0% found this document useful (0 votes)

494 views165 pages

E Commerce IM

Uploaded by

melody.aranduque

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

494 views165 pages

E Commerce IM

Uploaded by

melody.aranduque

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

E-COMMERCE

Revised by:
Iluminada Vivien R. Domingo, DBA
Teresita G. Moneza, BSChem
Angelica P. Payne, MSIT
2022
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Course Title : E Commerce / M Commerce

Course Code : COSC-FE2

Course Credit : 3 units

Pre-Requisite : none

Course Description This course introduces students into the new electronic medium for buying
and selling on either the Internet–the World Wide Web or via mobile application. It deals with
the basic elements that characterize E or M-Commerce: institutions, processes and networks. It
discusses the nature and relationships of these elements and how they affect the effectiveness and
efficiency of electronic transactions and business processes which take place over the digital
information highway which is the Internet.

The final project of the course is the implementation of a business idea through the development
of a website or mobile application.

Course Objectives: At the end of the semester, students will be able to:

1. Understand and appreciate the meaning of E to M commerce, e to m -business and electronic

business processes.
2. Be guided in their consideration of the World Wide Web as a commercial medium for buying
and selling.
3. Appreciate the uniqueness and nuances of implementing business processes on the web.
4. Be familiar with the infrastructure and technologies affecting the efficiency and effectiveness
of buying and selling on the web.
5. Be aware of the different management and technical issues in the development and
implementation of a commercial website.
6. Develop teamwork and cooperation among students in the development of the business
website.
7. Be aware of personal values as they affect their business objectives.
8. Propose a commercialized mobile or website software ready for sale.

-2-
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Table of Contents

CHAPTER 1. INTRODUCTION TO E-COMMERCE ...............................................................

10
1.0 Basics of e-commerce
E-Commerce or Electronic Commerce defined.

CHAPTER 2. THE E-COMMERCE VALUE CHAIN .............................................................. 20

2.1 What Is a Value Chain?

2.2 Elements in Porter's Value Chain
2.2.1 Primary Activities
2.2.2 Support Activities
2.2.3 Cost Leadership
2.2.4 Differentiation

2.3 Porter's Value Chain Analysis

2.3.1 Inbound Logistics
2.3.2 Operations
2.3.3 Outbound Logistics

2.4 Marketing and Sales

2.4.1 Services
2.4.2 Using the Value Chain Analysis Tool
2.4.3 Importance of VCA
Key Points

-3-
Activities/Assessment

CHAPTER 3. E-COMMERCE MARKETING AND SALES STRATEGIES.......................... 29

3.1 Marketing and Sales defined.
3.2 Marketing Strategies
3.3 How to start with content marketing?
3.4 What Is Affiliate Marketing?
3.5 Common Types of Affiliate Marketing Channels
3.6 What is Referral Marketing?
Referral Marketing vs. Affiliate Marketing
3.7 Conversion Funnel in E-commerce
Activities/Assessment

-4-
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

CHAPTER 4. CONSUMER PAYMENT PROTOCOL AND DELIVERY SYSTEM ............. 45

4.1 Electronic payment system
4.1.1 Credit Card
4.1.2 Debit Card
4.1.3 Smart Card
4.1.4 E-Money
4.1.5 Electronic Fund Transfer
4.1.6 Bank payments
4.1.7 Mobile money wallets

4.2 E-commerce Delivery/Shipping or Fulfillment

4.3 Ecommerce Delivery/Shipping Best Practices
4.4 Ecommerce Shipping Strategy Goals:
4.5 Most Important Ecommerce Shipping Considerations:
4.6 Here are a few things that come into play with international ecommerce shipping.
4.7 Customs Documentation
4.8 Duties and Taxes Activities/Assessments:

Part II. E-commerce Competitive Environment

CHAPTER 5. INNOVATIONS IN BANKING AND FINANCE ............................................ 56

5.1 E-Commerce Innovations in Banking & Finance
5.1.1 Electronic billing
5.1.2 ID verification
5.1.3 Mobile payments
5.1.4 Digital-only banking
5.1.5 B2B innovation
5.1.6 International commerce

5.2 Ten Banking Technologies That Are Shaping the Future

5.2.1 Augmented Reality
5.2.2 Blockchain
5.2.3 Robotic Process Automation
5.2.4 Quantum Computing
5.2.5 Artificial Intelligence
5.2.6 API Platforms
5.2.7 Prescriptive Security
5.2.8 Hybrid Cloud
5.2.9 Instant Payments
5.2.10 Smart Machines Activities/Assessments:

CHAPTER 6. NEW TRENDS IN E-COMMERCE ................................................................. 60

-5-
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

6.1 Trends in E-commerce

6.1.1 Business Potential of Voice Commerce
6.1.2 Voice Commerce: The Game Changer
6.1.3 Mobile Commerce
6.1.4 Augmented Reality
6.1.5 Point of Sale (POS) Retail
6.1.6 Ecommerce Payments
6.1.7 Crypto Payments Activities/Assessment:
Part III. Communication, Infrastructure Framework and Security

CHAPTER 7. TRADITIONAL COMMUNICATION SYSTEM............................................. 77

7.1 What Are Intranets and Extranets?
7.2 The Business Value Activities/Assessments:

CHAPTER 8. INFRASTRUCTURE FRAMEWORK .............................................................. 85

8.1 What Are the Benefits of Using a Cloud Service Infrastructure? Why You Need
Cybersecurity Defenses Activities/Assessments:

CHAPTER 9. SECURITY CONSIDERATIONS ..................................................................... 97

9.1 Security
9.1.1 Basic Concepts of Cryptography
9.1.2 Types of Cryptographic Algorithms
9.1.3 Why Three Encryption Techniques?
9.1.4 The Significance of Key Length

92. Philippine National Public Key Infrastructure (PNPKI) Activities/Assessments:

Part IV. E-Commerce Law & Cybercrime Act in the Philippines

CHAPTER 10. RA 8792 & RA 10175 ..................................................................................... 133

10.1 E-commerce Law: The framework for the promotion of E-commerce
10.2 Philippine E-commerce Roadmap as described by DITC/DTI The
salient features of Republic Act 8792
10.3 RA 10175: Cybercrime Prevention Act Part
V. Final Requirement: E-commerce Website.
Additional References /Sources
Appendix 1. RA 8792

Course Requirements :

1. Lecture/Classroom or online discussion

2. Assessment/Seat work
3. Recorded chapter presentation videos
-6-
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Evaluation Techniques :

1. Lectures/Class Discussion
2. Recorded Presentation videos via YouTube
3. Quizzes
4. Case Analysis
5. Evaluation Examination
6. The course will have no final written exam and will be 100% based on the following
continuing assessment components:

Participation (25%)

Participation marks will depend on in-class participation as well as the individual’s

contribution to the final business plan. All team members will be required to write peer reviews.

E-Commerce Website or Mobile Application Project Plan (50%)

Plans will be evaluated on the quality of the idea, and the thoroughness and
professionalism of the plan. A successful plan will be one that could be submitted and would be
seriously considered for funding. Teams are required to submit 2 drafts before the final business
plan. The drafts will not be graded but any late submission will count towards penalty points in
the final business plan. Business plans are restricted to a maximum of 25 pages.

Rubrics Grading for – e-Commerce

Presentation (25%)

-7-
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Presentations will be evaluated on their persuasiveness and professionalism. A successful

presentation will be one that will result in the examiners wanting to schedule a follow up meeting
to discuss the plan. Participation marks will be by individual. Presentation and Business Plan
marks will be by group. Students are required to be prepared to be called on randomly in class to
respond to questions, to make presentations, etc.

Course Grading System:

MidTerm FinalTerm

Class Standing 70% Class Standing 70%

• Quiz • Quiz
• Seatwork • Seatwork
• Case Studies • Case Studies
• Assessment Activities • Assessment Activities

Major Examination 30% Recorded E-Commerce Website 30%

FINAL GRADE = (MidTerm + Final Term) /2

Suggested Teaching Methodologies/Strategies :

1. Group Dynamics
2. Lecture/Class Discussion
3. Recorded Student Presentation as Samples/Analyses
4. Film Showing

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

1.2 E-Business and E-Commerce Management, Strategy, Implementation and Practice by

Dave Chaffey, ISBN-10: 0273719602, ISBN-13: 978-0273719601, 2020 Prentice Hall
1.3 Digital Business and E-Commerce Management 7th Edition by Dave Chaffey, Tanya
Hemphill, and David Edmundson-Bird, 2022, ISBN-13: 978-1292193335 ISBN-10:
1292193336, 2020, Prentice Hall

2. E-Commerce Case Problems via google search.

3. E-Commerce lecture notes/discussions via You Tube videos

Class Policies:

Aside from what is prescribed in the student handbook, the following are the professor’s
additional house rules:

1. No make-up quizzes shall be given for missed quizzes, regardless of circumstances,

unless extremely meritorious, to be determined on a case-to-case basis, upon the sole
discretion of the course facilitator. Per College Policy, students who failed to take their
midterm and/or final examination(s) on the scheduled date(s) may be given make-up
examinations. The lesson coverage of said make-up examinations shall be the same as
that of the regularly scheduled examination, but the make-up examination questions are
designed to be more difficult and challenging. All make-up examinations must be taken
no later than the prescribed deadline specified by the College.

2. All assessments, projects and other requirements must be submitted on the specified
date provided by the course facilitator. Late submission of course requirements shall
merit a corresponding deduction in points. The course facilitator reserves the right to
determine the acceptability of reason(s) presented by the student.

3. Plagiarism is highly prohibited.

4. Cellphones must be on a silent mode or turned off inside the classroom.

5. Student should seek permission from the professor before going out of the classroom,
observe classroom cleanliness and orderliness. Make sure that the classroom is clean
every start and end of the class.

SUGGESTED GROUP PROJECT:

Group students by two members each. The group will choose any product (first come first
served). The product type of which is to be submitted to the class president to avoid duplication.
The group will have to create an E Commerce website about the product. Upload the website
link to schoology or any educational platform desired by the faculty.

-9-
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

SUGGESTED PRODUCT CATEGORIES: (but may vary depending on the faculty)

FOOD: Pilipino food, Italian Food, American Food, Japan Food *3 groups here

CLOTHING: Men’s and ladies Dresses, Pants and Shirts, Sleepwear for all ages, Children’s
dresses *4 groups here

SHOES: Sports shoes for men and women, Leather shoes for men and women Children’s shoes,
*3 groups here

BAGS: Formal bags, semi-formal bags, non-formal bags *3 groups here

APPLIANCES: TV, Musical appliances, Aircon units *3 groups here

FURNITURES: Wooden Chairs and tables, Wooden Cabinets, Steel chairs and tables, Steel
Cabinets, Plastic chairs and tables, Plastic cabinets, Plastic *6 groups here

Cars: Luxury cars, Mid-range cars, Low range cars *3 groups here

Compiled initially 2020-21 by:

Iluminada Vivien R. Domingo
Teresita G. Moneza
Joel Munsayac

- 10 -
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

CHAPTER 1. INTRODUCTION TO E-COMMERCE

OVERVIEW:
Foundation of E-commerce, Part I is composed of four chapters such as: Introduction to
E-commerce, E-commerce Value Chain, Marketing and Sales Strategies and electronic Payment
protocol and delivery/fulfillment or shipping services. The basic knowledge to put up an online
business is discussed giving emphasis to actual examples and best practices.

Learning Objectives:
At the end of this lesson, students should be able to:
1. Explain the applications of e-commerce in our daily activities and in business.
2. Understand and differentiate the categories and business models of e-commerce
3. Apply the concepts and principles learned in a team project.

Chapter 1. Introduction to E-Commerce

Topics 1.1. Basics of E-Commerce
The roots of E-Commerce E-Commerce and business
What E-Commerce offers new business process?
1.2. Categories of E-Commerce
Business to Business (B2B) Customer to Business (C2B)
Customer to Customer (C2C) Business to Customer (B2C)
Other types of E-Commerce
1.3. E-Commerce Business Model
Private Label White Label
Drop shipping Print-on-demand.
Subscription Service Wholesaling
1.4. Advantages and Disadvantages of e-commerce

Basics of e-commerce
The history of e-commerce started 40 years ago and, to this day, continues to grow with new
technologies, innovations, and thousands of businesses entering the online market each year.
Electronic Data Interchanges (EDI) and teleshopping in the 1970s paved the way for the modern-
day e-commerce store. The history of e-commerce is closely intertwined with the history of the
internet. Online shopping only became possible when the internet was opened to the public
in1991. Amazon.com was one of the first ecommerce sites in the US to start selling products
online and thousands of businesses have followed since. The convenience, safety, and user
experience of e-commerce have improved exponentially since its inception.

- 11 -
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

In the late 1960s, the military developed ARPAnet to ensure that crucial communications were
circulated in the event of a nuclear attack. The original ARPAnet connected four large U.S.
research universities and relied on huge, unwieldy computers. In 1971, researchers developed the
Terminal Interface Processor (TIP) for dialing into the ARPAnet from an individual computer
terminal [source: ARPAnet]. But the greatest networking evolution came in 1982, when
ARPAnet switched over to Transmission Control Protocol and Internet Protocol (TCP/IP),
the same packet-switched technology that powers the modern Internet.

By the early 1980s, individual computer users -- still mostly at major research universities -- were
sending e-mails, participating in listservs and newsgroups, and sharing documents over networks
like BITNET and USENET.

CompuServe was one of the first popular networking services for home PC users, providing tools
like e-mail, message boards and chat rooms. In the mid-1980s, CompuServe added a service
called the Electronic Mall, where users could purchase items directly from 110 online merchants
[source: Smart Computing]. While the Electronic Mall wasn't a huge success, it was one of the
first examples of e-commerce as we know it today.

In 1990, a researcher named Tim Berners-Lee at the European Organization for Nuclear
Research (CERN, from its French name) proposed a hypertext-based web of information that a
user could navigate using a simple interface called a browser. He called it the "World Wide
Web" [source: Net Valley]. And in 1991, the National Science Foundation lifted a ban on
commercial businesses operating over the Internet, paving the way for Web-based e-commerce.

In 1993, Marc Andreesen at the National Center for Supercomputing Applications (NCSA)
introduced the first widely distributed Web browser called Mosaic. Netscape 1.0's release in 1994
included an important security protocol called Secure Socket Layer (SSL) that encrypted
messages on both the sending and receiving side of an online transaction. SSL ensured that
personal information like names, addresses and credit card numbers could be encrypted as they
passed over the Internet.

In 1994 and 1995, the first third-party services for processing online credit card sales began to
appear [source: Keith Lamond]. First Virtual and CyberCash were two of the most popular. Also
in 1995, a company called Verisign began developing digital IDs, or certificates, that verified the
identity of online businesses. Soon, Verisign switched its focus to certifying that a Web site's
ecommerce servers were properly encrypted and secure.

E-Commerce or Electronic Commerce defined.

E-commerce is a popular term for electronic commerce or even internet commerce. The name is
self-explanatory, it is the meeting of buyers and sellers on the internet. This involves the
transaction of goods and services, the transfer of funds and the exchange of data.
- 12 -
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

So when you log into your Amazon and purchase a book,

this is a classic example of an e-commerce transaction. Here
you interact with the seller (Amazon), exchange data in
form of pictures, text, address for delivery etc. and then you
make the payment.
As of now, e-commerce is one of the fastest growing
industries in the global economy. As per one estimate, it
grows nearly 23% every year. And it is projected to be a $27
trillion industry by the end of this decade. Some of the
Emerging Trends In e-Business
• Network Marketing
• Franchising
• Business Process Outsourcing
• Aggregator
• Knowledge Process Outsourcing
• Digital Economy
• M-Commerce

Categories of E-Commerce
Electronic commerce can be classified into four main categories. The basis for this simple
classification is the parties that are involved in the transactions.

1. Business to Business (B2B)

This is Business to Business transactions. Here the companies are doing business with each other.
The final consumer is not involved. So the online transactions only involve the manufacturers,
wholesalers, retailers etc.

2. Business to Consumer (B2C)

Business to Consumer. Here the company will sell their goods and/or services directly to the
consumer. The consumer can browse their websites and look at products, pictures, read reviews.
Then they place their order, and the company ships the goods directly to them. Popular examples
are Amazon, Flipkart, Jabong etc.

3. Consumer to Consumer (C2C)

Consumer to consumer, where the consumers are in direct contact with each other. No company
is involved. It helps people sell their personal goods and assets directly to an interested party.
Usually, goods traded are cars, bikes, electronics etc. OLX, Quikr etc. follow this model.

4. Consumer to Business (C2B)

This is the reverse of B2C, it is a consumer to business. So the consumer provides a good or some
service to the company. Say for example an IT freelancer who demos and sells his software to a

- 13 -
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

company. This would be a C2B transaction. Examples of E-Commerce: Amazon, Flipkart, eBay,
Fiverr, Upwork, Olx, Quikr among others.

E-Commerce Business Models

Once you have decided on a type or category, the next thing to do is selecting an e-commerce
model for your business. Following are the six (6) e-commerce business models growing in
2020.

1. Private label
Many new e-commerce entrepreneurs have great product ideas but no internal resources or
capacity to manufacture products themselves. An example is Richelieu Foods a private-label
company producing frozen pizza, salad dressing, marinades, and condiments for other
companies.

Recent projections suggest the ecommerce private label market will quadruple in the next five
years to meet growing demands. Here are two of the most convincing reasons that make private
label a solid choice:

1. Private-label products are developed, branded, and sold by one company, separating it
from competitors. Private-label brand owners own the design, specifications, production
technique, and have exclusive rights to sell under a private brand. Since they’re the only
supply source, private labels with good marketing can create demand hype and charge
premium prices.

2. Private label products typically enjoy very high profit margins. Brand owners take
control of the manufacturing and operation costs so they can minimize the cost of goods
sold (COGS). And since they’re the only sellers in the market, they can make strong
margins from premium prices.

There are some roadblocks and risks to consider for private label e-commerce businesses:

3. Finding the right private label manufacturers to collaborate with is a challenge. To

minimize the cost per unit, many entrepreneurs travel halfway around the world to
developing countries like China and Vietnam. They pay a lot of upfront capital to order
large batches and lower per-unit costs.
4. Manufacturers can’t guarantee defect-free batches, even when a prototype is perfect, so
running and managing quality control is necessary to avoid expensive problems.
5. Selling branded products online that are only sold by one vendor limits customer access.

2. White label
Like the private-label model, white label retailers apply their brand names and resell generic
products purchased from a supplier.
- 14 -
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

White-label businesses are free from the management of manufacturing and quality control but
deal with extensive competition. White-label vendors control package design, but not product
specifications or quality. Since any reseller can sell these products, competitors hardly have an
edge in terms of unique selling points and use marketing strategies and distribution channels to
differentiate themselves.
Another obstacle white-label business owners deal with is inventory management. Most
suppliers set a minimum order quantity to achieve economies of scale by increasing production.
As a reseller, understanding the demand of your white-label products is critical. Mismanaging
inventory can leave white labels stuck with large batches of unsold inventory.

3. Drop shipping
In recent years, drop shipping has emerged as a genius retail fulfillment model for e-commerce
beginners to launch with little to no capital. Drop shipping allows businesses to market and sell
products online without stocking inventory. As orders are placed, drop shippers purchase items
from suppliers who then ship products directly to customers.

The benefits of the drop shipping e-commerce model are considerable:

1. Drop shipping businesses do not need to pay for warehouse space, order or manage stock,
pack or ship products, track inventory, or handle returns
2. Drop shippers can start with a small budget and scale up as they’re ready with little
financial risks
3. Drop shippers don’t have to worry about manufacturing or inventory and fulfillment
management and can invest resources into site design, customer support, and marketing
and sales strategies.

Drop shipping risks include:

1. With no product control, a bad supplier can burden customer-support teams and damage
the trust and credibility of a business.
2. While the supplier manages the fulfillment process, the business owner still needs to deal
with delivery tracking issues.
3. Since anyone can start a dropship business, the competitiveness is fierce. Low prices and
large advertising and Google SEO budgets can mean low profit margins.

Drop shipping is not a stress-free e-commerce model — it comes with several complexities to
plan for. But the obvious advantages offer opportunities for new, ambitious, online entrepreneurs
to start from zero and make something big.

4. Print-on-demand
The print-on-demand model is similar to drop shipping — businesses sell custom designs on a
variety of products like t-shirts, hoodies, leggings, mugs, phone cases, and canvases. When an
order is placed, a third-party manufacturer prints the selected design on a product, packs it up in
branded packaging, and delivers directly to the customer. Drop shipping and print-on-demand
models share common benefits:

- 15 -
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

1. Up-front capital is not required making it a low-risk model. Print-on-demand businesses

only pay fees to third-party suppliers as orders are shipped.
2. Inventory management is taken care of and orders are automated by professional third
party printing suppliers like Printify and Printful. To earn an edge in this increasingly
competitive market, you’ll need strong graphic design skills, excellent marketing
strategies, and top-notch customer support.

5. Subscription service
Imagine you are a busy professional, short on time — a meal delivery service that ships to your
front door might be exactly what you’re looking for. The beauty of and demand for convenience
has given rise to the fast-growing subscription-service e-commerce model.
By definition, a subscription business model allows customers to subscribe to a service for a set
period of time, typically monthly or annually. When the subscription period expires, customers
can cancel or renew, enjoying convenience and savings on repeat orders.

This model has advantages that make it tempting as an e-commerce venture:

1. Owners can reduce order abandonment rates and maintain high customer
retention and loyalty.
2. Owners can plan inventory and delivery in advance.
3. Owners can enjoy high margins and lower inventory risks.

Healthy Surprise is an example of a food subscription service websites. Other potential products
for a subscription model are books, videos, training courses, and consumer goods that need to be
replaced regularly like electric toothbrush heads.

6. Wholesaling
As the name suggests, wholesaling is a business model where an e-commerce store offers
products in large quantities at discount rates. Wholesaling used to be mostly a B2B business
practice. But thanks to the internet, anyone can offer wholesale as a C2B or B2C practice.

Wholesale in e-commerce companies is quickly rising. Take for example Beard & Blade doubling
their revenue in the last 2 years and Laird Superfood increasing their annual revenue 550%.

Securing business partners for wholesale e-commerce requires tremendous effort in both
traditional and modern sales channels like tele sales, trade shows, advertising, and influencer
marketing.

Advantages of E-Commerce
• E-commerce provides the sellers with a global reach. They remove the barrier of place
(geography). Now sellers and buyers can meet in the virtual world, without the hindrance
of location.

- 16 -
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

• Electronic commerce will substantially lower the transaction cost. It eliminates many
fixed costs of maintaining brick and mortar shops. This allows the companies to enjoy a
much higher margin of profit.
• It provides quick delivery of goods with very little effort on part of the customer.
Customer complaints are also addressed quickly. It also saves time, energy and effort for
both the consumers and the company.
• One other great advantage is the convenience it offers. A customer can shop 24×7. The
website is functional at all times, it does not have working hours like a shop.
• Electronic commerce also allows the customer and the business to be in touch directly,
without any intermediaries. This allows for quick communication and transactions. It also
gives a valuable personal touch.

Disadvantages of E-Commerce
• The start-up costs of the e-commerce portal are very high. The setup of the hardware and
the software, the training cost of employees, the constant maintenance and upkeep are all
quite expensive.
• Although it may seem like a sure thing, the e-commerce industry has a high risk of
failure. Many companies riding the dot-com wave of the 2000s have failed miserably.
The high risk of failure remains even today.
• At times, e-commerce can feel impersonal. So it lacks the warmth of an interpersonal
relationship which is important for many brands and products. This lack of a personal
touch can be a disadvantage for many types of services and products like interior design
or the jewelry business.
• Security is another area of concern. Only recently we have witnessed many security
breaches where the information of the customers was stolen. Credit card theft, identity
theft etc. remain big concerns for the customers.
• Then there are also fulfillment problems. Even after the order is placed there can be
problems with shipping, delivery, mix-ups etc. This leaves the customers unhappy and
dissatisfied.

Review: https://sumo.com/stories/ecommerce-success-stories
https://www.miva.com/blog/the-history-of-ecommerce-how-did-it-all-
begin/

Case Study 1. How Beardbrand Turned A Growing Community Into An eCommerce Store With
$20,000 In Sales Every Day

Eric Bandholz has an incredible beard. And his passion for facial hair has taken him, and his
company, Beardbrand, on an unbelievable journey since the business was founded in 2012 From
humble beginnings as a YouTube channel and blog, Beardbrand has grown into a hugely
successful eCommerce business making thousands of dollars in sales every single day. As Eric
created content about beard care, male grooming, and beard culture, he quickly realized the beard
community had plenty of unmet grooming product needs.

- 17 -
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

So as all great entrepreneurs do, he set out to plug this gap in the market and Beardbrand was
born. They launched their first grooming products in 2013; the catalyst was Bandholz’s blog
being featured in the New York Times. Bandholz explains: “Beardbrand's community was
moving along as normal, when I was contacted by a New York Times reporter. The reporter was
doing a story on beard care products and wanted my expertise. She was also impressed with the
small community that was starting to grow.”

Knowing they had this feature coming up, the Beardbrand team rallied to turn the blog into
something more than a content hub and they managed to launch the Beardbrand online store one
day before the article was published. The New York Times feature helped Beardbrand to acquire
a few initial customers, “but wasn't like Niagara Falls worth of business,” Bandholz told
Shopify. Since then, much of Beardbrand’s success has come down to their laser focus on
community, their vision, and messaging. Their mission— “To Foster Confidence Through
Grooming”—is featured front and center of their homepage: And throughout their eCommerce
site, you get the feeling that Beardbrand sincerely wants “beardsmen”—a term coined by
Bandholz referring to men with facial hair—to feel proud of their beards and take real pride in
their appearance.

From the “What Type of Beardsman Are You?” quiz: To their blog covering topics like style,
grooming, and travel: Much of the Beardbrand website is dedicated to resources aimed to help
“beardsmen” understand more about their beards and learn how to be the best version of
themselves—aligning with Beardbrand’s vision “To Foster Confidence Through Grooming”. The
Takeaway: Focus on The Mission Of Your Business And “Why” You Exist Beardbrand is an
eCommerce business. But it doesn’t purely exist to sell grooming products to customers.
Beardbrand’s reason for existence goes much deeper than that. First and foremost, the company
wants to help men feel more confident in themselves and it just so happens that grooming
products is one of the ways they do that. Whether you’re just starting out your eCommerce store
or running a well-established eCommerce business, think carefully about “why” your business
exists. Understanding this “why” and having a real mission behind your business will help you to
connect with your customers and build true relationships.
Just look at Nike, one of the most successful commerce companies in history; their mission is "To
bring inspiration and innovation to every athlete in the world." And if you’ve ever seen one of
their adverts or interacted with the brand in any way you can see how that mission guides
everything they do. Want to learn more about Beardbrand’s journey?

Case Study 2. How Beer Cartel Used Content Marketing To Increase Revenue By $65,000 Beer
Cartel is an eCommerce company founded in 2009, and they stock the largest range of craft
beers in Australia, with over 1,100 beers on offer.
In 2017, Beer Cartel founder Richard Kelsey wanted to grow his business and gave the company
four specific challenges:

- 18 -
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

1. To create publicity for Beer Cartel

2. To be seen as a thought leader in the craft beer space
3. To increase Beer Cartel’s mailing list
4. To drive an increase in sales
To tackle these challenges Beer Cartel turned to content marketing.
Instead of copying and pasting the same types of content as every other business out there, Beer
Cartel created something unique: the Australian Craft Beer Survey. The survey asked questions
that helped Beer Cartel to understand the craft beer market. It opened up with some qualifying
questions to help Beer Cartel understand their respondents, asking for:
• Respondents age range
• Gender
• What types of alcoholic drinks they have consumed in the past 4 weeks The survey
then moves into a group of more craft beer focused questions like:
“Which of the following is your preferred beer type?” “How long ago did you first start drinking
craft beer? “How experienced are you with craft beer?”
Next, once the survey was created, Beer Cartel had to get people to participate in the survey,
which can be notoriously difficult. To navigate this challenge, Beer Cartel took a unique, two-
pronged approach. First, Beer Cartel knew that it would need help from other brands in the
industry to spread the word about the survey. But instead of sending a generic “we’re running a
survey, would you help us promote it?” message, it crafted a compelling offer for other brands in
the Australian craft beer industry.
To encourage sharing and support of the survey, any business that promoted the survey would
receive a free copy of the industry report generated from the survey results. So by simply sharing
a survey, each participating business could gain some important insights into the Australian craft
beer industry and its customers.
It was a win-win situation. Beer Cartel would receive publicity for its survey, and any business
sharing the survey would in turn receive information that will help them to better understand their
market and customers. In the blog post launching the survey that you see above, Beer Cartel also
offered other businesses direct contact with founder Richard Kelsey to help them get set up with a
unique promo link. This approach was hugely successful; just look at the number of businesses
that supported the survey: And second, to encourage consumers to take the survey, Beer Cartel
created a couple of offers. For anyone who completed it, they would:
1. Have the chance to win $500 of craft beer.
2. Receive a coupon code to get $10 off their next order from Beer Cartel
In total, more than 17,000 people took the survey. The survey results were published on Beer.
Cartel’s blog and helped grow their site traffic by 100%— from 62,000 unique website visits in
2016 to 128,000 in 2017. But it wasn’t just the traffic that increased from this campaign:
1. Revenue in 2017 increased by $65,000 (34% increase over 2016)

- 19 -
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

2. Beer Cartel’s mailing list increased by 130% from 13,000 in 2016 to over 30,000
subscribers in 2017.
3. More than 20 articles were written about the survey, increasing awareness and backlinks
to Beer Cartel’s site

The Takeaway: Create Unique Content That Delivers New Insights

Content marketing is very hard to get right. But as Beer Cartel proves, if you do manage to get it
right, content marketing can deliver incredible results for your eCommerce business. Who
wouldn’t like a 34% increase in revenue? If you want content marketing to work for you,
though, you need to take a fresh approach and deliver content that truly creates value for your
industry and customers.

Activities/Assessments:

INDIVIDUAL ACTIVITY:

1. Compare and contrast the categories and models of E-Commerce by giving examples. Write
your answer in a yellow sheet paper or save the file and send to your schoology Section
account as: Assign1 LN, FN Yr. and Section document file
2. Summarize the 5 stories shared in the video. Write in a yellow sheet paper or save the file
and send to your schoology Section account as: Assign2 LN, FN Yr. and Section
3. Read the 2 Case studies. Write your comments/views on a yellow sheet of paper. List down
topic keywords you think are important. Send or send file to our class schoology account as:
Assign3 LN, FN Yr. and Section document file.

TEAM ACTIVITY:
1. Identify the product/services you wanted to put online. Also, identify the e-commerce
category and business model.

NOTE: Students in a Module Based Learning shall also use Assign# LN FN Yr and Section

- 20 -
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

CHAPTER 2. THE E-COMMERCE VALUE CHAIN

Overview

A value chain, developed by Michael Porter, is a set of activities that an organization

carries out to create value for its customers. The way in which value chain activities are
performed determines costs and affects profits. This tool can help managers understand
the sources of value in their organization.

Learning Objectives:
At the end of the lesson, students shall be able to:
1.Understand the use and importance of Porter’s Value Chain in ecommerce.
2.Learn how to analyze the value chain of a company/business.

Topics: The Value Chain

Primary activities:
Inbound logistics, Operations, Outbound logistics
Marketing and Sales, Customer Service
Support Activities:
Organizational structure, Human resource management,
Technological development, Procurement

What Is A Value Chain?

A value chain is used to describe all the business activities it takes to create a product from start
to finish (e.g., design, production, distribution, etc.). And a value chain analysis gives businesses
a visual model of these activities. With this analysis, you can take steps to create a competitive
advantage, improve efficiency, and increase profit margins. Let's take a deeper look into value
chain analysis and learn how you can analyze your business activities.

How do you change business inputs into business outputs in such a way that they have a greater
value than the original cost of creating those outputs?

This is not just a dry question: it is a matter of fundamental importance to companies, because it
addresses the economic logic of why the organization exists in the first place.

Manufacturing companies create value by acquiring raw materials and using them to produce
something useful. Retailers bring together a range of products and present them in a way that's
convenient to customers, sometimes supported by services such as fitting rooms or personal
10
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

shopper advice. And insurance companies offer policies to customers that are underwritten by
larger re-insurance policies. Here, they're packaging these larger policies in a customer-friendly
way, and distributing them to a mass audience.

The value that is created and captured by a company is the profit margin:

Value Created and Captured – Cost of Creating that Value = Margin

The more value an organization creates, the more profitable it is likely to be. And when you
provide more value to your customers, you build competitive advantage.

Understanding how your company creates value, and looking for ways to add more value, are
critical elements in developing a competitive strategy. Michael Porter discussed this in his
influential 1985 book "Competitive Advantage," in which he first introduced the concept of the
value chain.

Elements in Porter's Value Chain

Rather than looking at departments or accounting cost types, Porter's Value Chain focuses on
systems, and how inputs are changed into the outputs purchased by consumers. Using this
viewpoint, Porter described a chain of activities common to all businesses, and he divided them
into primary and support activities, as shown below.

Primary Activities
Primary activities relate directly to the physical creation, sale, maintenance and support of a
product or service. They consist of the following:
• Inbound logistics – These are all the processes related to receiving, storing, and
distributing inputs internally. Your supplier relationships are a key factor in creating
value here.
• Operations – These are the transformation activities that change inputs into outputs that
are sold to customers. Here, your operational systems create value.
• Outbound logistics – These activities deliver your product or service to your customer.
These are things like collection, storage, and distribution systems, and they may be
internal or external to your organization.
• Marketing and sales – These are the processes you use to persuade clients to purchase
from you instead of your competitors. The benefits you offer, and how well you
communicate them, are sources of value here.
• Service – These are the activities related to maintaining the value of your product or
service to your customers, once it's been purchased.

Support Activities
These activities support the primary functions above. In our diagram, the dotted lines show that
each support, or secondary, activity can play a role in each primary activity. For example,

THE E-COMMERCE VALUE CHAIN PAGE | 11

Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

procurement supports operations with certain activities, but it also supports marketing and sales
with other activities.
• Procurement (purchasing) – This is what the organization does to get the resources it
needs to operate. This includes finding vendors and negotiating best prices.
• Human resource management – This is how well a company recruits, hires, trains,
motivates, rewards, and retains its workers. People are a significant source of value, so
businesses can create a clear advantage with good HR practices.
• Technological development – These activities relate to managing and processing
information, as well as protecting a company's knowledge base. Minimizing information
technology costs, staying current with technological advances, and maintaining technical
excellence are sources of value creation.
• Infrastructure – These are a company's support systems, and the functions that allow it
to maintain daily operations. Accounting, legal, administrative, and general management
are examples of necessary infrastructure that businesses can use to their advantage.

Companies use these primary and support activities as "building blocks" to create a valuable
product or service.

A business can gain a competitive advantage in one of the following areas.

1. Cost Leadership
The goal of a cost leadership strategy is to become the lowest-cost provider in your industry or
market. Companies who excel with a low-cost strategy have extreme operational efficiency and
use low-cost materials and resources to reduce the overall price of their product or service.
Example: McDonald's and Walmart

2. Differentiation

With a differentiation strategy, the competitive advantage is gained by offering a unique or

highly specialized product or service. The business needs to dedicate time and resources to

12
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

innovation, research, and development. A successful differentiation strategy allows the business
to set a premium price for its product or service.

Differentiation examples: Starbucks and Apple

It is best to pick a single competitive advantage to focus efforts on. Depending on which
competitive strategy you choose the goal of your value chain analysis will be to either reduce
costs or differentiate to improve margins. Then you will have a clear idea of your business' goals,
how you plan to provide value, and it narrows the scope of changes that might need to be made
to improve efficiency.

Porter's Value Chain Analysis

Value chain analysis allows businesses to examine their activities and find competitive
opportunities. For example, McDonald's mission is to provide customers with low-priced food
items. And the analysis helps McDonald's identify areas for improvement and activities that add
value to their products and services or activities.

Below is an example of a value chain analysis for McDonald's and its cost leadership strategy.

Inbound Logistics

McDonald's has pre-selected, low-cost suppliers for the raw materials for their food and beverage
items. It sources suppliers for items like vegetables, meat, and coffee.

Operations
The business has a franchise and each McDonald's location is owned by a franchisee. There are
more than 37,000 McDonald's locations worldwide.

Outbound Logistics
Instead of formal, sit-down restaurants, McDonald's has fast-casual restaurants that focus on
counter-service, self-service, and drive-through service.

THE E-COMMERCE VALUE CHAIN PAGE | 13

Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Marketing and Sales

Its marketing strategies focus on media and print advertising, including social media posts,
magazine advertisements, billboards, etc.

Services
McDonald's strives to achieve high-quality customer service. And it provides its thousands of
employees with in-depth training and benefits so they can best assist their customers.

1. The manager first needs to analyze all the activities involved in supply chain
management individually.
2. The cost of each activity or process involved in product manufacturing is ascertained
separately through ABC (Activity Based Costing).
3. The manager needs to analyze the factors that influence the cost of each activity. It
enhances the value of the process, so identified.
4. Due to the interrelation between the activities, change in the cost of one process
influences the value of the other, positively or negatively. Therefore, the manager has
found out about such interlinked activities and the relation between their costs.
5. Finding out the areas of improvement, i.e., the activities which have a scope of cost
reduction, to attain efficiency.

14
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

5. The manager first needs to analyze all the activities involved in supply chain
management individually.
6. The cost of each activity or process involved in product manufacturing is ascertained
separately through ABC (Activity Based Costing).
7. The manager needs to analyze the factors that influence the cost of each activity. It
enhances the value of the process, so identified.
8. Due to the interrelation between the activities, change in the cost of one process
influences the value of other, positively or negatively. Therefore, the manager has found
out such interlinked activities and the relation between their costs.
9. Finding out the areas of improvement, i.e., the activities which have a scope of cost
reduction, to attain efficiency.

Using the Value Chain Analysis Tool

The value chain has been adopted by the organizations to acquire a competitive edge over its
business rivals. Given below is the step by step process of adding value for attaining
differentiation advantage:

THE E-COMMERCE VALUE CHAIN PAGE | 15

Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Importance of VCA

The value chain analysis is one of the essential functions of all the business entities. Since the
fulfilment of utility is not the only requirement of the consumers in today’s competitive era.
Instead, every customer looks for value addition. The business units need value chain analysis
because of the following reasons:

Key Points

Porter's Value Chain is a useful strategic management tool.It works by breaking an organization's
activities down into strategically relevant pieces, so that you can see a fuller picture of the cost
drivers and sources of differentiation, and then make changes appropriately.
1. Understanding what activities generate value for the customers and thus, concentrate on
those particular activities.
2. Centralizing the value-creating strategies, the manager can adapt the product
differentiation activities such as:
◦ Product customization
◦ Add on new features
◦ Complementary product offering
◦ Improved customer service
3. Selecting the most suitable combination of linked activities and strategies to attain
sustainable and optimal product differentiation.

16
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Watch : https://www.mindtools.com/pages/article/newSTR_66.htm

Review: https://www.mbahelp24.com/the-value-chain-features-phases-merits-limitations/

Read : http://www.simplynotes.in/e-notes/mbabba/electronic-commerce/e-commerce-
andvaluechain-model/2/

_______________________________

Activities/Assessment

Assign4 LN, FN Yr. and Section document file.

In a bond paper or yellow sheet of paper, identify and write the Value Chain of a selected
company, follow these steps.

Step 1 – Identify sub activities for each primary activity.

For each primary activity, determine which specific sub activities create value. There are three
different types of sub activities:
• Direct activities create value by themselves. For example, in a book publisher's marketing
and sales activity, direct sub activities include making sales calls to bookstores,
advertising, and selling online.
• Indirect activities allow direct activities to run smoothly. For the book publisher's sales
and marketing activity, indirect sub activities include managing the sales force and
keeping customer records.
• Quality assurance activities ensure that direct and indirect activities meet the necessary
standards. For the book publisher's sales and marketing activity, this might include
proofreading and editing advertisements.

Step 2 – Identify sub activities for each support activity.

For each of the Human Resource Management, Technology Development and Procurement
support activities, determine the sub activities that create value within each primary activity. For
example, consider how human resource management adds value to inbound logistics, operations,
outbound logistics, and so on. As in Step 1, look for direct, indirect, and quality assurance sub
activities.

THE E-COMMERCE VALUE CHAIN PAGE | 17

Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Then identify the various value-creating sub activities in your company's infrastructure. These
will generally be cross-functional in nature, rather than specific to each primary activity. Again,
look for direct, indirect, and quality assurance activities.

Step 3 – Identify links.

Find the connections between all of the valuable activities you've identified. This will take time,
but the links are key to increasing competitive advantage from the value chain framework. For
example, there's a link between developing the sales force (an HR investment) and sales
volumes. There's another link between order turnaround times, and service phone calls from
frustrated customers waiting for deliveries.

Step 4 – Look for opportunities to increase value.

Review each of the sub activities and links that you've identified and think about how you can
change or enhance it to maximize the value you offer to customers (customers of support
activities can be internal as well as external).

TIPS:

Tip 1: Your organization's value chain should reflect its overall generic business strategies. So,
when deciding how to improve your value chain, be clear about whether you're trying to set
yourself apart from your competitors or simply have a lower cost base.

Tip 2: You'll inevitably end up with a huge list of changes. See our article on prioritization if
you're struggling to choose the most important changes to make.

Tip 3: This looks at the idea of a value chain from a broad, organizational viewpoint.

18
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

CHAPTER 3. E-COMMERCE MARKETING AND SALES STRATEGIES

Overview

Marketing is the process of getting people interested in the goods and services being sold
whereas the term sales refers to all activities that lead to the selling of goods and services.
Strategies are put in practice to have repeat sales and to make profit.

Learning Objectives:

At the end of the lesson, students must be able to:

1. Differentiate and identify different strategies in marketing and sales.
2. Create a web design with appropriate marketing and sales techniques
3. Create blogs and advertise in social media sites.

Topics: Difference of Marketing from Sales

Five P’s of Marketing/E-commerce
Product Price Place Promotion People
Types of e-commerce Marketing
Search engine optimization (SEO), Social media marketing,
Content Marketing, Email marketing, Produce Original Content,
Web design to build a positive first impression marketing,
Affiliate marketing, Referral marketing Sales Strategies

Marketing and Sales defined

Marketing refers to activities a company undertakes to promote the buying or selling of a product
or service. Marketing includes advertising, selling, and delivering products to consumers or other
businesses. Some marketing is done by affiliates on behalf of a company.

Professionals who work in a corporation's marketing and promotion departments seek to get the
attention of key potential audiences through advertising. Promotions are targeted to certain

E-COMMERCE MARKETING AND SALES

STRATEGIES PAGE | 19
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

audiences and may involve celebrity endorsements, catchy phrases or slogans, memorable
packaging or graphic designs and overall media exposure.

Marketing is any business action that creates interest or gathers knowledge about a potential
buyer or customer. In a more traditional model from previous generations, this meant creating
advertisements and buying media space to get those ads in front of consumers.
In the world of inbound marketing, this means creating content that informs website visitors
about how your company’s products or services can help with their problems.

Marketing is taking responsibility for an ever-increasing portion of the sales process. Marketing
teams are educating prospects so that they can quickly and smoothly move through the buying
process without relying on sales reps in the way they did in the past.

Traditionally, sales took over once a business knew a prospect existed. If an advertisement got
someone into a store, a salesperson took it from there.

Therefore, the term sales, refers to all activities that lead to the selling of goods and services
whereas, Marketing is the process of getting people interested in the goods and services being
sold.

At companies practicing inbound and content marketing, the salespeople still function in a
similar way, but much of the heavy lifting is done by the website. In addition to all of the
information a prospect may have gathered from online resources, they have also begun to trust
the business that's shared that content.

Trust is the currency of all business. It is crucial, fragile, and slow to develop. If businesses can
begin to cultivate trust by way of their websites, the sales process can be shortened accordingly.
Still, good salespeople are vital to a business. Sales reps are able to clearly, confidently, and
efficiently help prospects become customers. At a point where customers are handing over
money, it is important that sales reps are there to operate with humanity and purpose.

Marketing makes use of the "marketing mix," also known as the five Ps—product, price, place,
promotion and people.

Product refers to an item or items the business plans to offer to customers. The product should
seek to fulfill an absence in the market, or fulfill consumer demand for a greater amount of a
product already available. Before they can prepare an appropriate campaign, marketers need to
understand what product is being sold, how it stands out from its competitors, whether the
product can also be paired with a secondary product or product line, and whether there are
substitute products in the market.

Price refers to how much the company will sell the product for. When establishing a price,
companies must consider the unit cost price, marketing costs, and distribution expenses.

20
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Companies must also consider the price of competing products in the marketplace and whether
their proposed price point is sufficient to represent a reasonable alternative for consumers.

Place refers to the distribution of the product. Key considerations include whether the company
will sell the product through a physical storefront, online, or through both distribution channels.
When it's sold in a storefront, what kind of physical product placement does it get? When it's
sold online, what kind of digital product placement does it get?

Promotion, the fourth P, is the integrated marketing communications campaign. Promotion

includes a variety of activities such as advertising, selling, sales promotions, public relations,
direct marketing, sponsorship, and guerrilla marketing.

Promotions vary depending on

what stage of the product life
cycle the product is
in. Marketers understand that
consumers associate
a product’s price and
distribution with its quality, and
they take this into account when
devising the overall marketing
strategy.

People is a newer addition to what was previously known as the four Ps of marketing.
The people and services that you
use in your business can impact your success. If your salespeople or virtual assistant is rude, you
will loose customers and clients. Customers have a choice in who to do business with and they
prefer companies that provide easy-to-use systems, offer customer service when needed, and are
attentive and responsive to their needs. Happy customers will become repeat customers and will
refer new business.

The tools that help sales and marketing be successful

In order to be successful in the digital age, companies rely on software to help them to stay
organized and efficient. For sales teams, this is a customer relationship management system, or
CRM. This keeps track of all prospects, customers, and clients, with details about contacts, deals,
and companies — and it allows for robust analysis and collaboration.

E-COMMERCE MARKETING AND SALES

STRATEGIES PAGE | 21
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

For marketers, the most important software asset is a marketing automation tool. This sends and
tracks emails and other communications, provides analytical information, and automates tasks
associated with campaigns.

Considering how essential sales and marketing alignment is in 2020, it is important that sales
and marketing teams use programs that integrate well with each other.

Virtually all e-commerce businesses can and should use these low-cost marketing strategies. I
consider these tactics to be the building blocks of an e-commerce marketing strategy, because
even one single action (like updating keywords or just one blog post) can yield return for years to
come.

Marketing Strategies

1. Produce Original Content. The first step in setting up an eCommerce website is creating
the content for it. Creating high-quality and original content will set you up for success because it
will resonate with your customers in a way that makes them want to interact with you, purchase
from you, and maintain a following.

Be creative. Be original. Promoting original content is a great way to make a statement, strike a
compelling idea, and make a mark on the user’s mind. There is a fine line between content that
engages users and content that deters them.

2. Optimize your website layout. After launching your e-commerce site, it’s important to
test your website’s layout, language, and placement of conversion elements. When customers
visit your website, you want to make sure it’s easy and simple to check out, that they feel
naturally inclined to purchase your products and that it’s abundantly clear how to do so.

SEO is the process of optimizing your website to boost its ranking in the search results. When
you
rank higher in search engine results, you’ll drive more traffic to your website.

Did you know that 80% of shoppers do product research online? To help them figure out if your
product is right for their needs, they turn to search engines to provide them with valuable
information about products and brands.

To get started with SEO, you’ll need to do the following:

Find relevant keywords: When your audience searches for products, they use keywords to help
them find what they want. If you want your business to appear in relevant searches, you need to
optimize for the right keywords.

22
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Stick to long-tail keywords that contain three or more words. These keywords help you attract
more qualified shoppers for your company. Someone who searches “cup” may not be a valuable
lead for your business, whereas someone searching “purple insulated tumbler cup” is a valuable
lead.

You should test the language displayed on your landing and product pages, the language in your
conversion elements, and even the strategic placement of icons and elements.

Optimize product images: One of the most critical factors that contribute to your SEO ranking
is user experience. If you want to rank higher in search results, you need to provide a positive
user experience for your audience so that interested leads remain on your page. One way to do
that is to optimize your product images.

All product listings on your site should include high-quality images to showcase the details of
each.

However, the issue with having high-quality photos is that it can bog down your site since high
quality images are typically larger files. These heavy files can adversely affect the user
experience since it causes your site to load slowly. However, by compressing your images, you
ensure they don’t bog down on your site while maintaining the quality.

Optimize your title tag and meta description: These two core components are the first things
your audience sees when they find your listing in organic search. If you want them to click on
your listing and visit your site, you must optimize your title tag and meta description.

You need to include your core keyword in both components, so both humans and search engines
know your page is relevant to the search results.

3. Content Marketing. Proper content marketing can attract more positive attention, interaction,
and sustainable conversions in a way no other marketing method can. By creating and promoting

E-COMMERCE MARKETING AND SALES

STRATEGIES PAGE | 23
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

original content, you are ensuring that your audience is receiving new information that matters to
them on a continual basis.

Brainstorm with your team to create a list of the different types of content you wish to create.
This can be blog posts, videos, and newsletters. Also, make sure you are utilizing your marketing
budget by consulting with experts, outsourcing work when necessary. Invest in high-quality
software, subscriptions, employees, and training for your team.

You will also find that if you work with the right people, many of the things you’ve paid for in
the past can be done internally. Create diversity within your team and listen to everyone’s ideas.

We also suggest that you create content based on Pareto’s 80/20 rule, which means that your
promotions should comprise of 80% informational content, and 20% promotional content. All of
the content you publish should be relevant, interesting, and unique.

How to start with content marketing?

Create a blog: Blogs are one of the most valuable forms of content creation. When you blog,
you focus on industry-related topics and target relevant keywords to help you appear in the right
search results.

To be successful with blogging, you need to blog often. Having fresh content consistently keeps
people coming back to your website, and Google loves fresh content.

Use a content calendar: Content creation requires continually creating new content. To ensure
you are publishing content often and not overlapping publications, you’ll want to use a content
calendar. A content calendar will help you know when you’re creating, editing, and publishing
content.

Keeping track of your content will make it easier for you to spread out your content over time.
Generally, you’ll only want to plan content three or four weeks in advance. You don’t want to
plan too far in advance because your industry may change, or you may alter your marketing
strategy for your business down the line.

Try different types of content: Blogs are fundamental to your content marketing strategy, but
there are other types of marketing strategies that will benefit from the content you create.
Creating different kinds of content besides your blog will help you cater to various audience
members who consume content in different ways.

For example, in addition to blogs, you can create videos, design infographics, and publish
eBooks. That’s just the beginning! You have dozens of content options to help you deliver
valuable information to your audience.

24
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

4. Email marketing to nurture leads towards conversion. One of the best types of ecommerce
marketing strategies involves building personal connections with your leads. Email marketing
enables you to have a direct connection with your audience and send them tailored information
that gets them to convert.

At least 82% of companies already use email marketing, so if you aren’t, you’re missing out on a
valuable strategy. Ecommerce email marketing is valuable to your strategy because it helps you
earn more sales and provides a fantastic return on investment (ROI). For every $1 spent, you can
earn up to $44 in return!

To create an effective email marketing strategy, you must:

Obtain subscribers organically: When you start email marketing, you need a list of subscribers
to send your content to. Many companies will try to take a shortcut by paying for email
subscriber lists. This strategy isn’t recommended, however, because most of your emails will get
deleted or end up in spam folders.

Instead, focus on obtaining subscribers organically. You can do this by adding email sign-ups
bars and pop-ups to your site to encourage people to sign up for your emails. If you want more
signups, offer a discount like free shipping or 10% off first purchase.

Segment your email list: The key to a successful email marketing campaign is segmentation.
Segmentation involves grouping leads together based on their demographics, interests, and more.
Segmentation is effective — you can see a 760% increase in revenue just by segmenting your
subscribers.

You’ll want to separate people into different groups so you can deliver content that’s most
relevant to them. If you find you have multiple groups that you send different types of content to,
you can use an email automation program, like My Email FX, to make it easier for you to
manage your email campaigns.

Personalize the experience for your audience: Along with segmenting your emails, you’ll
want to create personalized email content for your audience. Many leads will subscribe to emails
from multiple companies, so you must make your emails stand out in your recipient’s inbox.

Personalization can help you stand out from your competition. Whether you’re adding your
subscriber’s name to the email or tailoring the content to their interests, you can help garner more
email engagement, which results in more sales for your business.

E-COMMERCE MARKETING AND SALES

STRATEGIES PAGE | 25
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

5. Social media advertising to increase brand recognition and earn conversions. Social
media advertising is one of the most effective commerce marketing strategies for helping new
leads discover your brand. There are hundreds of people that want your products, but they
haven’t discovered your business yet. With ecommerce social media advertising, you can reach
these leads.

To run a successful social media campaign, you need to:

Use compelling visuals: Social media ads are visual. Many of them use photos or videos to
showcase products. If you want to have a successful social media advertising campaign, you
need to use high-quality visuals that engage users and entice them to click.

Having appealing visuals will catch your audience’s attention and get them to click your ad. Try
using photos or videos of real people using your products, or close-up details of an item.

Target the right people: The most significant benefit of social media advertising is the targeting
capabilities. Social media platforms offer some of the most advanced targeting options, which
means you can reach more people looking for your products.

To ensure you’re making the most of this advanced targeting, you need to ensure that you know
and understand your most valuable customers. Think of your typical customer(s) and use that
information to create buyer personas.

Creating a buyer persona will help you get in the mindset of marketing to a specific person,
which will make your ads more successful.

Use appropriate calls to action (CTAs): When you run a social media ad, a fundamental part of
your ad is the CTA. The CTA guides users on how to take the next step. Most social media
platforms provide you with a list of CTAs you can use for your ad, but it’s essential to use the
right one in relation to your goal.

For example, Warby Parker might use a “Learn More” CTA if they were running an ad about
their free at-home try-on so users could learn more about how it works. If they were advertising
glasses, however, they may use a “Shop Now” CTA.

6. Web design to build a positive first impression. Did you know that 94% of first impressions
relate to web design?

Your website is the heart of your ecommerce marketing strategy, so you must invest in building a
beautiful design that creates a positive first impression with your audience. So, how can you
create an ecommerce website that wows your audience?

26
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Use a custom design: Your business is unique, so you need an exceptional design to go with it.
You want your company to stand out from the competition so that leads remember your business
better.

When you build your custom design, you’ll want to integrate your brand’s unique colors and
style. Creating a style guide will help ensure that all pages are consistent across the board. If
you’re struggling to develop your business’s unique style, consider investing in web design
services to help you build the best website for your company.

Create simple navigation: Your navigation is a crucial component of your website’s design. If
your audience can’t find the products they need, they’re more likely to leave your site. You must
create a simple and organized navigation to help your audience find products faster.

Take JC Penney as an example — they create separate categories for their clothing (women,
men, etc.), as well as categories for their home goods, accessories, and other categories. When
you hover over a category, the information is broken down into subcategories to help shoppers
find products fast.

Make sure your site looks good on mobile: Mobile-friendliness is critical for both your
audience and search engines. Google takes your site’s mobile-friendliness into account with its
mobile-first indexing.

Additionally, 70% of Internet time is spent on mobile, so your site must look great on all devices.
Integrate responsive design to ensure your site is mobile-friendly. Responsive design helps your
website adapt to whatever device a user uses so that they can have the best experience on your
site.

What Is Affiliate Marketing?

Affiliate marketing is the process by which an affiliate earns a commission for marketing another
person’s or company’s products. The affiliate simply searches for a product they enjoy, then
promotes that product and earns a piece of the profit from each sale they make. The sales are
tracked via affiliate links from one website to another.

How Does Affiliate Marketing Work?

Because affiliate marketing works by spreading the responsibilities of product marketing and
creation across parties, it manages to leverage the abilities of a variety of individuals for a more

E-COMMERCE MARKETING AND SALES

STRATEGIES PAGE | 27
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

effective marketing strategy while providing contributors with a share of the profit. To make this
work, three different parties must be involved:
1. Seller and product creators
2. The affiliate or advertiser
3. The consumer

Let us delve into the complex relationship these three parties share to ensure affiliate marketing
is a success.

1. Seller and product creators. The seller, whether a solo entrepreneur or large enterprise,
is a vendor, merchant, product creator, or retailer with a product to market. The product can be a
physical object, like household goods, or a service, like makeup tutorials.

Also known as the brand, the seller does not need to be actively involved in the marketing, but
they may also be the advertiser and profit from the revenue sharing associated with affiliate
marketing.

For example, the seller could be an e-commerce merchant that started a dropshipping business
and wants to reach a new audience by paying affiliate websites to promote their products. Or the
seller could be a SaaS company that leverages affiliates to help sell their marketing software.

2. The affiliate or publisher. Also known as a publisher, the affiliate can be either an
individual or a company that markets the seller’s product in an appealing way to potential
consumers. In other words, the affiliate promotes the product to persuade consumers that it is
valuable or beneficial to them and convince them to purchase the product. If the consumer does
end up buying the product, the affiliate receives a portion of the revenue made.

Affiliates often have a very specific audience to whom they market, generally adhering to that
audience’s interests. This creates a defined niche or personal brand that helps the affiliate attract
consumers who will be most likely to act on the promotion.

3. The consumer. Whether the consumer knows it or not, they (and their purchases) are the
drivers of affiliate marketing. Affiliates share these products with them on social media, blogs,
and websites.

When consumers buy the product, the seller and the affiliate share the profits. Sometimes the
affiliate will choose to be upfront with the consumer by disclosing that they are receiving
commission for the sales they make. At other times the consumer may be completely oblivious to
the affiliate marketing infrastructure behind their purchase.

Either way, they will rarely pay more for the product purchased through affiliate marketing; the
affiliate’s share of the profit is included in the retail price. The consumer will complete the

28
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

purchase process and receive the product as normal, unaffected by the affiliate marketing system
in which they are a significant part.

How Do Affiliate Marketers Get Paid?

A quick and inexpensive method of making money without the hassle of actually selling a
product, affiliate marketing has an undeniable draw for those looking to increase their income
online. But how does an affiliate get paid after linking the seller to the consumer?

The consumer doesn’t always need to buy the product for the affiliate to get a kickback.
Depending on the program, the affiliate’s contribution to the seller’s sales will be measured
differently.

The affiliate may get paid in various ways:

1. Pay per sale.

This is the standard affiliate marketing structure. In this program, the merchant pays the affiliate
a percentage of the sale price of the product after the consumer purchases the product as a result
of the affiliate’s marketing strategies. In other words, the affiliate must actually get the investor
to invest in the product before they are compensated.

2. Pay per lead.

A more complex system, pay per lead affiliate programs compensates the affiliate based on the
conversion of leads. The affiliate must persuade the consumer to visit the merchant’s website and
complete the desired action — whether it’s filling out a contact form, signing up for a trial of a
product, subscribing to a newsletter, or downloading software or files.

3. Pay per click.

This program focuses on incentivizing the affiliate to redirect consumers from their marketing
platform to the merchant’s website. This means the affiliate must engage the consumer to the
extent that they will move from the affiliate’s site to the merchant’s site. The affiliate is paid
based on the increase in web traffic.

Common Types of Affiliate Marketing Channels

Most affiliates share common practices to ensure that their audience is engaged and receptive to
purchasing promoted products. But not all affiliates advertise the products in the same way. In
fact, there are several different marketing channels they may leverage.

E-COMMERCE MARKETING AND SALES

STRATEGIES PAGE | 29
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

1. Influencers. An influencer is an individual who holds the power to impact the purchasing
decisions of a large segment of the population. This person is in a great position to benefit from
affiliate marketing. They already boast an impressive following, so it’s easy for them to direct
consumers to the seller’s products through social media posts, blogs, and other interactions with
their followers. The influencers then receive a share of the profits they helped to create.

2. Bloggers. With the ability to rank organically in search engine queries, bloggers excel at
increasing a seller’s conversions. The blogger samples the product or service and then writes a
comprehensive review that promotes the brand in a compelling way, driving traffic back to the
seller’s site.

The blogger is awarded for his or her influence spreading the word about the value of the
product, helping to improve the seller’s sales. For example, my article on the best email
marketing software includes product reviews and affiliate links throughout.

3. Paid search focused microsites. Developing and monetizing microsites can also garner a
serious number of sales. These sites are advertised within a partner site or on the sponsored
listings of a search engine. They are distinct and separate from the organization’s main site. By
offering more focused, relevant content to a specific audience, microsites lead to increased
conversions due to their simple and straightforward call to action.

4. Email lists. Despite its older origins, email marketing is still a viable source of affiliate
marketing income. Some affiliates have email lists they can use to promote the seller’s products.
Others may leverage email newsletters that include hyperlinks to products, earning a commission
after the consumer purchases the product.

Another method is for the affiliate to build an email list over time. They use their various
campaigns to collect emails en masse, then send out emails regarding the products they are
promoting.

5. Large media websites. Designed to create a huge amount of traffic at all times, these
sites focus on building an audience of millions. These websites promote products to their
massive audience through the use of banners and contextual affiliate links. This method offers
superior exposure and improves conversion rates, resulting in a top-notch revenue for both the
seller and the affiliate.

What is Referral Marketing?

Referral marketing is a marketing tactic that makes use of recommendations and word of
mouth to grow a business's customer base through the networks of its existing customers.
Referral marketing can take many forms, but at its heart, it's a way to get your biggest fans to
help spread the word about your brand. In other words, referral marketing turns your current
customers into brand advocates.

30
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Before we get into how to create your referral marketing strategy, let’s talk about why you need
to. How much of a difference do referrals make? Consider this:
• A word-of-mouth impression drives at least 5x more sales than a paid impression.
• Customers acquired through word-of-mouth spend 2x more and make 2x as many referrals
themselves.
• Referred leads convert 30% better and have a 16% higher lifetime value than leads
acquired via other channels.
• Half of Americans would pick word-of-mouth if they could only select one source for
information on potential purchases.

Word-of-mouth and referral marketing are cost-effective, powerful, and trusted. When we have a
good experience with a brand, product, or service, we’re happy to—and frequently do—share it
with others.

In his bestseller Contagious, marketing professor and author Jonah Berger identified six
principles of sharing and word-of-mouth:
1. Social currency: We share what makes us look good.
2. Triggers: We share what’s at the top of our minds.
3. Emotion: We share what we care about.
4. Public: We imitate what we see people around us are doing.
5. Practical value: We share things that have value to others.
6. Stories: We share stories, not information.

Referral Marketing vs. Affiliate Marketing

Affiliate marketing is when people who aren’t customers give an artificial recommendation,
while referral marketing is when an actual customer gives a genuine recommendation.

An example of affiliate marketing can be companies that send out products on the contingency
that product recipients write a review. Companies use affiliate marketing to boost numbers of
reviews, as that’s an important factor for shoppers when comparing products.

Both methods of marketing are effective, but companies usually choose to use one or the other.

Why Is Referral Marketing So Powerful?

Referral marketing is the secret strength that fuels some of the most successful startups. Lyft and
Airbnb grew their customer base on referral marketing strategies and as a result, are two of the
most well-known startups to date.

E-COMMERCE MARKETING AND SALES

STRATEGIES PAGE | 31
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

1. Precision targeting. The people who refer someone to your business are called referrers. Once
you ask your current customers to refer someone, they know who they will tell and how to
convince them to buy your product or service better than you do. That’s why referral
marketing is so beneficial.

Because referrals are becoming more common, sometimes the shopper reaches out asking if their
friends or family have a referral code for a particular product or service that they want. That’s
about as precise as you can get.

2. Trust factor.

According to Nielsen, people are four times more likely to buy if they are referred to by a friend.
This fact isn’t anything shocking. Advertisers and marketers are mistrusted, and in the age of
information, it is difficult to determine what’s true and what’s false.

When a friend or family member recommends something, it means that they’ve tried it and had a
positive experience with the product or service. People don’t recommend things they hate. In
fact, if your company has a bad reputation, people make sure no one they know buys from you.

You never want to be the person that gives a bad

recommendation, that’s human nature. The most trusted
marketing campaign is, therefore, a referral program.

3. Reach and acceleration.

Conversion rates from a landing page are usually
around 2-3%, and that’s if you’re doing well. When
visitors reach a referral page, a shocking 14% take an
action according to Saasquatch. With

32
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

referral marketing campaigns, your reach increases quickly. Current customers must do the work
for you by reaching out to their friends and family in order to get the incentive. The point of an
ecommerce referral program is to reach people and convert them into customers quickly.
Because of the nature of this strategy, when done right, businesses see success with the rate at
which they acquire new customers.

The best kind of referral is when a celebrity or influencer naturally recommends your product
or service. If that happens, the reach is extensive.

Conversion Funnel in E-commerce

A conversion funnel in e-commerce illustrates the route your customers take from first becoming
aware of your brand to making a purchase. It also includes customer retention, upselling, cross
selling, and subscription-based models.

Every business has a different e-commerce conversion funnel depending on the specifics of how
users navigate their businesses. The stages are the same, as I’ll describe below, but the specifics
depend on your product and audience. For instance, some businesses have shorter conversion
funnels. When you sell a low-cost product, you can convert visitors faster because price becomes
less of an obstacle.

The Importance of Creating a

Ecommerce Sales Funnel

If you don’t know what your e-commerce

conversion funnel looks like, you cannot
optimize each stage for maximum sales.
Knowing which areas impact conversions,
the most lets you home in on those areas
and optimize your funnel.

For instance, your research might indicate that social media — specifically Facebook — plays a
tremendous role in conversions. Your large group of followers pays attention to your posts about
discounts and promotions.
When you have that data, you can take action on it by boosting your Facebook activity and
encouraging your website visitors to follow you on Facebook. By placing a prominent CTA for
Facebook, you take advantage of existing websites and draw people into your social sphere.

What is the Average Conversion Rate for E-commerce?

E-COMMERCE MARKETING AND SALES

STRATEGIES PAGE | 33
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Since we’re talking specifically about the e-commerce conversion funnel, I turned to Smart
Insights for a visual representation of the average conversion rate that a business might expect to
see on their website

Review : https://www.bigcommerce.com/blog/increase-ecommerce-sales/#tactics-
toimproveecommerce-sales
Read. : https://www.webfx.com/blog/marketing/types-of-ecommerce-marketing/
_______________________________

Activities/Assessment

E-commerce Project Team Work. Prepare and submit the following:

1. Timeline of activities for approved Website Product/Service project
2. List/Prepare keywords for the SEO
3. Create a blog about your product/service.
4. Below is your guide in the development of e-commerce project.

34
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

CHAPTER 4. CONSUMER PAYMENT PROTOCOL AND DELIVERY SYSTEM

Overview

Digital payment is a paperless electronic payment transaction. After payment of goods or

services, items shall be delivered or shift to the customers.

Learning Objectives

At the end of the lesson, students must be able to:

1. Identify and understand the different modes of electronic payment.
2. Understand and learn the how, why, where and what shipping or delivery strategy to use
for goods/services being sold online.

Topics: Electronic Payment

Modes of electronic payment
Consumer to business commerce,
Payment system requirement
From first Virtual to SET, Securing Electronic Transaction (SET)
The SET protocol, SET Features Delivery
Systems

Electronic payment system

An e-commerce payment system (or an electronic payment system) facilitates the acceptance
of electronic payment for online transactions. Also known as a subcomponent of electronic data
interchange (EDI), e-commerce payment systems have become increasingly popular due to the
widespread use of the internet-based shopping and banking. E-commerce sites use electronic
payment, where electronic payment refers to paperless monetary transactions. Electronic
payment has revolutionized business processing by reducing the paperwork, transaction costs,
and labor cost. Being user friendly and less time-consuming than manual processing, it helps
business organizations to expand its market reach/expansion.

Listed below are some of the modes of electronic payments.

• Credit Card
• Debit Card
• Smart Card
• E-Money

PAGE | 35
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

CONSUMER PAYMENT PROTOCOL AND DELIVERY SYSTEM

• Electronic Fund Transfer (EFT)

Credit Card
Payment using credit card is one of most common modes of electronic payment. A credit card is
small plastic card with a unique number attached with an account. It has also a magnetic strip
embedded in it which is used to read credit cards via card readers. When a customer purchases a
product via credit card, credit card issuer bank pays on behalf of the customer and customer has a
certain time period.

Credit Card Payment Process

Step Description

Step 1 Bank issues and activates a credit card to the customer on his/her request.

The customer presents the credit card information to the merchant site or to
Step 2
the merchant from whom he/she wants to purchase a product/service.

Merchant validates the customer's identity by asking for approval from the
Step 3
card brand company.

Card brand company authenticates the credit card and pays the transaction by
Step 4
credit. Merchant keeps the sales slip.

Merchant submits the sales slip to acquirer banks and gets the service charges
Step 5
paid to him/her.

36
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Acquirer bank requests the card brand company to clear the credit amount
Step 6
and gets the payment.

Now the card brand company asks to clear the amount from the issuer bank
Step 6 and the amount gets transferred to the card brand company.

• After which he/she can pay the credit card bill. It is usually a credit card monthly
payment cycle. Following are the actors in the credit card system.
• The card holder − Customer
• The merchant − seller of product who can accept credit card payments.
• The card issuer bank − card holder's bank
• The acquirer bank − the merchant's bank
• The card brand − for example, Visa or Mastercard.

Debit Card
Debit card, like credit card, is a small plastic card with a unique number mapped with the bank
account number. It is required to have a bank account before getting a debit card from the bank.
The major difference between a debit card and a credit card is that in case of payment through
debit card, the amount gets deducted from the card's bank account immediately and there should
be sufficient balance in the bank account for the transaction to get completed, whereas in case of
a credit card transaction, there is no such compulsion.
Debit cards free the customer to carry cash and cheques. Even merchants accept a debit card
readily. Having a restriction on the amount that can be withdrawn in a day using a debit card
helps the customer to keep a check on his/her spending.

Smart Card
Smart cards are again similar to a credit card or a debit card in appearance, but they have a small
microprocessor chip embedded in it. It has the capacity to store a customer’s work-related and/or
personal information. Smart cards are also used to store money and the amount gets deducted
after every transaction.

Smart cards can only be accessed using a PIN that every customer is assigned with. Smart cards
are secure, as they store information in encrypted format and are less expensive/provides faster
processing. Mondex and Visa Cash cards are examples of smart cards.

E-Money
E-Money transactions refer to a situation where payment is made over the network and the
amount gets transferred from one financial body to another financial body without any
involvement of a middleman. E-money transactions are faster, convenient, and save a lot of time.
Online payments done via credit cards, debit cards, or smart cards are examples of e-money
transactions. Another popular example is e-cash. In the case of e-cash, both customer and
37
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

merchant have to sign up with the bank or company issuing e-cash. The thriving Cryptocurrency
or bitcoin is another example of e-money.

Electronic Fund Transfer

It is a very popular electronic payment method to transfer money from one bank account to
another bank account. Accounts can be in the same bank or different banks. Fund transfer can be
done using ATM (Automated Teller Machine) or using a computer.

Nowadays, internet-based EFT is getting popular. In this case, a customer uses the website
provided by the bank, logs in to the bank's website and registers another bank account. He/she
then places a request to transfer a certain amount to that account. Customer's bank transfers the
amount to other account if it is in the same bank, otherwise the transfer request is forwarded to
an ACH (Automated Clearing House) to transfer the amount to other account and the amount is
deducted from the customer's account. Once the amount is transferred to another account, the
customer is notified of the fund transfer by the bank.

For the vast majority of payment systems accessible on the public Internet, baseline
authentication (of the financial institution on the receiving end), data integrity, and
confidentiality of the electronic information exchanged over the public network involves
obtaining a certificate from an authorized certification authority (CA) who provides public-key
infrastructure (PKI). Even with transport layer security (TLS) in place to safeguard the portion of
the transaction conducted over public networks—especially with payment systems—the
customer-facing website itself must be coded with great care, so as not to leak credentials and
expose customers to subsequent identity theft.

Despite widespread use in North America, there are still many countries such as China and India
that have some problems to overcome in regard to credit card security. Increased security
measures include use of the card verification number (CVN) which detects fraud by comparing
the verification number printed on the signature strip on the back of the card with the information
on file with the cardholder's issuing bank.

Credit cards constitute a popular method of online payment but can be expensive for the
merchant to accept because of transaction fees primarily. Debit cards constitute an excellent
alternative with similar security but usually much cheaper charges. Besides card-based payments,
alternative payment methods have emerged and sometimes even claimed market leadership.

Bank payments
This is a system that does not involve any sort of physical card. It is used by customers who have
accounts enabled with Internet banking. Instead of entering card details on the purchaser's site, in
this system the payment gateway allows one to specify which bank they wish to pay from. Then
the user is redirected to the bank's website, where one can authenticate oneself and then approve
the payment. Typically there will also be some form of two-factor authentication.

38
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

It is typically seen as being safer than using credit cards, as it is much more difficult for hackers
to gain login credentials compared to credit card numbers. For many eCommerce merchants,
offering an option for customers to pay with the cash in their bank account reduces cart
abandonment as it enables a way to complete a transaction without credit cards.

Mobile money wallets

In developing countries, many people don't have access to banking facilities, especially in tier II
and tier III cities. Taking the example of India, there are more mobile phone users than there are
people with active bank accounts. Telecom operators, in such locations, have started offering
mobile money wallets which allow adding funds easily through their existing mobile
subscription number, by visiting physical recharge points close to their homes and offices and
converting their cash into mobile wallet currency. This can be used for online transactions and
eCommerce purchases.

Secure Electronic Transaction or SET is a system which ensures security and integrity of
electronic transactions done using credit cards in a scenario. SET is not some system that enables
payment, but it is a security protocol applied on those payments. It uses different encryption and
hashing techniques to secure payments over the internet done through credit cards. SET protocol
was supported in development by major organizations like Visa, Mastercard, Microsoft which
provided its Secure Transaction Technology (STT) and NetScape which provided technology of
Secure Socket Layer (SSL).
SET protocol restricts revealing credit card details to merchants thus keeping hackers and thieves
at bay. SET protocol includes Certification Authorities for making use of standard Digital
Certificates like X.509 Certificate.

Before discussing SET further, let’s look at a general scenario of electronic transaction, which
includes client, payment gateway, client financial institution, merchant and merchant financial
institution.

Requirements in SET:
SET protocol has some requirements to meet, some of the important requirements are:
• It has to provide mutual authentication i.e., customer (or cardholder) authentication by
confirming if the customer is intended user or not and merchant authentication.
• It has to keep the PI (Payment Information) and OI (Order Information) confidential by
appropriate encryptions.
• It has to be resistive against message modifications i.e., no changes should be allowed in
the content being transmitted.
• SET also needs to provide interoperability and make use of the best security
mechanisms.

Participants in SET:

In the general scenario of online transaction, SET includes similar participants:

39
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

1. Cardholder – customer
2. Issuer – customer financial institution
3. Merchant
4. Acquirer – Merchant financial
5. Certificate authority – Authority which follows certain standards and issues certificates
(like X.509V3) to all other participants.

SET functionalities:

◦ Provide Authentication
◦ Merchant Authentication – To prevent theft, SET allows customers to check
previous relationships between merchant and financial institution. Standard
X.509V3 certificates are used for this verification.
◦ Customer / Cardholder Authentication – SET checks if use of credit card is done
by an authorized user or not using X.509V3 certificates.
◦ Provide Message Confidentiality: Confidentiality refers to preventing unintended people
from reading the message being transferred. SET implements confidentiality by using
encryption techniques. Traditionally DES is used for encryption purposes.
◦ Provide Message Integrity: SET doesn’t allow message modification with the help of
signatures. Messages are protected against unauthorized modification using RSA digital
signatures with SHA-1 and some using HMAC with SHA-1,

Dual Signature:
The dual signature is a concept introduced with SET, which aims at connecting two information
pieces meant for two different receivers: Order Information (OI) for merchant.
Payment Information (PI) for bank

You might think sending them separately is an easy and more secure way but sending them in a
connected form resolves any future dispute possible.

40
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

E-commerce Delivery/Shipping or Fulfillment

Putting an effective ecommerce shipping strategy in place is one of the most impactful steps you
can take to grow your business online.

While many brands start out in ecommerce by taking a simplistic approach to shipping — like
offering free shipping across the board or showing unmodified UPS or USPS rates — the most
successful merchants use strategic shipping options to differentiate themselves from their
competition and increase margins.

Of course, while shipping can be a powerful point of differentiation for your brand, it’s important
to make sure that your company can actually act on the strategy.

This requires coordination between multiple teams within your organization, all the way from
your marketing team to your fulfillment team — and several others in between.

Establishing a shipping strategy for your online store lets you ensure that everyone involved in
this pipeline knows what’s going on and their part in the process.

Ecommerce Delivery/Shipping Best Practices

Be sure to assemble the right team: Every department in your organization has a job in relation to
making shipping work for your online store.
Set clear goals: Do you want to increase margins? Go international? Define your goals and
measure against them.

Choose a shipping strategy: There are 4 main options, and free shipping isn’t always the best.
Make
the leap: Implement and iterate. That’s the only way you’ll get better.

Ecommerce Shipping Strategy Goals:

• Increase conversions.
• Increase average order value.
• Expand market or target audience.
• Decrease costs.
• Improve operational efficiency.

3 Most Important Ecommerce Shipping Considerations:

Product size and weight: What’s the difference in size and weight from your smallest,
lightest Stock-Keeping Units (SKUs) to your largest, heaviest SKUs?

Shipping destinations: Where are you shipping to — domestic or international?

41
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Shipping options: What are the best shipping services or carriers for your unique
needs very competitive rates.

Local couriers often don’t offer a way to fetch rates in real time for shipments, but it can be
worth your while to build up a table of rates based on number of items or weight in order to offer
these options to your customers.

How to Ship Items Sold Online:

1. Make an online sale.
2. Determine which products to package and the total size and weight.
3. Confirm the shipping destination.
4. Determine which shipping carrier is being used and calculate the shipping cost.
5. Send the package out via the appropriate carrier.

Best Ecommerce Shipping Alternatives to Free Shipping:

• Standard shipping + Expedited shipping
• Free shipping + Standard shipping + Expedited shipping
• Standard shipping + In-store pick up + Same day delivery.
• LTL freight + Standard shipping

How to Offer Free Shipping and Still Make Money:

1. Determine the vertical you’ll sell in.
2. Decide if shipping is a marketing expense or cost of goods sold.
3. Offer free shipping to limited regions.
4. Surcharge your expedited rates.
5. Determine your monthly shipping expenses.
6. Clearly show delivery time to customers.
7. Offer free shipping after conditions are met.
8. Use shipping as a promotion.
9. Install a shipping solution.

5 International Ecommerce Shipping Considerations:

10. Are your products suitable for international shipping?
11. Is there international demand?
12. Which shipping services will you use?
13. Do you know about harmonized tariff codes, duties and taxes and more?
14. Watch out for restrictions!

Shipping internationally opens your market to a potential three billion consumers. But, before
you build your international shipping strategy, you should determine if it is right for you.

42
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

You don’t want to put time, effort and money into this if you aren’t going to come out with
profit.

Here are a few things that come into play with international ecommerce shipping.

1. Is my product suitable for international shipping?

Know what it takes to ship your products out of the country — or if those products are even
suitable for such long-distance shipping. Ideally, you ship items that are sturdy and compact to
avoid an item breaking in transit, which can leave a bad customer impression.

It is also important to be aware of any import and/or export restrictions subject to the product and
specific countries. Here’s a short list of items prohibited from international shipping: This
should not stop you from shipping internationally, though, and we’ll go over how you can
restrict items from shipping to certain destinations in a bit.

2. Is there demand for my product?

Do the research! It is pretty easy to determine if there is demand for your product if you have
already had requests from international customers.

But, if you don’t have the luxury of knowing who already wants your products, you should look
into what is currently being offered in countries you want to ship to. Try to find out if there are
similar products being sold and what the competitors are doing.

In the same way you’ve built your national audience, you’ll want to access the competition and
get your goods in front of your target audience.

But international consumers shop differently than you are used to. In Asia, for instance, Rakuten
outpaces Amazon. If your goods sell well in the U.S. on Amazon, consider placing your product
on Rakuten to test out market fit and demand.

Customs Documentation

You will be required to complete documents for your international shipments. The set of
documents you need to complete is dependent on the details of your shipment.
These documents include:
• Commercial invoice: The commercial invoice determines the true value of the product
you are shipping and is used when calculating the duties and taxes. This is completed by
the exporter and is required by the foreign buyer to prove ownership and arrange
payment.
• Export declaration: The export declaration is a form that provides information on the
amount, nature and value of your product to the statistical office for compilation of
foreign trade data and serves as an export control document.

43
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

• Certificate of origin: The certificate of origin is an official document authenticating

what country a shipment has come from and is prepared by the exporter.

Duties and Taxes

Duties and taxes are imposed by the country importing the shipment to generate revenue and
protect local industries against foreign competition.

These are usually paid before the goods are released from customs and are based on product
value, trade agreements, country of manufacture, use of the product and the product’s
harmonized system code.

These fees can be paid by the customer (delivery duty unpaid), or the merchant (delivery duty
paid). It is important to know the difference between the two before you make your first
shipment as you don’t want to unknowingly leave your customer with additional fees when they
receive their package.
• With delivery duty paid (DDP), you as the merchant are responsible for paying all
duties and taxes. This includes all costs from your warehouse to the end destination
such as transportation, customs clearance and handling expenses. The delivery duty will
be paid by the carrier and that bill will be sent to you. If you have the means to do this, it
is a much better option as it results in a richer experience for the customer.

• In contrast, delivery duty unpaid (DDU) requires payment from the recipient. You
will still be responsible for transportation costs, but the customer is then responsible for
paying the duty and other clearing expenses upon arrival. If the customer is not made
aware of this beforehand, it can lead to a sticky situation and a very unhappy customer. If
you use this method, be clear on product pages that this is the case. Do not wait until
after shipment to alert the customer.

Watch : http://www.ecommerce-digest.com/payment-systems.html
Read : https://seopressor.com/blog/what-is-c2b-ecommerce/
Review: https://www.toppr.com/guides/business-studies/emerging-modes-
ofbusiness/onlinetransactions-and-security-of-e-transactions/
https://neilpatel.com/blog/easy-payment-process/
https://link.springer.com/chapter/10.1007/978-3-642-21411-0_73

Activities/Assessments:

INDIVIDUAL:

44
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

List down the 9 online payment schemes in a yellow sheet of paper or save and send file to
schoology account as Assign5 LN, Yr. and Sec doc file.

Explain the process flow of c2b e-commerce, comment your views about each process step.
Write in a yellow sheet of paper or save and send to schoology account as Assign6 LN, Yr. and
Sec doc file.

List down and describe the security measures you may use in your e-commerce site

Write issues against security measures on a yellow paper or save and send to schoology account
as Assign12 LN, Yr. and Sec doc file.

GROUP/TEAMWORK.

With the right team in place, your goals clearly defined, and your approach or approaches
chosen, it’s time to implement your e-commerce shipping strategy.

Each team member or team leader should be clear on their responsibilities. You don’t have to do
everything all at once, but everyone should be clear on their duties each step of the way.
• Your marketing team should be ready to communicate your new approach to your
customers and potential customers.

• The web design or development team should get your site set up to offer these new
options.
• Your fulfillment team should be ready to make use of your new options and know how to
handle each option the customer chooses.

• Your customer service team should be educated in the benefits of each option you’re
now going to be offering your customers.

Once your new approach is live, make it the responsibility of each team to report on how well
things are going for them.

Often, a new approach will take some time to nail down, so if you have the evidence to back up
your changes, be prepared to stick with it and make some adjustments as you go.

45
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Part II. E-commerce Competitive Environment CHAPTER 5. INNOVATIONS IN

BANKING AND FINANCE

Overview

E-commerce transforms companies, including banking and financial systems in a

competitive environment local and abroad. Innovations in business start in banks and
financial firms. They use technology and e-commerce business practices to market their
products and services to the customers at the least cost and time.

Learning Objectives:

At the end of the lesson, students must be able to:

1. Appreciate the e-commerce applications in banking and finance.
2. Differentiate the advances in technological processes.
3. Suggest technological advances in the improvement of security issues among
banks and financial institutions.

Topics : Innovations in Banking and Finance

New competitive environment, home banking
Implementing home banking
Using personal finance software, Using on-line services,
Using the Web in Corporate Finance
Intranet in financial management, HR strategy, Finance software market

E-Commerce Innovations in Banking & Finance

E-commerce transforms banking and financial systems. There are three aspects in which
ecommerce can affect banking and finance. First, banks and financial firms can use the
technology and business practice of e-commerce to market their products to the customers.
Second, ecommerce provides a business opportunity for banks to offer new products and services
to serve the needs of e-commerce. Third, the new business environment associated with e-
commerce provides opportunity for institutional innovations in banking and finance, which can
help to lay a sounder foundation for the international financial system. Thus, e-commerce act as
an enabling factor to transform banking and finance in a radical manner.

Banking practices have changed in some ways to keep up with customer expectations and
technological demands set forth by e-commerce experiences. Here are some of the most
important current applications of e-commerce in banking.
46
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

1. Electronic billing
Electronic billing is one of the biggest benefits that e-commerce has brought to both consumers
and businesses. Banks now offer the ability to automatically pay your bills through their website
or on their app. Companies can send out electronic invoices to their customers and receive
payment automatically instead of waiting for and cashing a physical check. The connection
between the ability for banks to send and receive payment digitally and the rise of e-commerce
as a primary driver of sales and revenue in many businesses is not a coincidence; it would be
nearly impossible to effectively have one without the other.

2. ID verification
Banks can and should take identification very seriously. The job of a credible financial institution
is to ensure that the person spending is the person who should have access to the funds in the
account. This has become harder the more technology has advanced. But technology has also
helped drive innovation in the ability to confirm the identity and other credentials so that
customers can conduct their e-commerce transaction more securely, without the possibility of
data being stolen or leaked This identification process is not just a protection for the customer,
but also for the retailer or vendor. It’s the responsibility of all stakeholders – banks and e-
commerce retailers alike – to uphold ID verification and customer information security
standards.

3. Mobile payments
Mobile commerce, or m-commerce, is an important part of e-commerce. Mobile focused
commerce has become a new normal for many people who are now able to buy everything from
a dog sitter to a plane ticket from their phone. A smartphone has become another important
ecommerce tool, however – a digital wallet. Customers can now pay for many of their in-person
purchases with a smartphone app, whether it’s a bank-backed credit card app or an app like
Apple Pay which keeps payment options for customers’ various financial sources together in one
place for easy payment. While mobile payments are more often used to describe in-person digital
transactions, they are born out of the application of e-commerce in banking endeavors.

4. Digital-only banking
E-commerce has enabled app payments and transactions, leading the way for reeducation in
physical brick and mortar banks. While many large banks with an e-commerce presence do still
have in-person presences in certain communities, many banks have opened as online-only
operations, such as Ally. Mortgage brokers have joined the only online finance trend as well.
Having users interact with their banking primarily through an app is in line with how consumers
interact with many other parts of their daily lives, from paying for coffee to ordering groceries to
set doctor’s appointments and more. Online-only banks can also offer a better banking
experience by often being able to give customers a better interest rate on savings accounts or
loans because of the money the bank itself was able to save by not having to pay overhead costs
like rent, etc.

47
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

5. B2B innovation
The e-commerce experience has changed the way B2B buyers anticipate buying and selling
experiences to go. This has largely been due to the implication of e-commerce in banking in B2C
spheres. E-commerce has enabled banks to offer faster account opening, digital invoice payment,
and other conveniences that B2C buyers have long enjoyed. B2B buyers have experienced these
features in their non-business life and are making demands in the marketplace that their B2B
experience is more consistent and matches the rest of modern life. E-commerce and banking,
then, have a responsibility to continue to elevate the customer experience.

6. International commerce
E-commerce has made it easier for people to bank internationally or pay for goods and services
from another country without having to work around banking regulations or exchange rates.
Third-party vendors like PayPal work as a go-between for e-commerce retailers and financial
organizations and banks.

E-commerce has created a lot of opportunities for banking and the applications of e-commerce in
banking continue to grow, with both retailers and finance organizations working to create a better
customer experience through technology that will help businesses from both industries grow
revenue and strengthen their brand.

Here is a diagram on interaction methods that continue to evolve in banking and financial
institutions.

Dear students, please watch and read the following websites and perform the
activities/assessment mentioned.

Watch: https://www.businessinsider.com/future-of-banking-technology Read:

https://www.wowso.me/blog/technology-in-banking or:

Ten Banking Technologies That Are Shaping the Future

1. Augmented Reality
Immersive technologies such as Augmented, virtual, and mixed reality are enhancing customer
experience across the board. So why can’t they do the same for banking customers? The
possibilities of the implementation of augmented reality technology in the banking sector are
only limited by imagination, though these are still in a very early stage of development. The end-
state is to give customers complete autonomy in actions and transactions they could perform at
home. Hybrid branches are envisioned by technology experts who believe that bank branches as
we know them today are a thing of the past.
Source: PWC

Also See: 11 Banks That Have Successfully Adopted Augmented Reality

48
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

One of the implementations of augmented reality technology in banking sector, that is already
live, has been made by the Commonwealth Bank of Australia. They have created a rich date
augmented reality application for their customers who were looking to buy or sell a home. It
provides them with information like current listings, recent sales, and price tendencies to help the
customer make better decisions.

2. Blockchain
Blockchain is a catchall phrase used to describe distributed ledger technologies. You could think
of it as a distributed database with no DBA involved. It allows multiple parties to access the
same data simultaneously, and at the same time ensures the integrity and immutability of the
records entered in the database. At present, leading banks around the world are exploring proof
of concept projects across various aspects of banking and financial services.

The first major implementation that we are likely to see is in the areas for clearing and
settlement. Accenture estimates that investment banks would be able to save $10 billion by
deploying blockchain technology to improve the efficiency of clearing and settlement systems.
Another major area in which banks will see a huge saving by using blockchain technology is
KYC (Know Your Customer) operations. Business models being developed at the moment
would turn KYC from a cost centre into a profit centre for banks – as they would come to rely on
a shared blockchain for this activity. Syndicated loans, trade finance and payments are other
areas where the smart contracts on blockchain could be highly effective.

3. Robotic Process Automation

49
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

The volume
of
unstructured data
that the bank has to
process is increasing
exponentially with
the rise of the digital
economy. This is not
just banking
transaction data, but
also other behavioral
data that could
potentially allow the
banks to improve
and innovate
customer
experience.
This has made
bankers realize that
they need to find
technologies that can
mimic human action
and judgment but at
a higher speed,
scale, and
quality.

The answer that has emerged is a combination of various technologies that enable
cognitive and robotic process automation in banking. These technologies consist of machine
learning, natural language processing, chatbots, robotic process automation, and intelligent
analytics in banking that allow the bots to learn and improve.

It is no surprise that Deloitte’s 2017 State of Cognitive survey found that 88% of financial
service professionals believe that such technologies are a strategic priority. That said, the current
state of the art in robotic automation is still quite weak at the cognitive and analytical aspects of
the processes.

In the years to come, we will see the current cognitive capabilities being bundled with the robotic
process automation to achieve even better results. This is already being implemented in point-of
sale solutions that automatically suggest marketing promotions that would be most effective for
an individual customer.

50
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

4. Quantum Computing
Quantum computing is a way of using quantum mechanics to work out complex data operations.
As is common knowledge today, computers use bits that can have two values – 1 or 0. Quantum
computing uses “quantum bits” that can instead have three states – 1 or 0 or both. This unlocks
exponential computing power over traditional computing – when the right algorithm is used.

This represents a huge leap in computing power, but any commercial implementations are still
decades away. Nevertheless, firms like JPMorgan Chase and Barclays are investing in quantum
computing research in partnership with IBM.

5. Artificial Intelligence
The explosive growth that the last decade has seen in the amount of structured and unstructured
data available with the banks, combined with the growth of cloud computing and machine
learning technologies has created a perfect storm for Artificial Intelligence to be used across the
spectrum of banking and financial services landscape.

Business needs and capabilities of AI implementations have grown hand-in-hand and banks are
looking at Artificial Intelligence as a differentiator to beat down the emerging competition.
Artificial Intelligence allows banks to use the large histories of data that they capture to make
much better decisions across various functions including back-office operations, customer
experience, marketing, product delivery risk management, and compliance.

WEF report “the New Physics of Financial Services” has identified the following sector-specific
opportunities that will be opened thanks to AI deployment in banking and financial services.
These opportunities are spread across deposits, lending, payments, investment management,
capital markets, and market infrastructure.

Artificial intelligence would revolutionize banks by shifting the focus from the scale of assets to
scale of data. The banks would now aim to deliver tailored experiences to their customers rather
than build mass products for large markets.

Instead of retaining customers through high switching costs, banks would now be able to become
more customer-focused and retain them by providing high retention benefits. Most importantly,
banks would no longer just depend on human ingenuity for improving their services. Instead,
performance would be a product of the interplay between technology and talent.

6. API Platforms Source: CA

Technologies
The time when banks could control the whole customer experience through a monolithic system
that controlled everything from keeping records to every customer interaction is long gone. Both
the regulatory requirements and the revolving customer needs have turned this humongous
system into dinosaurs.

51
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Today banks need to instead build “banking stacks” that allow them to be a platform to which
customers and third-party service providers can connect to deliver a flexible and personalized
experience to the end user. To do so, they can use API platforms for banking. API Banking
Platform is designed to work through APIs that sit between the banks' backend execution and
frontend experiences provided by either the bank itself or third-party partners. This allows the
banks to adopt completely new business models and use cases (for example, enabling salary
advances) and experiment with new technologies like blockchain at low cost. APIs also help
banks to futureproof their systems as the front-end is no more tightly coupled with the backend.

7. Prescriptive Security
The nature of cyber risk changes at a great speed. This makes the traditional approaches to risk
management obsolete. It is now clear that it is impossible for organizations to eliminate all
possible sources of cyber threats and limiting the attack footprint at the earliest is the best way to
deal with these. The banks will have to be nimble in the way they approach cybersecurity.
Increasingly banks are deploying advanced analytic, real-time monitoring and AI to detect
threats and stop them from disrupting the systems. The use of big data analysis techniques to get
an earlier visibility of threats and acting to stop them before they happen is called prescriptive
security.

While the disruption brought by implementing the new technique may lead to an increase in
vulnerability at the start, this is the way forward to stop the ever-increasing data breaches that
various organizations are reporting.

8. Hybrid Cloud

One of the biggest challenges that the digital age has brought to banking is the need to respond
quickly. The constantly evolving market that banks operate in requires them to be as agile as

52
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

possible. They need to be able to provide resources across the enterprise in a timely manner to
address business problems faster.

High performing banks have discovered that the most cost-effective way of achieving this is
through an enterprise-wide hybrid cloud. This allows them to pick benefits of both public and
private while addressing issues like data security, governance, and compliance along with the
ability to mobilize large resources in a matter of minutes.

Hybrid cloud also allows banks to offer innovative new offerings to its customers. For example,
ICICI Bank has partnered with Zoho to allow businesses to automate the basic reconciliation
process through Zoho Books, a cloud accounting software. The partnership does away with the
need for data entry and also makes it easier to offer multiple payment options to the customers.

9. Instant Payments
As the world moves towards a less-cash economy, the customer expectations around payments
have changed dramatically. Both customers and business expect payments to happen
instantaneously, and this is where instant payment systems step in.

53
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Instantaneous payment is a must if online payments need to replace cash transactions. Therefore,
banks around the world are finding ways of providing their customers options for instant
payment, even when the infrastructure required for the service is lacking.

For example, banks in Kenya are partnering together to provide P2P payment experience to their
customer base. You would soon see banks combining their instant payment capabilities with
third-party e- and m-commerce solutions to develop a new portfolio of services.

10. Smart Machines

You must have already seen assistants like Amazon’s Alexa and Google Home in action. Can
you imagine the impact these could have on banking applications?
In fact, Bank of America has already developed Erica as a virtual assistant specifically for
banking operations. These smart machines are beginning to act as digital concierges for the
customer in interacting with banks as well.

Banks will have to invest in digital engagement to ensure long-lasting relationships with the
customer. Remember that customers will gravitate towards banks that are easiest to work with
when they are using technologies that they have become habituated to.

Summing it Up

According to a survey of bankers conducted by PwC: “Respondents say skills in their

organization lag across a range of highly important areas, including cybersecurity and privacy,
business development of new technologies and user experience and human-centered design.
Worse, skill levels have declined even as the demands of digital keep advancing.”
As the banks recognize this skill gap that stops them from transforming to meet the potential
presented by technology – they are beginning to invest significant amounts into banking
technologies they seem most relevant for their business models.

For example, blockchain might not be a priority for most industries today, but banks and
financial institutes foresee a great advantage in implementing these. Therefore, the financial
services industry sees them as a high priority investment.

Further, the evolution of the banking industry makes it imperative that technology becomes a
“core competency” with enterprise-wide engagement. The technology focus cannot be limited to
the top alone, or even to an IT department cutoff from the rest of the operations.
Finally, the focus of technology implementation must be customer experience – and not revenue
or cost savings. Those are important but will come automatically if you can retain customers in
the years to come.

In the years to come, bankers will have look at FinTech startups as partners rather than
competitors. Remember that a bank can be the biggest customer for a FinTech company and can
help them reach a newer customer base.

54
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

This is where developing a banking platform will come in handy and result in better customer
satisfaction. Bankers should work towards new business models where they own the customer
relationships and pull together FinTech resources from around the globe to generate the most
value for the end customer.

Review:
https://www.researchgate.net/publication257714381_The_Impact_of_Information_Technology_i
n_Banking_System_A_Case_Study_in_Bank_Keshavarzi_IRAN

Case Study 3. The Impact of Information Technology in Banking System (A Case Study in Bank
Keshavarzi IRAN) Saeid Khajeh dangolani Bank Keshavarzi, IRAN

Abstract

The advent of information technology in every aspect of human life and business has been so
obvious that it does not need to be accentuated more. Information technology has been of great
essence in banking systems. This study aims to investigate the effect of information technology
in the banking system of Bank Keshavarzi Iran. The data are obtained both through the
customers and the employees. The data were then analyzed using the exact percentage and the 5-
point Likert scale to determine the impact of Information technology in the banking system
affairs. The findings then proved that Information technology contributes to the banking system
in three different ways as follows: IT saves the time of the customers and the employees
conspicuously, IT cuts down the expenses and IT facilitates the network transactions. © 2011
Published by Elsevier Ltd.

Key words: Information Technology; Bank Keshavarzi Iran; time saving; expenses; network
transactions.

1. Introduction

All the necessities of modern life brought light to the fact that information for the modern
organization is a resource parallel in importance to land, labor and capital. It is very vital and a
priceless resource. It is no longer news that we are now in information age that is characterized
by an ever-changing information technology revolution and an information superhighway on
which every corporate entity and profession must more, if it is to survive in the 21st century.

The sector that has been most radically affected by the information technology developments is
the banking system. Information technology has become a critical business resource because its
absence could result in poor decisions and ultimately business failure. Technology has opened up
new markets, new products, new services and efficient delivery channels for the banking
industry. Online electronics banking, mobile banking and internet banking are just a few
examples.

55
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Information Technology has also provided the banking industry with the wherewithal to deal
with the challenges the new economy poses. Information technology has been the cornerstone of
recent financial sector reforms aimed at increasing the speed and reliability of financial
operations and of initiatives to strengthen the banking sector.

The IT revolution has set the stage for an unprecedented increase in financial activity across the
globe. The progress of technology and the development of worldwide networks have
significantly reduced the cost of global funds transfer. © 2011 Published by Elsevier Ltd.
Selection and/or peer review under responsibility of the 2nd World Conference on Psychology,
Counselling and Guidance.

14 Saeid Khajeh dangolani / Procedia - Social and Behavioral Sciences 30 (2011) 13 – 16 Saeid
Khajeh dangolani/ Procedia – Social and Behavioral Sciences 00 (2011) 000–000

It is information technology which enables banks to meet such high expectations of the
customers who are more demanding and are also more techno-savvy compared to their
counterparts of the yester years. They demand instant, anytime and anywhere banking facilities.
Other research shows that information technology has been providing solutions to banks to take
care of their accounting and back-office requirements.

This has, however, now given way to large scale usage in services aimed at the customer of the
banks. IT also facilitates the introduction of new delivery channels--in the form of Automated
Teller Machines, Net Banking, Mobile Banking and the like. Further, IT deployment has
assumed such high levels that it is no longer possible for banks to manage their IT
implementations on a standalone basis with IT revolution, banks are increasingly interconnecting
their computer systems not only across branches in a city but also to other geographic locations
with high-speed network infrastructure and setting up local area and wide area networks and
connecting them to the Internet. As a result, information systems and networks are now exposed
to a growing number. All in all, this auspicious technology influences the banking industry,
mainly in the following three aspects:

1. Technology is influencing competition and the degree of contestability in banking. Due to the
development of technology, the bank’s superiority in information has deteriorated. The entry
barrier has been declining, and a new competitor has emerged. Some financial products and
services have become more transparent and commodities, customers show a willingness to
unbundle the demand for financial products and services, all these lead to a more competitive
market environment. Due to lowered entry and exist and deconstruction, for some sub-
financial markets, contestability in banking is also raised.

2. Technology influence Economy of scale: Competitive pressure force banks to lower their
cost. Bank seeks to get economy of scale in bank procession instead of being a big bank. Bank
seeks to secure the optimal business structure and secure the competitive imperative of

56
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

economy of scale. There are other options to get economy of scale, including joint venture and
confederation of financial firms. Small firms also can get economy of scale by outsourcing,
i.e. buy in economy of scale.

3. Technology influences the economics of delivery

Technology has a major impact on the way banking and financial services are delivered. A wide
range of alternative delivery mechanism becomes available, Internet, ATM… these Reduces the
dependence on the branch network as a core delivery mechanism. With the development of
technology, the financial systems are substantially over-supplied with delivery system through a
duplication of network, bank has to change their delivery strategy, rationalize their branch
network strategy, and widen the range of delivery option. Banking industry has been taking
advantage of the following 22 Technology Products:

(1). Net Banking; (2). Credit Card Online; (3). One View; (4). InstaAlerts; (5). Mobile Banking;
(6). NetSafe; (7). e-Monies Electronic Fund Transfer; (8). Online Payment of Excise & Service
Tax.
(9). Phone Banking; (10). Bill Payment; (11). Shopping; (12). Ticket Booking; (13). Railway
Ticket
Booking through SMS; (14). Prepaid Mobile Recharge; (15). Smart Money Order; (16). Card to
Card Funds Transfer; (17). Funds Transfer (eCheques); (18). Anywhere Banking; (19). Internet
Banking; (20). Mobile Banking; (21). Bank@Home (i) Express Delivery; (22). Cash on Tap: (ii)
Normal Delivery.

The research questions are as follows:

1. Does IT have a meaningful effect on saving the time of the customers and the employees
of bank Keshavarzi Iran, Golestan province?
2. Does IT have a meaningful effect on cutting down the expenses of bank Keshavarzi Iran,
Golestan province?
3. Does IT have a meaningful effect on facilitating the network transactions of bank
Keshavarzi Iran, Golestan province?

2. The Review of Related Literature

The number of studies on information technology in literature is abounding and is dramatically

on the rise due to its indispensable significance in all aspects of our life. As Princhard and Cole
(1997) state, Information Technology (IT) is a term, which generally covers the harnessing of
electronic technology for the information needs of business at all levels. It is a computer-based
system as well as telecommunication technology for storage, processing and dissemination of
information. The role of information technology in the banking industry is accentuated too but
not sufficient in Iran. Lichtenberg (1995) concludes that there is significant benefit from
investment in Information Technology especially in the Banking Industry. Mario Castelino
(2006) suggests that Indian banking industry has provided the leading edge to what is happening

57
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

to the Indian economy. Banks have equipped themselves with the latest of technology--core
Banking. Business Process Reengineering has been introduced to enhance spleen and efficiency
of delivery.

Information Technology has basically been used under two different avenues in Banking. One is
Communication and Connectivity and the other is Business Process Reengineering. Information
technology enables sophisticated product development, better market infrastructure,
implementation of reliable techniques for control of risks and helps the financial intermediaries
to reach geographically distant and diversified markets. But focusing on both threats and
opportunities of information technology, Blili and Raymond (1993) concluded that the strategic
use of information technology can both threaten and benefit small and medium-sized enterprises
(SMEs). In this paper, the strategic importance of information technology is analyzed in light of
the specificity of these organizations. Planning approaches are then outlined, focusing on how
SMEs can attain a mastery of information technology for competitive advantage. There are also
statistical reports regarding the banking industry affected by IT announced by organizations
throughout the world. For instance, you can find those released by Computer Industry Report,
March 27, 1992, as follows:

The banking sector in the survey base saw budgets drop 10% on average in 1991 and expects
only average growth in 1992. With average site budgets more than $4 million, the highest in the
survey group, the downturn for banking has affected the entire IT market. Banking had the
highest negative rating in its attitude towards IS spending; almost half checked choices
indicating stable spending with no major growth in any area, or a contraction of spending.
Controlling costs is a critical imperative for nearly two-thirds of the banking community, by far
the highest ratio for any of the sectors surveyed. The replacements will presumably be largely
PCs, since banking had the lowest percentage (18%) agreeing that UNIX workstations are
becoming a viable alternative to traditional personal computers. A survey-low 29% of PCs in
banking were connected to a host computer, compared to an average of two-thirds.
Overwhelmingly the major activity of software staff at banking sites is systems or network
maintenance, which accounted for 60% of staff time compared to an average of 33%.Only 16%
of staff time went to developing new applications.

3. Method

Both Exploratory Research and Descriptive Research were used in accomplishing the objective
of the study.

3.1. Sampling Design

Random sampling is the sampling design of this study; it is the most appropriate design to use in
this study since the researcher decided the sample size of the study i.e., 100 bank customers and
a sample of 20 clerical and 20 managerial in the bank.

58
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

16 Saeid Khajeh dangolani / Procedia - Social and Behavioral Sciences 30 (2011) 13 – 16 Saeid
Khajeh dangolani/ Procedia – Social and Behavioral Sciences 00 (2011) 000–000

Primary research was conducted using questionnaire surveys to them. The researcher tallied,
scored, and tabulated all the responses in the provided survey questions. The researcher
conducted the survey personally with the respondents. Further research will be carried out
through consultation of books, journals, and magazines. Secondary data will support primary
data collection to show a clearer picture of the information technology's effect on Bank
Keshavarzi Iran.

4. Findings and Conclusion

The research brought to light the fact that IT has been of great impact on bank Keshavarzi Iran,
Golestan province. The findings both from the questionnaires and the library research reveal that
IT leads to saving the time of the customers and the employees conspicuously, cutting down the
expenses and facilitating the network transactions. The details are as follows:
Regarding the first research question, both the customers and employees believe that IT has a
meaningful effect on saving the time of the customers and the employees of bank Keshavarzi
Iran, Golestan province. (84% and 91% respectively) Apropos to the second question, around 91
% of the bank managers believe that IT has a meaningful effect on cutting down the expenses of
bank Keshavarzi Iran, Golestan province. Concerning the third research question, the customers
and bank employees answered that IT has a meaningful effect on facilitating the network
transactions of bank Keshavarzi Iran, Golestan province. (88% and 93% respectively). The data
gathered from the library research also approved the abovementioned results. The outcome of
this study is limited only to the data gathered from the books and journals about information
technology and its impact on bank Keshavrazi Golestan province and from the primary data
gathered from the result of the questionnaire survey and interview conducted by the researcher.
As the research was completed in a limited period of time other factors and variables are not
considered. This might have an impact on the results of the study. We cannot deny that the
advancement of technology was a necessity of the current era. Businesses need to adopt and
embrace new technologies to provide excellent business operation and services to their clients.
The bank industry is not an exception with regards to this adaptation. So it is worth suggesting
that the banking industry needs to spend more on IT and better apply IT to improve its
operations, customer services and products. Banks should devote more resources to development
of secure IT systems, services and products.

Activities/Assessments:

List down 5 changes in life, how technology affected banking industry. Use a yellow sheet of
paper or save and send file to schoology account as Assign7 LN, Yr. and Sec doc file

59
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Write the SWOT analysis about the video https://www.businessinsider.com/future-

ofbankingtechnology in a yellow sheet of paper, save and attach file to our schoology account as
: Assign8 LN, Yr. and Sec doc file

Write the Facts of the Case, Issues, and Recommendations cited in the Case Problem in another
sheet of paper, or save and send file as Assign9 LN, Yr. and Sec doc file

Online quiz

CHAPTER 6. NEW TRENDS IN E-COMMERCE

Overview

E-commerce changes the industry and a shift in consumer buying patterns. Demands from
consumers and merchants leads to the development of new technology and new ways of
doing business. M-commerce, Voice-commerce, Artificial intelligence is expected to be the
third wave and will allow consumers to buy products just by using their voice. AI can be
useful to understand the reactions of customers to the product or service purchased.
Moreover, it is important that retailers invest in this e-commerce trend to become more
competitive.

Learning Objectives
At the end of the lesson, students shall be able to:

1. Appreciate the impact of new trends in e-commerce

2. Use and integrate new technology described in the e-commerce project
ect development.

Topics : Voice search is growing, Mobile e-commerce,

Augmented Reality in online shopping
Chatbots e-commerce, 3D e-commerce, use of Artificial Intelligence,
More secure Digital Payment system

60
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Trends in E-commerce

The ecommerce world is becoming increasingly competitive. To stay ahead of the competition,
ecommerce trends need to be constantly monitored. No matter how matures your ecommerce
store is right now, if you don’t keep up with ecommerce trends, you’ll risk falling drastically
behind. You need to keep looking ahead to ensure future success. As we move into 2020, you
need to know these trends in order to take advantage of them. That’s why it’s so important that
ecommerce trends are analyzed and adopted in a timely manner. By doing this you can drive
your ecommerce brand forward and stay ahead of your competition.

In the past few years, we have witnessed numerous changes in the E-commerce industry and a
shift in consumer buying patterns.
E-commerce and Mobile Commerce have shown strong growth and more sales for the
merchants.

Voice commerce is expected to be the third wave and will allow consumers to buy products just
by using their voice.
In the year 2020, 50% of all the searches on the internet will be based on voice and 30% of all
the searches will be done using a device without a screen. According to juniper research, 1.5
billion devices are acting as digital voice assistants, and are predicted to grow to 8 billion by the
year 2023. The voice trend is enabled by digital voice assistants and these assistants are being
installed in a wide range of devices including smartphones, televisions, smart speakers, self-
service kiosks, home appliances, and even in cars. The tech giants who are aiming to own the
future of voice commerce are making it omnipresent across all the devices.

Business Potential of Voice Commerce

Interactions through voice make it easier for users to access the internet while driving or doing
their chores. Businesses that consider the numerous benefits of voice search reap considerable
benefits. We will go over the numbers which show how inevitably the voice industry is growing
stronger, as well as the ways in which businesses can make the most out of it. In the United
States, 21.6% of the population has accessed smart speakers through the Amazon devices which
hold 60% of the market as of May 2018. The digital assistant hardware and google voice search
gained traction of 25% of the market in 2018. Voice commerce and voice shopping are still very
new as only every fourth smart speaker owner has given it a try. But the users do not limit their
voice shopping to reorder or replace the items, they order new products as well, the average price
range is below $100. In the second quarter of 2018, the global market for voice search devices
increased by 187%. More than 8 million Google Home models were sold by Google in 2019 and
Amazon had sold more than 4.1 million Echo devices by the second quarter. By the end of 2024,
the global market for voice-based smart speakers could be worth $30 billion.

Voice Commerce: The Game Changer

Voice search has the potential to impact E-commerce quite significantly. It is not just a feature
but a game-changer for the market and we will talk about how it can be leveraged to maximize

61
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

the benefits to the E-commerce business. With the rise in voice technology, the branding will not
remain entirely visual, and it will be both heard and seen. The whole concept of marketing is
based on building the perception of a product in the customer’s mind so that it can grow and
scale. Your brand needs to focus on the core of marketing to call for better business.
Voice Commerce is AI-enabled and has completely changed the way we shop online and
communicate. Brands are persistently opting for new ways for payment, security, upsell,
promotion, and customer service without human intervention. Before long, voice commerce will
overpower the market and become as ordinary as mobile phones. The technology is already
picking pace and here are some of the ways how voice commerce is evolving the E-commerce
market today –
• In the USA, voice commerce accounted for $2 billion in sales last year and more than
35% of households have purchased retail items and consumables through voice
platforms.
• According to a recent survey, 22% of businesses have already released a voice
application and 44% of businesses are planning to do the same this year.
• 29% of the brands are offering purchases through voice, 31% have enabled renewals and
34% of the brands have enabled customers to access product/service information
through voice.
• 71% of businesses acknowledge that voice commerce can enhance user experience and
increase customer engagement. Around 66% of the businesses have already increased
their conversion rate, 45% of them have enabled voice services to track the orders and
32% of businesses provide search functionality through voice.
• The study also shows that 91% of the businesses are making huge investments in voice
and 94% of them are planning to increase their investment in the next year.

Mobile Commerce
Mobile commerce (alternately known as m commerce or m-commerce) is the browsing, buying,
and selling of products and services on mobile devices such as cellphones or tablets. In other
words, it's a complete online shopping experience, but with all the convenience of being on a
cellphone or tablet.
M-commerce is booming, and not showing any signs of slowing down. Within the next two
years, it is expected that most purchases will be completed using mobile devices.
• 96% of Americans own a cellphone (Source: Pew Research Center
• 8 out of 10 Americans shop on their mobile devices (Source: Pew Research Center
• Mobile commerce is expected to outpace non-mobile commerce in 2021
(Source:Statista
• Mobile digital advertising spend is nearly double that of desktop advertising spend—
$71B was spent on mobile advertising in 2018, while only $37B was spent on
desktop. (Source: Journalism.org
• On Black Friday of 2018, 66% of shopping was done on mobile devices.
(Source:PixelUnion

62
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Types of Mobile Commerce

Mobile commerce doesn't just refer to buying a product online—it includes all purchase decision
behaviors made using a mobile device.

The different types of mobile commerce include:

• Browsing products online using a mobile device
• Searching for specific products online using a mobile device
• Reading product reviews or viewing product comparisons on a mobile device
• Purchasing app-economy services (such as rideshare or food delivery apps)
• Purchasing or renting digital content (paid apps, video, music, etc.) on a mobile device
• Interacting with branded apps (such as the Amazon shopping app) on a mobile device
• Mobile banking
• Mobile retail payments (such as Samsung Pay or Apple Pay)
• Mobile person-to-person payments (such as Venmo or the Cash app)

With the rise of mobile technology, it is becoming less valuable to think about what mobile
commerce is and what isn't—almost all types of commerce, from shopping to investing, are
already being done on mobile. As such, much of the discussion around mobile commerce focuses
on user experiences when engaging in mobile commerce.

The Future of Mobile Commerce

The most prominent trend of mobile commerce is its market share growth. M-commerce
spending in 2018 totaled 501 billion, expected to grow to 740B by 2023:

Source: Statista
Another trend in m-commerce is that customers desire more information on mobile websites.

Studies show that 80% of smartphone users want more product information when shopping on
their mobile devices. A large part of m-commerce's appeal may be convenience, but if that
convenience comes at the sacrifice of information, customers will be sure to look elsewhere.
Make sure to include all of the information available on your desktop pages in a mobile-friendly
format— accordion menus and dropdowns can help control page length.

The last big trend, by far, is the rise of tablet commerce. Much of it has to do with the nature of
tablets themselves. With their larger screens and portability, tablets make it easier to navigate
mobile ecommerce websites. With these features, it's no surprise that 55% of tablet owners use
their tablets for online shopping, whereas only 28% of smartphone owners shop on that device.
With all its growing clout, m-commerce is the rising star of the ecommerce world. By
understanding it and keeping tabs on where it's going, business owners put themselves in the best
position to take advantage of all m-commerce has to offer hanks to customers’ increasing
demands for value-added services, the pace of this evolution looks set to be maintained over the
next 12 months. As expected, businesses now demand continuous innovation of and adoption of
emerging technologies in order to balance the market-demand pull with a healthy supply push.

63
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Augmented Reality in E-commerce allows customers to preview products or experience

services in their normal lives before buying. Using Augmented Reality, customers can preview
products and be more likely to pick the right product the first time. Check out our infographic.
“Augmented Reality in E-commerce” to know how augmented reality is improving the
experiences of online customers and how e-commerce businesses can increase their online
business by implementing augmented reality on e-commerce websites.

Point of Sale (POS) Retail

The revolution in the digital payment system has been the most significant factor to disrupt the
retail industry. Point of sale systems (POS Systems) are making inroads in the digital payment
industry, with the promise of time-saving conveniences for merchants and restaurants alike. But
retailers have so much to benefit from this continued transformation.

According to a recent analysis report, the Point of Sale (POS) industry will hit the $116 billion
mark by 2025, with a compound annual growth rate (CAGR) of 9.9%. today, customers
rightfully demand safe and unique shopping experiences while businesses depend on data to
improve their decision-making process, which makes the point-of-sale system a bridge the gap
between consumers and business owners.

The digital
transformation also
brings changes in the
payment systems in
the retail industry.
As the number of
mobile users
continue to increase,
cash and cash
registers have been
eliminated from the
retail space,
encouraging
technology to create
a portable
POS solution for
retailers.
Even in countries
like India where cash
was the preferred mode of payment, consumers in the cities now prefer card
payments to cash.

64
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Many startups today have now introduced digital payment solutions which allow consumers pay
from their smartphones while some other startups have introduced mobile point of sale (MPOS)
technology, which means retailers can easily accept card payments and ensure a personalized and
engaging shopping experience for their consumers. In the future, we can expect to see more
retailers introducing the mobile point of sale solution so they can accept cash, cards, and mobile
payments.

These new and emerging tech solutions have addressed the issues for small retailers who have
the type of data that was only accessible for big retailers and enterprises. Perhaps the use of big
data and analytics will be applied at every stage of the retail process in the future, to help
determine trends, predict consumer demands for fast-selling products, and identify consumers
who are likely to purchase these products.

Nowadays, retailers want their sales data or store transactions to be quickly accessible wherever
they are – from their smartphones, tablet, or computer. This is where cloud technology comes in.
An increasing number of pos systems are designed with integrated cloud solutions. In the future,
we can expect to witness the adoption of cloud-based tech solutions by many small-medium
sized retailers.

Ecommerce Payments
More and more shoppers are ditching the brick-and-mortar stores for online shopping. The
ecommerce industry is enjoying innovations in the digital payment systems, and the growth in
the industry is largely driven by the demand, convenience, and an increase in emerging checkout
technologies.

The payment habits of today’s shoppers continue to evolve. They no longer want to be restricted
by traditional modes of payment, and with emerging technologies taking center stage, they do
not have to be. As concerns surrounding the credibility of entering payment credentials in the
online space continue to increase, today’s shopper is getting savvier about their payment choices.

Checkout technology in the e-commerce industry has allowed merchants to integrate alternative
payment methods into their existing payment processes. Since consumers always prefer a hassle
free process, it is increasingly likely that merchants will try these new trends offered by
ecommerce merchant processors, in the very near future. Rather than worry about upgrading
outdated legacy systems, these alternative payment methods continually adapt to the needs of
merchants to enable them to satisfy the growing demands of today’s consumer.

Crypto Payments
We have come a long way since Satoshi Nakamoto’s innovation in November 2008. Major
advancements have been experienced in the capabilities of blockchain technology to ensure a
better future of electronic payments through cryptocurrencies. When considering the landscape
of digital or non-physical currencies today, consumers have raised a few concerns with using

65
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

companies that process fiat payments. But cryptocurrencies offer a lot more – and this is why it
is the future of electronic payments.

Cryptocurrencies solve the problem of privacy by providing better data security and making
payment processes safer for users. Another problem the consumer faces with fiat payment
processes is the issue of pending transactions. While some transactions can be completed on the
same day or the next, other payments might take weeks to complete.

These prolonged “pending” transactions is far from helpful for someone looking to balance an
account. As the future of electronic payments, cryptocurrencies can solve this problem by
ensuring instantaneous transactions almost 100% of the time. In cases where crypto payments do
not go through instantaneously, an unconfirmed transaction can be simply canceled without the
fear of losing funds.

Crypto payments are especially needed by merchants as they offer new competition. Many
traditional payment processing companies do not feel the need to reduce fees because merchants
do not have a lot of choices. Rather than working with only a handful of payment options,
merchants can now explore the thousands of alternatives cryptocurrencies offer. A growing
number of businesses already accept Bitcoin as well as other crypto payment options alongside
the traditional credit/debit card payments. In so doing, these merchants are able to decide what
works best for themselves – and for their customer.

Review: https://synergytop.com/blog/is-2020-the-year-for-voice-commerce/Is voice commerce

the next wave in commerce?

Activities/Assessment:

Identify 10 local and 10 international companies and describe how they use any of the new trends
in technology. Write your answer in a yellow sheet of paper or send file as Assign10 LN, Yr. and
Sec doc file.

66
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Part III. Communication, Infrastructure Framework and Security CHAPTER 7.

TRADITIONAL COMMUNICATION SYSTEM

Overview
Communication in e-commerce is essential as it affects sales and profitability as well as
how data or information are transferred and secured from one computer of the merchant to
another computer of the consumer. A well-run communications system keeps the
workplace more efficient by providing fast, secured and effective communication. At the
same time, as an aid in the decision-making process by offering easy access to relevant
information.

Learning Objectives:
At the end of this lesson, students should be able to:
1. Describe the changes in traditional business to electronic business transactions 2.
Identify technological breakthroughs in business in 2020 and beyond 3. Apply
knowledge learned.

Topics: Traditional Communication

Network Infrastructures, Value added network, ISDN X, 4000 and DSL
Electronic Data Interchange (EDI)
Standards of EDI, EDI system requirements
VAN-based EDI vs. Internet EDI
Intranet Commerce
Intranet architecture, Intranet application, Benefits and drawbacks

Watch: https://study.com/academy/lesson/what-is-b2b-marketing-
definition-examplesquiz.html Read: https://www.marketing-schools.org/types-of-
marketing/b2b-marketing.html or read the following:

Explore the Strategy of B2B Marketing

Have you ever considered how a Fortune 500 company provides new computers for its 1,000-
plus employees? They would never simply send an office manager to Best Buy for an order that
large, yet these transactions are vital for the future success of the business.

Business-to-business marketing (or B2B marketing, as it is commonly known) involves the sale
of one company’s product or service to another company. B2B marketing techniques rely on the
same basic principles as consumer marketing but are executed in a unique way. While consumers

67
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

choose products based not only on price but on popularity, status, and other emotional triggers,
B2B buyers make decisions on price and profit potential alone.

Finding new ways to foster relationships through social media is currently a hot topic in the B2B
marketing world. Social media platforms have opened up two-way conversations between
businesses. A survey organized by Chadwick Martin Bailey and immoderate, showed that
businesses are more likely to buy from companies they track through social media.

Tech-savvy B2B companies have continued to find innovative ways to use social media to their
advantage. Cisco Systems, Inc, a leading seller of networking systems, launched a campaign
introducing a new router solely on social media advertising. The launch was classified as one of
the top five in the company's history and shaved over $100,000 off normal launch expenses.

B2B marketing success doesn’t come from broadcasting a product over radio or television. B2B
marketing success comes from embedding your company in the industry, and making your
product seem like a staple. Get in front of niche buyers by:
• Hosting informational webinars
• Setting up booths at popular industry tradeshows
• Sending out email newsletters positioning your company as an industry expert
• Maintaining an active, interactive social media presence
• Attending industry networking events and building buyer relationships

At its core, B2B marketing involves building valuable relationships to guarantee lasting
customers -- an important goal for any company, whether a mega retail corporation or a smaller
family-owned one. (See also B2C Marketing)

The B2B market is the largest of all the markets and exceeds the consumer market in dollar
value. Companies like GE and IBM spend an estimated $60 million a day on goods that support
the operation of their business.

B2B marketing is largely employed by companies that make products that consumers have no
practical use for, such as steel. However, it is also used by companies selling products and
services bought by consumers and other businesses alike.

For example, Sprint (a consumer phone supplier) provides wireless, voice and data services to
both businesses and consumers. In fact, VHA, a healthcare purchasing network, recently agreed
to extend a three-year, $1.2 billion contract with Sprint. Sprint continues to be a nationwide
leader in both B2B and consumer marketing.

It is a good idea to reflect on the staying power and growth potential of an industry before you
make it your career. Consider these facts on the prevalence of B2B marketing:

68
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

• The purchases made by businesses, government agencies and institutions make up more
than half of all economic activity in the United States. (Dwyer and Tanner, 2006)
• In 2003, B2B marketers spent approximately $85 billion a year to promote their goods
and services. (Business Marketing Association)
• A 2001 study found that the dollar value of B2B transactions significantly exceeded that
of consumer transactions. (Hutt and Speh, 2001)

B2B marketers generally focus on four large

categories:
• Companies that use their products,
like construction companies who
buy sheets of steel to use in
buildings.
• Government agencies, the single
largest target and consumer of B2B
marketing.
• Institutions like hospitals and
schools.
• Companies that turn around and
resell the goods to consumers, like
brokers and wholesalers.

A B2B marketer can effectively put their product or service into the right hands by positioning
their offering in an exciting manner, understanding the customer’s needs, and proposing the right
solutions to combine the two (See also Persuasion Marketing).

It is important for B2B marketers to understand their clients’ needs before implementing any
marketing or advertising tactic. In consumer marketing, an effective advertisement can be blasted
out over wide channels, and a percentage of consumers will be driven to buy the product.
However, since B2B marketing is so much more specialized, marketers run the risk of alienating
their specific prospective candidates if they do not pay close attention to their needs before
tailoring their services to those needs.
• According to eMarketer, while US B2B spending will increase by 0.8% to $129 billion
by 2012, interactive B2B spending will increase by 9.2%, to $51.5 billion.
• BizReport found that 86% of B2B marketing firms use social media in their efforts,
compared to just 82% of consumer marketing firms.

TRADITIONAL COMMUNICATION SYSTEM PAGE | 69

Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

• The AMR International B2B Online Marketing Assessment and Forecast to 2013
predicts that B2B spend on social media will grow 21% through 2013 and spend on lead
generation sites will grow 17%.

A B2B marketing plan must be focused in delivery and broad in application. This means that
while consumer marketing can advertise very specifically (one mass-consumed product
advertised through print, television commercials and the Internet) to a wide audience, B2B
marketing cannot. Instead, it needs to brand itself very broadly (through email, corporate image
and technical specifications) to a very specific customer.

Business marketers can develop and decide how to employ their B2B plan by identifying and
understanding the importance of the following topics:
• The product or service: When marketing to consumers, there is an emotional component
involved. Individuals are drawn to products because of how they make them feel. With
B2B customers, the buyers are trained professionals who care about the quality of
products, their cost-saving and/or revenue-producing benefits, and the service provided
by the host company.
• The target market: Many B2B marketers can focus on very niche industries which reflect
specialized needs. While this can make marketing a bit more straightforward, it also
requires a high level of knowledge outside of marketing specialists.
• Pricing: Businesses are usually more concerned with cost, value, and revenue potential
than consumers. However, they can also be more readily convinced to pay top dollar – as
long as B2B marketers do an excellent job of convincing them that the product, quality
and customer service will be worthwhile.
• Promotion: B2B marketers need to be experts not only of marketing and advertising, but
experts within their fields. Once this happens, they will learn the best ways to market to
this field, whether it is through blogs, journals, tradeshows, or word of mouth. B2B
marketing very rarely employs traditional media like TV and radio commercials. (See
also Promotional Marketing)

A B2B career requires marketers to not only have a marketing background, but also a firm
understanding of business. B2B marketers are often creative-minded individuals who are
comfortable working with numbers, statistics, and outcomes. Because of the varied, specific
skills desired for this industry, there are a variety of careers that are involved with B2B
marketing, on both the seller’s and the buyer’s side.
• Marketing Manager Entry level: $57,750 10 yrs. exp: $112,800
• Sales Representative Entry level: $26,970 10 yrs. exp: $52,440 Marketing
Coordinator Entry level: $40,520 10 yrs. exp: $54,000

Source: Bureau of Labor Statistics, 2012

70
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

What do they do?

Marketing managers have the knowledge and training to manage and effectively strategize a B2B
campaign. They have gained the marketing knowledge and managerial skills needed to home in
on the specific needs of a niche or industry, and market their product or service effectively to fit
those needs. Professionals in the marketing field should have strong communications skills, but
in B2B positions, marketing managers also need a background in economics and business. This
way, they can more effectively market to experts in business and government.

Education and experience

Most marketing managers hold at least a bachelor's degree in marketing or a related major like
business, advertising, accounting, economics, mathematics, or statistics. Marketing managers
generally begin in entry-level marketing positions and work their way up the career ladder.

What do they do?

B2B sales representatives are responsible for implementing the marketing plans that are put into
place for their company’s product or service. They are the ones who develop and maintain
relationships with potential clients. As such, a B2B sales rep should have strong communication
skills and be able to connect with a variety of people. They need to have an interest and talent in
sales, negotiation and decision making.

Education and experience

A Bachelor’s degree in marketing or business administration is required to become a B2B sales
representative. Generally, it is a role that also requires 3-5 years of experience in the B2B sales
environment.

What do they do?

A B2B Marketing Coordinator organizes and implements the day-to-day tasks of building and
marketing a B2B brand. This position is usually in charge of communicating with a variety of
people to set up tradeshows, webinars and other events, as well as help produce written
marketing materials, client lists and email campaigns.

Marketing coordinators need to feel comfortable with statistics, analytics, and quality assurance
since they are generally responsible for the behind-the-scenes organization of an entire B2B
campaign. They should also have good communication and writing skills, since they will be
emailing and telephoning a variety of contacts to set up events and promotions. Education and
experience

Most marketing coordinators need a bachelor’s degree in marketing, event planning or a related
field, but generally need less experience than other positions in the B2B marketing field. They

TRADITIONAL COMMUNICATION SYSTEM PAGE | 71

Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

should have excellent time management and organizational skills and should be able to manage
multiple projects on tight deadlines.

A degree in marketing can lead you to a career in a variety of positions and fields, including
B2B. Knowledgeable marketing experts are the key to developing a B2B strategy that fulfills the
ultimate goal of getting the product or service sold to the right people.(See also B2B Product
Manager)

Earning a degree in marketing exposes students to the functions of advertising and selling, as
well as background in strategic business function, statistics and analytics. This gives students the
expertise to figure out what consumers and businesses are looking for, and the skills to produce
and deliver it to them in an efficient and pleasing manner.

Marketing programs place importance on the four pieces critical for B2B success: product,
promotion, price and place. They also generally impart skills in math, statistics, business and
behavior, as well as advertising principles. Students also learn more specific skills, like how to
conduct market research and analyze consumer data. It is important to understand the broad
business perspective required for success in the marketing field.

Because B2B marketing is so closely integrated with the principles of business, it may be
advisable to also earn a minor in business, or at least take some business courses as part of your
marketing education. This extra experience with economics and business principles can better
prepare you for building long-lasting relationships with other businesses. If you want to learn
more about how a marketing degree can help you build a successful B2B marketing career,
request information from schools offering marketing degrees today.

Review: https://study.com/academy/lesson/intranet-and-extranet-
comparinginformationand-data-dissemination.html or read:

What Are Intranets and Extranets?

John is an engineer for an automobile manufacturer.

He works with a team of engineers to redesign
current models of vehicles as well as create new
prototype vehicles. The design and development of
a vehicle is a collaborative process that relies
heavily on technology to connect engineers, project
managers, suppliers and vendors together.
This collaborative process is made possible using
Internet technologies that link different systems and

72
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

networks within an organization. John and his co-workers rely on two commonly used business
networks that use Internet technologies: the intranet and extranet.

John uses the intranet, or a private, internal, corporate network that utilizes the Internet, on a
daily basis. The intranet provides John and his co-workers with access to data across the entire
organization. Company personnel can access this private network but someone like you or me,
who is considered the public, cannot access the automaker's intranet. It is private and protected
by firewalls (or hardware or software designed to keep threats and unintended visitors from
accessing a private network). A firewall is like a security officer standing guard at a gate. The
security officer can either allow or deny access.

It is common for companies to provide external access to intranets. John also uses the company's
extranet, or private networks that are extended to users outside of the organization. An
organization can use an extranet to allow vendors and customers limited access to its intranet.
That means you and me could gain access to certain portions of the automaker's intranet through
the extranet. Once again, firewalls are used to secure and limit access to internal data while also
authenticating users. To gain access to the extranet, authentication will usually take the form of a
user ID and password.

Are you wondering what technologies enable the use of intranets and extranets? Well, intranets
and extranets make use of similar technologies to the World Wide Web. They use the
Transmission Control Protocol/Internet Protocol (TCP/IP), Web pages, and Web browsers for
access. They also use Web programming languages like Hypertext Markup Language (HTML).
Intranets and extranets operate similarly to the Internet, making a transition to these networks
very easy.

The Business Value

So why did John's automobile company decide to incorporate intranets and extranets into their
business processes? Well, the intranet is a critical system that provides business value by
enhancing communication and collaboration between John, his co-workers and management. It
can reduce business costs by streamlining processes and creating more operational efficiency.
John relies on the intranet for a variety of tasks. When he needs to call his project manager but
just can't remember his extension, he can use the intranet to find pertinent information such as
telephone numbers and extensions of employees. If John wishes to move up from engineer to
lead engineer, he can browse the intranet for job postings that may enable him to make the move.
John can use the intranet to view his pay stubs, make changes to his tax deductions, review the
company calendar for holidays and practically anything else he needs to know related to his job.
The intranet is also a valuable tool for collaboration. John's team of engineers and

TRADITIONAL COMMUNICATION SYSTEM PAGE | 73

Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

designers can use the intranet to disseminate information and keep all team members informed.
They can monitor the progress of the new vehicle project and make changes as needed.
Extranets provide business value by facilitating communication with customers, partners,
suppliers and vendors. John's employer can leverage their partnerships to become more
competitive. Extranets enable the organization to build and strengthen strategic relationships
with customers and suppliers. Collaboration is enhanced for better product design, development
and marketing.

Auto dealers can use the extranet to check on production and delivery dates. They can place
orders to meet customer demand. Suppliers can access information pertaining to new features or
vehicle colors to match their own products. John, our engineer, could access the company
intranet through the extranet to work on projects from home or while on business trips.
Customers could use the automaker's extranet to find specific information on their vehicle. They
could look up maintenance records, recalls, warranty information or even the current value.

Parameters Intranet Extranet

It refers to a private network that the The extranet helps an organisation
companies use for ensuring secure connect with its suppliers and customers.
Basics
collaboration and communication It thus helps different teams in an
among all the employees. organization to work in collaboration.
Internal departments of a company and
Types of Business partners, suppliers, and
all the employees of an organization
Users customers make use of the extranet.
make use of the intranet.
An intranet is used for establishing
An extranet is used for sending emails,
communication among internal
Used for accessing data, checking the status of
employees, used in telephone
various orders, and many more.
directories, and many more.
It is highly secure in nature. It is It establishes a very secure connection
Security configured in the firewall under the using the VPN technology over the level
100-security level. of Internal Medium security.
Regulating A single organization performs the Multiple organizations perform the
Authority regulation of the intranet. regulation of the extranet.
Owners A single organization owns it. Multiple organizations can own it.

74
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Activities/Assessments:

List down and explain business to business marketing guide in a yellow paper or save and send
file to schoology account as Assign11 LN, FN Yr. and Sec doc file

Write a short essay on your comments and views about B2B marketing in a yellow paper or save
and send file to schoology account as Assign12 LN, FN Yr. and Sec doc file

Compare and contrast intranet vs extranet citing examples for each in a yellow sheet of paper or
save and send file to schoology account as Assign13 LN, FN Yr. and Sec doc file

Online Midterm examination via schoology for students who can access internet.

TRADITIONAL COMMUNICATION SYSTEM PAGE | 75

Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

CHAPTER 8. INFRASTRUCTURE FRAMEWORK

Overview:

To organize the eCommerce platform more efficiently is to know effectively the

functionality of each e-commerce components and to ensure that eCommerce sites are fast,
secure, and most importantly, always available to buyers. Infrastructure is crucial because a
company’s website speed and optimized performance attract new customers and buyers.

Learning Objectives:
At the end of this lesson, students should be able to:

1. Illustrate differences of service infrastructure framework

2. Enumerate client requirements on hardware and software
3. Discuss internet application between e commerce processes

Topics
Cloud Service Infrastructure
Architecture, Web servers, Commerce servers,
Database servers, Transaction servers
Client considerations
Hardware requirement, Software requirement, Working with certificates Business
Process

Watch: https://www.cleo.com/blog/knowledge-base-edi-transactions Read:

https://www.compuquip.com/blog/what-is-a-service-infrastructure or read:

A simplified service infrastructure definition is that it’s an alternative term for “infrastructure-
asaservice” (IaaS). IaaS, in turn, is a type of cloud-based infrastructure service that gives
organizations remote access to computing resources.

These cloud infrastructure resources could be used for any number of tasks depending on the
capabilities of the IaaS provider and the goals of the company using them. Some businesses use
their service infrastructure to remotely store backups of their most critical data as part of a
disaster recovery solution—others use them to create entire secondary production environments
to instantly take over in case of an emergency as part of a business continuity plan (BCP).

76
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

What Are the Benefits of Using a Cloud Service Infrastructure?

The big benefit of using a cloud infrastructure service is that it provides near-immediate access to
new computing resources for a fraction of the cost of installing new hardware onsite. This is
possible because many infrastructure-as-a-service providers can invest heavily in robust
computing resources that exceed what companies not specializing in delivering those kinds of
resources can match.

To make the most efficient use of these resources, cloud infrastructure providers use
virtualization software to artificially split each of their assets into many smaller virtual devices.
Then, they rent out space or runtime on each virtualized asset to their customers. This helps to
mitigate the costs of computing by:
• Having multiple customers share the cost of a single computing resource.
• Bypassing the need to pay for installation (and eventual upgrade) of a large data center
asset; and • Eliminating the need to hire additional physical security in the client’s business
to protect the asset.
Instead, the cloud infrastructure company can handle all of the maintenance and physical asset
security on their end. However, as convenient and efficient as using cloud service infrastructure
can be, there are some challenges awaiting companies seeking to perform a cloud migration.

Why You Need Cybersecurity Defenses

Here’s a little secret that most cloud service infrastructure providers won’t tell you outright:
They are not responsible for the data security of any IT assets you keep in their cloud
infrastructures. They may provide all the physical security in the world for the facilities where
they keep their assets (CCTV surveillance, biometric processing checkpoints, etc.) and perimeter
security for the virtual environment (firewalls)—but it is usually the responsibility of the
customer to provide endpoint security and other cyber protection measures to safeguard any data
on the cloud.

Part of this is because of necessity—the cloud provider usually cannot control how you manage your
access controls, so they can’t guarantee protection from illegitimate use of your user accounts.
For example, if you terminate an employee and don’t delete their user account, the IaaS provider
won’t be able to block the estranged worker from using their legitimate access credentials to
steal information on the way out.

So, to keep your cloud infrastructure safe, you need to translate your on-premises infrastructure
security measures into cloud-enabled versions that can protect your remote computing resources
as vigorously. The issue is that not all endpoint security measures translate neatly to the cloud—

77
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

you may need to change security solution vendors to find a solution that works with your new
service infrastructure.

Review:
https://www.researchgate.net/publication/266034213_A_Case_Study_of_Internet_EDI_in_the
_ Retailing_Supply_Chain_A_Case_Study_of_Internet_EDI_in_the_Retailing_Supply_Chain
or read:

“A Case Study of Internet EDI in the Retailing Supply Chain A Case Study of Internet EDI in the
Retailing Supply Chain” Mak and Johnston 2019

Abstract

For many large retail companies with many suppliers, the utopian vision of total paperless
trading offered by traditional Electronic Data Interchange (EDI), with its attendant efficiencies,
has not been realized. Many small, but operationally important suppliers, lack enthusiasm for
traditional EDI because it is expensive, complicated and they stand to gain little from it. This
non-compliance prevents the large organization from realizing some of the most significant
tactical benefits of EDI such as advanced supply chain reforms. This paper presents a case study
of a large retail organization which is approaching this problem by integrating Internet based
EDI with its existing traditional EDI systems using an “intelligent gateway” concept. This will
allow them to leverage their considerable existing EDI investment by providing a relatively low-
cost data display and entry system tailored to the needs of small suppliers. In this way, greater
benefits should accrue from existing investment as 100% EDI compliance eliminates duplication,
but more importantly, enables advanced supply chain reforms such as “cross docking”. We argue
that this way of using the newly available Internet EDI products may have the greatest economic
impact on the retailing supply chain, at least in the near future.

Introduction

Many large retail companies have enthusiastically pursued Electronic Data Interchange, EDI,
with their suppliers for the reduced transaction cost, increased accuracy, and timeliness that it
offers (Johnston, 1998; Mak, 1998). Many have even reached the stage where a large proportion
of their replenishment transaction value is controlled by EDI. But the familiar Pareto principle
applies: 20% of their suppliers, by number, account for 80% of the transaction value. However, a
large proportion of suppliers, by number, usually small to medium-size enterprises (SMEs)
supplying small ranges of products, remain outside the electronic replenishment system. These
suppliers often lack the computer expertise and resources to implement EDI using the traditional
approach using the services of a Value. Added Network (VAN), expensive translation software

78
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

usually provided by the VAN, and private wide area networks (Iacovou et al, 1995; Mak, 1998;
Ritchie, 1994; Scala and McGrath, 1993).

Furthermore, with relatively simple business operations and a small number of trading partners,
they have little to gain from the integration and connectivity that EDI offers (Mak, 1998). This
makes it difficult for the large customer to achieve 100% EDI compliance, leaving them
supporting bothelectronic and paper-based systems, and creating a barrier to implementation of
advanced supply A Case Study of Internet EDI in the Retailing Supply Chain chain and logistics
management techniques. Evidently, the traditional approach to obtaining compliance by
threatening “resourcing” (Zinn, 1988) has not been effective with small suppliers. These key EDI
players are increasingly looking to the Internet as a means to solve this nagging problem. The
Internet is a world-wide network of networks with excellent throughput capabilities. Internet
transmission charges are low compared to those of a VAN and do not depend on the amount of
data transferred. More importantly, the Internet provides simple and widely understood new
methods for information exchange (Kalakota and Whinston, 1996; Hruska, 1995). Non-
EDIenabled trading partners can use a web browser to fill in a form-based web page representing
a business document, in order to comply with their EDI-enabled trading partner’s information
requirements. To access the Internet, they need only a personal computer, a modem and an
Internet Service Provider (ISP). They require a little more computer expertise than is now
becoming common knowledge.

The research reported in this paper addresses the issue of how the particular characteristics of the
Internet can be used to draw small suppliers into a large retailer’s Electronic Commerce network,
and what such an Internet based EDI system can contribute to the overall Electronic Commerce
aims of the retailer. The paper reports a case study of Australia’s largest retail chain, Coles Myer
Limited (CML), and its proposed new EDI infrastructure which is aimed at solving this problem.
Recognizing that there is a significant investment in traditional VAN-based EDI with large
suppliers, and also significant barriers to drawing small suppliers into this network, CML is
proposing to adopt an “intelligent gateway” between its own diverse systems platforms and its
suppliers which will allow the flexible routing of electronic documents via various media
(private VAN networks, Internet, Fax, direct lines) using various formatting standards
(traditional EDI standards, flat-files, web forms, etc.) based on supplier characteristics. In this
paper, “web forms” denotes all forms of web-based message including those not formatted using
traditional EDI standards. An important part of this new infrastructure is an Internet-based
document exchange system for use by small suppliers with little IT experience and at minimal
cost to them. The idea is to use the Internet-based system not to replace the existing system, but
rather, to leverage the investment in existing systems with the benefits of near 100% supplier EC
compliance. The case study illustrates a number of decisions a company must make in choosing
an Internet EDI strategy, based on the part it is expected to play in their total Electronic
Commerce (EC) system, and the functionality it must support.

79
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Case Study Methodology

Two major types of research activity were undertaken in this case study:

1. A semi-structured interview (and follow-up communications): this was conducted with

CML’s Electronic Trading Coordinator, Mr Dave Botherway, to establish the business problems
within CML’s current EDI infrastructure, the requirements of their new EDI infrastructure, and
the proposed solution.

2. Participatory research: one of us (HCM) participated in CML’s “Proof of Concept”

project as an observer, and in the product and Internet EDI strategy evaluation for CML’s front-
end Internet EDI system as an independent evaluator. For the “Proof Of Concept” project, CML
was working with software vendors to evaluate a number of EDI products with which to
implement the proposed EDI infrastructure, in order to prove that their proposed EDI
infrastructure is feasible and to determine which product best satisfies their business and
technical requirements. Data collection for the case study was based on interviews and e-mail
discussions with Mr Botherway, study of company documents, participation in the “Proof of
Concept” project as an observer, and participation in product evaluation for the front-end Internet
EDI system. Whenever a case study is conducted, there is always a concern about whether the
findings are supported by enough data, so that they can be applied to other businesses and
industries (Galliers,1992). There is no point in conducting case study activities if the results are
too specific and cannot be generalized. There are various options for case study activity (Yin,
1989), such as a multiple case study (or a multiple company survey) or a single in-depth case
study. In this case study, the single in-depth case study option was chosen for the following
reasons:

1. A detailed single case study can provide deep access to real business problems, which a less
detailed multiple case study may not. A Case Study of Internet EDI in the Retailing Supply
Chain 2. At the time of this case study, there were not sufficient Australian companies in the
position of developing Internet EDI systems, to conduct a multiple company survey.

3. CML is a leading-edge company in this area, due to their extensive involvement with EC.
They were in the process of designing a new EDI infrastructure to leverage their existing EDI
systems at the time of the study. Given the company size and the scope of their electronic
commerce implementation, CML is in a unique position to provide significant and reliable data.
Coles Myer Limited Profile Coles Myer Limited (CML) is Australian owned and is the largest
retailer in Australia. CML’s head office is in Melbourne, Victoria, and operates eleven retail
brands over 1,800 stores in Australia and New Zealand, including Coles, Bi-Lo, Myer Grace

80
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Bros, Myer Direct, Kmart, Target, Fosseys, Liquorland, Red Rooster, Katies and Officeworks. It
is Australia’s largest non-government employer with over 148,000 staff, and annual sales of over
$A19 billion.
CML spends over $A15 billion each year on buying merchandise and services (Coles Myer
Limited, 1997). It has more than 15,000 suppliers (including merchandise and service suppliers):
1,800 suppliers use the traditional EDI approach, while the rest use conventional paper-based
document processes via regular mail, phone calls or fax, to exchange business data with CML.
With the proposed new EDI infrastructure, CML expects to handle all their merchandise
suppliers (approximately 10,000 suppliers) through a single centralized EC system.

CML’s Current EDI Infrastructure

CML has various business applications for different retail brands, running on different system
platforms. Different types of suppliers require different message formats, for example,
EDIenabled suppliers require EDI formats, and non-EDI-enabled suppliers require paper-based
formats. CML uses multiple EDI translators to translate the various types of flat files generated
by their in-house business applications into EDI formatted documents and to transmit the
formatted data to their EDI-enabled suppliers on a store and forward basis via third party VAN.
For their non-EDIenabled suppliers, CML has to run a parallel manual process to exchange
paper-based business documents. A typical document exchange process in the manual system is
that CML sends a Purchase Order (PO) to their non-EDI-enabled supplier by regular mail or via
fax. That supplier then sends back a delivery docket. CML then manually enters the data from
the delivery docket into their in-house receiving application. Figure 1 shows the current EDI
infrastructure for CML. ColesMyer Limited (CML) Application for Target & MGB Application
for Kmart Application for
Coles Application for Other Manual System EDI Translator 1 EDI Translator 2 EDI Translator 3 Flat
files VANS EDI Enabled Suppliers EDI Docs Non-EDI
Suppliers FAX

Problems of Using the Current EDI Infrastructure

There are four types of problems with the current EDI infrastructure: Internal Problems; External.
Problems; Control Problems for Non-Electronic Document Exchanges; and Tactical Problems. A Case
Study of Internet EDI in the Retailing Supply Chain

Internal Problems Since CML needs to use a manual system to exchange business documents
with their non-EDI- enabled suppliers, they have to re-enter delivery dockets sent from these
suppliers into their in-house business applications. This delays the business process and may
increase document processing errors.

81
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Besides using the manual system, CML uses a number of different EDI translators for their
various types of business applications. Therefore, they cannot use a single EC/EDI system to
centrally manage data exchange with all their suppliers. External Problems Small suppliers lack
the technical support, financial and human resources to develop a traditional EDI system to
handle all the functionality that CML requires. According to Mr Botherway, the conventional
VAN-based EDI development cost for small suppliers, including the costs for purchasing and
EDI translator and communication software, is in the range of $A5,000 to $A20,000.

Transferring 10 kilobytes of data via a VAN might cost a SME, at list price, $A4 per document,
plus a $A100 monthly VAN subscription fee. While these costs may be justifiable to a larger
supplier who can gain mutual benefit from the investment, small suppliers generally have
primitive in-house business systems (often manual) and cannot use the potential benefits of
applicationtoapplication transfer of data which the traditional VAN-based EDI approach
promises, to justify the decision. With very few customers, they also gain little from the global
connectivity of traditional EDI. Therefore, the cost and lack of supplier benefits has been a large
barrier to CML bringing their small suppliers into their EC network within the traditional VAN-
based approach.

Control Problems for Non-Electronic Document Exchanges Using the manual system, it is very
difficult for CML to obtain high standards of data integrity for the delivery dockets received
from small suppliers. Small suppliers can alter the ordered quantity, price, or even the ordered
item in the PO, intentionally or by mistake, when they are preparing a delivery docket manually.
For CML, this may cause internal system accuracy problems, increased costs and business
disruption. Tactical Problems While small suppliers may not create significant transaction value,
their use of manual systems tends to make it difficult for CML to reap the potential benefits of
advanced supply chain reforms.

With the manual system, stock cartons delivered to CML’s main distribution center must be
manually verified and entered into the computer system at the distribution center before they can
be delivered to other stores. With a fully computerized system, the details of the delivered stock
could be updated into the computer system automatically once an electronic Advance Shipment
Notice (ASN) is received. Using the EAN standardized Serial Shipping Container Code (SSCC),
each carton can be given a unique bar coded shipment number, which associates it with an ASN.
By scanning this bar code, CML can re-direct a specific carton into an appropriate truck,
shipping to a specific store, without manual intervention in their carton sortation process at the
distribution center. This process is known as “Cross Docking”. For it to work effectively with
SSCC numbers as shipping labels, 100% adoption to electronic ASNs would be required.

82
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Business Requirements for New EDI Infrastructure Support of the Current EDI Infrastructure
Because CML and their EDI-enabled suppliers have invested large amounts of money and are
obtaining good benefits from their traditional EDI systems, they want to retain traditional EDI
operation for these parties. Moreover, as large volume of stock and sales data is being processed
by the traditional EDI systems, which might not easily migrate into other EDI or EC
infrastructures. A Case Study of Internet EDI in the Retailing Supply Chain VAN-based
approach may well be the most efficient and cost-effective way of reliably transferring critical
application to application data anyway.

One Centralized System

Instead of using multiple EDI translators, CML seeks to use one single centralized system to
perform data translation, while maintaining trading partner profiles and supporting multiple
transmission media such as the Internet, VAN, direct connection and fax.

Use of the Internet

Since most of the small suppliers have no use for the application-to-application EDI approach,
CML is offering alternative methods for their small suppliers. The Internet provides a medium
for transferring data at a very low cost. According to Mr Botherway, the incremental cost of
transferring a 10-kilo byte message is about $A0.50, which is mainly associated with the
telecommunication costs, such as telephone call charge, plus typically, a $A25 monthly
subscription fee for an Internet Service Provider (ISP). Small suppliers could use a CML
provided web-form Internet application as a data entry system, not necessarily in the traditional
EDI standard format needed for application-to-application data transfer. The transport
mechanism, known as Secure HyperText Transfer Protocol (HTTPS), used to convey these web
forms, may also be used to convey other file types, and may eventually virtually provide a low
cost alternative transport system even for standard EDI files.

Simple and Low-Cost Set-Up for Small Suppliers

Based on feedback from SMEs, CML has projected that the system set-up cost for each small
supplier should be less than $A500 for a manual entry system, or $A1,000 when bar code
scanning facilities are also included. The monthly running cost should not be greater than $A25
for an Internet Service Provider (ISP) subscription plus phone calls. Assuming small suppliers
have a PC, modem and telephone line, they can then simply use a web browser or a simple front-
end system incorporated with a web browser and Internet connection to exchange their E-form
business documents with CML.

83
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Requirements for Electronic Turnaround Documents

A turnaround document is a document requiring a reply using information provided by the

sender. A simple example of a manual turnaround document is a telephone bill. There are two
parts to a telephone bill: a charge statement and a payment slip. The charge statement shows all
the account and customer details, while the payment slip shows the telephone bill’s customer
reference number possibly in machine readable form, charge due-date, and total charge amount.
The payment slip is returned to the telephone company with the payment. With the customer
reference number on the payment slip, the telephone company can refer the payment to a
particular phone bill, possibly using bar code lookup. Since the payment slip is pre-prepared by
the telephone company, the data on it is more likely to be correct than if the customer produced a
separate reply.

CML wishes to apply this concept in electronic form to the proposed Internet EDI document
exchange system in order to maintain data integrity. Initially they will use turnaround PO/ASN
documents, later possibly adding turnaround quality control documents. CML will send a
Purchase Order (PO) using the Internet EDI system to their supplier with the details of ordered
items, such as product name, International Article Number (i.e., EAN-13), product price and
quantity ordered. The supplier will then send back an Advance Shipment Notice (ASN), when
the shipment is ready. The front-end data entry program only allows the user to base the ASN on
shipment details data from the PO. If all the ordered items in one specific PO cannot be
contained in one shipment, the supplier may need to prepare subsequent ASNs for further
shipments when they become available. The data flow for turnaround PO/ASN documents is
shown in figure 2.

An important part of the new infrastructure is the subsystems devoted to transferring data to
small suppliers using the Internet (shown shaded in figure 5). There are many products now
available for exchange of business documents over the Internet which use a wide range of
approaches, which have been extensively reviewed by the authors in previous publications.
These approaches differ mainly in their use, or non-use, of traditional EDI standards, whether
they involve third party Internet sites, and whether they force the use of software from the same
provider at both the sender and receiver sites. The choice between these various options should
be made on the basis of the degree of system integration (application-application or application-
to-person) and the degree of connectivity (global or hub-spoke) required of the Internet.

EDI system. On the basis of their evaluation process and “Proof of Concept” project, CML has
chosen an approach which uses software from a single provider to create both the CML hub and
the small supplier front-end data entry application. This allows for document exchanges not A
Case Study of Internet EDI in the Retailing Supply Chain structured using traditional EDI
standards and facilitates the participation of SMEs in the EC network, without needing full EDI
84
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

translation facilities. Given the limited requirements of their small traders, CML has chosen an
Internet EDI system based on the client server technology, which was determined to be most
appropriate for application-to-person system integration with hub and spoke connectivity. Using
this software, CML will create a centralized Internet hub server interfacing via the intelligent
gateway to existing applications and performing the transmission and receipt of Internet business
documents. Small suppliers can then use low-cost client software incorporating a web browser
for document display and data entry. CML will produce customized form-based document
templates using tools provided by the software vendor, and these will be distributed with the
suppliers’ front-end program.

Having chosen to use a client server approach, a business selecting an Internet EDI system must
then choose between products that use so called “thick client” or “thin client” approaches. In the
thin client approach, nearly all the data processing operations are performed by the server (hub)
program and the client software may consist of little more than a web browser. In the thick client
approach, the client program has some capability of processing the exchanged data,
independently of the hub. A typical example would be where the client program performs data
editing without having to refer back to data stored at the hub. This would generally result in
duplicate storage of data at the hub and client. It was therefore argued that a thick client approach
is more suitable when the business running the client program wishes to use the exchanged data
in their own applications, because in this case the well-known problems that attend data
duplication might be justified. Hence, we would normally associate the choice of thick client
approaches with a desire for application to-application system integration.

However, CML had an additional requirement that the small suppliers should be able to do much
of their data entry off-line, that is, while not connected to their ISP. This was considered
necessary to limit the connection costs incurred. Consequently, motivated by the desire for high
standard of data integrity, CML has chosen to adopt a thick client approach in order to enable
extensive data editing to be performed while processing off-line. While not a primary
requirement, this choice also reserves the opportunity for suppliers to integrate their in-house
applications with the front-end data entry system by re-using the local database or exporting the
data from the front-end system. A typical document exchange sequence is: the CML hub system
translates business documents from the gateway system into the web-form file format used for
the data exchange and stores them on an Internet server part of the hub. Using the provided front-
end, the supplier then retrieves these files from the CML hub through the Internet using Secure
Hypertext Transfer Protocol (HTTPS).

The front-end application stores this data in a local database and allows it to be displayed using
the pre-defined templates. In the creation of a turnaround document, editing rules specified in the
template will be enforced by the front-end software using data stored locally. Upon completion,

85
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

the turnaround response is translated into the appropriate exchange format and transmitted back
to the hub server.

The gateway software then translates this data into the appropriate flat file format required to
receive by the in-house application to update the central databases. This thick client approach to
data editing is straight forward for “once only” document exchanges, where the transferred
record is only used for editing and can then be discarded. Data synchronization problems are
more severe however, if several ASNs are allowed for a single Purchase Order, because then the
database records at the client site must be updated to record partial delivery information and
integrity retained for the duration of the Purchase Order.

Conclusion

The case study helps shed light on the place of the Internet in the wider Electronic Commerce
scene. CML does not consider Internet EDI to be a replacement for their traditional EDI systems:
instead, they view it as a way to leverage their current EDI investment. CML wants to maintain
their traditional EDI approach with EDI-enabled suppliers, but also to include small suppliers in
the total system for the benefits that 100% EDI usage can bring. A relatively small extra
investment by CML in providing a tailored document exchange system to their small suppliers,
which does not include functionality that these suppliers would not use, provides the potential for
much greater returns from their existing investment.

We argue from this case study that, while new EDI players may adopt Internet EDI strategies
from the start, given that traditional EDI has already been effectively implemented by many
large manufacturers and retail organizations and their large trading partners, this leveraging role
for Internet EDI may be its main economic significance soon. This claim could form a suitable
research hypothesis for future empirical or comparative studies. Although using the Internet as a
transport medium does not preclude the use of the traditional standard-based EDI approach, the
proliferation of Internet EDI software which does not use traditional standards appears to pose a
challenge to the concept of global application-to-application connectivity associated with
traditional EDI.

When Internet EDI plays the kind of supportive role described in this paper, this relaxation of
traditional requirement may not be a backward step. It provides greater flexibility for the large
players to develop systems quickly that meet their particular needs. Because application to
application and global business connectivity are not particularly important to small trading
partners, web-form formats can be used by them in a hub-spoke configuration, without
compromising global nature of the main network, or substantially undermining the original aims
of standards-based EDI. Internet Value Added Networks (IVANs) operating Internet sites which
accept these web-form formats and provide gateways to the traditional EDI private networks are
86
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

also providing an alternate solution to the connectivity problem. The concept of intelligent
gateways, either at a trading partner site or at a third-party site, seems to be emerging as a
solution to the compatibility problem, which in the traditional EDI vision was supposed to be
solved through the universal use of international standards. The Intelligent Gateway concept
however, shows an increasing recognition that there are different ways of achieving EDI, each
suitable to a particular scale of trading partner, all of which may need to be supported for a large
trader in order to achieve its Electronic Commerce objectives. Again, the place of traditional
standards in Internetbased EDI is a topic for further research

Activities/Assessments:

List down in a yellow paper transaction applied in EDI or save and send file to our schoology
account as Assign14 LN, FN Yr. and Sec doc file

Why is there a need for service infrastructure, cite examples for each of the 5 reasons identified in
a yellow paper or save and send to schoology account as Assign15 LN, FN Yr. and Sec doc file.

Make a SWOT analysis for the Case Study of Internet EDI in the Retailing Supply Chain in a yellow
paper or save and send to schoology account as Assign16 LN, FN Yr. and Sec doc file

87
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

CHAPTER 9. SECURITY CONSIDERATIONS

Overview

E-commerce security is the protection of e-commerce assets from unauthorized access, use,
alteration, or destruction. This chapter discuss the different measures to secure network and
application sites.

Learning Objectives:

At the end of this lesson, students should be able to:

1. Understand and apply requirement for safe e-payment/transaction.
2. Discuss 5 cryptography security issues and considerations in E commerce.
3. Identify the pros and cons of PKI.
4. Appreciate the use of network and application security

Topics
Cryptography overview
Symmetric key encryption, public key encryption, Application of public key encryption
Digital certificates, Digital signatures, public key infrastructure (PKI)
Network and application security
Security protocol, Application and messaging security, Virtual private network (VPN)

Watch: http://i.gov.ph/pnpki/
Read : https://www.garykessler.net/library/crypto.html or read below:

Security

Security is an essential part of any transaction that takes place over the internet. Customers will
lose his/her faith in e-business if its security is compromised. Following are the essential
requirements for safe e-payments/transactions −
• Confidentiality − Information should not be accessible to an unauthorized person. It should
not be intercepted during the transmission.
• Integrity − Information should not be altered during its transmission over the network.

88
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

• Availability − Information should be available wherever and whenever required within a time
limit specified.
• Authenticity − There should be a mechanism to authenticate a user before giving him/her
access to the required information.
• Non-Reputability − It is the protection against the denial of order or denial of payment. Once
a sender sends a message, the sender should not be able to deny sending the message.
Similarly, the recipient of message should not be able to deny the receipt.
• Encryption − Information should be encrypted and decrypted only by an authorized user.
• Auditability − Data should be recorded in such a way that it can be audited for integrity
requirements.

Major security measures are following:

• Encryption − It is a very effective and practical way to safeguard the data being transmitted
over the network. Sender of the information encrypts the data using a secret code and only the
specified receiver can decrypt the data using the same or a different secret code.
• Digital Signature − Digital signature ensures the authenticity of the information. A digital
signature is an e-signature authenticated through encryption and password.
• Security Certificates − Security certificate is a unique digital id used to verify the identity of
an individual website or user.

Security Protocols in Internet

We will discuss here some of the popular protocols used over the internet to ensure secured online
transactions.

Secure Socket Layer (SSL). It is the most commonly used protocol and is widely used across the
industry. It meets following security requirements − • Authentication
• Encryption
• Integrity
• Non-reputability

"https://" is to be used for HTTP urls with SSL, where as "http:/" is to be used for HTTP urls without
SSL.

Secure Hypertext Transfer Protocol (SHTTP) extends the HTTP internet protocol with public key
encryption, authentication, and digital signature over the internet. Secure HTTP supports multiple
security mechanism, providing security to the end-users. SHTTP works by negotiating encryption
scheme types used between the client and the server.

89
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Secure Electronic Transaction

It is a secure protocol developed by MasterCard and Visa in collaboration. Theoretically, it is the best
security protocol. It has the following components −
• Card Holder's Digital Wallet Software − Digital Wallet allows the card holder to make
secure purchases online via point and click interface.
• Merchant Software − This software helps merchants to communicate with potential
customers and financial institutions in a secure manner.
• Payment Gateway Server Software − Payment gateway provides automatic and standard
payment process. It supports the process for merchant's certificate request.
• Certificate Authority Software − This software is used by financial institutions to issue
digital certificates to card holders and merchants, and to enable them to register their account
agreements for secure electronic commerce.

There are many aspects to security and many applications, ranging from secure commerce and
payments to private communications and protecting health care information. One essential aspect
for secure communications is that of cryptography. But it is important to note that while
cryptography is necessary for secure communications, it is not by itself sufficient. The reader is
advised, then, that the topics covered here only describe the first of many steps necessary for
better security in any number of situations.

This paper has two major purposes. The first is to define some of the terms and concepts behind
basic cryptographic methods, and to offer a way to compare the myriad cryptographic schemes
in use today. The second is to provide some real examples of cryptography in use today. (See
Section A.4 for some additional commentary on this...)

DISCLAIMER: Several companies, products, and services are mentioned in this tutorial. Such
mention is for example purposes only and, unless explicitly stated otherwise, should not be taken
as a recommendation or endorsement by the author.

Basic Concepts of Cryptography

Cryptography — the science of secret writing — is an ancient art; the first documented use of
cryptography in writing dates to circa 1900 B.C. when an Egyptian scribe used non-standard
hieroglyphs in an inscription. Some experts argue that cryptography appeared spontaneously
sometime after writing was invented, with applications ranging from diplomatic missives to
wartime battle plans. It is no surprise, then, that new forms of cryptography came soon after the
widespread development of computer communications. In data and telecommunications,

90
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

cryptography is necessary when communicating over any untrusted medium, which includes just
about any network, particularly the Internet.

There are five primary functions of cryptography:

1. Privacy/confidentiality: Ensuring that no one can read the message except the intended
receiver. Authentication: The process of proving one's identity.
2. Integrity: Assuring the receiver that the received message has not been altered in any way
from the original.
3. Non-repudiation: A mechanism to prove that the sender really sent this message.
4. Key exchange: The method by which crypto keys are shared between sender and receiver.

In cryptography, we start with the unencrypted data, referred to as plaintext. Plaintext is encrypted
into ciphertext, which will in turn (usually) be decrypted back into usable plaintext. The encryption
and decryption is based upon the type of cryptography scheme being employed and some form of
key. For those who like formulas, this process is sometimes written as:
C = Ek(P)
P = Dk(C)

where P = plaintext, C = ciphertext, E = the encryption method, D = the decryption method,

and k = the key.

Given this, there are other functions that might be supported by crypto and other terms that one might
hear:
• Forward Secrecy (aka Perfect Forward Secrecy): This feature protects past encrypted
sessions from compromise even if the server holding the messages is compromised. This
is accomplished by creating a different key for every session so that compromise of a
single key does not threaten the entirety of the communications.
• Perfect Security: A system that is unbreakable and where the ciphertext conveys no
information about the plaintext or the key. To achieve perfect security, the key has to be
at least as long as the plaintext, making analysis and even brute-force attacks impossible.
One-time pads are an example of such a system.
• Deniable Authentication (aka Message Repudiation): A method whereby participants in
an exchange of messages can be assured in the authenticity of the messages but in such a
way that senders can later plausibly deny their participation to a third-party.

In many of the descriptions below, two communicating parties will be referred to as Alice and
Bob; this is the common nomenclature in the crypto field and literature to make it easier to
identify the communicating parties. If there is a third and fourth party to the communication, they
will be referred to as Carol and Dave, respectively. A malicious party is referred to as Mallory,
an eavesdropper as Eve, and a trusted third party as Trent.

91
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Finally, cryptography is most closely associated with the development and creation of the
mathematical algorithms used to encrypt and decrypt messages, whereas cryptanalysis is the
science of analyzing and breaking encryption schemes. Cryptology is the umbrella term referring
to the broad study of secret writing and encompasses both cryptography and cryptanalysis.

Types of Cryptographic Algorithms

There are several ways of classifying cryptographic algorithms. For purposes of this paper, they
will be categorized based on the number of keys that are employed for encryption and
decryption, and further defined by their application and use. The three types of algorithms that
will be discussed are (Figure 1):
Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption; also called
symmetric encryption. Primarily used for privacy and confidentiality.

FIGURE 1: Three types of cryptography: secret key, public key,

and hash function.

• Public Key Cryptography (PKC): Uses one key for encryption and another for decryption;
also called asymmetric encryption. Primarily used for authentication, non-repudiation, and
key exchange.
• Hash Functions: Uses a mathematical transformation to irreversibly "encrypt" information,
providing a digital fingerprint. Primarily used for message integrity.
92
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

1. Secret Key Cryptography

Secret key cryptography methods employ a single key for both encryption and decryption. As
shown in Figure 1A, the sender uses the key to encrypt the plaintext and sends the ciphertext to
the receiver. The receiver applies the same key to decrypt the message and recover the plaintext.
Because a single key is used for both functions, secret key cryptography is also called symmetric
encryption.

With this form of cryptography, it is obvious that the key must be known to both the sender and
the receiver; that, in fact, is the secret. The biggest difficulty with this approach, of course, is the
distribution of the key (more on that later in the discussion of public key cryptography). Secret
key cryptography schemes are generally categorized as being either stream ciphers or block
ciphers.

93
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Stream ciphers operate on a single bit (byte or computer word) at a time and implement some

that the keystream will eventually repeat.

A block cipher is so-called because the scheme encrypts one fixed-size block of data at a time. In
a block cipher, a given plaintext block will always encrypt to the same ciphertext when using the
same key (i.e., it is deterministic) whereas the same plaintext will encrypt to different ciphertext
in a stream cipher. The most common construct for block encryption algorithms is the Feistel
cipher, named for cryptographer Horst Feistel (IBM). As shown in Figure 3, a Feistel cipher
combines elements of substitution, permutation (transposition), and key expansion; these
features create a large amount of "confusion and diffusion" (per Claude Shannon) in the cipher.
One advantage of the Feistel design is that the encryption and decryption stages are similar,

94
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

sometimes identical, requiring only a reversal of the key operation, thus dramatically reducing
the size of the code (software) or circuitry (hardware) necessary to implement the cipher. One of
Feistel's early papers describing this operation is "Cryptography and Computer Privacy"
(Scientific American, May 1973, 228(5), 15-23).Block ciphers can operate in one of several
modes; the following are the most important:

FIGURE 3: Feistel cipher. (Source: Wikimedia Commons)

• Electronic Codebook (ECB) mode is the simplest, most obvious application: the secret
key is used to encrypt the plaintext block to form a ciphertext block. Two identical
plaintext blocks, then, will always generate the same ciphertext block. ECB is
susceptible to a variety of brute-force attacks (because of the fact that the same plaintext
block will always encrypt to the same ciphertext), as well as deletion and insertion
attacks. In addition, a single bit error in the transmission of the ciphertext results in an
error in the entire block of decrypted plaintext.
• Cipher Block Chaining (CBC) mode adds a feedback mechanism to the encryption
scheme; the plaintext is exclusively-ORed (XORed) with the previous ciphertext block
prior to encryption so that two identical plaintext blocks will encrypt differently. While
CBC protects against many brute-force, deletion, and insertion attacks, a single bit error

95
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

in the ciphertext yields an entire block error in the decrypted plaintext block and a bit
error in the next decrypted plaintext block.
• Cipher Feedback (CFB) mode is a block cipher implementation as a self-synchronizing
stream cipher. CFB mode allows data to be encrypted in units smaller than the block
size, which might be useful in some applications such as encrypting interactive terminal
input. If we were using one-byte CFB mode, for example, each incoming character is
placed into a shift register the same size as the block, encrypted, and the block
transmitted. At
the receiving side, the ciphertext is decrypted and the extra bits in the block (i.e.,
everything above and beyond the one byte) are discarded. CFB mode generates a
keystream based upon the previous ciphertext (the initial key comes from an
Initialization Vector [IV]). In this mode, a single bit error in the ciphertext affects both
this block and the following one.
• Output Feedback (OFB) mode is a block cipher implementation conceptually similar to
a synchronous stream cipher. OFB prevents the same plaintext block from generating
the same ciphertext block by using an internal feedback mechanism that generates the
keystream independently of both the plaintext and ciphertext bitstreams. In OFB, a
single bit error in ciphertext yields a single bit error in the decrypted plaintext.
• Counter (CTR) mode is a relatively modern addition to block ciphers. Like CFB and
OFB, CTR mode operates on the blocks as in a stream cipher; like ECB, CTR mode
operates on the blocks independently. Unlike ECB, however, CTR uses different key
inputs to different blocks so that two identical blocks of plaintext will not result in the
same ciphertext. Finally, each block of ciphertext has specific location within the
encrypted message. CTR mode, then, allows blocks to be processed in parallel — thus
offering performance advantages when parallel processing and multiple processors are
available — but is not susceptible to ECB's brute-force, deletion, and insertion attacks.

A good overview of these different modes can be found at CRYPTO-IT.

Secret key cryptography algorithms in use today — or, at least, important today even if not in use —
include:
• Data Encryption Standard (DES): One of the most well-known and well-studied SKC
schemes, DES was designed by IBM in the 1970s and adopted by the National Bureau
of Standards (NBS) [now the National Institute for Standards and Technology (NIST)]
in 1977 for commercial and unclassified government applications. DES is a Feistel
blockcipher employing a 56-bit key that operates on 64-bit blocks. DES has a complex
set of rules and transformations that were designed specifically to yield fast hardware
implementations and slow software implementations, although this latter point is not
significant today since the speed of computer processors is several orders of magnitude
faster today than even twenty years ago. DES was based somewhat on an earlier cipher
from Feistel called Lucifer which, some sources report, had a 112-bit key. This was

96
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

rejected, partially in order to fit the algorithm onto a single chip and partially because of
the National Security Agency (NSA). The NSA also proposed a number of tweaks to
DES that many thought were introduced in order to weaken the cipher; analysis in the
1990s, however, showed that the NSA suggestions actually strengthened DES, including
the removal of a mathematical back door by a change to the design of the S-box (see
"The Legacy of DES" by Bruce Schneier [2004]).

DES was defined in American National Standard X3.92 and three Federal Information Processing
Standards (FIPS), all withdrawn in 2005: o FIPS 46-3: DES (Archived file) o FIPS 74:
Guidelines for Implementing and Using the NBS Data Encryption
Standard o FIPS 81: DES Modes of
Operation
Information about vulnerabilities of DES can be obtained from the Electronic Frontier Foundation.
Two important variants that strengthen DES are: o Triple-DES (3DES): A variant of DES that
employs up to three 56-bit keys and makes three encryption/decryption passes over
the block; 3DES is also described in FIPS 46-3 and was an interim replacement to
DES in the late-1990s and early2000s. o DESX: A variant devised by Ron Rivest. By
combining 64 additional key bits to the plaintext prior to encryption, effectively
increases the keylength to 120 bits.
More detail about DES, 3DES, and DESX can be found below in Section 5.4.
• Advanced Encryption Standard (AES): In 1997, NIST initiated a very public, 4-1/2 year
process to develop a new secure cryptosystem for U.S. government applications (as
opposed to the very closed process in the adoption of DES 25 years earlier). The result,
the Advanced Encryption Standard, became the official successor to DES in December
2001. AES uses an SKC scheme called Rijndael, a block cipher designed by Belgian
cryptographers Joan Daemen and Vincent Rijmen. The algorithm can use a variable
block length and key length; the latest specification allowed any combination of keys
lengths of 128, 192, or 256 bits and blocks of length 128, 192, or 256 bits. NIST initially
selected
Rijndael in October 2000 and formal adoption as the AES standard came in
December 2001. FIPS PUB 197 describes a 128-bit block cipher employing a 128-, 192,
or 256-bit key. The AES process and Rijndael algorithm are described in more detail
below in Section 5.9.

As an aside, the New European Schemes for Signatures, Integrity and Encryption (NESSIE), was
designed as an independent project meant to augment the work of NIST by putting out an open
call for new cryptographic primitives. NESSIE ran from about 2000-2003. While several new
algorithms were found during the NESSIE process, no new stream cipher survived cryptanalysis.
As a result, the ECRYPT Stream Cipher Project (eSTREAM) was created, which has approved a
number of new stream ciphers for both software and hardware implementation.

97
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Similar — but different — is effort of the Japanese Government Cryptography Research and
Evaluation Committee (CRYPTREC) to evaluate algorithms submitted for government and
industry applications. They, too, have approved a number of cipher suites for various
applications.
• CAST-128/256: CAST-128, described in Request for Comments (RFC) 2144, is a
DESlike substitution-permutation crypto algorithm, employing a 128-bit key operating
on a 64bit block. CAST-256 (RFC 2612) is an extension of CAST-128, using a 128-bit
block size and a variable length (128, 160, 192, 224, or 256 bit) key. CAST is named for
its developers, Carlisle Adams and Stafford Tavares, and is available internationally.
CAST256 was one of the Round 1 algorithms in the AES process.
• International Data Encryption Algorithm (IDEA): Secret-key cryptosystem written by
Xuejia Lai and James Massey, in 1992 and patented by Ascom; a 64-bit SKC block
cipher using a 128-bit key. Also available internationally.
• Rivest Ciphers (aka Ron's Code): Named for Ron Rivest, a series of SKC algorithms.
o RC1: Designed on paper but never implemented.
o RC2: A 64-bit block cipher using variable-sized keys designed to replace DES. It's
code has not been made public although many companies have licensed RC2 for use
in their products. Described in RFC 2268.
o RC3: Found to be breakable during development. o RC4: A stream cipher using
variable-sized keys; it is widely used in commercial cryptography products. An
update to RC4, called Spritz (see also this article), was designed by Rivest and Jacob
Schuldt. More detail about RC4 (and a little about Spritz) can be found below in
Section 5.13.
o RC5: A block-cipher supporting a variety of block sizes (32, 64, or 128 bits), key
sizes, and number of encryption passes over the data. Described in RFC 2040.
o RC6: A 128-bit block cipher based upon, and an improvement over, RC5; RC6 was
one of the AES Round 2 algorithms.
• Blowfish: A symmetric 64-bit block cipher invented by Bruce Schneier; optimized for
32bit processors with large data caches, it is significantly faster than DES on a
Pentium/PowerPC-class machine. Key lengths can vary from 32 to 448 bits in length.
Blowfish, available freely and intended as a substitute for DES or IDEA, is in use in a
large number of products.
• Twofish: A 128-bit block cipher using 128-, 192-, or 256-bit keys. Designed to be highly
secure and highly flexible, well-suited for large microprocessors, 8-bit smart card
microprocessors, and dedicated hardware. Designed by a team led by Bruce Schneier
and was one of the Round 2 algorithms in the AES process.
• ARIA: A 128-bit block cipher employing 128-, 192-, and 256-bit keys to encrypt 128-bit
blocks in 12, 14, and 16 rounds, depending on the key size. Developed by large group of
researchers from academic institutions, research institutes, and federal agencies in South
Korea in 2003, and subsequently named a national standard. Described in RFC 5794.
98
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

• Camellia: A secret-key, block-cipher crypto algorithm developed jointly by Nippon

Telegraph and Telephone (NTT) Corp. and Mitsubishi Electric Corporation (MEC) in
2000. Camellia has some characteristics in common with AES: a 128-bit block size,
support for 128-, 192-, and 256-bit key lengths, and suitability for both software and
hardware implementations on common 32-bit processors as well as 8-bit processors
(e.g., smart cards, cryptographic hardware, and embedded systems). Also described in
RFC 3713. Camellia's application in IPsec is described in RFC 4312 and application in
OpenPGP in RFC 5581.
• CLEFIA: Described in RFC 6114, CLEFIA is a 128-bit block cipher employing key
lengths of 128, 192, and 256 bits (which is compatible with AES). The CLEFIA
algorithm was first published in 2007 by Sony Corporation. CLEFIA is one of the new-
generation lightweight blockcipher algorithms designed after AES, offering high
performance in software and hardware as well as a lightweight implementation in
hardware.
• FFX-A2 and FFX-A10: FFX (Format-preserving, Feistel-based encryption) is a type of
Format Preserving Encryption (FPE) scheme that is designed so that the ciphertext has
the same format as the plaintext. FPE schemes are used for such purposes as encrypting
social security numbers, credit card numbers, limited size protocol traffic, etc.; this
means that an encrypted social security number, for example, would still be a nine-digit
string. FFX can theoretically encrypt strings of arbitrary length, although it is intended
for message sizes smaller than that of AES-128 (2128 points). The FFX version 1.1
specification describes FFX-A2 and FFX-A10, which are intended for 8-128 bit binary
strings or 4-36 digit decimal strings.
• GSM (Global System for Mobile Communications, originally Groupe Spécial Mobile)
encryption: GSM mobile phone systems use several stream ciphers for over-the-air
communication privacy. A5/1 was developed in 1987 for use in Europe and the U.S.
A5/2, developed in 1989, is a weaker algorithm and intended for use outside of Europe
and the U.S. Significant flaws were found in both ciphers after the "secret"
specifications were leaked in 1994, however, and A5/2 has been withdrawn from use.
The newest version, A5/3, employs the KASUMI block cipher. NOTE: Unfortunately,
although A5/1 has been repeatedly "broken" (e.g., see "Secret code protecting cellphone
calls set loose" [2009] and "Cellphone snooping now easier and cheaper than ever"
[2011]), this encryption scheme remains in widespread use, even in 3G and 4G mobile
phone networks. Use of this scheme is reportedly one of the reasons that the National
Security Agency (NSA) can easily decode voice and data calls over mobile phone
networks.
• GPRS (General Packet Radio Service) encryption: GSM mobile phone systems use
GPRS for data applications, and GPRS uses a number of encryption methods, offering
different levels of data protection. GEA/0 offers no encryption at all. GEA/1 and GEA/2
are proprietary stream ciphers, employing a 64-bit key and a 96-bit or 128-bit state,

99
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

respectively. GEA/1 and GEA/2 are most widely used by network service providers
today although both have been reportedly broken. GEA/3 is a 128-bit block cipher
employing a 64-bit key that is used by some carriers; GEA/4 is a 128-bit clock cipher
with a 128-bit key, but is not yet deployed.
• KASUMI: A block cipher using a 128-bit key that is part of the Third-Generation
Partnership Project (3gpp), formerly known as the Universal Mobile
Telecommunications System (UMTS). KASUMI is the intended confidentiality and
integrity algorithm for both message content and signaling data for emerging mobile
communications systems.
• KCipher-2: Described in RFC 7008, KCipher-2 is a stream cipher with a 128-bit key
and a 128-bit initialization vector. Using simple arithmetic operations, the algorithms
offer fast encryption and decryption by use of efficient implementations. KCipher-2 has
been used for industrial applications, especially for mobile health monitoring and
diagnostic services in Japan.
• MISTY1: Developed at Mitsubishi Electric Corp., a block cipher using a 128-bit key and
64-bit blocks, and a variable number of rounds. Designed for hardware and software
implementations and is resistant to differential and linear cryptanalysis. Described in
RFC 2994.
• KLEIN: Designed in 2011, KLEIN is a lightweight, 64-bit block cipher supporting 64-,
80- and 96-bit keys. KLEIN is designed for highly resource constrained devices such as
wireless sensors and RFID tags.
• Light Encryption Device (LED): Designed in 2011, LED is a lightweight, 64-bit block
cipher supporting 64- and 128-bit keys. LED is designed for RFID tags, sensor
networks, and other applications with devices constrained by memory or compute
power.
• Salsa and ChaCha: Salsa20 is a stream cipher proposed for the eSTREAM project by
Daniel Bernstein. Salsa20 uses a pseudorandom function based on 32-bit (whole word)
addition, bitwise addition (XOR), and rotation operations, aka add-rotate-xor (ARX)
operations. Salsa20 uses a 256-bit key although a 128-bit key variant also exists. In
2008, Bernstein published ChaCha, a new family of ciphers related to Salsa20.
ChaCha20, originally defined in RFC 7539 (now obsoleted), is employed (with the
Poly1305 authenticator) in Internet Engineering Task Force (IETF) protocols, most
notably for IPsec and Internet Key Exchange (IKE), per RFC 7634, and Transaction
Layer Security (TLS), per RFC 7905. In 2014, Google adopted ChaCha20/Poly1305 for
use in OpenSSL, and they are also a part of OpenSSH. RFC 8439 replaces RFC 7539,
and provides an implementation guide for both the ChaCha20 cipher and Poly1305
message authentication code, as well as the combined CHACHA20-POLY1305
AuthenticatedEncryption with Associated-Data (AEAD) algorithm.
• Secure and Fast Encryption Routine (SAFER): A series of block ciphers designed by
James Massey for implementation in software and employing a 64-bit block. SAFER

100
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

K64, published in 1993, used a 64-bit key and SAFER K-128, published in 1994,
employed a 128-bit key. After weaknesses were found, new versions were released
called SAFER SK-40, SK-64, and SK-128, using 40-, 64-, and 128-bit keys,
respectively. SAFER+ (1998) used a 128-bit block and was an unsuccessful candidate
for the AES project; SAFER++ (2000) was submitted to the NESSIE project.
• SEED: A block cipher using 128-bit blocks and 128-bit keys. Developed by the Korea
Information Security Agency (KISA) and adopted as a national standard encryption
algorithm in South Korea. Also described in RFC 4269.
• Simon and Speck: Simon and Speck are a pair of lightweight block ciphers proposed by
the NSA in 2013, designed for highly constrained software or hardware environments.
(E.g., per the specification, AES requires 2400 gate equivalents and these ciphers
require less than 2000.) While both cipher families perform well in both hardware and
software, Simon has been optimized for high performance on hardware devices and
Speck for performance in software. Both are Feistel ciphers and support ten
combinations of block and key size:
• Skipjack: SKC scheme proposed, along with the Clipper chip, as part of the
neverimplemented Capstone project. Although the details of the algorithm were never
made public, Skipjack was a block cipher using an 80-bit key and 32 iteration cycles per
64-bit block. Capstone, proposed by NIST and the NSA as a standard for public and
government use, met with great resistance by the crypto community largely because the
design of Skipjack was classified (coupled with the key escrow requirement of the
Clipper chip).
• SM4: Formerly called SMS4, SM4 is a 128-bit block cipher using 128-bit keys and 32
rounds to process a block. Declassified in 2006, SM4 is used in the Chinese National
Standard for Wireless Local Area Network (LAN) Authentication and Privacy
Infrastructure (WAPI). SM4 had been a proposed cipher for the Institute of Electrical and
Electronics Engineers (IEEE) 802.11i standard on security mechanisms for wireless
LANs, but has yet to be accepted by the IEEE or International Organization for
Standardization (ISO). SM4 is described in SMS4 Encryption Algorithm for
Wireless Networks (translated by Whitfield Diffie and George Ledin, 2008) and at
the SM4 (cipher) page. SM4 is issued by the Chinese State Cryptographic Authority
as GM/T 0002-2012: SM4 (2012).
• Tiny Encryption Algorithm (TEA): A family of block ciphers developed by Roger
Needham and David Wheeler. TEA was originally developed in 1994, and employed a
128-bit key, 64-bit block, and 64 rounds of operation. To correct certain weaknesses in
TEA, eXtended TEA (XTEA), aka Block TEA, was released in 1997. To correct
weaknesses in XTEA and add versatility, Corrected Block TEA (XXTEA) was
published in 1998. XXTEA also uses a 128-bit key, but block size can be any multiple
of 32-bit words (with a minimum block size of 64 bits, or two words) and the number of
rounds is a function of the block size (~52+6*words). TWINE: Designed by engineers

101
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Block Size Key Size Word Size Key Words Rounds

2n mn n m T

32 64 16 4 32

48 24
72 3 36
96 4 36

64 32
96 3 42
128 4 44

96 48
96 2 52
144 3 54

128 64
128 2 68
192 256 34 69 72

at NEC in 2011, TWINE is a lightweight, 64-bit block cipher supporting 80- and 128-bit keys.
TWINE's design goals included maintaining a small footprint in a hardware implementation (i.e.,
fewer than 2,000 gate equivalents) and small memory consumption in a software
implementation. There are several other references that describe interesting algorithms and even
SKC codes dating back decades. Two that leap to mind are the Crypto Museum's Crypto List and
John J.G. Savard's (albeit old) A Cryptographic Compendium page.
3.2. Public Key Cryptography
Public key cryptography has been said to be the most significant new development in cryptography
in the last 300-400 years. Modern PKC was first described publicly by Stanford University
professor Martin Hellman and graduate student Whitfield Diffie in 1976. Their paper described a
two-key crypto system in which two parties could engage in a secure communication over a
nonsecure communications channel without having to share a secret key.
PKC depends upon the existence of so-called one-way functions, or mathematical functions that
are easy to compute whereas their inverse function is relatively difficult to compute. Let me give
you two simple examples:

102
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

1. Multiplication vs. factorization: Suppose you have two prime numbers, 3 and 7, and you
need to calculate the product; it should take almost no time to calculate that value, which
is 21. Now suppose, instead, that you have a number that is a product of two primes, 21,
and you need to determine those prime factors. You will eventually come up with the
solution but whereas calculating the product took milliseconds, factoring will take longer.
The problem becomes much harder if we start with primes that have, say, 400 digits or so,
because the product will have ~800 digits.
2. Exponentiation vs. logarithms: Suppose you take the number 3 to the 6th power; again, it
is relatively easy to calculate 36 = 729. But if you start with the number 729 and need to
determine the two integers, x and y so that logx 729 = y, it will take longer to find the two
values.
While the examples above are trivial, they do represent two of the functional pairs that are used
with PKC; namely, the ease of multiplication and exponentiation versus the relative difficulty of
factoring and calculating logarithms, respectively. The mathematical "trick" in PKC is to find a
trap door in the one-way function so that the inverse calculation becomes easy given knowledge
of some item of information.
Generic PKC employs two keys that are mathematically related although knowledge of one key
does not allow someone to easily determine the other key. One key is used to encrypt the
plaintext and the other key is used to decrypt the ciphertext. The important point here is that it
does not matter which key is applied first, but that both keys are required for the process to work
(Figure 1B). Because a pair of keys are required, this approach is also called asymmetric
cryptography. In PKC, one of the keys is designated the public key and may be advertised as
widely as the owner wants. The other key is designated the private key and is never revealed to
another party. It is straight-forward to send messages under this scheme. Suppose Alice wants to
send Bob a message. Alice encrypts some information using Bob's public key; Bob decrypts the
ciphertext using his private key. This method could be also used to prove who sent a message;
Alice, for example, could encrypt some plaintext with her private key; when Bob decrypts using
Alice's public key, he knows that Alice sent the message (authentication) and Alice cannot deny
having sent the message (non-repudiation).
Public key cryptography algorithms that are in use today for key exchange or digital signatures
include:
• RSA: The first, and still most common, PKC implementation, named for the three MIT
mathematicians who developed it — Ronald Rivest, Adi Shamir, and Leonard Adleman.
RSA today is used in hundreds of software products and can be used for key exchange,
digital signatures, or encryption of small blocks of data. RSA uses a variable size
encryption block and a variable size key. The key-pair is derived from a very large
number, n, that is the product of two prime numbers chosen according to special rules;
these primes may be 100 or more digits in length each, yielding an n with roughly twice
as many digits as the prime factors. The public key information includes n and a
derivative of one of the factors of n; an attacker cannot determine the prime factors of n

103
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

(and, therefore, the private key) from this information alone and that is what makes the
RSA algorithm so secure. (Some descriptions of PKC erroneously state that RSA's
safety is due to the difficulty in factoring large prime numbers. In fact, large prime
numbers, like small prime numbers, only have two factors!) The ability for computers to
factor large numbers, and therefore attack schemes such as RSA, is rapidly improving
and systems today can find the prime factors of numbers with more than 200 digits.
Nevertheless, if a large number is created from two prime factors that are roughly the
same size, there is no known factorization algorithm that will solve the problem in a
reasonable amount of time; a 2005 test to factor a 200-digit number took 1.5 years and
over 50 years of compute time. In 2009, Kleinjung et al. reported that factoring a 768-bit
(232-digit) RSA-768 modulus utilizing hundreds of systems took two years and they
estimated that a 1024-bit RSA modulus would take about a thousand times as long.
Even so, they suggested that
1024-bit RSA be phased out by 2013. (See the Wikipedia article on integer
factorization.) Regardless, one presumed protection of RSA is that users can easily
increase the key size to always stay ahead of the computer processing curve. As an aside,
the patent for RSA expired in September 2000 which does not appear to have affected
RSA's popularity one way or the other. A detailed example of RSA is presented below in
Section 5.3.
• Diffie-Hellman: After the RSA algorithm was published, Diffie and Hellman came up
with their own algorithm. Diffie-Hellman is used for secret-key key exchange only, and
not for authentication or digital signatures. More detail about Diffie-Hellman can be
found below in Section 5.2.
• Digital Signature Algorithm (DSA): The algorithm specified in NIST's Digital Signature
Standard (DSS), provides digital signature capability for the authentication of messages.
Described in FIPS 186-4.
• ElGamal: Designed by Taher Elgamal, a PKC system similar to Diffie-Hellman and
used for key exchange.
• Elliptic Curve Cryptography (ECC): A PKC algorithm based upon elliptic curves. ECC
can offer levels of security with small keys comparable to RSA and other PKC methods.
It was designed for devices with limited compute power and/or memory, such as
smartcards and PDAs. More detail about ECC can be found below in Section 5.8. Other
references include the Elliptic Curve Cryptography page and the Online ECC Tutorial
page, both from Certicom. See also RFC 6090 for a review of fundamental ECC
algorithms and The Elliptic Curve Digital Signature Algorithm (ECDSA) for details
about the use of ECC for digital signatures.
• Public Key Cryptography Standards (PKCS): A set of interoperable standards and
guidelines for public key cryptography, designed by RSA Data Security Inc. (These
documents are no longer easily available; all links in this section are from archive.org.)

104
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

o PKCS #1: RSA Cryptography Standard (Also RFC 8017) o PKCS #2: Incorporated
into PKCS #1. o PKCS #3: Diffie-Hellman Key-Agreement Standard
o PKCS #4: Incorporated into PKCS #1. o PKCS #5: Password-Based
Cryptography Standard (PKCS #5 V2.1 is also RFC
8018) o PKCS #6: Extended-Certificate Syntax Standard (being phased out in
favor of
X.509v3) o PKCS #7: Cryptographic Message Syntax Standard (Also
RFC 2315) o PKCS #8: Private-Key Information Syntax
Standard (Also RFC 5958) o PKCS #9: Selected Attribute Types
(Also RFC 2985) o PKCS #10: Certification Request Syntax Standard
(Also RFC 2986) o PKCS #11: Cryptographic Token
Interface Standard o PKCS #12: Personal Information Exchange Syntax Standard
(Also RFC 7292) o PKCS #13: Elliptic Curve Cryptography Standard o PKCS #14:
Pseudorandom Number Generation Standard is no longer available o PKCS #15:
Cryptographic Token Information Format Standard
• Cramer-Shoup: A public key cryptosystem proposed by R. Cramer and V. Shoup of
IBM in 1998.
• Key Exchange Algorithm (KEA): A variation on Diffie-Hellman; proposed as the key
exchange method for the NIST/NSA Capstone project.
• LUC: A public key cryptosystem designed by P.J. Smith and based on Lucas sequences.
Can be used for encryption and signatures, using integer factoring.
• McEliece: A public key cryptosystem based on algebraic coding theory.
For additional information on PKC algorithms, see "Public Key Encryption" (Chapter 8) in
Handbook of Applied Cryptography, by A. Menezes, P. van Oorschot, and S. Vanstone (CRC
Press, 1996).

A digression: Who invented PKC? I tried to be careful in the first paragraph of this section to
state that Diffie and Hellman "first described publicly" a PKC scheme. Although I have
categorized PKC as a two-key system, that has been merely for convenience; the real criteria for
a PKC scheme is that it allows two parties to exchange a secret even though the communication
with the shared secret might be overheard. There seems to be no question that Diffie and
Hellman were first to publish; their method is described in the classic paper, "New Directions in
Cryptography," published in the November 1976 issue of IEEE Transactions on Information
Theory (IT-22(6), 644-654). As shown in Section 5.2, Diffie-Hellman uses the idea that finding
logarithms is relatively harder than performing exponentiation. And, indeed, it is the precursor to
modern PKC which does employ two keys. Rivest, Shamir, and Adleman described an
implementation that extended this idea in their paper, "A Method for Obtaining Digital
Signatures and Public Key Cryptosystems," published in the February 1978 issue of the
Communications of the ACM (CACM), (21(2), 120-126). Their method, of course, is based upon
the relative ease of finding the product of two large prime numbers compared to finding the

105
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

prime factors of a large number. Diffie and Hellman (and other sources) credit Ralph Merkle
with first describing a public key distribution system that allows two parties to share a secret,
although it was not a two-key system, per se. A Merkle Puzzle works where Alice creates a large
number of encrypted keys, sends them all to Bob so that Bob chooses one at random and then
lets Alice know which he has selected. An eavesdropper (Eve) will see all of the keys but can't
learn which key Bob has selected (because he has encrypted the response with the chosen key).
In this case, Eve's effort to break in is the square of the effort of Bob to choose a key. While this
difference may be small it is often sufficient. Merkle apparently took a computer science course
at UC Berkeley in 1974 and described his method, but had difficulty making people understand
it; frustrated, he dropped the course. Meanwhile, he submitted the paper "Secure Communication
Over Insecure Channels," which was published in the CACM in April 1978; Rivest et al.'s paper
even makes reference to it. Merkle's method certainly wasn't published first, but he is often
credited to have had the idea first. An interesting question, maybe, but who really knows? For
some time, it was a quiet secret that a team at the UK's Government Communications
Headquarters (GCHQ) had first developed PKC in the early 1970s. Because of the nature of the
work, GCHQ kept the original memos classified. In 1997, however, the GCHQ changed their
posture when they realized that there was nothing to gain by continued silence. Documents show
that a GCHQ mathematician named James Ellis started research into the key distribution problem
in 1969 and that by 1975, James Ellis, Clifford Cocks, and Malcolm Williamson had worked out
all of the fundamental details of PKC, yet couldn't talk about their work. (They were, of course,
barred from challenging the RSA patent!) By 1999, Ellis, Cocks, and Williamson began to get
their due credit in a break-through article in WIRED Magazine. And the National Security
Agency (NSA) claims to have knowledge of this type of algorithm as early as 1966. For some
additional insight on who knew what when, see Steve Bellovin's "The Prehistory of Public Key
Cryptography."

3. Hash Functions
Hash functions, also called message digests and one-way encryption, are algorithms that, in
essence, use no key (Figure 1C). Instead, a fixed-length hash value is computed based upon the
plaintext that makes it impossible for either the contents or length of the plaintext to be
recovered. Hash algorithms are typically used to provide a digital fingerprint of a file's contents,
often used to ensure that the file has not been altered by an intruder or virus. Hash functions are
also commonly employed by many operating systems to encrypt passwords. Hash functions,
then, provide a mechanism to ensure the integrity of a file.
Let me reiterate that hashes are one-way encryption. You cannot take a hash and "decrypt" it to
find the original string that created it, despite the many web sites that claim or suggest otherwise,
such as CrackStation, HashKiller.co.uk, MD5 Online, md5thiscracker, OnlineHashCrack, and
RainbowCrack.

106
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Note that these sites search databases and/or use rainbow tables to find a suitable string that
produces the hash in question but one can't definitively guarantee what string originally produced
the hash. This is an important distinction. Suppose that you want to crack someone's password,
where the hash of the password is stored on the server. Indeed, all you then need is a string that
produces the correct hash and you're in! However, you cannot prove that you have discovered
the user's password, only a "duplicate key." Hash algorithms in common use today include:
• Message Digest (MD) algorithms: A series of byte-oriented algorithms that produce a
128bit hash value from an arbitrary-length message.
o MD2 (RFC 1319): Designed for systems with limited memory, such as smart cards.
(MD2 has been relegated to historical status, per RFC 6149.)
o MD4 (RFC 1320): Developed by Rivest, similar to MD2 but designed specifically
for fast processing in software. (MD4 has been relegated to historical status, per
RFC 6150.) o MD5 (RFC 1321): Also developed by Rivest after potential
weaknesses were reported in MD4; this scheme is similar to MD4 but is slower
because more manipulation is made to the original data. MD5 has been implemented
in a large number of products although several weaknesses in the algorithm were
demonstrated by German cryptographer Hans Dobbertin in 1996 ("Cryptanalysis of
MD5 Compress"). (Updated security considerations for MD5 can be found in RFC
6151.)
• Secure Hash Algorithm (SHA): Algorithm for NIST's Secure Hash Standard (SHS),
described in FIPS 180-4 The status of NIST hash algorithms can be found on their
"Policy on Hash Functions" page. o SHA-1 produces a 160-bit hash value and was
originally published as FIPS PUB 180-1 and RFC 3174. SHA-1 was deprecated by NIST
as of the end of 2013 although it is still widely used.
o SHA-2, originally described in FIPS PUB 180-2 and eventually replaced by FIPS
PUB 180-3 (and FIPS PUB 180-4), comprises five algorithms in the SHS: SHA-1
plus SHA-224, SHA-256, SHA-384, and SHA-512 which can produce hash values
that are 224, 256, 384, or 512 bits in length, respectively. SHA-2 recommends use of
SHA-1, SHA-224, and SHA-256 for messages less than 264 bits in length, and
employs a 512 bit block size; SHA-384 and SHA-512 are recommended for
messages less than 2128 bits in length, and employs a 1,024 bit block size. FIPS PUB
180-4 also introduces the concept of a truncated hash in SHA-512/t, a generic name
referring to a hash value based upon the SHA-512 algorithm that has been truncated
to t bits; SHA-512/224 and SHA-512/256 are specifically described. SHA-224, -256,
-384, and -512 are also described in RFC 4634. o SHA-3 is the current SHS
algorithm. Although there had not been any successful attacks on SHA-2, NIST
decided that having an alternative to SHA-2 using a different algorithm would be
prudent. In 2007, they launched a SHA-3 Competition to find that alternative; a list
of submissions can be found at The SHA-3 Zoo. In 2012, NIST announced that after
reviewing 64 submissions, the winner was KECCAK (pronounced "catch-ack"), a

107
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

family of hash algorithms based on sponge functions. The NIST version can support
hash output sizes of 256 and 512 bits.
• RIPEMD: A series of message digests that initially came from the RIPE (RACE
Integrity Primitives Evaluation) project. RIPEMD-160 was designed by Hans
Dobbertin, Antoon Bosselaers, and Bart Preneel, and optimized for 32-bit processors to
replace the thencurrent 128-bit hash functions. Other versions include RIPEMD-256,
RIPEMD-320, and RIPEMD-128.
• HAVAL (HAsh of VAriable Length): Designed by Y. Zheng, J. Pieprzyk and J. Seberry, a
hash algorithm with many levels of security. HAVAL can create hash values that are
128,
160, 192, 224, or 256 bits in length. More details can be found in "HAVAL - A one-way hashing
algorithm with variable length output" by Zheng, Pieprzyk, and Seberry (AUSCRYPT '92).
• Whirlpool: Designed by V. Rijmen (co-inventor of Rijndael) and P.S.L.M. Barreto,
Whirlpool is one of two hash functions endorsed by the New European Schemes for
Signatures, Integrity, and Encryption (NESSIE) competition (the other being SHA).
Whirlpool operates on messages less than 2256 bits in length and produces a message
digest of 512 bits. The design of this hash function is very different than that of MD5
and SHA1, making it immune to the types of attacks that succeeded on those hashes.
• Tiger: Designed by Ross Anderson and Eli Biham, Tiger is designed to be secure, run
efficiently on 64-bit processors, and easily replace MD4, MD5, SHA and SHA-1 in other
applications. Tiger/192 produces a 192-bit output and is compatible with 64-bit
architectures; Tiger/128 and Tiger/160 produce a hash of length 128 and 160 bits,
respectively, to provide compatibility with the other hash functions mentioned above.
• eD2k: Named for the EDonkey2000 Network (eD2K), the eD2k hash is a root hash of an
MD4 hash list of a given file. A root hash is used on peer-to-peer file transfer networks,
where a file is broken into chunks; each chunk has its own MD4 hash associated with it
and the server maintains a file that contains the hash list of all of the chunks. The root
hash is the hash of the hash list file.
• SM3: SM3 is a 256-bit hash function operating on 512-bit input blocks. Part of a Chinese
National Standard, SM3 is issued by the Chinese State Cryptographic Authority as GM/T
0004-2012: SM3 cryptographic hash algorithm (2012) and GB/T 32905-2016: Information
security techniquesâ€”SM3 cryptographic hash algorithm (2016). More information can also be
found at the SM3 (hash function) page.

Readers might be interested in HashCalc, a Windows-based program that calculates hash values
using a dozen algorithms, including MD5, SHA-1 and several variants, RIPEMD-160, and Tiger.
Command line utilities that calculate hash values include sha_verify by Dan Mares (Windows;
supports MD5, SHA-1, SHA-2) and md5deep (cross-platform; supports MD5, SHA-1, SHA-256,
Tiger, and Whirlpool).

108
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

A digression on hash collisions. Hash functions are sometimes misunderstood and some sources
claim that no two files can have the same hash value. This is in theory, if not in fact, incorrect.
Consider a hash function that provides a 128-bit hash value. There are, then, 2128 possible hash
values. But there are an infinite number of possible files and ∞ >> 2128. Therefore, there have to
be multiple files — in fact, there have to be an infinite number of files! — that have the same
128bit hash value. (Now, while even this is theoretically correct, it is not true in practice because
hash algorithms are designed to work with a limited message size, as mentioned above. For
example, SHA-1, SHA-224, and SHA-256 produce hash values that are 160, 224, and 256 bits in
length, respectively, and limit the message length to less than 264 bits; SHA-384 and all SHA-
256 variants limit the message length to less than 2128 bits. Nevertheless, hopefully you get my
point — and, alas, even if you don't, do know that there are multiple files that have the same
MD5 or SHA-1 hash values.)

The difficulty is not necessarily in finding two files with the same hash, but in finding a second
file that has the same hash value as a given first file. Consider this example. A human head has,
generally, no more than ~150,000 hairs. Since there are more than 7 billion people on earth, we
know that there are a lot of people with the same number of hairs on their head. Finding two
people with the same number of hairs, then, would be relatively simple. The harder problem is
choosing one person (say, you, the reader) and then finding another person who has the same
number of hairs on their head as you have on yours.

This is somewhat similar to the Birthday Problem. We know from probability that if you choose
a random group of ~23 people, the probability is about 50% that two will share a birthday (the
probability goes up to 99.9% with a group of 70 people). However, if you randomly select one
person in a group of 23 and try to find a match to that person, the probability is only about 6% of
finding a match; you'd need a group of 253 for a 50% probability of a shared birthday to one of
the people chosen at random (and a group of more than 4,000 to obtain a 99.9% probability).
What is hard to do, then, is to try to create a file that matches a given hash value so as to force a
hash value collision — which is the reason that hash functions are used extensively for
information security and computer forensics applications. Alas, researchers as far back as 2004
found that practical collision attacks could be launched on MD5, SHA-1, and other hash
algorithms and, today, it is generally recognized that MD5 and SHA-1 are pretty much broken.
Readers interested in this problem should read the following:
• AccessData. (2006, April). MD5 Collisions: The Effect on Computer Forensics. AccessData
White Paper.
• Burr, W. (2006, March/April). Cryptographic hash standards: Where do we go from here?
IEEE Security & Privacy, 4(2), 88-91.
• Dwyer, D. (2009, June 3). SHA-1 Collision Attacks Now 252. SecureWorks Research blog.

109
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

• Gutman, P., Naccache, D., & Palmer, C.C. (2005, May/June). When hashes collide. IEEE
Security & Privacy, 3(3), 68-71.
• Kessler, G.C. (2016). The Impact of MD5 File Hash Collisions on Digital Forensic Imaging.
Journal of Digital Forensics, Security & Law, 11(4), 129-138.
• Kessler, G.C. (2016). The Impact of SHA-1 File Hash Collisions on Digital Forensic Imaging:
A Follow-Up Experiment. Journal of Digital Forensics, Security & Law, 11(4), 139-148.
• Klima, V. (2005, March). Finding MD5 Collisions - a Toy For a Notebook.
• Lee, R. (2009, January 7). Law Is Not A Science: Admissibility of Computer Evidence and
MD5 Hashes. SANS Computer Forensics blog.
• Leurent, G. & Peyrin, T. (2020, January). SHA-1 is a Shambles: First Chosen-Prefix Collision
on SHA-1 and Application to the PGP Web of Trust. Real World Crypto 2020.
• Leurent, G. & Peyrin, T. (2020, January). SHA-1 is a Shambles: First Chosen-Prefix Collision
on SHA-1 and Application to the PGP Web of Trust.(paper)
• Stevens, M., Bursztein, E., Karpman, P., Albertini, A., & Markov, Y. (2017). The first
collision for full SHA-1.
• Stevens, M., Karpman, P., & Peyrin, T. (2015, October 8). Freestart collision on full SHA1.
Cryptology ePrint Archive, Report 2015/967.
• Thompson, E. (2005, February). MD5 collisions and the impact on computer forensics.
Digital Investigation, 2(1), 36-40.
• Wang, X., Feng, D., Lai, X., & Yu, H. (2004, August). Collisions for Hash Functions MD4,
MD5, HAVAL-128 and RIPEMD.
• Wang, X., Yin, Y.L., & Yu, H. (2005, February 13). Collision Search Attacks on SHA1.
Readers are also referred to the Eindhoven University of Technology HashClash Project Web
site. for For additional information on hash functions, see David Hopwood's MessageDigest
Algorithms page and Peter Selinger's MD5 Collision Demo page. For historical purposes, take
a look at the situation with hash collisions, circa 2005, in RFC 4270.

In October 2015, the SHA-1 Freestart Collision was announced; see a report by Bruce Schneier
and the developers of the attack (as well as the paper above by Stevens et al. (2015)). In February
2017, the first SHA-1 collision was announced on the Google Security Blog and Centrum
Wiskunde & Informatica's Shattered page. See also the paper by Stevens et al. (2017), listed
above. If ths isn't enough, see the SHA-1 is a Shambles Web page and the Leurent & Peyrin
paper, listed above.

For an interesting twist on this discussion, read about the Nostradamus attack reported at
Predicting the winner of the 2008 US Presidential Elections using a Sony PlayStation 3 (by M.
Stevens, A.K. Lenstra, and B. de Weger, November 2007).

110
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Finally, note that certain extensions of hash functions are used for a variety of information security
and digital forensics applications, such as:
• Hash libraries, aka hashsets, are sets of hash values corresponding to known files. A hashset
containing the hash values of all files known to be a part of a given operating system, for
example, could form a set of known good files, and could be ignored in an investigation for
malware or other suspicious file, whereas as hash library of known child pornographic images
could form a set of known bad files and be the target of such an investigation.
• Rolling hashes refer to a set of hash values that are computed based upon a fixed-length
"sliding window" through the input. As an example, a hash value might be computed on bytes
1-10 of a file, then on bytes 2-11, 3-12, 4-13, etc.
• Fuzzy hashes are an area of intense research and represent hash values that represent two
inputs that are similar. Fuzzy hashes are used to detect documents, images, or other files that
are close to each other with respect to content. See "Fuzzy Hashing" by Jesse Kornblum for a
good treatment of this topic.

Why Three Encryption Techniques?

So, why are there so many different types of cryptographic schemes? Why can't we do everything
we need with just one?

The answer is that each scheme is optimized for some specific cryptographic application(s).
Hash functions, for example, are well-suited for ensuring data integrity because any change
made to the contents of a message will result in the receiver calculating a different hash value
than the one placed in the transmission by the sender. Since it is highly unlikely that two
different messages will yield the same hash value, data integrity is ensured to a high degree of
confidence.

Secret key cryptography, on the other hand, is ideally suited to encrypting messages, thus
providing privacy and confidentiality. The sender can generate a session key on a per-message
basis to encrypt the message; the receiver, of course, needs the same session key in order to
decrypt the message.
Key exchange, of course, is a key application of public key cryptography (no pun intended).
Asymmetric schemes can also be used for non-repudiation and user authentication; if the
receiver can obtain the session key encrypted with the sender's private key, then only this sender
could have sent the message. Public key cryptography could, theoretically, also be used to
encrypt messages although this is rarely done because secret key cryptography values can
generally be computed about 1000 times faster than public key cryptography values.

Figure 4 puts all of this together and shows how a hybrid cryptographic scheme combines all
of these functions to form a secure transmission comprising a digital signature and digital
envelope. In this example, the sender of the message is Alice and the receiver is Bob.

111
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

A digital envelope comprises an encrypted message and an encrypted session key. Alice uses
secret key cryptography to encrypt her message using the session key, which she generates at
random with each session. Alice then encrypts the session key using Bob's public key. The
encrypted message and encrypted session key together form the digital envelope. Upon receipt,
Bob recovers the session secret key using his private key and then decrypts the encrypted
message.

FIGURE 4: Use of the three cryptographic techniques for secure communication.

The digital signature is formed in two steps. First, Alice computes the hash value of her message;
next, she encrypts the hash value with her private key. Upon receipt of the digital signature, Bob
recovers the hash value calculated by Alice by decrypting the digital signature with Alice's
public key. Bob can then apply the hash function to Alice's original message, which he has
already decrypted (see previous paragraph). If the resultant hash value is not the same as the
value supplied by Alice, then Bob knows that the message has been altered; if the hash values are
the same, Bob should believe that the message he received is identical to the one that Alice sent.

This scheme also provides nonrepudiation since it proves that Alice sent the message; if the hash
value recovered by Bob using Alice's public key proves that the message has not been altered,
then only Alice could have created the digital signature. Bob also has proof that he is the
intended receiver; if he can correctly decrypt the message, then he must have correctly decrypted
the session key meaning that his is the correct private key.

112
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

This diagram purposely suggests a cryptosystem where the session key is used for just a single
session. Even if this session key is somehow broken, only this session will be compromised; the
session key for the next session is not based upon the key for this session, just as this session's
key was not dependent on the key from the previous session. This is known as Perfect Forward
Secrecy; you might lose one session key due to a compromise but you won't lose all of them.
(This was an issue in the 2014 OpenSSL vulnerability known as Heartbleed.)

The Significance of Key Length

In a 1998 article in the industry literature, a writer made the claim that 56-bit keys did not provide
as adequate protection for DES at that time as they did in 1975 because computers were 1000 times
faster in 1998 than in 1975. Therefore, the writer went on, we needed 56,000-bit keys in 1998
instead of 56-bit keys to provide adequate protection. The conclusion was then drawn that because
56,000-bit keys are infeasible (true), we should accept the fact that we have to live with weak
cryptography (false!). The major error here is that the writer did not take into account that the
number of possible key values double whenever a single bit is added to the key length; thus, a 57bit
key has twice as many values as a 56-bit key (because 257 is two times 256). In fact, a 66bit key
would have 1024 times more values than a 56-bit key.
But this does bring up the question — "What is the significance of key length as it affects the level
of protection?"

In cryptography, size does matter. The larger the key, the harder it is to crack a block of
encrypted data. The reason that large keys offer more protection is almost obvious; computers
have made it easier to attack ciphertext by using brute force methods rather than by attacking the
mathematics (which are generally well-known anyway). With a brute force attack, the attacker
merely generates every possible key and applies it to the ciphertext. Any resulting plaintext that
makes sense offers a candidate for a legitimate key. This was the basis, of course, of the EFF's
attack on DES.

Until the mid-1990s or so, brute force attacks were beyond the capabilities of computers that
were within the budget of the attacker community. By that time, however, significant compute
power was typically available and accessible. General-purpose computers such as PCs were
already being used for brute force attacks. For serious attackers with money to spend, such as
some large companies or governments, Field Programmable Gate Array (FPGA) or Application-
Specific Integrated Circuits (ASIC) technology offered the ability to build specialized chips that
could provide even faster and cheaper solutions than a PC. As an example, the AT&T Optimized
Reconfigurable Cell Array (ORCA) FPGA chip cost about $200 and could test 30 million DES
keys per second, while a $10 ASIC chip could test 200 million DES keys per second; compare
that to a PC which might be able to test 40,000 keys per second. Distributed attacks, harnessing
the power of up to tens of thousands of powerful CPUs, are now commonly employed to try to
bruteforce crypto keys.

113
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

The table below — from a 1995 article discussing both why exporting 40-bit keys was, in
essence, no crypto at all and why DES' days were numbered — shows what DES key sizes were
needed to protect data from attackers with different time and financial resources. This
information was not merely academic; one of the basic tenets of any security system is to have
an idea of what you are protecting and from whom are you protecting it! The table clearly shows
that a 40-bit key was essentially worthless against even the most unsophisticated attacker. On the
other hand, 56-bit keys were fairly strong unless you might be subject to some pretty serious
corporate or government espionage. But note that even 56-bit keys were clearly on the decline in
their value and that the times in the table were worst cases.

So, how big is big enough? DES, invented in 1975, was still in use at the turn of the century,
nearly 25 years later. If we take that to be a design criteria (i.e., a 20-plus year lifetime) and we
believe Moore's Law ("computing power doubles every 18 months"), then a key size extension
of 14 bits (i.e., a factor of more than 16,000) should be adequate. The 1975 DES proposal
suggested 56-bit keys; by 1995, a 70-bit key would have been required to offer equal protection
and an 85bit key necessary by 2015.

A 256- or 512-bit SKC key will probably suffice for some time because that length keeps us
ahead of the brute force capabilities of the attackers. Note that while a large key is good, a huge
key may not always be better; for example, expanding PKC keys beyond the current 2048- or
4096bit lengths doesn't add any necessary protection at this time. Weaknesses in cryptosystems
are largely based upon key management rather than weak keys.

Much of the discussion above, including the table, is based on the paper "Minimal Key Lengths
for Symmetric Ciphers to Provide Adequate Commercial Security" by M. Blaze, W. Diffie, R.L.
Rivest, B. Schneier, T. Shimomura, E. Thompson, and M. Wiener (1996).

The most effective large-number factoring methods today use a mathematical Number Field
Sieve to find a certain number of relationships and then uses a matrix operation to solve a linear
equation to produce the two prime factors. The sieve step actually involves a large number of
operations that can be performed in parallel; solving the linear equation, however, requires a
supercomputer. Indeed, finding the solution to the RSA-140 challenge in February 1999
— factoring a 140-digit (465-bit) prime number — required 200 computers across the Internet
about 4 weeks for the first step and a Cray computer 100 hours and 810 MB of memory to do the
second step.
In early 1999, Shamir (of RSA fame) described a new machine that could increase factorization
speed by 2-3 orders of magnitude. Although no detailed plans were provided nor is one known to

114
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

have been built, the concepts of TWINKLE (The Weizmann Institute Key Locating Engine)
could result in a specialized piece of hardware that would cost about $5000 and have the
processing power of 100-1000 PCs. There still appear to be many engineering details that have to
be worked out before such a machine could be built. Furthermore, the hardware improves the
sieve step only; the matrix operation is not optimized at all by this design and the complexity of
this step grows rapidly with key length, both in terms of processing time and memory
requirements. Nevertheless, this plan conceptually puts 512-bit keys within reach of being
factored. Although most PKC schemes allow keys that are 1024 bits and longer, Shamir claims
that 512-bit RSA keys "protect 95% of today's E-commerce on the Internet." (See Bruce
Schneier's Crypto-Gram (May 15, 1999) for more information, as well as the comments from
RSA Labs.)

It is also interesting to note that while cryptography is good and strong cryptography is better,
long keys may disrupt the nature of the randomness of data files. Shamir and van Someren
("Playing hide and seek with stored keys") have noted that a new generation of viruses can be
written that will find files encrypted with long keys, making them easier to find by intruders and,
therefore, more prone to attack.

Finally, U.S. government policy has tightly controlled the export of crypto products since World
War II. Until the mid-1990s, export outside of North America of cryptographic products using
keys greater than 40 bits in length was prohibited, which made those products essentially
worthless in the marketplace, particularly for electronic commerce; today, crypto products are
widely available on the Internet without restriction. The U.S. Department of Commerce Bureau
of Industry and Security maintains an Encryption FAQ web page with more information about
the current state of encryption registration.

Without meaning to editorialize too much in this tutorial, a bit of historical context might be
helpful. In the mid-1990s, the U.S. Department of Commerce still classified cryptography as a
munition and limited the export of any products that contained crypto. For that reason, browsers
in the 1995 era, such as Internet Explorer and Netscape, had a domestic version with 128-bit
encryption (downloadable only in the U.S.) and an export version with 40-bit encryption. Many
cryptographers felt that the export limitations should be lifted because they only applied to U.S.
products and seemed to have been put into place by policy makers who believed that only the
U.S. knew how to build strong crypto algorithms, ignoring the work ongoing in Australia,
Canada,
Israel, South Africa, the U.K., and other locations in the 1990s. Those restrictions were lifted by
1996 or 1997, but there is still a prevailing attitude, apparently, that U.S. crypto algorithms are
the only strong ones around; consider Bruce Schneier's blog in June 2016 titled "CIA Director
John Brennan Pretends Foreign Cryptography Doesn't Exist." Cryptography is a decidedly
international game today; note the many countries mentioned above as having developed various

115
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

algorithms, not the least of which is the fact that NIST's Advanced Encryption Standard employs
an algorithm submitted by cryptographers from Belgium. For more evidence, see Schneier's
Worldwide Encryption Products Survey (February 2016).

On a related topic, public key crypto schemes can be used for several purposes, including key
exchange, digital signatures, authentication, and more. In those PKC systems used for SKC key
exchange, the PKC key lengths are chosen so as to be resistant to some selected level of attack.
The length of the secret keys exchanged via that system have to have at least the same level of
attack resistance. Thus, the three parameters of such a system — system strength, secret key
strength, and public key strength — must be matched. This topic is explored in more detail in
Determining Strengths For Public Keys Used For Exchanging Symmetric Keys (RFC 3766).

4. TRUST MODELS
TABLE 1. Minimum Key Lengths for Symmetric Ciphers (1995).
Cost Length
Time and Key
Type of Attacker Budget Tool
Per Key Recovered Needed
For Protection
40 bits 56 bits In Late-1995

Scavenged
Tiny computer 1 week Infeasible 45
time
Pedestrian Hacker

5 hours 38 years
$400 FPGA 50
($0.08) ($5,000)

12 minutes 18 months
Small Business $10,000 FPGA 55
($0.08) ($5,000)

24 seconds 19 days
FPGA
($0.08) ($5,000)

Corporate Department $300K 60

ASIC 0.18 seconds 3 hours
($0.001) ($38)

116
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

7 seconds 13 hours
FPGA
($0.08) ($5,000)
70
Big Company $10M
ASIC 0.005 seconds 6 minutes
($0.001) ($38)

0.0002 seconds 12 seconds

Intelligence Agency $300M ASIC 75
($0.001) ($38)

Secure use of cryptography requires trust. While secret key cryptography can ensure message
confidentiality and hash codes can ensure integrity, none of this works without trust. In SKC,
Alice and Bob had to share a secret key. PKC solved the secret distribution problem, but how
does Alice really know that Bob is who he says he is? Just because Bob has a public and private
key, and purports to be "Bob," how does Alice know that a malicious person (Mallory) is not
pretending to be Bob?

There are a number of trust models employed by various cryptographic schemes. This section will
explore three of them:
• The web of trust employed by Pretty Good Privacy (PGP) users, who hold their own set of
trusted public keys.
• Kerberos, a secret key distribution scheme using a trusted third party.
• Certificates, which allow a set of trusted third parties to authenticate each other and, by
implication, each other's users.
Each of these trust models differs in complexity, general applicability, scope, and scalability.

4.1. PGP Web of Trust

Pretty Good Privacy (described more below in Section 5.5) is a widely used private e-mail
scheme based on public key methods. A PGP user maintains a local keyring of all their known
and trusted public keys. The user makes their own determination about the trustworthiness of a
key using what is called a "web of trust."
If Alice needs Bob's public key, Alice can ask Bob for it in another e-mail or, in many cases,
download the public key from an advertised server; this server might a well-known PGP key
repository or a site that Bob maintains himself. In fact, Bob's public key might be stored or listed
in many places. (The author's public key, for example, can be found at
http://www.garykessler.net/pubkey.html.) Alice is prepared to believe that Bob's public key, as
stored at these locations, is valid.

117
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Suppose Carol claims to hold Bob's public key and offers to give the key to Alice. How does
Alice know that Carol's version of Bob's key is valid or if Carol is actually giving Alice a key
that will allow Mallory access to messages? The answer is, "It depends." If Alice trusts Carol and
Carol says that she thinks that her version of Bob's key is valid, then Alice may — at her option
— trust that key. And trust is not necessarily transitive; if Dave has a copy of Bob's key and
Carol trusts Dave, it does not necessarily follow that Alice trusts Dave even if she does trust
Carol.
The point here is that who Alice trusts and how she makes that determination is strictly up to
Alice. PGP makes no statement and has no protocol about how one user determines whether they
trust another user or not. In any case, encryption and signatures based on public keys can only be
used when the appropriate public key is on the user's keyring.

4.2. Kerberos
Kerberos is a commonly used authentication scheme on the Internet. Developed by MIT's Project
Athena, Kerberos is named for the three-headed dog who, according to Greek mythology, guards
the entrance of Hades (rather than the exit, for some reason!).

Kerberos employs a client/server architecture and provides user-to-server authentication rather

than host-to-host authentication. In this model, security and authentication will be based on
secret key technology where every host on the network has its own secret key. It would clearly
be unmanageable if every host had to know the keys of all other hosts so a secure, trusted host
somewhere on the network, known as a Key Distribution Center (KDC), knows the keys for all
of the hosts (or at least some of the hosts within a portion of the network, called a realm). In this
way, when a new node is brought online, only the KDC and the new node need to be configured
with the node's key; keys can be distributed physically or by some other secure means.

The Kerberos Server/KDC has two main functions (Figure 5), known as the Authentication
Server (AS) and Ticket-Granting Server (TGS). The steps in establishing an authenticated
session between an application client and the application server are:
1. The Kerberos client software establishes a connection with the Kerberos server's AS function.
The AS first authenticates that the client is who it purports to be. The AS then provides the
client with a secret key for this login session (the TGS session key) and a ticket-granting ticket
(TGT), which gives the client permission to talk to the TGS. The ticket has a finite lifetime so
that the authentication process is repeated periodically.

118
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

FIGURE 5: Kerberos architecture.

2.
2. The client now communicates with the TGS to obtain the Application Server's key so
that it (the client) can establish a connection to the service it wants. The client supplies
the TGS with the TGS session key and TGT; the TGS responds with an application
session key (ASK) and an encrypted form of the Application Server's secret key; this
secret key is never sent on the network in any other form.
3. The client has now authenticated itself and can prove its identity to the Application
Server by supplying the Kerberos ticket, application session key, and encrypted
Application Server secret key. The Application Server responds with similarly encrypted
information to authenticate itself to the client. At this point, the client can initiate the
intended service requests (e.g., Telnet, FTP, HTTP, or e-commerce transaction session
establishment).

The current version of this protocol is Kerberos V5 (described in RFC 1510). While the details of
their operation, functional capabilities, and message formats are different, the conceptual
overview above pretty much holds for both. One primary difference is that Kerberos V4 uses

SECURITY CONSIDERATIONS PAGE | 119

Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

only DES to generate keys and encrypt messages, while V5 allows other schemes to be
employed (although DES is still the most widely algorithm used).

4.3. Public Key Certificates and Certificate Authorities

Certificates and Certificate Authorities (CA) are necessary for widespread use of cryptography
for e-commerce applications. While a combination of secret and public key cryptography can
solve the business issues discussed above, crypto cannot alone address the trust issues that must
exist between a customer and vendor in the very fluid, very dynamic e-commerce relationship.
How, for example, does one site obtain another party's public key? How does a recipient
determine if a public key really belongs to the sender? How does the recipient know that the
sender is using their public key for a legitimate purpose for which they are authorized? When
does a public key expire? How can a key be revoked in case of compromise or loss?

The basic concept of a certificate is one that is familiar to all of us. A driver's license, credit card,
or SCUBA certification, for example, identify us to others, indicate something that we are
authorized to do, have an expiration date, and identify the authority that granted the certificate.

As complicated as this may sound, it really isn't. Consider driver's licenses. I have one issued by
the State of Florida. The license establishes my identity, indicates the type of vehicles that I can
operate and the fact that I must wear corrective lenses while doing so, identifies the issuing
authority, and notes that I am an organ donor. When I drive in other states, the other jurisdictions
throughout the U.S. recognize the authority of Florida to issue this "certificate" and they trust the
information it contains. When I leave the U.S., everything changes. When I am in Aruba,
Australia,Canada,Israel,and many other countries, they will accept not the Florida license, per se,
but any license issued in the U.S. This analogy represents the certificate trust chain, where even
certificates carry certificates.
For purposes of electronic transactions, certificates are digital documents. The specific functions
of the certificate include:
• Establish identity: Associate, or bind, a public key to an individual, organization,
corporate position, or o

SECURITY CONSIDERATIONS PAGE | 120

Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

FIGURE 6: VeriSign Class 3 certificate.

• ther entity. Assign authority: Establish what actions the holder may or may not take
based upon this certificate.
• Secure confidential information (e.g., encrypting the session's symmetric key for data
confidentiality).

Typically, a certificate contains a public key, a name, an expiration date, the name of the
authority that issued the certificate (and, therefore, is vouching for the identity of the user), a
serial number, any pertinent policies describing how the certificate was issued and/or how the
certificate may be used, the digital signature of the certificate issuer, and perhaps other
information.

A sample abbreviated certificate is shown in Figure 6. This is a typical certificate found in a

browser, in this case, Mozilla Firefox (Mac OS X). While this is a certificate issued by VeriSign,
many root-level certificates can be found shipped with browsers. When the browser makes a
connection to a secure Web site, the Web server sends its public key certificate to the browser.
The browser then checks the certificate's signature against the public key that it has stored; if
there is a match, the certificate is taken as valid and the Web site verified by this certificate is
considered to be "trusted."

The most widely accepted certificate format is the one defined in International
Telecommunication Union Telecommunication Standardization Sector (ITU-T)
Recommendation X.509. Rec. X.509 is a specification used around the world and any
applications complying with X.509 can share certificates. Most certificates today comply with
X.509 Version 3 and contain the information listed in Table 2. Certificate authorities are the
repositories for public keys and can be any agency that issues certificates. A company, for

SECURITY CONSIDERATIONS PAGE | 121

Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

example, may issue certificates to its employees, a college/university to its students, a store to its
customers, an Internet service provider to its users, or a government to its constituents.

When a sender needs an intended receiver's public key, the sender must get that key from the
receiver's CA. That scheme is straight-forward if the sender and receiver have certificates issued
by the same CA. If not, how does the sender know to trust the foreign CA? One industry wag has
noted, about trust: "You are either born with it or have it granted upon you." Thus, some CAs
will be trusted because they are known to be reputable, such as the CAs operated by AT&T
Services, Comodo, DigiCert (formerly GTE Cybertrust), EnTrust, Symantec (formerly
VeriSign), and Thawte. CAs, in turn, form trust relationships with other CAs. Thus, if a user
queries TABLE 2. Contents of an X.509 V3 Certificate.
version number
certificate serial number
signature algorithm identifier issuer's
name and unique identifier validity (or
operational) period subject's name and
unique identifier subject public
key information standard
extensions certificate appropriate use
definition
key usage limitation
definition certificate policy
information
other extensions
Application-specific
CA-specific

a foreign CA for information, the user may ask to see a list of CAs that establish a "chain of
trust" back to the user.
One major feature to look for in a CA is their identification policies and procedures. When a user
generates a key pair and forwards the public key to a CA, the CA has to check the sender's
identification and takes any steps necessary to assure itself that the request is really coming from
the advertised sender. Different CAs have different identification policies and will, therefore, be
trusted differently by other CAs. Verification of identity is just one of many issues that are part
of a CA's Certification Practice Statement (CPS) and policies; other issues include how the CA
protects the public keys in its care, how lost or compromised keys are revoked, and how the CA
protects its own private keys.

As a final note, CAs are not immune to attack and certificates themselves are able to be
counterfeited. One of the first such episodes occurred at the turn of the century; on January 29
and 30, 2001, two VeriSign Class 3 code-signing digital certificates were issued to an individual
who fraudulently claimed to be a Microsoft employee (CERT/CC CA-2001-04 and Microsoft
Security Bulletin MS01-017 - Critical). Problems have continued over the years; good write-ups

SECURITY CONSIDERATIONS PAGE | 122

Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

on this can be found at "Another Certification Authority Breached (the 12th!)" and "How
Cybercrime Exploits
Digital Certificates." Readers are also urged to read "Certification Authorities Under Attack: A
Plea for Certificate Legitimation" (Oppliger, R., January/February 2014, IEEE Internet
Computing, 18(1), 40-47).

As a partial way to address this issue, the Internet Security Research Group (ISRG) designed the
Automated Certificate Management Environment (ACME) protocol. ACME is a
communications protocol that streamlines the process of deploying a Public Key Infrastructure
(PKI) by automating interactions between CAs and Web servers that wish to obtain a certificate.
More information can be found at the Let's Encrypt Web site, an ACME-based CA service
provided by the ISRG.

4.4. Summary
The paragraphs above describe three very different trust models. It is hard to say that any one is
better than the others; it depends upon your application. One of the biggest and fastest growing
applications of cryptography today, though, is electronic commerce (e-commerce), a term that
itself begs for a formal definition.

PGP's web of trust is easy to maintain and very much based on the reality of users as people. The
model, however, is limited; just how many public keys can a single user reliably store and
maintain? And what if you are using the "wrong" computer when you want to send a message
and can't access your keyring? How easy it is to revoke a key if it is compromised? PGP may
also not scale well to an e-commerce scenario of secure communication between total strangers
on short notice.

Kerberos overcomes many of the problems of PGP's web of trust, in that it is scalable and its
scope can be very large. However, it also requires that the Kerberos server have a priori
knowledge of all client systems prior to any transactions, which makes it unfeasible for "hit-and
run" client/server relationships as seen in e-commerce.

Certificates and the collection of CAs will form a PKI. In the early days of the Internet, every
host had to maintain a list of every other host; the Domain Name System (DNS) introduced the
idea of a distributed database for this purpose and the DNS is one of the key reasons that the
Internet has grown as it has. A PKI will fill a similar void in the e-commerce and PKC realm.

While certificates and the benefits of a PKI are most often associated with electronic commerce,
the applications for PKI are much broader and include secure electronic mail, payments and
electronic checks, Electronic Data Interchange (EDI), secure transfer of Domain Name System
(DNS) and routing information, electronic forms, and digitally signed documents. A single
"global PKI" is still many years away, that is the ultimate goal of today's work as international

SECURITY CONSIDERATIONS PAGE | 123

Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

electronic commerce changes the way in which we do business in a similar way in which the
Internet has changed the way in which we communicate.

Review: https://dict.gov.ph/pnpki/ or read below:

Philippine National Public Key Infrastructure (PNPKI)

Public Key Infrastructure (PKI) allows users of public networks like the Internet to exchange
private data securely. PKI is essentially a set of hardware, software, policies, personnel and
procedures needed to create, manage, distribute, use, store and revoke digital certificates. The
PKI is one of the core services being offered by the Department of Information and
Communications Technology (DICT) that will foster trust in the government by ensuring secure
and reliable online transactions.

All government online applications stand to benefit from the use of the PKI, ultimately
improving the delivery of government services to citizens. At the heart of the PKI is the concept
of digital certificates. These certificates are very small files that can be stored on your computer,
an ordinary flash drive or USB token. Through the use of certificates issued and digitally signed
by a Certificate Authority (CA), the PKI authenticates the data source and ensures data had not
been tampered with in transit. PKI can also be used to encrypt data such as email or online
transactions.

If your agency uses email communication or has online transactions with other agencies or the
public, or if your agency plans to do so, then you need PKI. Among the applications that use
PKI are:
• Authentication in Web Applications
• Electronic Documents and Forms Signing
• Virtual Private Networks (VPNs)
• Wireless Networks
• Email and Instant Messaging

Some applications, such as email, are fairly easy to configure and integrate with PKI. These
applications only require the users to register and receive their digital certificates. More
complicated applications, such as those used for online transactions, would require extended
development time. Eventually, digital certificates will be issued to private individuals to facilitate
transactions with government as well as to secure their personal electronic communication.
Wouldn’t it be nice if we can file our income tax returns online, bid on government procurement
proceedings, apply for loans, and pay our taxes in the convenience of our home, knowing full
well that our transactions are secure and tamper-proof? All these applications require the PKI,
and it is only a matter of time before they become a reality.

WHO CAN AVAIL

SECURITY CONSIDERATIONS PAGE | 124

Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

• Government agencies and personnel

• Private individuals
• Government computers, servers and machines

BENEFITS
• Vastly improves verifiable identification of an individual or entity
Passwords are often, if not exclusively, used to authorize access to computer systems and
applications. A password, even one with a 10-character length, only provides 80-bits of security,
and inconvenient discipline must be imposed on users so the passwords they create are not easily
breached. A Digital Certificate issued by the PKI will have at a minimum of 2048-bit system
generated key to further ensure user identity. This is actually an oversimplified comparison since
the complex computations add significant obstacles to those that would compromise a Digital
Certificate.
• Digital Certificates imbue on to data sufficient integrity for acceptance as evidence in a
court of law

The Philippines, United States, Canada, Korea, Singapore and Malaysia already have laws which
provide the legal framework for formally recognizing digitally signed data as proper evidence for
courts.
This allows a document in digital form to be signed as if it were a paper document. Moreover,
the “signing” also makes the document tamper-proof since the smallest change (1-bit) will be
detected upon verification.
• Provides significant protection against unauthorized access of common communications
The government already relies on Information and Communications Technology (ICT)
and this is increasing. ICT, however, cannot be secured by traditional methods because
of their very nature. Encryption methods being used are not regulated. Moreover, the use
of ICT by criminals and enemies of the state requires that legitimate users employ
similar, if not better, technologies to keep ahead. To put the PKI’s 4096-bit capability
into perspective, Wi-Fi at most can use a 14character or 96-bit “password” by which to
encrypt traffic.

Read: “How to optimize your website for voice search” and “Why to enable your website for
voice search” for your better understanding.

Activities/Assessments:

List down types of cryptography, write the pros and cons of each in a yellow paper or save and
send to schoology account as Assign17 LN, Yr. and Sec doc file

SECURITY CONSIDERATIONS PAGE | 125

Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Explain the application of public key infrastructure in DICT, bulleted list minimum of 5 to 8
applications in a yellow paper or save and send file to schoology account as Assign18 LN, Yr.
and Sec doc file

SECURITY CONSIDERATIONS PAGE | 126

Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Part IV. E-Commerce Law & Cybercrime Act in the Philippines

CHAPTER 10. RA 8792 & RA 10175

Overview

RA 8792 also know as E-commerce Act, aims to facilitate domestic and international dealings,
transactions, arrangements agreements, contracts and exchanges and storage of information
through the utilization of electronic, optical and similar medium, mode, instrumentality and
technology to recognize the authenticity and reliability of electronic documents.

RA 10175, Cybercrime Act punishes content-related offenses such as cybersex, child

pornography and libel which may be committed through a computer system. It also

Learning Objectives:

At the end of this lesson, students should be able to:

1. Understand e-commerce law
2. Understand and discuss the e-commerce issues and cybercrime

Topics:
Introduction
Philippine e-commerce promotion framework
Philippine e-commerce roadmap
Salient features of e-commerce law
Summary of Cybercrime

E-commerce Law

On 14 June 2000, President Joseph E. Estrada signed into law R.A. 8792 "An Act Providing for
the Recognition and Use of Electronic Commercial and Non-Commercial Transactions, Penalties
for Unlawful Use Thereof, And Other Purposes, also known as the "Electronic Commerce Act.”
It is a landmark legislation in the history of the Philippines. Not only has this bill made the
country a legitimate player in the global marketplace. The Philippine Internet community has
played a major role in pushing for its passage. The law took effect last June 19, 2000.

With the Philippines relaxed stock market listing rules plus a proposed vibrant investment
priorities program in place, Filipinos here and abroad, and its foreign partners, have something to

127
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

look forward for. Below is the framework for the promotion of e-commerce presented by
Department of Trade and Industry (DTI)

The framework for the promotion of E-commerce*

Philippine E-commerce Roadmap as

described by DITC/DTI*
Leadership
Internet access
E-government
Education
Logistics
Consumer protection
Law enforcement
Tax system
Electronic payment
E-banking

128
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Data privacy
Information security
Policies
Seal of trust
Education

The salient features of Republic Act 8792:

1. It gives legal recognition of electronic data messages, electronic documents, and electronic
signatures. (Section 6 to 13)

2. Allows the formation of contracts in electronic form. (Section 16)

3. Makes banking transactions done through ATM switching networks absolute once
consummated. (Section 16)

4. Parties are given the right to choose the type and level of security methods that suit their
needs. (Section 24)

5. Provides the mandate for the electronic implementation of transport documents to facilitate
carriage of goods. This includes documents such as, but not limited to, multi-modal, airport,
road, rail, inland waterway, courier, post receipts, transport documents issued by freight
forwarders, marine/ocean bill of lading, non-negotiable seaway bill, charter party bill of
lading. (Section 25 and 26)

6. Mandates the government to have the capability to do e-commerce within 2 years or before
June 19, 2002. (Section 27)

7. Mandates RPWeb to be implemented. RPWeb is a strategy that intends to connect all

government offices to the Internet and provide universal access to the general public. The
Department of Transportation and Communications, National Telecommunications
Commission, and National Computer Center will come up with policies and rules that shall
lead to substantial reduction of costs of telecommunication and Internet facilities to ensure
the implementation of RPWeb. (Section 28)

8. Made cable, broadcast, and wireless physical infrastructure within the activity of
telecommunications. (Section 28)

9. Empowers the Department of Trade and Industry to supervise the development of e-

commerce in the country. It can also come up with policies and regulations, when needed, to
facilitate the growth of e-commerce. (Section 29)

129
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

10. Provided guidelines as to when a service provider can be liable. (Section 30)

11. Authorities and parties with the legal right can only gain access to electronic documents,
electronic data messages, and electronic signatures. For confidentiality purposes, it shall not
be shared or conveyed to any other person. (Section 31 and 32)

12. Hacking or cracking, refers to unauthorized access including the introduction of computer
viruses, is punishable by a fine from 100 thousand to maximum commensuration for the
damage. With imprisonment from 6 months to 3 years. (Section 33)

13. Piracy using telecommunication networks, such as the Internet, that infringes intellectual
property rights is punishable. The penalties are the same as hacking. (Section 33)

14. All existing laws such as the Consumer Act of the Philippines also applies to e-commerce
transactions. (Section 33)

Anyone who uses the Internet, computer, cellular phone, and other IT-enabled devices has the
duty to know RA8792. As the old saying goes, “Ignorance of the law does not excuse anyone.”

Hacking, cracking, piracy is a crime under RA8792. Below is a Cybercrime Penalties

infographics created by Digital Pilipino, owned by Ms Janet Toral, the mother of e-commerce in
the Philippines.

130
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

RA 10175: Cybercrime Prevention Act

Republic Act 10175 – Cybercrime Prevention Act was signed into law last September 12, 2012.

131
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

This law is already in effect as the Supreme Court uphold its constitutionality (February
18, 2014). Although some provisions were deemed as unconstitutional (struck down) particularly
Sections 4(c)(3), 7, 12, and 19.

It is a law considered to be 11 years in the making as various groups, organizations, and

personalities lobbied for its passage. It took a while for the law to be passed as legislators and
various stakeholders need to understand the magnitude of cybercrime and whether the penalty
provisions indicated in the E-Commerce Law.

Types of Cybercrime Penalty

1. Illegal access Prision mayor (imprisonment of six years

Unauthorized access (without right) to a computer system and 1 day up to 12 years) or a fine of at
or application. least Two hundred thousand pesos
(P200,000) up to a maximum amount
commensurate to the damage incurred or
BOTH. ————————If committed
against critical infrastructure:Reclusion
temporal (imprisonment for twelve years
and one day up to twenty years) or a fine of
at least Five hundred thousand pesos
(P500,000) up to a maximum amount
commensurate to the damage incurred or
BOTH

– same as above
2. Illegal interception
Unauthorized interception of any non-public transmission
of computer data to, from, or within a computer system.

132
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

– same as above

3. Data Interference
Unauthorized alteration, damaging, deletion or
deterioration of computer data, electronic document, or
electronic data message, and including the introduction or
transmission of viruses. Authorized action can also be
covered by this provision if the

action of the person went beyond agreed scope resulting

to damages stated in this provision.

4. System Interference
Unauthorized hindering or interference with the
functioning of a computer or computer network by
inputting, transmitting, damaging, deleting, deteriorating,
altering or suppressing computer data or program,
electronic document, or electronic data messages, and – same as above
including the introduction or transmission of viruses.
Authorized action can also be covered by this provision if
the action of the person went beyond agreed scope
resulting to damages stated in this provision.

133
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

5. Misuse of devices
The unauthorized use, possession, production, sale,
procurement, importation, distribution, or otherwise
making available, of devices, computer program designed
or adapted for the purpose of committing any of the
– same as above except fine should be no
offenses stated in Republic Act 10175.Unauthorized use
more than five hundred thousand pesos
of computer password, access code, or similar data by
(P500,000).
which the whole or any part of a computer system is
capable of being accessed with intent that it be used for
the purpose of committing any of the offenses under
Republic Act 10175.

6. Cyber-squatting
Acquisition of domain name over the Internet in bad faith
to profit, mislead, destroy reputation, and deprive others
from the registering the same. This includes those
existing trademarks at the time of registration; names of
persons other than the registrant; and acquired with
intellectual property interests in it. Those who get domain
names of prominent brands and individuals which in turn – same as above
is used to damage their reputation – can be sued under
this provision. Note that freedom of expression and
infringement on trademarks or names of person are
usually treated separately. A party can exercise freedom
of expression without necessarily violating the
trademarks of a brand or names of people.

134
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

7. Computer-related Forgery
Unauthorized input, alteration, or deletion of computer
data resulting to inauthentic data with the intent that it be Prison mayor (imprisonment of six years
considered or acted upon for legal purposes as if it were and 1 day up to 12 years) or a fine of at
authentic, regardless whether or not the data is directly least Two hundred thousand pesos
readable and intelligible; or The act of knowingly using (P200,000) up to a maximum amount
computer data which is the product of computer-related commensurate to the damage incurred or
forgery as defined here, for the purpose of perpetuating a BOTH.
fraudulent or dishonest design.

8. Computer-related Fraud
Unauthorized input, alteration, or deletion of computer – same as above Provided, that if no
data or program or interference in the functioning of a damage has yet been caused, the penalty
computer system, causing damage thereby with imposed shall be one (1) degree lower.
fraudulent intent.

9. Computer-related Identity Theft

Unauthorized acquisition, use, misuse, transfer,
possession, alteration or deletion of identifying – same as above
information belonging to another, whether natural or
juridical.

10. Cybersex
Willful engagement, maintenance, control, or operation,
directly or indirectly, of any lascivious exhibition of
sexual organs or sexual activity, with the aid of a Prison mayor (imprisonment of six years
computer system, for favor or consideration. There is a and 1 day up to 12 years) or a fine of at
discussion on this matter if it involves “couples” or least Two hundred thousand pesos
“people in relationship” who engage in cybersex. For as (P200,000) but not exceeding One million
long it is not done for favor or consideration, I don’t think pesos (P1,000,000) or BOTH.
it will be covered. However, if one party (in a couple or
relationship) sues claiming to be forced to do cybersex,
then it can be covered.

135
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

11. Child Pornography

Penalty to be imposed shall be one (1)
Unlawful or prohibited acts defined and punishable by degree higher than that provided for in
Republic Act No. 9775 or the Anti-Child Pornography Republic Act 9775, if committed through a
Act of 2009, committed through a computer system. computer system.

****** Unsolicited Commercial

Communications (SPAMMING)
THIS PROVISION WAS STRUCK DOWN BY THE
SUPREME COURT AS UNCONSTITUTIONAL.

Imprisonment of one (1) degree lower than

12. Aiding or Abetting in the commission of that of the prescribed penalty for the offense
cybercrime or a fine of at least One hundred thousand
– Any person who willfully abets or aids in the pesos (P100,000) but not exceeding Five
commission of any of the offenses enumerated in this Act hundred thousand pesos (P500,000) or both.
shall be held liable.

13. Attempt in the commission of cybercrime Any – same as above

person who willfully attempts to commit any of the
offenses enumerated in this Act shall be held liable.

136
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

14. Libel
Unlawful or prohibited acts of libel as defined in Article
355 of the Revised Penal Code, as amended committed
through a computer system or any other similar means
which may be devised in the future. Revised Penal Code
Art. 355 states Libel means by writings or similar means.
— A libel committed by means of writing, printing,
lithography, engraving, radio, phonograph, painting,
theatrical exhibition, cinematographic exhibition, or any
similar means, shall be punished by prison correctional in Penalty to be imposed shall be one (1) degree
its minimum and medium periods or a fine ranging from higher than that provided for by the Revised
200 to 6,000 pesos, or both, in addition to the civil action Penal Code, as amended, and special laws, as
which may be brought by the offended party. The the case may be.
Cybercrime Prevention Act strengthened libel in terms of
penalty provisions. The electronic counterpart of libel has
been recognized since the year 2000 when the E-
Commerce Law was passed. The ECommerce Law
empowered all existing laws to recognize its electronic
counterpart whether commercial or not in nature.

15. All crimes defined and penalized by the Revised

Penal Code, as amended, and special laws, if committed Penalty to be imposed shall be one (1)
by, through and with the use of information and degree higher than that provided for by the
communications technologies shall be covered by the Revised Penal Code, as amended, and
relevant provisions of this Act. special laws, as the case may be.

137
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Although not exactly a cybercrime, I am including this

here as penalties are also imposed by the law.
For sanctioned actions, Juridical person
16. Corporate Liability. (Section 9)
shall be held liable for a fine equivalent to
When any of the punishable acts herein defined are at least double the fines imposable in
knowingly committed on behalf of or for the benefit of a Section 7 up to a maximum of Ten million
juridical person, by a natural person acting either pesos (P10,000,000).For neglect such as
individually or as part of an organ of the juridical person, misuse of computer resources that resulted
who has a leading position within, based on:(a) a power to cybercrime committed in organization
of representation of the juridical person provided the act physical or virtual premises or resources,
committed falls within the scope of such authority;(b) an juridical person shall be held liable for a
authority to take decisions on behalf of the juridical fine equivalent to at least double the fines
person. Provided, That the act committed falls within the imposable in Section 7 up to a maximum of
scope of such authority; or(c) an authority to exercise Five million pesos (P5,000,000).Criminal
control within the juridical person, It also includes liability may still apply to the natural
commission of any of the punishable acts made possible person.
due to the lack of supervision or control.

Watch : https://www.facebook.com/watch/digitalfilipinoclub
Review: https://www.mondaq.com/corporatecommercial-law/9200/electronic-
commerceactrepublic-act-no-8792

138
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Part V. Final Requirement: E-commerce Website.

(Team of 2)

1. Choose your e-commerce website from the following products.

Qualify your products. Example: lady’s shoes, men’s shoes, etc.
1. Shoes
2. Shirts and pants
3. Bags
4. Laundry materials
5. Jewelries
6. Books
7. School supplies
8. Plants decoration
9. Organic plants
10. Real estate
11. For other topics, get the approval of your professor.

2. Integrate in your project the lessons learned: e-commerce principles, concepts, marketing
and sales strategies, how your products will be paid, the delivery system, the security
measures, communication framework and legal aspect. Below is a sample guide for your
ecommerce project and website development.

What Sort of E-commerce Business Are you?

Identify your e-Commerce Business Structure
Identify the Scale of your product range differentiate your
business.

Establishing the Core Foundations

Build the right website.
build your business for profit and growth.
Select your products and promotions.

I have Built it: Why they have not come? (Aka Marketing)
Research your Marketing Plan
Creating your Marketing Plan
Test, Measure and Optimize your Marketing.
Polytechnic University of the Philippines

PAGE | 134

FINAL REQUIREMENT Additional References /Sources

.
https://www.business2community.com/ecommerce/future-of-electronic-payments-in-2019-
02192494 https://www.techfunnel.com/fintech/e-commerce-applications-in-
banking/
https://sumo.com/stories/ecommerce-chatbot-marketing https://www.volusion.com/blog/what-
ism-commerce/
https://jasoren.com/how-chatbot-integration-benefits-e-commerce-retailers/
https://www.miva.com/blog/the-history-of-ecommerce-how-did-it-all-begin/
https://blog.hubspot.com/sales/value-chain-analysis
https://theinvestorsbook.com/porters-value-chain.html
https://www.webfx.com/blog/webdesign/online-payment-systems/
https://www.bigcommerce.com/blog/ecommerce-shipping/#shipping-solutions-for-
ecommercesellers
https://www.unilogcorp.com/blog/3-steps-to-strengthen-your-ecommerce-infrastructure/
https://www.disruptiveadvertising.com/ppc/step-step-guide-keyword-research/
https://www.webfx.com/blog/web-design/online-payment-systems/
Lawyers in the Networld, M. Ethan Katsh (http://www.ascusc.org/jcmc/vol2/issue/katsh.html)

Internet / E-Commerce, Henry M. Blodget, 22 June 1999.

Merril Lynch (In-depth Report) "Internet in the Philippines-caught in the web" 23 March 2000

e-primer (An Introduction to E-Commerce) January 2000, E.C. Lallana, R.S. Quimbao and Z.B.
Andam)

"Electronic Commerce and Consumers”, Heathes Rome, International Business Lawyer, April
1998 a

140
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

ADDITIONAL REFERENCES/SOURCES Appendix 1. RA 8792

Republic of the Philippines

Congress of the Philippines
Metro Manila
Eleventh Congress
Second Regular Session
Begun and held in Metro Manila, on Monday, the fourteenth June, two thousand.
Republic Act No. 8792

AN ACT PROVIDING FOR THE RECOGNITION AND USE OF ELECTRONIC

COMMERCIAL
AND NON -COMMERCIAL TRANSACTIONS AND DOCUMENTS, PENALTIES FOR
UNLAWFUL USE THEREOF AND FOR OTHER PURPOSES

Be it enacted by the Senate and House of Representatives of the Republic of the Philippines in
Congress assembled:
PART I
SHORT TITLE AND DECLARATION OF POLICY

Sec. 1. Short Title. – This Act shall be known as the “Electronic Commerce Act”.
Sec. 2. Declaration of Policy. – The State recognizes the vital role of information and
communications technology (ICT) in nation-building; the need to create an information-friendly
environment which supports and ensures the availability, diversity and affordability of ICT
products and services; the primary responsibility of the private sector in contributing investments
and services in telecommunications and information technology; the need to develop, with
appropriate training programs and institutional policy changes, human resources for the
information technology age, a labor force skilled in the use of ICT and a population capable of
operating and utilizing electronic appliances and computers; its obligation to facilitate the
transfer and promotion of adaptation technology, to ensure network security, connectivity and
neutrality of technology for the national benefit; and the need to marshal, organize and deploy
national information infrastructures, comprising in both telecommunications network and
strategic information services, including their interconnection to the global information
networks, with the necessary and appropriate legal, financial, diplomatic and technical
framework, systems and facilities.

141
Polytechnic University of the Philippines

PART II
ELECTRONIC COMMERCE IN GENERAL

Sec. 3. Objective. – This Act aims to facilitate domestic and international dealings, transactions,
arrangements, agreements, contracts and exchanges and storage of information through the
utilization of electronic, optical and similar medium, mode, instrumentality and technology to
recognize the authenticity and reliability of electronic documents related to such activities and to
promote the universal use of electronic transaction in the government and general public. Sec. 4.
Sphere of Application. This Act shall apply to any kind of data message and electronic
document used in the context of commercial and non-commercial activities to include domestic
and international dealings, transactions, arrangements, agreements, contracts and exchanges and
storage of information.

Sec. 5. Definition of Terms. For the purposes of this Act, the following terms are defined, as
follows:

142
Polytechnic University of the Philippines

a. Addressee refers to a person who is intended by the originator to receive the electronic
data message or electronic document. The term does not include a person acting as an
intermediary with respect to that electronic data message or electronic document.
b. Computer refers to any device or apparatus which, by electronic, electro-mechanical or
magnetic impulse, or by other means, is capable of receiving, recording, transmitting, storing,
processing, retrieving, or producing information, data, figures, symbols or other modes of written
expression according to mathematical and logical rules or of performing any one or more of
those functions.
c. Electronic Data message refers to information generated, sent, received or stored by
electronic, optical or similar means.
d. Information and communication system refers to a system intended for and capable of
generating, sending, receiving, storing or otherwise processing electronic data messages or
electronic documents and includes the computer system or other similar device by or in which
data is recorded or stored and any procedures related to the recording or storage of electronic
data message or electronic document.
e. Electronic signature refers to any distinctive mark, characteristic and/or sound in
electronic form, representing the identity of a person and attached to or logically associated with
the electronic data message or electronic document or any methodology or procedures employed
or adopted by a person and executed or adopted by such person with the intention of
authenticating or approving an electronic data message or electronic document.
f. Electronic document refers to information or the representation of information, data,
figures, symbols or other modes of written expression, described or however represented, by
which a right is established or an obligation extinguished, or by which a fact may be proved and
affirmed, which is received, recorded, transmitted, stored, processed, retrieved or produced
electronically.
g. Electronic key refers to a secret code which secures and defends sensitive information
that crosses over public channels into a form decipherable only with a matching electronic key.
h. Intermediary refers to a person who in behalf of another person and with respect to a
particular electronic document sends, receives and/or stores or provides other services in respect
of that electronic document.
i. Originator refers to a person by whom, or on whose behalf, the electronic document
purports to have been created, generated and/or sent . The term does not include a person acting
as an intermediary with respect to that electronic document. j. Service provider refers to a
provider of –
(i) On-line services or network access, or the operator of facilities therefor, including entities
offering the transmission, routing, or providing of connections for online communications,
digital or otherwise, between or among points specified by a user, of electronic documents of the
user’s choosing; or
(ii) The necessary technical means by which electronic documents of an originator may be
stored and made accessible to a designated or undesignated third party;
Such service providers shall have no authority to modify or alter the content of the electronic
data message or electronic document received or to make any entry therein on behalf of the

143
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

originator, addressee or any third party unless specifically authorized to do so, and who shall
retain the electronic document in accordance with the specific request or as necessary for the
purpose of performing the services it was engaged to perform.
COLLEGE OF COMPUTER AND INFORMATION SCIENCES

CHAPTER II
LEGAL RECOGNITION OF ELECTRONIC WRITING
OR DOCUMENT AND DATA MESSAGES

Sec. 6. Legal Recognition of Data Messages. – Information shall not be denied legal effect,
validity or enforceability solely on the grounds that it is in the data message purporting to give
rise to such legal effect, or that it is merely referred to in that electronic data message.
Sec. 7. Legal Recognition of Electronic Documents. Electronic documents shall have the legal
effect, validity or enforceability as any other document or legal writing, and –
(a) Where the law requires a document to be in writing, that requirement is met by an electronic
document if the said electronic document maintains its integrity and reliability and can be
authenticated so as to be usable for subsequent reference, in that –
(i) The electronic document has remained complete and unaltered, apart from the addition of
any endorsement and any authorized change, or any change which arises in the normal course of
communication, storage and display; and
(ii) The electronic document is reliable in the light of the purpose for which it was generated
and in the light of all the relevant circumstances.
(b) Paragraph (a) applies whether the requirement therein is in the form of an obligation or
whether the law simply provides consequences for the document not being presented or retained
in its original form.
(c) Where the law requires that a document be presented or retained in its original form, that
requirement is met by an electronic document if –
(i) There exists a reliable assurance as to the integrity of the document from the time when it
was first generated in its final form; and
(ii) That document is capable of being displayed to the person to whom it is to be presented:
Provided, That no provision of this Act shall apply to vary any and all requirements of existing
laws on formalities required in the execution of documents for their validity.
For evidentiary purposes, an electronic document shall be the functional equivalent of a written
document under existing laws.
This Act does not modify any statutory rule relating to the admissibility of electronic data
messages or electronic documents, except the rules relating to authentication and best evidence.
Sec. 8. Legal Recognition of Electronic Signatures. An electronic signature on the electronic
document shall be equivalent to the signature of a person on a written document if that signature
is proved by showing that a prescribed procedure, not alterable by the parties interested in the
electronic document, existed under which –

144
Polytechnic University of the Philippines

a.) A method is used to identify the party sought to be bound and to indicate said party’s access
to the electronic document necessary for his consent or approval through the electronic signature;
b.) Said method is reliable and appropriate for the purpose for which the electronic document
was generated or communicated, in the light of all the circumstances, including any relevant
agreement;
c.) It is necessary for the party sought to be bound, in order to proceed further with the
transaction, to have executed or provided the electronic signature; and
d.) The other party is authorized and enabled to verify the electronic signature and to make the
decision to proceed with the transaction authenticated by the same.
Sec. 9. Presumption Relating to Electronic Signatures. – In any proceedings involving an
electronic signature, it shall be presumed that –
a.) The electronic signature is the signature of the person to whom it correlates; and
b.) The electronic signature was affixed by that person with the intention of signing or approving
the electronic document unless the person relying on the electronically signed electronic
document knows or has notice of defects in or unreliability of the signature or reliance on the
electronic signature is not reasonable under the circumstances.

SEC. 10. Original Documents. – (1) Where the law requires information to be presented or
retained in its original form, that requirement is met by an electronic data message or electronic
document if:
(a) the integrity of the information from the time when it was first generated in its final form, as
an electronic data message or electronic document is shown by evidence aliunde or otherwise;
and (b) where it is required that information be presented, that the information is capable of
being displayed to the person to whom it is to be presented.
(2) Paragraph (1) applies whether the requirement therein is in the form of an obligation or
whether the law simply provides consequences for the information not being presented or
retained in its original form.
(3) For the purposes of subparagraph (a) of paragraph (1):
(a) the criteria for assessing integrity shall be whether the information has remained complete
and unaltered, apart from the addition of any endorsement and any change which arises in the
normal course of communication, storage and display; and
(b) the standard of reliability required shall be assessed in the light of the purpose for which
the information was generated and in the light of all relevant circumstances.
SEC. 11. Authentication of Electronic Data Messages and Electronic Documents. – Until the
Supreme Court by appropriate rules shall have so provided, electronic documents, electronic data
messages and electronic signatures, shall be authenticated by demonstrating, substantiating and
validating a claimed identity of a user, device, or another entity in an information or
communication system, among other ways, as follows:
(a) The electronic signature shall be authenticated by proof that a letter, character, number or
other symbol in electronic form representing the persons named in and attached to or logically
associated with an electronic data message, electronic document, or that the appropriate
methodology or security procedures, when applicable, were employed or adopted by a person

145
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

and executed or adopted by such person, with the intention of authenticating or approving an
electronic data message or electronic document;
(b) The electronic data message and electronic document shall be authenticated by proof that
an appropriate security procedure, when applicable was adopted and employed for the purpose of
verifying the originator of an electronic data message and/or electronic document, or detecting
error or alteration in the communication, content or storage of an electronic document or
electronic data message from a specific point, which, using algorithm or codes, identifying words
or numbers, encryptions, answers back or acknowledgement procedures, or similar security
devices.
The Supreme Court may adopt such other authentication procedures, including the use of
electronic notarization systems as necessary and advisable, as well as the certificate of
authentication on printed or hard copies of the electronic document or electronic data messages
by electronic notaries, service providers and other duly recognized or appointed certification
authorities.
The person seeking to introduce an electronic data message and electronic document in any legal
proceeding has the burden of proving its authenticity by evidence capable of supporting a finding
that the electronic data message and electronic document is what the person claims it to be. In the
absence of evidence to the contrary, the integrity of the information and communication system
in which an electronic data message or electronic document is recorded or stored may be
established in any legal proceeding –
(a) By evidence that at all material times the information and communication system or other
similar device was operating in a manner that did not affect the integrity of the electronic data
message and/or electronic document, and there are no other reasonable grounds to doubt the
integrity of the information and communication system;
(b) By showing that the electronic data message and/or electronic document was recorded or
stored by a party to the proceedings who is adverse in interest to the party using it; or
(c) By showing that the electronic data message and/or electronic document was recorded or
stored in the usual and ordinary course of business by a person who is not a party to the
proceedings and who did not act under the control of the party using the record.

146
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

SEC.

12. Admissibility and Evidential Weight of Electronic Data Message and Electronic
Documents. – In any legal proceedings, nothing in the application of the rules on evidence shall
deny the admissibility of an electronic data message or electronic document in evidence – a. On
the sole ground that it is in electronic form; or
b. On the ground that it is not in the standard written form and electronic data message or
electronic document meeting, and complying with the requirements under Sections 6 or 7 hereof
shall be the best evidence of the agreement and transaction contained therein.
In assessing the evidential weight of an electronic data message or electronic document, the
reliability of the manner in which it was generated, stored or communicated, the reliability of the
manner in which its originator was identified, and other relevant factors shall be given due
regard. SEC. 13. Retention of Electronic Data Message and Electronic Document. –
Notwithstanding any provision of law, rule or regulation to the contrary –
(a) The requirement in any provision of law that certain documents be retained in their original
form is satisfied by retaining them in the form of an electronic data message or electronic
document which –
i. Remains accessible so as to be usable for subsequent reference; ii. Is retained in the format in
which it was generated, sent or received, or in a format which can be demonstrated to accurately
represent the electronic data message or electronic document generated, sent or received; iii.
Enables the identification of its originator and addressee, as well as the determination of the date
and the time it was sent or received.
(b) The requirement referred to in paragraph (a) is satisfied by using the services of a third party,
provided that the conditions set forth in subparagraphs (i), (ii) and (iii) of paragraph (a) are met.
SEC. 14. Proof By Affidavit. – The matters referred to in Section 12, on admissibility and Section
9, on the presumption of integrity, may be presumed to have been established by an affidavit
given to the best of the deponent’s knowledge subject to the rights of parties in interest as
defined in the following section.
SEC. 15. Cross-Examination. – (1) A deponent of an affidavit referred to in Section 14 that has
been introduced in evidence may be cross-examined as of right by a party to the proceedings
who is adverse in interest to the party who has introduced the affidavit or has caused the affidavit
to be introduced.
(2) Any party to the proceedings has the right to cross-examine a person referred to in Section
11, paragraph 4, sub-paragraph c.

CHAPTER III

COMMUNICATION OF ELECTRONIC DATA MESSAGES AND

ELECTRONIC DOCUMENTS
SEC. 16. Formation and Validity of Electronic Contracts. – (1) Except as otherwise agreed by
the parties, an offer, the acceptance of an offer and such other elements required under existing
laws for the formation of contracts may be expressed in, demonstrated and proved by means of

147
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

SEC.
electronic data message or electronic documents and no contract shall be denied validity or
enforceability on the sole ground that it is in the form of an electronic data message or electronic
document, or that any or all of the elements required under existing laws for the formation of the
contracts is expressed, demonstrated and proved by means of electronic documents.
(2) Electronic transactions made through networking among banks, or linkages thereof with other
entities or networks, and vice versa, shall be deemed consummated upon the actual dispensing of
cash or the debit of one account and the corresponding credit to another, whether such
transaction is initiated by the depositor or by an authorized collecting party: Provided, that the
obligation of one bank, entity, or person similarly situated to another arising therefrom shall be
considered absolute and shall not be subjected to the process of preference of credits.
17. Recognition by Parties of Electronic Data Message or Electronic Document. – As
between the originator and the addressee of a electronic data message or electronic document, a
declaration of will or other statement shall not be denied legal effect, validity or enforceability
solely on the ground that it is in the form of a electronic data message.
SEC. 18. Attribution of Electronic Data Message. – (1) An electronic data message or electronic
document is that of the originator if it was sent by the originator himself.
(2) As between the originator and the addressee, an electronic data message or electronic
document is deemed to be that of the originator if it was sent:
(a) by a person who had the authority to act on behalf of the originator with respect to that
electronic data message or electronic document; or
(b) by an information system programmed by, or on behalf of the originator to operate
automatically.
(3) As between the originator and the addressee, an addressee is entitled to regard an electronic
data message or electronic document as being that of the originator, and to act on that
assumption, if:
(a) in order to ascertain whether the electronic data message or electronic document was that
of the originator, the addressee properly applied a procedure previously agreed to by the
originator for that purpose; or
(b) the electronic data message or electronic document as received by the addressee resulted
from the actions of a person whose relationship with the originator or with any agent of the
originator enabled that person to gain access to a method used by the originator to identify
electronic data messages as his own.
(4) Paragraph (3) does not apply:
(a) as of the time when the addressee has both received notice from the originator that the
electronic data message or electronic document is not that of the originator, and has reasonable
time to act; accordingly, or
(b) in a case within paragraph (3) sub-paragraph (b), at any time when the addressee knew or
should have known, had it exercised reasonable care or used any agreed procedure, that the
electronic data message or electronic document was not that of the originator.
(5) Where an electronic data message or electronic document is that of the originator or is
deemed to be that of the originator, or the addressee is entitled to act on that assumption, then, as

148
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

SEC.
between the originator and the addressee, the addressee is entitled to regard the electronic data
message or electronic document as received as being what the originator intended to send, and to
act on that assumption. The addressee is not so entitled when it knew or should have known, had
it exercised reasonable care or used any agreed procedure, that the transmission resulted in any
error in the electronic data message or electronic document as received.
(6) The addressee is entitled to regard each electronic data message or electronic document
received as a separate electronic data message or electronic document and to act on that
assumption, except to the extent that it duplicates another electronic data message or electronic
document and the addressee knew or should have known, had it exercised reasonable care or
used any agreed procedure, that the electronic data message or electronic document was a
duplicate. SEC. 19. Error on Electronic Data Message or Electronic Document. – The addressee
is entitled to regard the electronic data message or electronic document received as that which
the originator intended to send, and to act on that assumption, unless the addressee knew or
should have known, had the addressee exercised reasonable care or used the appropriate
procedure – (a) That the transmission resulted in any error therein or in the electronic document
when the electronic data message or electronic document enters the designated information
system, or (b) That electronic data message or electronic document is sent to an information
system which is not so designated by the addressee for the purpose.
20. Agreement on Acknowledgment of Receipt of Electronic Data Messages or Electronic
Documents. – The following rules shall apply where, on or before sending an electronic data
message or electronic document, the originator and the addressee have agreed, or in that
electronic document or electronic data message, the originator has requested, that receipt of the
electronic document or electronic data message be acknowledged:
(a) Where the originator has not agreed with the addressee that the acknowledgment be given
in a particular form or by a particular method, an acknowledgment may be given by or through
any communication by the addressee, automated or otherwise, or any conduct of the addressee,
sufficient to indicate to the originator that the electronic data message or electronic document has
been received.
(b) Where the originator has stated that the effect or significance of the electronic data
message or electronic document is conditional on receipt of the acknowledgment thereof, the
electronic data message or electronic document is treated as though it has never been sent, until
the acknowledgment is received.
(c) Where the originator has not stated that the effect or significance of the electronic data
message or electronic document is conditional on receipt of the acknowledgment, and the
acknowledgment has not been received by the originator within the time specified or agreed or, if
no time has been specified or agreed, within a reasonable time, the originator may give notice to
the addressee stating that no acknowledgment has been received and specifying a reasonable
time by which the acknowledgment must be received; and if the acknowledgment is not received
within the time specified in subparagraph (c), the originator may, upon notice to the addressee,
treat the electronic document or electronic data message as though it had never been sent, or
exercise any other rights it may have.

149
Polytechnic University of the Philippines

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

SEC.
SEC. 21. Time of Dispatch of Electronic Data Messages or Electronic Documents. – Unless
otherwise agreed between the originator and the addressee, the dispatch of an electronic data
message or electronic document occurs when it enters an information system outside the control
of the originator or of the person who sent the electronic data message or electronic document on
behalf of the originator.
SEC. 22. Time of Receipt of Electronic Data Messages or Electronic Documents. – Unless
otherwise agreed between the originator and the addressee, the time of receipt of an electronic
data message or electronic document is as follows:
(a.) If the addressee has designated an information system for the purpose of receiving
electronic data message or electronic document, receipt occurs at the time when the electronic
data message or electronic document enters the designated information system: Provided,
however, that if the originator and the addressee are both participants in the designated
information system, receipt occurs at the time when the electronic data message or electronic
document is retrieved by the addressee.
(b.) If the electronic data message or electronic document is sent to an information system of
the addressee that is not the designated information system, receipt occurs at the time when the
electronic data message or electronic document is retrieved by the addressee.
(c.) If the addressee has not designated an information system, receipt occurs when the
electronic data message or electronic document enters the information system of the addressee.
These rules apply notwithstanding that the place where the information system is located may be
different from the place where the electronic data message or electronic document is deemed to
be received.
SEC. 23. Place of Dispatch and Receipt of Electronic Data Messages or Electronic Documents.
– Unless otherwise agreed between the originator and the addressee, an electronic data message
or electronic document is deemed to be dispatched at the place where the originator has its place
of business and received at the place where the addressee has its place of business. This rule shall
apply even if the originator or addressee had used a laptop or other portable device to

150
Polytechnic University of the Philippines

transmit or receive his electronic data message or electronic document. This rule shall also apply
to determine the tax situs of such a transaction.
For the purpose hereof –
a. If the originator or the addressee has more than one place of business, the place of business
is that which has the closest relationship to the underlying transaction or, where there is no
underlying transaction, the principal place of business.
b. If the originator of the addressee does not have a place of business, reference is to be made
to its habitual residence; or
c. The usual place of residence in relation to a body corporate, means the place where it is
incorporated or otherwise legally constituted.
SEC. 24. Choice of Security Methods. – Subject to applicable laws and/or rules and guidelines
promulgated by the Department of Trade and Industry with other appropriate government
agencies, parties to any electronic transaction shall be free to determine the type and level of

151
COLLEGE OF COMPUTER AND INFORMATION SCIENCES

electronic data message and electronic document security needed, and to select and use or
implement appropriate technological methods that suit their needs.
Polytechnic University of the Philippines

153

SRS E-Commerce Catalog Management System
100% (1)
SRS E-Commerce Catalog Management System
8 pages
Python Programming Basics Guide
No ratings yet
Python Programming Basics Guide
106 pages
Capstone Template Real
No ratings yet
Capstone Template Real
23 pages
Sia Module 1 Lesson 1
No ratings yet
Sia Module 1 Lesson 1
36 pages
Web Design Course Syllabus Overview
No ratings yet
Web Design Course Syllabus Overview
13 pages
Understanding Recursion in Algorithms
No ratings yet
Understanding Recursion in Algorithms
14 pages
CC102 Lesson 3 Bsit - PPT Variables Data Types
No ratings yet
CC102 Lesson 3 Bsit - PPT Variables Data Types
25 pages
Working With The Java Class Library
100% (1)
Working With The Java Class Library
56 pages
Restaurant Management System With CRM and MobileCompatibility For Kuya Berts Pares House MANUSCRIPT
No ratings yet
Restaurant Management System With CRM and MobileCompatibility For Kuya Berts Pares House MANUSCRIPT
233 pages
Basic ICT Concepts and Literacy Guide
100% (1)
Basic ICT Concepts and Literacy Guide
70 pages
Rubric For Final Project
No ratings yet
Rubric For Final Project
1 page
Understanding Entity-Relationship Models
No ratings yet
Understanding Entity-Relationship Models
2 pages
6 PHP Global Variables
No ratings yet
6 PHP Global Variables
5 pages
Applications Development & Emerging Tech
No ratings yet
Applications Development & Emerging Tech
3 pages
Chapter 3 - HTML Basic Elements PDF
No ratings yet
Chapter 3 - HTML Basic Elements PDF
33 pages
ITWS02
No ratings yet
ITWS02
330 pages
Lesson1 Introduction To Web Design
100% (1)
Lesson1 Introduction To Web Design
42 pages
Business Ownership Types Explained
No ratings yet
Business Ownership Types Explained
24 pages
ACM Paper Format
No ratings yet
ACM Paper Format
3 pages
Development and Assessment of Online Graveyard Locator With Mobile Integration
No ratings yet
Development and Assessment of Online Graveyard Locator With Mobile Integration
5 pages
Change and Unexpected Developments
No ratings yet
Change and Unexpected Developments
39 pages
Module 1 Lesson 1&2 - GE 4 Living in The IT Era
No ratings yet
Module 1 Lesson 1&2 - GE 4 Living in The IT Era
10 pages
Marketing Mgt-Module 2 - Analyzing The Marketing Environment
No ratings yet
Marketing Mgt-Module 2 - Analyzing The Marketing Environment
10 pages
Web Programming Lab Guide
0% (1)
Web Programming Lab Guide
36 pages
01 Laboratory Exercise 1
No ratings yet
01 Laboratory Exercise 1
5 pages
Baby Thesis Group1
No ratings yet
Baby Thesis Group1
14 pages
Market Needs Analysis Guide
No ratings yet
Market Needs Analysis Guide
30 pages
Software Architecture Patterns Guide
No ratings yet
Software Architecture Patterns Guide
46 pages
Intro to Data Structures
No ratings yet
Intro to Data Structures
48 pages
Ccs0003 Computer Programming 1 Lec Syllabus
No ratings yet
Ccs0003 Computer Programming 1 Lec Syllabus
6 pages
Web Platforms Report
No ratings yet
Web Platforms Report
15 pages
Module 2 - Memory and Data Types
No ratings yet
Module 2 - Memory and Data Types
7 pages
IPT Guide
No ratings yet
IPT Guide
10 pages
JavaScript Basics Study Guide
No ratings yet
JavaScript Basics Study Guide
14 pages
CC 102 Syllabus
No ratings yet
CC 102 Syllabus
10 pages
HJH (M1S1-POWERPOINT) Introduction To The Computing Industry
No ratings yet
HJH (M1S1-POWERPOINT) Introduction To The Computing Industry
31 pages
Chapter 7 Project Cost Management
No ratings yet
Chapter 7 Project Cost Management
48 pages
Operating Systems and File Management
No ratings yet
Operating Systems and File Management
54 pages
XML and Application Integration
No ratings yet
XML and Application Integration
3 pages
People Ware
No ratings yet
People Ware
8 pages
BSM1501 - Learning Unit 5
No ratings yet
BSM1501 - Learning Unit 5
24 pages
ITEC 205 Information Management: Information and Decision Making
No ratings yet
ITEC 205 Information Management: Information and Decision Making
42 pages
Tech Evolution for Criminology Students
No ratings yet
Tech Evolution for Criminology Students
4 pages
ICT912 Programming
No ratings yet
ICT912 Programming
8 pages
Certificate PCv6.1
No ratings yet
Certificate PCv6.1
1 page
Database Systems for IT Students
50% (2)
Database Systems for IT Students
14 pages
DS 101: Fundamental Math Concepts
No ratings yet
DS 101: Fundamental Math Concepts
8 pages
Innovation Adoption in Consumers
No ratings yet
Innovation Adoption in Consumers
17 pages
Problem Statement of Student Registration System
No ratings yet
Problem Statement of Student Registration System
1 page
Algorithms and Complexity Lect 1
No ratings yet
Algorithms and Complexity Lect 1
10 pages
Webpage for GML Motorcycle Parts
No ratings yet
Webpage for GML Motorcycle Parts
14 pages
Chapter 3 Internet
No ratings yet
Chapter 3 Internet
33 pages
Internet Basics Workshop Guide
No ratings yet
Internet Basics Workshop Guide
20 pages
E Commerce IM As of March 21 2022 3
No ratings yet
E Commerce IM As of March 21 2022 3
158 pages
E-Commerce Course for PG Students
No ratings yet
E-Commerce Course for PG Students
8 pages
E-Commerce Course Overview INFO3608
No ratings yet
E-Commerce Course Overview INFO3608
4 pages
Course Outline - E-Commerce
No ratings yet
Course Outline - E-Commerce
3 pages
Report 1 - Merged
No ratings yet
Report 1 - Merged
32 pages
Inbound 9198670778386930387
No ratings yet
Inbound 9198670778386930387
4 pages
INTE 315 - Course Description
No ratings yet
INTE 315 - Course Description
2 pages
Alfonso Capuyan Evolution of Communication
No ratings yet
Alfonso Capuyan Evolution of Communication
3 pages
CN R19 Unit-1
No ratings yet
CN R19 Unit-1
13 pages
CHAPTER 2 Protocols, Standards and Architecture
No ratings yet
CHAPTER 2 Protocols, Standards and Architecture
41 pages
Web Design 1st Unit Short Notes
No ratings yet
Web Design 1st Unit Short Notes
8 pages
Senior 5 P2
No ratings yet
Senior 5 P2
3 pages
CN - Unit 1
No ratings yet
CN - Unit 1
196 pages
Evolution and Impact of the Internet
No ratings yet
Evolution and Impact of the Internet
21 pages
Data Communication and Networking Basics
No ratings yet
Data Communication and Networking Basics
11 pages
Cainglet Kevin 2
No ratings yet
Cainglet Kevin 2
2 pages
Internet
100% (2)
Internet
437 pages
TCPIP and OSI Model
No ratings yet
TCPIP and OSI Model
18 pages
(Ebook) Emarketing: The Essential Guide To Online Marketing by Robert Stokes, Sarah Blake ISBN 9780620430630, 062043063X Full Chapters Instanly
No ratings yet
(Ebook) Emarketing: The Essential Guide To Online Marketing by Robert Stokes, Sarah Blake ISBN 9780620430630, 062043063X Full Chapters Instanly
83 pages
Overview of Information Security Principles
No ratings yet
Overview of Information Security Principles
29 pages
All About Internet Exam Notes - 01
No ratings yet
All About Internet Exam Notes - 01
63 pages
A Brief History of Early Museums Online
No ratings yet
A Brief History of Early Museums Online
18 pages
Unit 1 - Web Essentials
No ratings yet
Unit 1 - Web Essentials
8 pages
ARPANET: Birth of the Internet
No ratings yet
ARPANET: Birth of the Internet
4 pages
Online Journalism
No ratings yet
Online Journalism
49 pages
Virus Name - Creeper Virus: Behaviour
No ratings yet
Virus Name - Creeper Virus: Behaviour
3 pages
Computer Abbreviations A Z
No ratings yet
Computer Abbreviations A Z
51 pages
Fundamentals of Internet and Web Technologies Ver1
No ratings yet
Fundamentals of Internet and Web Technologies Ver1
44 pages
Understanding Network Types and Protocols
No ratings yet
Understanding Network Types and Protocols
2 pages
CN Unit-I
No ratings yet
CN Unit-I
72 pages
History of Internet
No ratings yet
History of Internet
18 pages
Internetwork Presentation Notes
No ratings yet
Internetwork Presentation Notes
4 pages
Chapter 1 - Intro To Emerging Technologies
No ratings yet
Chapter 1 - Intro To Emerging Technologies
58 pages
Mobile Computing Notes
50% (2)
Mobile Computing Notes
36 pages
The Internet: Chapter 1 Lesson 1
No ratings yet
The Internet: Chapter 1 Lesson 1
28 pages
Internet Usage by Students For Academic
No ratings yet
Internet Usage by Students For Academic
58 pages
Digital Marketing For Social Good
No ratings yet
Digital Marketing For Social Good
57 pages

E Commerce IM

Uploaded by

E Commerce IM

Uploaded by

E-COMMERCE

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Course Title : E Commerce / M Commerce

Course Code : COSC-FE2

Course Credit : 3 units

1. Understand and appreciate the meaning of E to M commerce, e to m -business and electronic

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

CHAPTER 1. INTRODUCTION TO E-COMMERCE ...............................................................

2.0 Categories of E-Commerce

CHAPTER 2. THE E-COMMERCE VALUE CHAIN .............................................................. 20

2.1 What Is a Value Chain?

2.3 Porter's Value Chain Analysis

2.4 Marketing and Sales

CHAPTER 3. E-COMMERCE MARKETING AND SALES STRATEGIES.......................... 29

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

CHAPTER 4. CONSUMER PAYMENT PROTOCOL AND DELIVERY SYSTEM ............. 45

4.2 E-commerce Delivery/Shipping or Fulfillment

Part II. E-commerce Competitive Environment

CHAPTER 5. INNOVATIONS IN BANKING AND FINANCE ............................................ 56

5.2 Ten Banking Technologies That Are Shaping the Future

CHAPTER 6. NEW TRENDS IN E-COMMERCE ................................................................. 60

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

6.1 Trends in E-commerce

CHAPTER 7. TRADITIONAL COMMUNICATION SYSTEM............................................. 77

CHAPTER 8. INFRASTRUCTURE FRAMEWORK .............................................................. 85

CHAPTER 9. SECURITY CONSIDERATIONS ..................................................................... 97

92. Philippine National Public Key Infrastructure (PNPKI) Activities/Assessments:

CHAPTER 10. RA 8792 & RA 10175 ..................................................................................... 133

1. Lecture/Classroom or online discussion

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Participation marks will depend on in-class participation as well as the individual’s

E-Commerce Website or Mobile Application Project Plan (50%)

Rubrics Grading for – e-Commerce

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

Presentations will be evaluated on their persuasiveness and professionalism. A successful

Course Grading System:

Class Standing 70% Class Standing 70%

Major Examination 30% Recorded E-Commerce Website 30%

FINAL GRADE = (MidTerm + Final Term) /2

Suggested Teaching Methodologies/Strategies :

Suggested Reading Materials:

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

1.2 E-Business and E-Commerce Management, Strategy, Implementation and Practice by

2. E-Commerce Case Problems via google search.

1. No make-up quizzes shall be given for missed quizzes, regardless of circumstances,

3. Plagiarism is highly prohibited.

4. Cellphones must be on a silent mode or turned off inside the classroom.

SUGGESTED GROUP PROJECT:

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

SUGGESTED PRODUCT CATEGORIES: (but may vary depending on the faculty)

BAGS: Formal bags, semi-formal bags, non-formal bags *3 groups here

APPLIANCES: TV, Musical appliances, Aircon units *3 groups here

Compiled initially 2020-21 by:

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

CHAPTER 1. INTRODUCTION TO E-COMMERCE

Chapter 1. Introduction to E-Commerce

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

E-Commerce or Electronic Commerce defined.

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

So when you log into your Amazon and purchase a book,

1. Business to Business (B2B)

2. Business to Consumer (B2C)

3. Consumer to Consumer (C2C)

4. Consumer to Business (C2B)

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

E-Commerce Business Models

3. Finding the right private label manufacturers to collaborate with is a challenge. To

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

The benefits of the drop shipping e-commerce model are considerable:

Drop shipping risks include:

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

1. Up-front capital is not required making it a low-risk model. Print-on-demand businesses

This model has advantages that make it tempting as an e-commerce venture:

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

COLLEGE OF COMPUTER AND INFORMATION SCIENCES

COLLEGE OF COMPUTER AND INFORMATION SCIENCES