AIS10203 - Chapter 3:

Electronic Commerce

1
 Learning Outcomes

 By the end of this chapter, you should

be able to:
Understand various types of electronic
networks.
Appreciate the need for security in
electronic transactions.

2
 Electronic Commerce

Overview:
Explain the history of the Internet and how
it works.
Explain what is eBusiness, eCommerce &
Web Commerce.
Describe various approaches to securing
electronic financial transaction.
Describe various eCommerce applications,
including payment systems, Web stores &
Web 2.0.

3
 Electronic Networks

 Many business transactions in today’s

business environment are transmitted over
some type of electronic network.
 Network may be very small & involve only
a handful of computers within a single
business, or it may be so large that it
encompasses
entire globe.

4
 Electronic Networks

 Electronic networks – groups of

computers connected together
electronically.
 Possible for companies to conveniently
assemble transaction data & distribute
information across multiple physical
locations.

5
 LANs, MANs & WANs

 Networks – classified according to distance

they span.
 Local Area Networks (LANs) – networks
that span a single site, eg. a building or a
group of buildings that are in close
proximity to one another.
 Metropolitan Area Networks (MANs) –
networks that span a single city or
metropolitan area.

6
 LANs, MANs & WANs

 Wide Area Networks (WANs) –

networks of computers that span at
least 2 metropolitan areas.
 Main difference between 3 types of
networks – the rate at which data flow
through them.
 Due to hardware technology & size of
network, data flow the fastest through
LANs & slowest through WANs.
7
 LANs, MANs & WANs

 In accounting transactions, differences in

rates of flows of data are not usually
critical.
Reason :- Individual accounting
transactions involve only small amounts of
data.

8
 Internet
 Definition Internet – electronic highway consisting of
various standard & protocols – allow computers to
communicate with each other.
 History of Internet:-
 Started during 1960 (cold war) – US government
wants something to maintain military
communications.
 Problem solved by RAND Corporation with 2
suggestions:-
1. Network should not have a central command-
and-control center.
2. Network should be able to operate in tatters from
beginning. 9
 Internet
 History of Internet:-
 Goal achieved by – making every node
(computer) in network operate independently.
 If 1 link were destroyed – other computers in
network can still communicate with each other
through remaining links.
 Network can withstand nuclear attack.

10
 Internet

 History of Internet:-
 Earlier version of Internet created in 1970s by
Pentagon’s Advanced research Projects Agency
(ARPA) – called ARPANET.
 Originally used by military to spread computing
tasks.
 But users of the network begin to send each
other emails (news & personal message).
 While ARPANET grew, many other network
(Bitnet, MILnet & NSFnet) sprung up.

11
 Internet
 History of Internet:-
 They adopted a common set of communication
protocols – TCP/IP (Transmission
Control/Internet Protocol).
 TCP/IP – protocol for dividing electronic
message into “packets” of information &
resemble them at
receiving end.
 IP – addressing protocol that assigns a unique
address to each computer on the Internet.

12
 Internet

 Computers needs IP (Internet Protocol)

address to communicate on Internet.
 Eg. IP – 207.49.159.2.
 Fixed IP address – Personal IP address
permanently allocate to each users.
 Fixed IP address – important for users
whose computer are connected to Internet
24 hours a day or for very long period of
time.
13
 Internet

 Dynamic IP address – IP address assigned

temporarily to user while accessing
Internet.
 Domain name – Alias name used in place
of IP numbers. Eg. www.bodhop.ais.com.
 Domain names & their corresponding IP
address are kept in electronic “phone
books” – called domain name servers
(DNSs).
14
 Intranets

 Intranets – in-house Internet; used for in-

house communications over local area network.
 Intranet – a part of Internet.
 Employees can access company repositories of
information through intranet which is not
available to outsiders.
 Only available to outsiders only after they are
properly authenticated.
 Extranet – a combination of 2 or more
intranet.
15
 Intranet Security Issues
 Intranets pose a security risk – potentially exposing
organisation’s sensitive information.
 Prevention– companies use a combination of
hardware & software called – Firewall – limit
access of outsiders.
 Firewall – filter each packet of incoming
information to ensure they are from an authorized
source.
 Outsiders – still get passed firewall by faking their
IP address to those of authorized one.

16
 Intranet Security Issues
 Another type of security devices used in intranet –
Proxy Server.
 Proxy Server – used on inside of firewall; serve as
filler to all out going request for information.
 All out going request – send to proxy server.
 Proxy server – analyzes each request &
determines if it is made by authorized individual to
an authorized site on Internet.
 Compare to firewall, proxy server – more
sophisticated & support features eg. Password
authentication & sophisticated transaction logging.
17
 Client & Servers
 Server – Robot type program constantly
runs on computer & exchanges information
with remote users.
 Clients – user’s programs that access &
exchange information with servers.

18
 Client & Servers

 Types of servers on the internet:

1. Mail servers
2. File servers
3. Web servers
4. Commerce servers
5. Application servers

19
 Mail Servers
 Definition– electronic mailboxes that hold
incoming electronic mails until client program
requests it.
 Serve as relay stations for outgoing mail, holding it
until intended recipient’s mail server able to
receive it.
 Common mail server uses POP protocol often
refers to POP server.
 Accessed by client with user name & password.

20
 File Servers

 Allow authorized clients to retrieve files

from the library of files.
 Exist as repositories of files.
 Most common protocol for transferring files
– File Transfer Protocol (FTP).
 File server that uses this protocol – FTP
server.

21
 Web Servers
 Allow user to access documents & run computer
programs that reside on remote computers.
 Are the engines that run the World Wide Web
(WWW) consist of all documents, files &
software.
 Software use to access Web servers – Web
Browser.
 Eg. Internet Explorer & Firefox.
 All Web clients automatically read & interpret
HTML (Hypertext Markup Language).

22
 Commerce Servers
 Specialized types of Web servers with various
commerce-related features.
 Perform the following:
1. Support various types of client & server
authentication – digital certificate.
2. Support for interfacing with “external”
programs.
3. Enhanced security features – multilevel
security access & detailed transaction logging.
4. Support various types of electronic payment.

23
Commerce Servers

24
 Application Servers &
Database Servers
 Make applications & data in database
available to remote clients.
 Application – software program for
functional use such as accounting,
communication or email.
 Database – organized collection of data to
be used by all related parties.

25
 Security for Electronic
Transactions
 Encryption technology – essential for
electronic commerce.
 Encryption involves using a password or
digital key to scramble a readable
(plaintext) message into an unreadable
(ciphertext) message.
 Intended recipient of message then uses
same or another digital key (depending on
encryption method) to convert ciphertext
message back into plaintext.
26
 Security for Electronic
Transactions
 Consider example of encrypting t word
ACE.
 Assume – each letter of alphabet is
associated with a number where A is 1, B is
2 C is 3 etc.
 Then in numerical terms ACE would be 135.

27
A =1
B=2 4221
C=3 DBBA
D=4
Secret Key = 2
Ciphertext = 6443
Plaintext =

28
 Security for Electronic
Transactions
 Now assume that this number is to be
encrypted using a key value of 2. One
simple way to do this would be to add the
number 2 to each digit in the number 135,
thus giving 357 which yields CEG.
 Encrypted text can then be reverse if secret
key is known.

29
 Secret-Key Encryption

 Example earlier is based on the use of

secret-key encryption.
 With this method, same key is used for both
encrypting & decrypting a message.

30
 Secret-Key Encryption

 Obvious difficulty – secret key must be

communicated to receiver of an encrypted
message.
 This means that secret key may be
vulnerable to interception.

31
Secret-Key Encryption

32
 Public-Key Encryption
 Most commonly used encryption method –
public-key encryption.
 Public-key encryption uses 2 keys in
association with each encrypted message,
one key to encrypt message & another key
to decrypt it.

33
 Public-Key Encryption
 Either key can decrypt what the other key
encrypts.
 Key that encrypts message cannot be used
to decrypt it.
 Only other key can decrypt
message.

34
 Public-Key Encryption

 In practice, sender of a message – keeps

one key private & makes other key public.
 1 key is called public key & other private
key.
 Advantage – sender of a message only
needs to know the recipient’s public key.
 Neither sender nor receiver
needs to know other’s private
key.
35
 Public-Key Encryption

 To send someone a secret message –

encrypt message with recipient’s public key.
 Recipient then decrypts message with his or
her private key.
 So if Company A wants to send Company B a
secure message, Company A uses Company
B’s public key to encrypt message.
 Company B then uses its private key to
decrypt message.

36
 Public-Key Encryption

 If someone intercepts encrypted message –

message cannot be decrypted since public
key that was used to encrypt it cannot be
used to decrypt message.
 Only Company B’s private key can
be used to decrypt it.

37
Public-Key Encryption

38
 Hybrid Systems & Digital
Envelopes
 Secret-key encryption requires – fewer
computations than public-key encryption.
 For large messages, secret-key encryption may be
much faster.
 Digital envelopes involve using both public-key &
secret-key encryption.
 This is accomplished in the following manner:
1. Sender of message generates a single random
key.
2. Sender of message uses this secret key to
encrypt message (using a fast secret-key
encryption system).
39
 Hybrid Systems & Digital
Envelopes
 This is accomplished in following manner:
3. Sender uses recipient’s public key to encrypt
randomly generated secret key (using a public-
key encryption system).
4. Sender transmits both encrypted key &
encrypted message which form digital
envelope.
5. Recipient uses his or her private key to decrypt
randomly generated secret key.
6. Recipient uses – secret key to decrypt message.
 This method is also known as double-key
encryption. 40
Double-Key Encryption

41
Double-Key Encryption

42
 Digital Signatures

 If a message is encrypted using a public

key, then corresponding private key will be
able to decrypt it.
 Conversely, if message is encrypted using
private key, then corresponding public key
will be able to decrypt it.
 Digital signatures work on basis that a
message encrypted using private key can
be decrypted by a corresponding public
key.
43
 Digital Signatures

 Recipients who want to download contents

from Internet are suspicious about sender’s
real identity.
 To enable this verification of identity –
sender can send a digital signature to
recipient as proof of identity of sender.

44
 Digital Signatures
 These can be done by :-
A user requests to download contents from
Company A.
Company A encrypts plaintext content into
ciphertext using its private key.
Both plaintext content & ciphertext are sent to
the user.
User then uses public key of Company A to
decrypt ciphertext to compare with original
plaintext.
If they are both same, then it is certain that
content sent is genuinely comes from Company 45
A.
 Digital Signatures

 Alternative approach – not necessary to

send 2 copies of message.
 Accomplished by using a hashing function
to create a digest of message that is to be
digitally signed.
 Message digest is much shorter than
message itself & it is digest that is
encrypted with sender’s private key &
attached to plaintext message as a
signature.
46
 Digital Signatures
 To verify signature – recipient use
sender’s public key to decrypt – digital
signature (encrypted digest).
 Next – recipient applies same hashing
function to plaintext message received to
obtain original message digest.
 This original message digest is compared
with decrypted digital signature.
 If they are similar, then it proves that
message sent is genuine & was not
modified after it was sent.
47
 Digital Time Stamping

 In order to ensure validity of electronic

documents over time, there needs to be
some way to attach trusted dates to them.
 This can be accomplished by a digital time-
stamping service (DTS), an organization
that adds digital time-stamps to documents.
 Message to be digitally time-stamped
is digested & digest is sent to a DTS.

48
Digital Time Stamping
Procedure

49
 Digital Time Stamping

 The DTS attaches a time-stamp to digest &

then adds a digital signature to time-
stamped digest.
 Anyone can verify date by decrypting digital
signature of the DTS using its public key.
 Note that with this method the DTS time-
stamps message without learning its
content.

50
Verification of Digital
Time-Stamp

51
 Security Issues for Public-
Key Encryption Systems
 Public-Key Encryption vulnerable to
various types of attacks such as
1. Cryptanalysis Attack.
2. Factoring Attacks

52
 Cryptanalysis Attack

 Involves various techniques for analyzing

encrypted messages for purposes of
decoding them without legitimate access
to the keys.
 Simplest possible attack on a message –
guessed plaintext attack.
 Attackers guess the content of the
message

53
 Factoring Attacks

 Public key – based on the product of 2

large prime numbers.
 Prime numbers – numbers that are
divisible by themselves or by 1.
 Eg. 3, 5, 7 & 11.
 35 product of 2 prime numbers – 2 factors
are 5 & 7.

54
 Factoring Attacks

 Problem – Private key can be obtained

from factoring public key.
 Security of public key encryption
depends on assumption – attacker can not
factor the 2 large prime number.
 Factoring such long products of prime
number is impossible even with the fastest
computer.

55
 Electronic Commerce
Technologies: Issues &
Applications
 Privacy Issues
 Major issues in electronic transactions.
 Most electronic transaction – traceable &
is possible even with encryption.
 Eg. hackers just need to monitor flow of
incoming & outgoing messages of a
company through Internet.
 Until today still no good defenses to this
attack.
56
 Privacy Issues

 Another risk – company using same public

key for many transaction.
 Each transaction leave digital record &
possible to link all the company’s transaction
together.
 Problem with digital cash – when bank
verifies serial number on digital note – can
discover to whom it originally issued the note.
 Bank knows the payer & payee in the
transaction.
57
 Electronic Payment
Systems
 3 types of electronic payment
systems:
1. Electronic Bill Payment Systems.
2. Credit & Debit Card System.
3. Payment Intermediaries.

58
 Electronic Bill Payment
Systems
 Payer sends electronic instructions to
bank.
 Instructions details – who is to be paid,
when payment to be made & amount of
payment.
 Bank makes payment electronically or by
mail.

59
 Credit & Debit Card
System
 Payer transmits credit or debit card
number to a secure server.
 Secure server – communications link
between client & server is protected by
encryption.
 Payee present card information to bank
through a secure credit payment gateway.

60
 Credit & Debit Card
System
 All electronic transactions governed by
Payment Card Industry Data Security
Standard (PCI DSS)
 PCI DSS – a standard developed by major
credit card companies.

61
 Payment Intermediaries

 Act as intermediary between payer &

payee.
 Eg. PayPal™.
 User login to PayPal™ account –
requesting payment to be made to a given
payee.
 PayPal™ – removes fund from payer’s bank
account or charges the fund to payer’s
credit or debit card.
62
 Digital Cash

 Cryptographic techniques given rise to

new payment systems based on digital
cash.
 Digital cash (e-cash or electronic money)
created when bank attaches digital
signature to a note promising to pay
bearer.

63
 Blinded Digital Cash

 Blinding permits bank to issue digital cash

– unable to link payer to payee.
 Accomplished by bank signing the note
with blinded digital signature.

64
 Virtual Cash on the PC

 Most virtual cash on PC based on

electronic wallet.
 Electronic wallet – a program that keep
tracks of various keys, digital certificates
& items of information link with electronic
money.
 User get digital cash (from bank) then
store in electronic wallet.

65
 Virtual Cash in Electronic
Cards
 Smart cards – handheld electronic cards
used for payments.
 3 types of cards:
1. Memory cards,
2. Shared-key cards.
3. Signature – transporting cards.

66
 Memory Cards

 Contain microchips capable of storing data.

 Contain hardware that provide PIN
(Personal Identification number) access to
card’s contents.
 Poses very weak security & should be use
only for the simplest applications – amount
of money is small & security is not a
concern.
 Eg. Can be use by employees to
purchase lunch in cafeteria.
67
 Memory Cards

 ATM card – is a memory card but is not a

smart card because only use for
identification.
 User only insert the ATM card – enters the
PIN & requests money from the bank.
 All balance stores in the bank’s computer.

68
 Shared-key cards

 Use encryption for all communication

between card & cash register.
 Useless for attacker to intercept & record
communications between card & cash
register.
 Encryption carried out using secret key.
 Biggest weakness – massive fraud is
possible if attacker obtain the secret key.

69
 Signature – Transporting
Cards
 Uses same hardware as shared-key cards.
 Main difference – software.
 Allow user to spend digital cash notes.
 Notes transferred to cash register on
payment.
 Cash register verify the notes via online
link to bank.
 Eg. Credit card.

70
 Web 2.0

 Emerging technologies have a impact on

eCommerce.
 Earlier, Internet is a repository of
documents that Web surfer browse.
 Web 2.0 – Web surfers can interact with
Web sites.
 Eg. Wikipedia, Facebook &
MySpace.

71
 Web 2.0 Innovation

 Web 2.0 Innovation :

1.Blogs.
2.RSS News Feeds.
3.Mashups.

72
 Blogs

 Web site – individual can regularly post

news stories.
 Posting range from World news to personal
life issues.

73
 RSS (Really Simple
Syndication)
 Technical means for publishing blog &
other news on the Web in XML format.
 Using an RSS reader client program,
readers can subscribe to RSS feeds &
receive automatic updates for all the news.

74
 Mashups

 Web pages that collages with other Web

pages, RSS feeds & other information.
 Eg. Google maps (maps.google.com).
 User can view various information (places
of interest & street names) superimpose on
a single map.

75
 What is E-commerce

 Online business activities for products &

services.
 Associated with buying & selling over the
Internet.
 Definition: To create, transform &
redefine relationships for value creation
between or among organizations, &
between organizations & individuals.

76
 What is E-commerce

 Also known as Electronic Commerce.

 Transactions related to online buying &
selling of products or services.
 Done using electronic systems such as the
Internet & other computer networks.
 Penetration & spread of the internet has
fuelled e-commerce.

77
 What is E-commerce

 Eg. e-commerce - electronic funds transfer,

supply chain management, Internet
marketing, online transaction processing,
electronic data interchange (EDI), inventory
management systems & automated data
collection systems.
 Definition - It typically uses the World Wide
Web at least at any point in the transaction's
lifecycle.
 Online retailers known as e-tailers.
 Online retail known as e-tail. 78
 E-Commerce vs E-
Business
 E-commerce: Information &
communications technology (ICT) is used
in inter-business or inter-organizational
transactions
 E-business: ICT is used to enhance one’s
business.

79
 E-Commerce vs E-
Business
 3 primary processes enhanced in e-
business:
1. Production processes - include
procurement, ordering & replenishment of
stocks; processing of payments; electronic
links with suppliers & production control
processes, among others;
2. Customer-focused processes -
Promotional & marketing efforts, selling
over the Internet, processing of customers’
purchase orders & payments & customer
support, among others. 80
 E-Commerce vs E-
Business
 3 primary processes enhanced in e-
business:
3. Internal management processes –
include employee services, training,
internal information-sharing, video-
conferencing & recruiting.

81
Different types of E-
Commerce
Business Customer
(organization) (individual)

Business B2B B2C

(organization) (e.g TPN) (e.g Amazon)

Customer C2B C2C

(individual) (e.g Priceline) (e.g eBay)
 Examples

 B2C: www.amazon.com
 C2C: www.eBay.com
 B2B: www.tpn.com
 C2B: www.priceline.com
 Types of E-commerce

 B2B: E-commerce that is conducted

between businesses is referred to as
Business-to-business
1. Open to entire public
 2. Limited to a group of businesses who
have been part of the specific group

84
 Types of E-commerce

 Transaction cost reduced through reduction

in:
 Search costs
 Costs of processing transactions (e.g.
invoices, purchase orders and payment
schemes)
 Cost in trading processes

 Eliminating intermediaries & distributors.

 Increase in price transparency.
 Creates supply-side cost-based economies of
85
 Types of E-commerce
 Criteria’s of B2C Commerce:
1. Commerce between companies & consumers.
2. Involves customers gathering information;
purchasing physical goods or information
goods .
Online retailing companies such as Amazon.com,
Drugstore.com, Beyond.com, Flipkart.com,
Lenskart.com.
3. Reduces transactions costs.
4. Increasing consumer access to information.
5. Reduces market entry barriers.
86
 Types of E-commerce
 B2G E-commerce
 Commerce between companies & public
sector.
 Use of the Internet for public
procurement.
 Licensing procedures.

87
 Types of E-commerce
 C2C E-commerce
 Commerce between private individuals or
consumers.
 Online auctions.
 Auctions facilitated at a portal, such as eBay,
which allows online real-time bidding on items
being sold in the Web.
 Peer-to-peer systems, such as the Napster model
(a protocol for sharing files between users used
by chat forums similar to IRC) & other file
exchange and later money exchange models.
88
 Types of E-commerce
 C2C E-commerce
 Classified ads at portal sites such as Excite
Classifieds and eWanted (an inter- active,
online marketplace where buyers & sellers can
negotiate and which features “Buyer Leads &
Want Ads”).
 Consumer-to-business (C2B) transactions
involve reverse auctions, which empower
consumer to drive transactions.
 Eg, competing airlines gives a traveler best
travel & ticket offers in response to traveler’s
post that she wants to fly from New York to San89
 Types of E-commerce

 C2C E-commerce
 Popular C2C sites - eBay & Napster indicate
that this market is quite large. Produce millions
of dollars in sales every day.

90
 M-Commerce

 Buying & selling of goods & services

through wireless technology.
 Handheld devices eg. cellular telephones
& personal digital assistants (PDAs) are
used.
 M-commerce – the choice for digital
commerce transactions.
 Bill payment & account reviews can be
conducted from handheld devices.
91
 M-Commerce

 Consumers given the ability to place &

pay for orders on-the-fly.
 Delivery of entertainment, financial news,
sports figures & traffic updates to a single
mobile.
 Different server than that accessed by the
regular online users.
 Usages – book & cancel rail, flight,
movie tickets through mobile devices.

92
 M-Commerce

 Critical considerations for this strategy is

the software solution that the
organization uses.
 ‘All in one’ device strategy vs individual
device based technology.
 Banks can use cost effective virtual
distribution channel:
 Financial inclusion.
 Greater reach across population.

93
 M-Commerce

 Convenience without compromising

security.
 Benefits – usage , cost of installation,
efforts & money for maintenance,
upgradeability & sustainability.
 Address needs of all the players (including
regulatory requirements)
 Cater to different systems, customized
solutions & maintenance cost.
94
 M-Commerce

 A platform that easily integrates new

services & allows banks to be flexible.
 Allowing bank to reap benefits from the
full potential of mobile commerce.
 M commerce strategy requires a clear
vision & objectives & not ‘one size fits all’
approach.

95
 E-COMMERCE
APPLICATIONS: ISSUES &
PROSPECTS
 E-banking, e-tailing & online
publishing/online retailing.
 Telephone banking, credit cards, ATMs
 E-commerce in developing countries:
 Cash-on-delivery.
 Bank payments.
 Electronic payment system.
 Security issues in e-payment.

96
 E-COMMERCE
APPLICATIONS: ISSUES &
PROSPECTS
 Factors the growth of e-banking in
developing countries:
 Access to the Internet
 Inclination for banking over the internet.
 Access to high-quality products.
 Security over internet.

97
 E-Commerce from the
Buyer’s Perspective
 Process of buying or acquiring goods or
services:
1. Realizing a need.
2. Researching a product.
3. Selecting a vendor.
4. Providing payment.
5. Accepting delivery.
6. Using product support.

98
E-Commerce from the
Buyer’s Perspective

99
 E-Commerce from the
Seller’s Perspective
 Sellers business practices:
 Market research to identify customer needs.
 Manufacturing products or supplying services
that meet customer needs.
 Marketing & advertising to make customers
aware of available products & services

100
 E-Commerce from the
Seller’s Perspective
 Sellers business practices:
 Provide a method for acquiring payments.
 Making arrangements for delivery of product.
 Providing after-sales support.

 Supply chain management:

 From the seller’s perspective - the process of
producing & selling goods.
 Involves 3 areas of focus: Demand planning,
Supply planning & Demand fulfillment.
Demand fulfillment: Process of getting the product
or service to the customer.
101
E-Commerce from the
Seller’s Perspective

102
 Benefits and Challenges of
E-Commerce
 Buyers enjoy convenience of shopping from
their desktop.
 B2C e-commerce:
Levels the playing field between large & small
businesses.
 Challenges:
 Established businesses must alter systems &
business practices.
 Security, privacy, reliability: E-commerce can
survive only if all involved can trust the system.
 Social concerns – Is E-commerce safe?
103
 Summary

Explain the history of the Internet and how

it works.
Explain what is eBusiness, eCommerce &
Web Commerce.
Describe various approaches to securing
electronic financial transaction.
Describe various eCommerce applications,
including payment systems, Web stores &
Web 2.0.

104
105