Upload
waljatcolleges
View
5
Download
0
Embed Size (px)
Citation preview
E-commerce is the use of the Internet and the Web to transact business. More formally, digitally enabled commercial transactions between and among organizationsand individuals.
E-commerce vs. E-business
We use the term e-business to refer primarily to the digital enablement of transactions and processes within a firm, involving information systems under the control of the firm
E-business does not include commercial transactions involving an exchange ofvalue across organizational boundaries
E-commerce technology is different and more powerful than any of the other technologies that we have seen in the past century.
E-commerce has challenged much traditional business thinking E-commerce has a number of unique features that help explain why we have so
much interest in e-commerceSeven Unique Features of E-commerce Technology and Their Significance
Is ubiquitous (available everywhere, all the time) Offers global reach (across cultural/national boundaries) Operates according to universal standards (lowers market entry for merchants
and search costs for consumers) Provides information richness (more powerful selling environment) Is interactive (can simulate face-to-face experience, but on a global scale) Increases information density (amount and quality of information available
to all market participants) Permits personalization/customization
Types of E-commerce
Classified by nature of market relationship Business-to-Consumer (B2C) Business-to-Business (B2B) Consumer-to-Consumer (C2C)
Classified by type of technology used Peer-to-Peer (P2P) Mobile commerce (M-commerce)
E Commerce Infrastructure
The Evolution of the Internet 1961—the Present
History of Internet can be segmented into 3 phases: Innovation Phase—fundamental building blocks conceptualized and
realized in hardware and software. The basic building blocks were: packet switching hardware, client / server computing, and a communication protocol called TCP/IP.
Institutionalization Phase—Large Institutions such as Department of Defense and National Science Foundation providing funding and legitimization for Internet. The development of civilian internet was started in 1986.
Commercialization Phase—private corporations take over and expand Internet backbone and local services to ordinary citizens.
Packet Switching
A method of slicing digital messages into packets, sending the packets alongdifferent communication paths as they become available, and then reassembling the packets once they arrive at their destination
Uses routers: special purpose computers that interconnect the computer networks that make up the Internet and route packets to their ultimate destination
Routers use computer programs called routing algorithms to ensure packets take the best available path toward their destination
TCP/IP (Transmission Control Protocol/ Internet Protocol)
Protocol: A set of rules for formatting, ordering, compressing, and error-checking messages
TCP: Establishes the connections among sending and receiving Web computers, handles the assembly of packets at the point of transmission, and their reassembly at the receiving end
IP: Provides the Internet’s addressing scheme TCP/IP is divided into 4 separate layers:
Network Interface Layer Internet Layer Transport Layer Application Layer
IP Addresses
Internet address (also called IP address): a 32-bit number expressed as a series of four separate numbers marked off by periods, such as 201.61.186.227
IPv4 the current version of IP. Can handle up to 4 billion addresses IPv6 (next generation of IP) will use 128-bit addresses and be able to
handle up to 1 quadrillion addresses
Client/Server Computing
Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers that perform commonfunctions for the clients, such as storing files, software applications, etc.
Other Internet Protocols
HTTP: Used to transfer Web pages SMTP, POP, and IMAP: Used to send and receive e-mail FTP: Permits users to transfer files from server to client and vice versa Telnet: Program that enables a client to emulate a mainframe computer
terminal SSL: Protocol that provides secure communications between client and server
The E-commerce Security Environment
Dimensions of E-commerce Security
Integrity: ability to ensure that information being displayed on a Web site or transmitted/received over the Internet has not been altered in any way byan unauthorized party
Nonrepudiation: ability to ensure that e-commerce participants do not deny (repudiate) online actions
Authenticity: ability to identify the identity of a person or entity with whom you are dealing on the Internet
Confidentiality: ability to ensure that messages and data are available onlyto those authorized to view them
Privacy: ability to control use of information a customer provides about himself or herself to merchant
Availability: ability to ensure that an e-commerce site continues to function as intended
The Tension Between Security and Other Values
Security vs. ease of use: the more security measures that are added, the more difficult a site is to use, and the slower it becomes
Security vs. desire of individuals to act anonymously
Security Threats in the E-commerce Environment
Three key points of vulnerability: Client Server Communications channel
Most common threats: Malicious code Phishing Hacking and cybervandalism Credit card fraud/theft Spoofing (pharming) Denial of service attacks Sniffing Insider jobs Poorly designed server and client software
Vulnerable Points in an E-commerce Environment
Technology Solutions
Protecting Internet communications (encryption) Securing channels of communication (SSL, S-HTTP, VPNs) Protecting networks (firewalls) Protecting servers and clients
Tools Available to Achieve Site Security
Symmetric Key Encryption
Also known as secret key encryption Both the sender and receiver use the same digital key to encrypt and decrypt
message Requires a different set of keys for each transaction Data Encryption Standard (DES): Most widely used symmetric key encryption
today; uses 56-bit encryption key; other types use 128-bit keys up through 2048 bits
Public Key Encryption
Public key cryptography solves symmetric key encryption problem of having toexchange secret key
Uses two mathematically related digital keys – public key (widely disseminated) and private key (kept secret by owner)
Both keys are used to encrypt and decrypt message Once key is used to encrypt message, same key cannot be used to decrypt
message For example, sender uses recipient’s public key to encrypt message;
recipient uses his/her private key to decrypt it
Public Key Encryption using Digital Signatures and Hash Digests
Application of hash function (mathematical algorithm) by sender prior to encryption produces hash digest that recipient can use to verify integrity of data
Double encryption with sender’s private key (digital signature) helps ensureauthenticity and nonrepudiation
Securing Channels of Communication
Secure Sockets Layer (SSL): Most common form of securing channels of communication; used to establish a secure negotiated session (client-server session in which URL of requested document, along with contents, is encrypted)
S-HTTP: Alternative method; provides a secure message-oriented communications protocol designed for use in conjunction with HTTP
Virtual Private Networks (VPNs): Allow remote users to securely access internal networks via the Internet, using Point-to-Point Tunneling Protocol (PPTP)
Protecting Networks: Firewalls and Proxy Servers
Firewall: Hardware or software filters communications packets and prevents some packets from entering the network based on a security policy
Firewall methods include: Packet filters Application gateways
Proxy servers: Software servers that handle all communications originating from or being sent to the Internet
Protecting Servers and Clients
Operating system controls: Authentication and access control mechanisms Anti-virus software: Easiest and least expensive way to prevent threats to
system integrity
E Commerce Payment Systems
Types of Payment Systems
Cash Checking Transfer Credit Card Stored Value Accumulating Balance
Cash Legal tender defined by a national authority to represent value Most common form of payment in terms of number of transactions Instantly convertible into other forms of value without intermediation of
any kind Portable, requires no authentication, and provides instant purchasing power “Free” (no transaction fee), anonymous, low cognitive demands Limitations: easily stolen, limited to smaller transaction, does not provide
any float
Checking Transfer
Funds transferred directly via a signed draft or check from a consumer’s checking account to a merchant or other individual
Most common form of payment in terms of amount spent Can be used for both small and large transactions Some float Not anonymous, require third-party intervention (banks) Introduce security risks for merchants (forgeries, stopped payments), so
authentication typically required
Credit Card
Represents an account that extends credit to consumers, permitting consumersto purchase items while deferring payment, and allows consumers to make payments to multiple vendors at one time
Credit card associations: Nonprofit associations (Visa, MasterCard) that setstandards for issuing banks
Issuing banks: Issue cards and process transactions Processing centers (clearinghouses): Handle verification of accounts and
balances
Stored Value
Accounts created by depositing funds into an account and from which funds are paid out or withdrawn as needed
Examples: Debit cards, gift certificates, prepaid cards, smart cards Debit cards: Immediately debit a checking or other demand-deposit
account Peer-to-peer payment systems such as PayPal a variation
Accumulating Balance
Accounts that accumulate expenditures and to which consumers make period payments
Examples: utility, phone, American Express accounts