed to provide security for card payments as they travel on the Internet
– Contrasted with Secure Socket Layers (SSL) protocol, SET validates consumers
and merchants in addition to providing secure transmission
■ SET specification
– Uses public key cryptography and digital certificates for validating both consumers
and merchants
– Provides privacy, data integrity, user and merchant authentication, and consumer
nonrepudiation
The SET Protocol
Intellectual Property Rights
■ Intellectual property:
– Encompasses all tangible and intangible products of human mind
■ Major ethical issue:
– How should we treat property that belongs to others?
■ Major social issue:
– Is there continued value in protecting intellectual property in the
Internet age?
■ Major political issue:
– How can Internet and e-commerce be regulated or governed to protect
intellectual property?
Types of Intellectual Property Protection
■ Three main types of intellectual property protection:
– Copyright
– Patent
– Trademark law
■ The goal of intellectual property law is to balance two competing interests—the
public and the private
■ Maintaining this balance of interests is always challenged by the invention of new
technologies
Trademarks and the Internet■ Cybersquatting:
Registration of domain name or other Internet use of existing trademark for purpose of extorting payments from legitimate owners.
■ Cyberpiracy: Same behavior as cybersquatting, with intent of diverting traffic from legitimate site to infringing site
■ Metatagging: Using other’s trademarks as metatags in misleading or confusing manner
■ Keywording: Using other’s trademarks as keywords on search engines in a misleading or confusing manner
■ Deep linking: Bypassing target site’s home page and linking directly to content page
■ Framing: Displaying content of another site within frame or window
Governance
■ Involves issue of social control
■ Primary questions:
– Who will control Internet and e-commerce?
– What elements will be controlled and how?
■ Stages of governance and e-commerce
– Government Control Period (1970–1994)
– Privatization (1995–1998)
– Self-Regulation (1995–present)
– Government Regulation (1998–present)
Who Governs E-commerce and the Internet?
■ Currently in a mixed mode policy environment where self-regulation, through
variety of Internet policy and technical bodies, co-exists with limited government
regulation
■ ICANN
■ Governments vs. ITU (International Tele-Communication Union)
■ Can Internet be controlled, monitored, and regulated from a central location ?
Taxation
■ Issue of taxation of e-commerce sales illustrates complexity of governance
and jurisdiction issues
■ National and international character of Internet sales wreaking havoc on
traditional taxation schemes in E-Businesses around the world for local
commerce and local jurisdictions
■ Unlikely that comprehensive, integrated rational approach to taxation issue
will be determined for some time to come
Net Neutrality
■ Currently, all Internet traffic treated equally – all activities charged the same rate, no preferential assignment of bandwidth.
■ Internet backbone providers would like to charge differentiated prices and ration bandwidth by pricing or speed (bandwidth controls).
Public Safety and Welfare
■ Protection of children and strong sentiments against pornography
– Passing legislation that will survive court challenges has proved difficult:
Children’s Internet Protection Act upheld by U.S. Supreme Court
(requires schools and libraries to install technology protection measures).
No such specific laws exist in India. Usually clubbed with the Information
Technology Act, 2000 & Indian Penal Code, 1860 as well as Information
Technology Bill.
■ Efforts to control gambling and restrict sales of drugs and cigarettes
Inter - Organization E - Business
EDI: Electronic Data Interchange
■ What is EDI?
■ Exchange of electronic data between companies using precisely defined
transactions
■ Set of hardware, software, and standards that accommodate the EDI
process
■ “EDI is the forefather / pre-cursor of B2B”
■ Estimated $500 billion worth of goods per year
■ EDI: usually over value-added networks (VANs)
Electronic Data Interchange
Relation Between Retailers, Manufacturers & Suppliers in EDM
How Does Electronic Data Exchange (EDI) Work ?
– Supplier’s proposal sent electronically to purchasing organization.
– Electronic contract approved over network.
– Supplier manufactures and packages goods, attaching shipping data recorded on a bar code.
– Quantities shipped and prices entered in system and flowed to invoicing program; invoices transmitted to purchasing organization
– Manufacturer ships order.
– Shipment notice EDI transaction sent (not shown)
– Purchasing organization receives packages, scans bar code, and compares
data to invoices actual items received.
– Payment approval transferred electronically.
– Bank transfers funds from purchaser to supplier’s account using electronic
fund transfer (EFT).
How Does EDI Work ? (Cont.)
Electronic Data Interchange Standards
■ EDI requires companies to agree on standards
– Compatible hardware and software
– Agreed upon electronic form format
■ Established EDI standards
– Automotive Industry Action Group (AIAG)
– X.12 de facto umbrella standard in U.S. and Canada
– EDI for Administration, Commerce, and Trade (EDIFACT) umbrella of
standards in Europe
How To Subscribe To EDI ?
■ Larger companies purchase hardware and software
■ Medium and small companies seek third-party service
– Value-added networking (VAN)
– Managed network services available for a fee
Electronic Data Interchange On The Web
■ Advantages of Web EDI
– Lower cost
– More familiar software
– Worldwide connectivity
■ Disadvantages of Web EDI
– Low speed
– Poor security
The Importance of Electronic Data Interchange
■ Need for timely, reliable data exchange in response to rapidly changing markets
■ Emergence of standards and guidelines
■ Spread of information into many organizational units
■ Greater reliability of information technology
■ Globalization of organizations
EDI Software
X12
Database
1. Document Support
2. Mapping
3. Standards Support
4. Translation
Communications
Value Added Network (VAN)
o A Value Added Network (VAN) is a private network provider used to facilitate
electronic data interchange (EDI).
o In the 1980s, VANs emerged as a way to connect supply chain participants.
o They offered store-and-forward mailboxes and were deployed to help trading
and supply chain partners automate many business-to-business
communications and thereby reduce the number of paper transfers needed.
Point-to-Point: EDI Without a VAN
Buyer
1
2
3
4
A
B
C
D
Supplier
Value Added Network (VAN) EDI:
1
2
3
4
A
B
C
D
Buyer Supplier
Interconnect Strategy Of VAN EDI
GE VAN
AT&T VAN
Per
cen
t Customer/supplierrequirement
Cost savings
Data accuracy/error reduction
Quick access to data
In 2006, EDI grew substantially due to customer / major supplier requirements or requests. EDI is an element used to streamline business processes.
Why do Companies use EDI?
0%
10%
20%
30%
40%
50%
60%
1990 1995 2000 2005 2006
EDI USERS
Government Health care Retail Grocery Transportation
Policy
Insuranc
e
Manufacturing
AutomotivePetroleumElectronicsChemicalBanks
Construction
Advertising
