Unit 5 e Commerce
Unit 5 e Commerce
Payment Methods:
Merchants have traditionally allowed their customers to use a variety of payment methods. Many online merchants offer customers a range of options for online and offline ordering. The advantage of secure server is that it serves the Internet consumer who has a new WWW browser and a credit card but has never set up to use any e-payment system.
Netscapes approach to developing its business as an Internet commerce environment provider has so far proven successful. Netscape guarantees that anyone can create a server that will be compatible with Netscape secure browsers. Netscape has defined the protocols needed to do business with all the people who use the Netscape browser. The most basic Web browser must be able to handle three protocols: URL HTTP HTML The Netscape 6 browser combines Netscape Communicator and Netscape Navigator with a suite of Internet tools for high-performance Internet mail, Web page creation and instant messaging. Securing Your Netscape Browser and Site for E-Commerce: Web transactions lack the reassuring physical merchandise and face-to-face interaction with merchants. In the anonymous Web world, customers and Web merchants must deal with the following faceless threats: Unauthorized access Data alteration Monitoring Spoofing Service denial Repudiation
The Solution Netscapes Digital Certificate Authority Program: Designed to make it easier for Netscape customers to get and use digital certificates. Offers both client and server certificate services.
There are two types of digital certificates that are important when building secure Ecommerce Web sites:
Server certificates Allow visitors to the site to send personal information but which are free from threats. Personal certificates Allow the site to authenticate a visitors identity and restrict access to specified content to particular visitors. Several security standard protocols are being widely adopted for electronic communication that rely on digital certificates: SSL (Secure Socket Layer) S/MIME (Secure Multipurpose Internet Mail Extensions) SET (Secure Electronic Transactions) IPSec (Internet Protocol Secure Standard)
Available as an ActiveX control for IE users and as a Netscape plug-in. Site Server, Enterprise Edition integrates with and uses the Microsoft Wallet. Consists of the Payment Selector control and the Address Selector control. Site Server, Enterprise Edition A comprehensive Web site environment for the enhancement, deployment and advanced management of commerce-enabled Web sites. Digital Commerce Server provides the Server components, site creation and management tools and Buy Now. Server components Provide the run-time environment for the presentation and operation of online commerce Web sites. Site creation and Management tools Support remote creation and management for hosting service providers. Including the StoreBuilder wizard. Buy Now A new online selling technology. Microsoft Windows NT Server and Active Server (IIS, ASP and Microsoft Transaction Server) Microsoft IIS is the only Web server integrated with the Microsoft Windows NT Server. Microsoft ASP allows the combination of HTML, scripts and server components to create dynamic HTML and to enable powerful Web-based business solutions. Microsoft Transaction Server simplifies the development infrastructure needed to execute business logic. Microsoft Internet Security Framework and Windows NT Security The framework is a comprehensive set pf cross-platform, interoperable security technologies that support Internet security standards. Microsoft Windows NT Server offers excellent security services for account management and enterprise-wide network authentication. Open Market Softgoods Transaction Model Open Market Inc. uses a formal model for transacting business across the Internet.
Its most interesting contribution is its comprehensive approach to producing an overall commercial environment. It separates the content server from the transaction server. The process begins with a customer browsing a content server.
Additional services include special gateways that may be available to link the transaction server to financial networks. Simply having a secure WWW server may not be sufficient to perform online commerce. Open Market has enjoyed tremendous growth, much of which is due to the fostering of strategy relationships with business partners. E-Commerce in Banking Retail and investment banking stand to profit most from E-commerce. The role of E-commerce in banking is impacted by changes in technology, the emergence of new banking institutions and basic economic restructuring. Technology is enabling the development of new products and services. Technology is changing the interaction between banks and consumers. Four distinct factors contribute to the new competitive environment: 1. Changing consumer needs driven by online commerce Customers want to be able to bank at their convenience. Bankers want more stable and long term relationships with their customers. E-banking enables the bank customer to be reached, served and sold products and services in their homes and offices 24/7. 2. Optimization of branch networks in order to reduce costs
Online technology can deliver services far more economically than the existing methods. If banks are going to compete with larger competitors, they have to address their traditional banking overhead structures and their existing retail strategies. 3. Changing demographic trends and potential new consumer market The reduced level of job security and the need to plan for the future has heightened concern over personal debt, retirement planning, tax planning and saving for college. 4. The companies that take advantage of this opportunity by targeting the appropriate customers with appropriate products and services will have a lasting competitive advantage. 5. New online financial products Additional development of e-cash, such as smart cards could stimulate further banking consolidation. E-banking offers an inexpensive alternative to branching to expand a banks customers base. Smart cards and other forms of e-cash could be the key to consumer acceptance of home banking.
Internet Banking vs. Online Banking Internet banking means: Consumers do not have to purchase any software. Consumers can conduct banking anywhere as long as they have an Internet connected computer. Consumers can download account information into their own choice of programs.
Allows banks to break out of the control of software developers. Internet Banking Architecture
Open vs. Closed Models Two technology models of online banking: Open systems Content changes can occur easily because of the use of standard technology and components. Closed systems Content changes are difficult to since everything is proprietary. Banks need to be familiar with both these models.
E- CASH
Overview of Electronic Cash Payment Protocols and Systems
What is cash payment? - Cash payment is currently most popular form in conventional payment system in the world. - Currently cash payment involves 75% - 95% of all transactions are paid in cash.. - Transactions are paid in a cash form (such as $ bill) from a buyer to a seller. An electronic cash payment system usually is developed based on an electronic payment protocol which supports a series of payment transactions using electronic tokens or coins issued by a third party. There are three types of users: - a payer or consumer
- a payee, such as a merchant - a financial network with whom both payer and payee have accounts.
6. Trust Centers: They control digital signature keys, and help to secure customer confidence in certain payment systems. They are responsible for the integrity of transmitted data and authenticity of contractors. Basic Requirements for Electronic Cash Payment Systems 1. Digital money: Payment systems must provide customers and private households with acceptable digital money. 2. 3. Security: Ensure the security of transactions and information privacy of users. Scalability: A large number of customers and concurrent transactions should be handled in a scalable manner. 4. Efficient and effective: Payment systems must support efficient and effective payment processing and accounting services for small payment transactions. 5. Simple and lost cost: Payment systems must provide customers with simple and low cost transparent transactions.
Two types of implementations: - On-line payment: --> the merchant calls the bank and verifies the validity of consumers token or electronic coin before accepting the payment and delivering the merchandise. - Off-line payment: --> the merchant submits consumers payment for verification and deposit sometime after the payment transaction is completed. Primary advantage is with purchase of items less than $10 Credit card transaction fees make small purchases unprofitable Micropayments o Payments for items costing less than $1
Ecash model:
Three participants are involved in Ecash payment model: clients, merchants and banks. Client wallet software: - clients have Ecash wallet software (cyberwllet) on their computers. - they can use Ecoins in their wallet to make purchases from merchants. - withdraw coins from their accounts in a Ecash bank. - store and manage clients coins, track all transactions. Merchant software: - accept and process payments - interact with Ecash bank to perform validation and authentication - sell items and generate receipts. Banks: clients and merchants have accounts at an Ecash bank. - manage and maintain accounts of clients and merchants
Buying back coins, giving an electronic check in return. - Exchanging valid coins for new ones with some anonymity. NetCheque is proposed to provide the electronic check infrastructure required to bring monetary value into and out of the NetCash system. Clients can buy and sell NetCash coins in exchange for electronic checks. NetCash servers can use electronic checks to settle debts between themselves,
A NetCash coin has the following form: - CS_name: - name of the minting currency server. - CS addr: - network address of the minting currency server. - Expiry: - Value: - the date on which the coin becomes invalid.. - the amount of the coin is worth - Serial #: - a unique identifier of the coin to the minting currency server. Each coin is encrypted with currency servers secret key (SKcs), which becomes a digital signature to show that the coin is authentic. Overview of NetCash: - Users can make and accept payments using NetCash. - Both asymmetric and symmetric cryptography are used to provide the network security of the system to limit fraud. - The system use multiple currency servers that mint and issue electronic coins to the users of the system, accepting electronic checks in payment for them.
Electronic Cash Issues E-cash must allow spending only once Must be anonymous, just like regular currency Safeguards must be in place to prevent counterfeiting Must be independent and freely transferable regardless of nationality or storage mechanism Divisibility and Convenience Complex transaction (checking with Bank) Atomicity problem
Two storage methods On-line Individual does not have possession personally of electronic cash Trusted third party, e.g. online bank, holds customers cash accounts Customer holds cash on smart card or software wallet Fraud and double spending require tamper-proof encryption
Off-line
Advantages and Disadvantages of Electronic Cash Advantages More efficient, eventually meaning lower prices Lower transaction costs Anybody can use it, unlike credit cards, and does not require special authorization Tax trail non-existent, like regular cash Money laundering Susceptible to forgery
Disadvantages
Electronic Cash Security Complex cryptographic algorithms prevent double spending Anonymity is preserved unless double spending is attempted Does not prevent double spending, since the merchant or consumer could be at fault E-cash not popular in U.S., but successful in Europe and Japan Reasons for lack of U.S. success not clear Manner of implementation too complicated Lack of standards and interoperable software that will run easily on a variety of hardware and software systems Past and Present E-cash Systems Serial numbers can allow tracing to prevent money laundering
DIGI CASH
DigiCash is a stored-value cryptographic coin system that facilitates Internet-based commerce using software that runs on personal computers. The value of DigiCash is represented by cryptographic tokens that can be withdrawn from bank accounts, deposited in bank accounts, or transferred to another people
Unique Property DigiCash is unique in its implementation of electronic cash because it has attempted to preserve the anonymity and un-traceability associated with cash transactions DigiCash uses Blind Signatures for untraceable payments.
Advantages: 1. It allows realization of untraceable payments system which offers increased personal privacy. Disadvantages: 1. Traceability of transactions may be lowered, resulting in a higher potential for undetected fraud.
Digi-cash Payment protocol The DigiCash payment protocol and blinding can be illustrated by pictures:
WORKING OF DIGI-CASH
DIGICASH CONCEPT
Digital currency is an encrypted serial number representing real money and is convertible to real money (e.g. US dollar) if desired. Digital money is created against existing money. In the long run, digital money may be created on its own if users accept it on its face value, which will be determined by how dependable its issuers are. All monies are only as good as their issuers. Very flexible: Can be made to behave like e-checks or anonymous cash as situation warrants. SMART CARDS An electronic device about the size of a credit card that contains an embedded integrated circuit (program and memory) A smart card is a credit-card sized plastic card embedded with an integrated circuit chip that makes it "smart". This marriage between a convenient plastic card and a microprocessor allows an immense amount of information to be stored, accessed and processed either online or offline. The information or application stored in the IC chip is transferred through an electronic module that interconnects with a terminal or a card reader.
Depending on the type of the embedded chip, smart cards can be either memory cards or processor cards. Memory Cards: Any plastic card is made "smart" by including an IC chip. But the chip may simply be a memory storage device. Memory cards can hold information thousands times greater than a magnetic stripe card. Processor Cards: Smart cards with a full-fledged microprocessor on board can function as a processor device that offers multiple functions such as encryption, advanced security mechanism, local data processing, complex calculation and other interactive processes.
Some of the key features and characteristics of smart cards are: Cost Reliability Storage Capacity Ease of use Security Power Source Support Equipment Required Susceptibility Divided into two card type 1. memory cards & microprocessor cards 2. contact cards & contactless cards Uses: Storing digital cash Storing information; giving hospitals or doctors personal data without filling out a form Generating network IDs by storing X.509 certificates, private keys and RSA cryptoengines; establishing your identity when logging on to an Internet access provider or to an online bank Specialized Applications such as SIM (Subscriber Information Modules) in GSM wireless telephones -- a SIM contains all the generic information required to access the telephone network Smart cards gradually reappearing in U.S.; success depends on: Critical mass of smart cards that support applications Compatibility between smart cards, card-reader devices, and applications \
Smart Card Applications 1. Ticketless travel Seoul bus system: 4M cards, 1B transactions since 1996 Planned the SF Bay Area system 2. Authentication, ID 3. Medical records 4. Ecash 5. Store loyalty programs 6. Personal profiles 7. Government Licenses 8. Mall parking Etc
Smart (Card) Attacks One of the security features provided by most of the smart card operating systems, is the cryptographic facilities. They provide, Encryption and decryption of data for the card. Some of them can even be used to generate cryptographic keys.
The secret of the cryptographic algorithm, the keys stored, and the access control inside the smart card become the targets of attackers. These attackers perform logical non-invasive attacks, some of them attack the card physically while others just prove their success by mathematical theorems. Logical Attacks: As all the key material of a smart card is stored in the electrically erasable programmable read only memory (EEPROM), the attacks can be caused mainly on the EEPROM by, Raising the supply voltage above its design limit. Cutting the supply voltage below its design limit. Resetting random memory locations using ultraviolet light until the read protect bit is found. Exploiting misfeatures in the hardware, including the manufacturer supplied ROM code. Exploiting misfeatures in the customer written EEPROM code. Some combination of the above.
Thus to prevent this, some of the processors implement sensors which cause an alarm when there is any environmental changes. Physical Attacks: The circuit chip is first removed. The epoxy resin now visible is then dissolved using a few drops of fuming nitric acid. The chip is then exposed and vulnerable to direct attacks. A technique called reverse engineering of the circuit chips has been developed wherein the layout and function of the chip can be identified. Using this, the secrets held by the chip can be revealed. Erasing the security lock bit by focusing UV light on the EPROM. Using laser cutter microscopes to explore the chip.
A Smart Card (a term suggested by John Meckley) is similar to a credit card with a magnetic strip, but contains more information and can be programmed for different applications, and can be updated to add new applications after they are issued. An electronic device about the size of a credit card that contains an embedded integrated circuit (program and memory) A Smart Card is similar to a credit card with a magnetic strip, but contains more information and can be programmed for different applications, and can be updated to add new applications after they are issued. Smart cards come either with just memory chip, which are just storage devices and can not process information, or with processing abilities. Smart cards can be typically classified into broad categories based on how they communicate with another device: 1. Contact - Direct Communication - the card must be inserted into a smart card reader which connects to a conductive module on the card 2. Connectionless - antenna or other electromagnetic interface is imbedded in the card 3. Hybrid cards are dual chip cards with each chip containing its respective contact or connectionless interface; the chips are not connected to each other in the card 4. Combo cards have a single ship with both contact and connectionless interfaces. Power for the smart card may be supplied either by an embedded battery or by a microwave frequency -- the card needs to be within 2 to 3 inches of the card reader.
Magnetic stripe 140 bytes, cost $0.20-0.75 1-4 KB memory, no processor, cost $1.00-2.50 Memory cards Optical memory cards
4 megabytes read-only (CD-like), cost $7.00-12.00 Embedded microprocessor o o o (OLD) 8-bit processor, 16 KB ROM, 512 bytes RAM Equivalent power to IBM XT PC, cost $7.00-15.00 32-bit processors now available
Microprocessor cards
At this time, over a billion smart cards are in use, primarily in Europe. Because the current infrastructure in the US is designed for credit cards with magnetic strips, there has been a slower rate of adoption of smart cards in the US. The use of Smart Cards in Europe received its initial boost from the French government in 1985 when it purchased 16 million cards for use by its then state-owned bank.
There are two industry standard groups dealing with issues related to Smart Cards: Personal Computer / Smart Card (http://www.smartcardsys.com/)- interface between programming and PC hardware in a smart card, representing Microsoft, IBM, Bull, Schlumberger, and other interested companies. Smart Card Industry Association (http://www.scia.org/)
Smart Card Standards OpenCard Framework is supported by Sun Microsystems, IBM, Oracle, Netscape. It is a standard for NCs, emphasizes portability and personalization, and adopts Java. Personal Computer Smart Card (PCSC) Workgroup Standard is proposed by Microsoft and supported by Schlumberger Electronic Technologies. Suns Java Card API, endorsed by Citibank, Visa, First Union National Bank, VeriFone. II MCA//Unit 5 //E-Commerce// Kalaignar Karunanidhi Institute of TechnologyPage 25
Motorola formed a Smart Card Systems Business unit for contactless cards using radio. ADVANTAGES AND DISADVANTAGES OF SMART CARDS Advantages: 1. Atomic, debt-free transactions 2. Feasible for very small transactions (information commerce) 3. (Potentially) anonymous 4. Security of physical storage 5. (Potentially) currency-neutral Disadvantages: Low maximum transaction limit (not suitable for B2B or most B2C) High Infrastructure costs (not suitable for C2C) Single physical point of failure (the card) Not (yet) widely used
1. 2. 3. 4. THE CHIP
ELECTRONIC DATA INTERCHANGE EDI stands for Electronic Data Interchange. EDI has been developed by the United Nations/ECE Working Party in the 60s as a standard to simplify and standardize external trade documents. 1) It became more important with the internet boom in the mid- and late-nineties. However, EDI is not depending on any special technologies. 2) The three essential elements of EDI are
an electronic transmission medium (e.g. a peer-to-peer network or the internet) an agreed standard for structuring and formatting messages a fast delivery of electronic documents from sender to receiver.
Definition:EDI is a concept to transform specific content of e.g. invoices, delivery notes, purchase ordes and other trade documents into standardized content and back into specific content. It is regularly used to interchange data between two or more information systems without any human intervention.3) Based on the concept of EDI EDIFACT is the only international and interdisciplinary standard. 4) Different Workgroups are creating EDIFACT-subsets for use in different branches. II MCA//Unit 5 //E-Commerce// Kalaignar Karunanidhi Institute of TechnologyPage 27
How does EDI work? Suppliers proposal sent electronically to purchasing organization. Electronic contract approved over network. Supplier manufactures and packages goods, attaching shipping data recorded on a bar code. Quantities shipped and prices entered in system and flowed to invoicing program; invoices transmitted to purchasing organization Manufacturer ships order. Shipment notice EDI transaction sent (not shown) Purchasing organization receives packages, scans bar code, and compares data to invoices actual items received. Payment approval transferred electronically. Bank transfers funds from purchaser to suppliers account using electronic fund transfer (EFT).
EDI Software
Example The concept of EDI is comparable to the concept of Esperanto (the international language). Two speakers from different countries (with different languages) translate their native language into the standardized Esperanto language. Both parties are able to retranslate the Esperanto into their native language without knowledge of the foreign language. EDI does the same. Regardless of the native information system of the one company (e.g. SAP) and the information system of the partner (e.g. MS Dynamics) it is possible to interchange data between these
systems by translating the native code of SAP into EDI-based code and then into native code of MS Dynamics.
Advantages Quick access to Information. Better customer service. Reduced paper work. Better communication. Increased productivity. Cost efficiency. Accurate and improved billing. Faster order placement. Reduction in error. Disadvantages of EDI/ Barriers Firms have to incur extra cost for hiring and training staff. Needs highly structured protocols. Added security cost to safe guard confidential information from unauthorized access. It does not allows consumers to communicate or transact with vendors in an easy way. EDI the invoice is faster than the goods on their analog transportation routes. That will increase the overhead e.g. in case of reclamation. Conclusion
EDI is a concept to electronically interchange of trade documents. EDI can save a lot of money if an effective number of partners is identified. If this number is too small EDI can although be inefficient. The investment will be money thrown down the drain. INTERNET STRATEGIES The Internet is a network of networks, and by its nature is the result of a cooperative effort of all participants. This statement can be applied to at least two different levels of meaning: At a very basic technical level, any inter network depends on every connected network cooperating with every other network. At a content level, from the start there has been a feeling that people who use the Internet, particularly for gathering information, should also give back something by sharing information when they have something of interest to others.\ INTERNET TECHNIQUES Shopping Techniques buying commodities online buying specialty items online Online shopping seems to be breaking down into two categories: commodities and specialty items. Commodities were mostly raw materials which were available with minimal differentiation from any number of different sources. Specialty items include anything that cannot be bought elsewhere. Specialties could simply be a piece of information or software not sold anywhere else, or practically anything else sold only in one place. Online selling techniques Make your store easy to reach Make your site easy to use Make your products easy to buy INTERNET TOOLS A good World Wide Web browser, electronic mail client, file transfer software and the underlying networking software necessary to make it all run are requirements to get at the information available online. With these tools, we will be able to locate information about practically any other Internet tool or technique, including HTML tagging and translation software, secure
transaction software, consulting services, world wide web server and browser tools and packages, industry organizations, consultants and vendors of services. Choosing a Browser If we can choose only one Internet application, a World Wide Web browser is probably the most logical choice. It is easiest Internet interface to use; it can support other Internet applications, including Telnet, FTP, Gopher and e-mail; it is widely implemented on different platforms. Browser market is dominated by Microsoft Internet Explorer and Netscape Navigator. Other Internet client software Electronic mail has been an essential application for decades. An electronic mail client should be able to save messages sent and received, should allow file attachments, preferably using the MIME standard, and should be almost completely intuitive to use. Organizations may prefer to continue using their existing e-mail client by implementing an Internet gateway to their existing e-mail server. Individuals may wish to purchase a package like Eudora or others. FTP or File Transfer Protocol, defines procedures for transfer of files between Internet hosts. This protocol is often invoked when transferring files from World Wide Web sites, but can also be used on its own. While FTP-only sites used to be fairly common, they are becoming less common as more sites move their published data to web sites, or at least to web interfaces. FTP may be implemented very much like a windows file manager program, including drag-and-drop file copying. Telnet, a remote terminal session application, is less frequently used. It is included with complete TCP/IP packages.