E COMMERCE

APURVA DESAIMBA/50007/13

MOHAMMED SAIFMBA/50009/13

E-commerce is the use of the Internet and the Web to transact business. More formally, digitally enabled commercial transactions between and among organizationsand individuals.

E-commerce vs. E-business

We use the term e-business to refer primarily to the digital enablement of transactions and processes within a firm, involving information systems under the control of the firm

E-business does not include commercial transactions involving an exchange ofvalue across organizational boundaries

E-commerce technology is different and more powerful than any of the other technologies that we have seen in the past century.

E-commerce has challenged much traditional business thinking E-commerce has a number of unique features that help explain why we have so

much interest in e-commerceSeven Unique Features of E-commerce Technology and Their Significance

Is ubiquitous (available everywhere, all the time) Offers global reach (across cultural/national boundaries) Operates according to universal standards (lowers market entry for merchants

and search costs for consumers) Provides information richness (more powerful selling environment) Is interactive (can simulate face-to-face experience, but on a global scale) Increases information density (amount and quality of information available

to all market participants) Permits personalization/customization

Types of E-commerce

Classified by nature of market relationship Business-to-Consumer (B2C) Business-to-Business (B2B) Consumer-to-Consumer (C2C)

Classified by type of technology used Peer-to-Peer (P2P) Mobile commerce (M-commerce)

E Commerce Infrastructure

The Evolution of the Internet 1961—the Present

History of Internet can be segmented into 3 phases: Innovation Phase—fundamental building blocks conceptualized and

realized in hardware and software. The basic building blocks were: packet switching hardware, client / server computing, and a communication protocol called TCP/IP.

Institutionalization Phase—Large Institutions such as Department of Defense and National Science Foundation providing funding and legitimization for Internet. The development of civilian internet was started in 1986.

Commercialization Phase—private corporations take over and expand Internet backbone and local services to ordinary citizens.

Packet Switching

A method of slicing digital messages into packets, sending the packets alongdifferent communication paths as they become available, and then reassembling the packets once they arrive at their destination

Uses routers: special purpose computers that interconnect the computer networks that make up the Internet and route packets to their ultimate destination

Routers use computer programs called routing algorithms to ensure packets take the best available path toward their destination

TCP/IP (Transmission Control Protocol/ Internet Protocol)

Protocol: A set of rules for formatting, ordering, compressing, and error-checking messages

TCP: Establishes the connections among sending and receiving Web computers, handles the assembly of packets at the point of transmission, and their reassembly at the receiving end

IP: Provides the Internet’s addressing scheme TCP/IP is divided into 4 separate layers:

Network Interface Layer Internet Layer Transport Layer Application Layer

IP Addresses

Internet address (also called IP address): a 32-bit number expressed as a series of four separate numbers marked off by periods, such as 201.61.186.227

IPv4 the current version of IP. Can handle up to 4 billion addresses IPv6 (next generation of IP) will use 128-bit addresses and be able to

handle up to 1 quadrillion addresses

Client/Server Computing

Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers that perform commonfunctions for the clients, such as storing files, software applications, etc.

Other Internet Protocols

HTTP: Used to transfer Web pages SMTP, POP, and IMAP: Used to send and receive e-mail FTP: Permits users to transfer files from server to client and vice versa Telnet: Program that enables a client to emulate a mainframe computer

terminal SSL: Protocol that provides secure communications between client and server

The E-commerce Security Environment

Dimensions of E-commerce Security

Integrity: ability to ensure that information being displayed on a Web site or transmitted/received over the Internet has not been altered in any way byan unauthorized party

Nonrepudiation: ability to ensure that e-commerce participants do not deny (repudiate) online actions

Authenticity: ability to identify the identity of a person or entity with whom you are dealing on the Internet

Confidentiality: ability to ensure that messages and data are available onlyto those authorized to view them

Privacy: ability to control use of information a customer provides about himself or herself to merchant

Availability: ability to ensure that an e-commerce site continues to function as intended

The Tension Between Security and Other Values

Security vs. ease of use: the more security measures that are added, the more difficult a site is to use, and the slower it becomes

Security vs. desire of individuals to act anonymously

Security Threats in the E-commerce Environment

Three key points of vulnerability: Client Server Communications channel

Most common threats: Malicious code Phishing Hacking and cybervandalism Credit card fraud/theft Spoofing (pharming) Denial of service attacks Sniffing Insider jobs Poorly designed server and client software

Vulnerable Points in an E-commerce Environment

Technology Solutions

Protecting Internet communications (encryption) Securing channels of communication (SSL, S-HTTP, VPNs) Protecting networks (firewalls) Protecting servers and clients

Tools Available to Achieve Site Security

Symmetric Key Encryption

Also known as secret key encryption Both the sender and receiver use the same digital key to encrypt and decrypt

message Requires a different set of keys for each transaction Data Encryption Standard (DES): Most widely used symmetric key encryption

today; uses 56-bit encryption key; other types use 128-bit keys up through 2048 bits

Public Key Encryption

Public key cryptography solves symmetric key encryption problem of having toexchange secret key

Uses two mathematically related digital keys – public key (widely disseminated) and private key (kept secret by owner)

Both keys are used to encrypt and decrypt message Once key is used to encrypt message, same key cannot be used to decrypt

message For example, sender uses recipient’s public key to encrypt message;

recipient uses his/her private key to decrypt it

Public Key Encryption using Digital Signatures and Hash Digests

Application of hash function (mathematical algorithm) by sender prior to encryption produces hash digest that recipient can use to verify integrity of data

Double encryption with sender’s private key (digital signature) helps ensureauthenticity and nonrepudiation

Securing Channels of Communication

Secure Sockets Layer (SSL): Most common form of securing channels of communication; used to establish a secure negotiated session (client-server session in which URL of requested document, along with contents, is encrypted)

S-HTTP: Alternative method; provides a secure message-oriented communications protocol designed for use in conjunction with HTTP

Virtual Private Networks (VPNs): Allow remote users to securely access internal networks via the Internet, using Point-to-Point Tunneling Protocol (PPTP)

Protecting Networks: Firewalls and Proxy Servers

Firewall: Hardware or software filters communications packets and prevents some packets from entering the network based on a security policy

Firewall methods include: Packet filters Application gateways

Proxy servers: Software servers that handle all communications originating from or being sent to the Internet

Protecting Servers and Clients

Operating system controls: Authentication and access control mechanisms Anti-virus software: Easiest and least expensive way to prevent threats to

system integrity

E Commerce Payment Systems

Types of Payment Systems

Cash Checking Transfer Credit Card Stored Value Accumulating Balance

Cash Legal tender defined by a national authority to represent value Most common form of payment in terms of number of transactions Instantly convertible into other forms of value without intermediation of

any kind Portable, requires no authentication, and provides instant purchasing power “Free” (no transaction fee), anonymous, low cognitive demands Limitations: easily stolen, limited to smaller transaction, does not provide

any float

Checking Transfer

Funds transferred directly via a signed draft or check from a consumer’s checking account to a merchant or other individual

Most common form of payment in terms of amount spent Can be used for both small and large transactions Some float Not anonymous, require third-party intervention (banks) Introduce security risks for merchants (forgeries, stopped payments), so

authentication typically required

Credit Card

Represents an account that extends credit to consumers, permitting consumersto purchase items while deferring payment, and allows consumers to make payments to multiple vendors at one time

Credit card associations: Nonprofit associations (Visa, MasterCard) that setstandards for issuing banks

Issuing banks: Issue cards and process transactions Processing centers (clearinghouses): Handle verification of accounts and

balances

Stored Value

Accounts created by depositing funds into an account and from which funds are paid out or withdrawn as needed

Examples: Debit cards, gift certificates, prepaid cards, smart cards Debit cards: Immediately debit a checking or other demand-deposit

account Peer-to-peer payment systems such as PayPal a variation

Accumulating Balance

Accounts that accumulate expenditures and to which consumers make period payments

Examples: utility, phone, American Express accounts