BSIT 62 Book

BSIT 62 E-Commerce
Unit I
Introduction
his unit is expected to serve as an eye opener to the basic tenets of e-commerce. We get ourselves introduced to the basic concepts of e-commerce and introduced to the various issues involved. We begin with a brief description of the various activities that can be categorized as ecommerce. Then we move on to the various mercantile process models. There are two perspectives for such models from the consumers point of view and from the merchants point of view. These views help us to appreciate the concepts betters. Then we move on to the concept of electronic payment systems. These are probably the most tricky part of e-commerce. While cash or something equivalent to cash could be most welcome, we see that there are lots of issues to be looked into before such a decision is made. Especially since the seller and buyer do not meet face to face, it becomes essential to safeguard the interest of the seller on one hand and the anonymity of the buyer on the other. There are also alternatives like electronic checks, smart cards etc., but no single solution appears perfect.
BSIT 62 E-Commerce
2
Chapter 1
Chapter 1 - Web commerce
Web Commerce
n this introductory chapter, you will be introduced to the fundamental concepts of commerce, web commerce, e-commerce, its scope and limitations. This is supposed to work as a basis for the further building up of the course. The course does not presuppose any major background of either mathematics or computers, though it expects the student to be familiar with the day to day practices and terminologies of the market. These are normally known to every student at this level of training, but wherever some extra explanation is deemed fit, the same has been made available. Of course, a preliminary idea about computers is also essential.
1.1 CONCEPT OF COMMERCE AND E-COMMERCE

Commerce is normally associated with the buying and selling of items. Traditionally, commerce is one of the oldest activities of human beings and the concept of traders selling and buying items is a part of history. Normally the activity of commerce/trade presupposes that the buyer and seller as well as the items of trade are available at one place. The is brings us to the concept of markets which is a common place where the buyers and sellers meet along with their products. Money is also an essential part of the market place. Though commerce started and to some extent continues even today with the barter system, where both the seller and the buyer exchange their respective items, to make the entire activity flexible, the concept of money is an essential component. Originally money, in a mutually acceptable from is also a part of market place with the advent of time, the concept also changed the term commerce extended to beyond the concept of items and today includes buying and selling of products, information as well as information and knowledge. The concept of single merchants and traders has extended to the concept of organizations, business houses, service providers and several levels of consumers. Though the scope of commerce has broadened, it is still possible to apply the basic concepts of commerces and trading to the transactions of these days. Further, to take care of the concept of money, we have several concepts of
BSIT 62 E-Commerce
banking, various methods of representing and transferring money like cheques, MOUs, Drafts etc. as also the concept of different currencies, their equalities, trade restrictions, concept of taxes etc. However, over the years there is a continued effort to improve the efficiency of trading, cut costs, speed up the operations and also to make the entire operation trouble free. The advent of computers brought in another dimension to the situation, originally computers were used mainly for calculations and scientific applications. At that time, they were mainly calculators to speed up and well as make error free calculations. Subsequently, when the cost of the memories started going down drastically, computers were being used to store information in terms of files. An easier and faster way of storing large amounts of information. Reentering of large amounts of data for each and every calculation was avoided. This resulted not only in faster calculation, but also made it error free. Further, with floppy disks and magnetic tapes being available, it was possible to transfer the data and files from one computer to another Say from one office of the company to the other office or from the sellers computers to the buyers computer etc. The growth of computer networks, however, transformed the entire scenario to a different magnitude all together, with the concept of connecting computers through transmission media, the need for physically transferring data through floppy disks etc. was avoided. Thus, people sitting in different cities and even countries, could transmit and share data. This meant that the entire information about buying, selling, costs, taxes and all such associated details are available and also can be transmitted across to the various persons involved at almost zero costs. This revolutionized the scenario of trading and commerce and can be called the beginning of e-commerce. The matters improved further, with the concept of the world wide web and the internet, the number of users on the web increased manifold and the cost of getting connected crashed. This, coupled with several changes in banking and other systems, made the entire set of e-commerce operations available even to the individual and small time users, apart from the large companies and organizations. Definitely, the key element of e-commerce is information processing. Given a suitable scenario and infrastructure, every stage of commerce, except of course production of goods and their physical delivery can be automated. The tasks that can be automated include information gathering, processing, manipulation and information distribution. Broadly speaking the following categories of operations came under ecommerce: i. Transactions between a supplier/a shopkeeper and a buyer or between two companies over a public network like the service provider network (like ISP). With suitable encryption of data and security for transaction, entire operation of selling/buying and settlement of accounts can be automated. ii. Transactions with the trading partners or between the officer of the company located at different locations. iii. Information gathering needed for market research.
iv. Information processing for decision making at different levels of management. v. Information manipulation for operations and supply chain management. vi. Maintenance of records needed for legal purposes, including taxation, legal suits etc. vii.Transactions for information distributions to different retailers, customers etc. including advertising, sales and marketing. You can also note that, these transactions, apart from being important in themselves also affect other transactions. For example data gathering affects information management, advertising affects market research etc. The use of computers in these areas not only make the operations quicker, but also error free and provides for consolidated approach towards the problem. It is not that the concept of e-commerce is totally without side effects. The very nature of the concept, that is revolutionary makes it difficult for the users to understand fully the various issues involved. There are several areas of security, safety against fraud etc., the concept of legal acceptance that are yet to be solved. Also since the internet knows no national boundaries, the concepts become more complex, since what is legal in one country may not be so in another. There is also the concepts of taxation and state controls that needs to be solved. All these issues will be taken up in some detail during the course of this topic. In spite of all this, the growth of e-commerce and web-commerce has been phenomenal in all countries across the globe and is likely to only increase in coming years.
1.2 SUMMARY
In this chapter, we got ourselves introduced to the basic components of e-commerce and web commerce. The essentials of trading, commerce and market place were discussed briefly. The effect of computers on each of these was discussed. It was noted that it is the concept of networking of computers that has actually revolutionized the entire process. It was also indicated that e-commerce is not entirely without side effects. Several problems associated with it were indicated. All these provide us with a background for further enlargement of the subject in the coming chapters.
1.3 QUESTIONS
1. 2. Define commerce Before the advent of networks, how was data being transferred between computers?
BSIT 62 E-Commerce
3. 4. 5.
Name two stages of commerce that cannot be automated. What is the role of encryption in data transfer. Name two areas which are reasons of worry in e-commerce.
1.3.1 Answers
1. 2. 3. 4. 5. Commerce is buying and selling of items. With secondary memories like floppies. Production of goods and delivery of goods. To ensure security of data. Security and legal acceptance.
6
Chapter 2
Chapter 2 - Fundamentals of consumer oriented e-commerce
Fundamentals of consumer oriented e-commerce
2.0 INTRODUCTION
n this chapter, we look at the basic concepts regarding e-commerce. We have fitted this as consumer oriented because all that we are dealing is how to supply the items needed by the consumer at his doorsteps. Though we have talked of computer being the essential component of e-commerce, we also describe one/two instances wherein the computer may not be central to the operations concerned. We briefly look at basic banking services, teleshopping and its variations, home entertainment and the different mercantile models.
2.1 BASIC TENETS OF E-COMMERCE IN A CONSUMER ORIENTED SCENARIO

It has been said that the convergence of money, commerce, computing and networks form the global consumer market place. Though it is true in most cases, the earliest (or rudimentary) systems had computers being replaced by other electronic devices like the television or even telephone. It is to be noted that there are several other, related areas that need to be address while setting up an e-commerce system. These include facilities for negotiations, bargaining, order processing, payment and customer service. Though it is desirable that the entire system is automated, it may be possible that one/more of these activities may be transacted in a traditional manner. For example, while the order is placed over phone, further negotiations may be made with the sales representative calling on the buyer, the payment may be made through a cheque etc. To begin with, we include systems where in only a part of the operations are done through electronic means also as e-commerce systems.
BSIT 62 E-Commerce
Some of the fundamental issues that need to be addressed before consumer oriented e-commerce can be made broad based are listed below. i. Standard business practices and processes for buying and selling of products as well as services need to be established. ii. Easy to use and well accepted software and hardware implementations of the various stages of e-commerce like order taking, payment, delivery, after sales interactions etc. need to be established. iii. Secure commercial and transport practices that make the parties believe that they are not at the mercy of any body else for the safety of their information and goods need to be in place. It may be noted that each one of the above requirements can be established only over a period of time with several trial and error methods. Ironically, e-commerce can grow in a very big way only when these requirements are fully available and are within the grasp of the average user. We next look at a few of the applications of e-commerce in some detail, to understand the implications of e-commerce in a full scale. We look at the following concepts in some detail 1. Basic banking services 2. Home shopping 3. Home entertainment 4. Microtransaction for information
2.2 BASIC BANKING SERVICES

The concepts under basic banking services are what a normal customer would be transacting with his bank most of the time. They are mainly related to personal finances. It can safely be presumed that most of normal transactions that a customer has with his bank can be classified into the following i. Checking his accounts statements ii. Round the clock banking (ATM) iii. Payment of bills etc. iv. Fund transfer and v. Updating of his pass books etc. Indeed most of these can be done through telephone with suitable passwords etc, except round the
clock banking. The concept of Automated Teller Machines is to allow the customer to draw money from his account at any part of the day (or night). In fact, ATMs are to day thought to be one single concept that changes the way banks functioned. The customer need not go to the bank at all for his most important service. In other words, both the bank and the customer became faceless to each other. But it helped the customer by ensuring that he need not modify his working schedule to visit the bank. At the same time, the banks need not resort to concept like split hours, opening on holidays etc. to project themselves as customer friendly.
A ssociatio n sw itch in g c e n tre In ter A ss o c ia tio n sw itch in g c e n tre
AT M
B an k S w itch in g cen tre
AT M
AT M
A ssociatio n sw itch in g c e n tre
AT M

Fig. 2.1
It can be noted that the individual ATMs are connected to a Bank Switching Centre. The Switching Centres of several banks are interconnected to an association switching centre (May be all banks of a particular region, for example) All such centre are globally connected to a main switching centre. While the actual operations are not important here, it is important to note that the PC are any such computers are not employed at the customer level. It is also argued that an average customer is more comfortable with the process of simple insertion of a card rather than complicated operations on PCs. However, we include the ATMs also under e-commerce.
2.3 HOME SHOPPING

Our next example is home shopping. For simplicity, we presume it is television based shopping. It may be noted that this concept is picking up now in India in a small way, wherein the channels set apart only a very small portion of their broadcasting time to teleshopping. In the simplest case, the channels describe the various aspects of their product and the customer can order the items over phone. The goods are delivered to his home and payment can be made in the normal modes. In a more sophisticated version, orders can be placed online (through computers) and payment also
BSIT 62 E-Commerce
can be made through credit /debit cards. It may be noted that several concepts of traditional marketing like negotiations, trial testing etc. are missing from this scheme and it is most suitable for those customers who are almost sure of what they need to buy but who are to busy to go to the shops. Otherwise, there is hardly any concept of interaction and there is little scope to ensure the quality of product, after sales service etc.
2.4 HOME ENTERTAINMENT

The next example of this type of commerce is home entertainment. Dubbed on line movies, it is possible for the user to select a movie/CD online and make his cable operator play the movie exclusively for him (movie on demand) cause against payment. Payment can be either online/ billed to his account. It is also possible to play interactive games online/download them to your computer to play. The concept of downloading games/news etc. at a cost to the mobiles is also a similar concept. It may be noted that in all these cases, the physical movement of the customer/trader is avoided, of course, the computer need not always be a part of the deal.
2.5 MICROTRANSACTIONS FOR INFORMATION

The telephone directories provide a basic type of microtransaction. If you want by one particular type of item say books they list the addresses and phone numbers of the various book dealers whom you may contact. Similar facilities are available on the internet may be for more number of items and also with more details. IT may include detailed catalogues, other related information etc. of course, the customer has to pay a small charge for visiting the site each time he visits the site. This can be though of as an extension of the earlier described television based ordering. You dont have to order only those items that are shown in the computer, but search for an item that you need. Also ordering is on line. Some preliminary two way interactions are also possible. Several modifications and value additions to the above mentioned preliminary scheme are possible. Ofcourse, each value addition also adds cost.
2.6 DESIRABLE CHARACTERISTICS OF E-MARKETING

Before we embark on the detailed study of e-commerce, we shall discuss some of related issues. Commonsense tells us that few transactions are more congenial for e-marketing than others. We list out the desirable features of a hypothetical market pace let us call it e-market.
10
2.6.1 A minimal size of the place

Obviously for any such place to thrive there is a critical size, below which it is not profitable to operate. This minimal number of buyers and sellers characterises the profitability of the place.
2.6.2 A scope for interactions

Interactions include trial runs of the products, classifications of doubts on the part of the customers, details of after sales services, ability to compare different products and of course scope for negotiations and bargaining. Negotiations can be in terms of cost, value additions, terms and conditions, delivery dates etc.
2.6.3 Scope for designing new products

The customer need not buy only what is available. He can ask for modifications, upgradations etc. The supplier must be able to accept these and produce made to order items.
2.6.4 A seamless connection to the marketplace

It is obvious that each customer will be operating with a different type of computer, software, connectivity etc. There should be available standards sot that any of these costumers will be able to attach himself to any of the markets without changing his hardware/software/interfaces etc..
2.6.5 Recourse for disgruntled users

It is nave to believe that transaction of such a place end up in complete satisfaction to all parties concerned. Especially because of the facelessness of the customer and the supplier, there should be a standard recourse to settle such disputes.
2.7 QUESTIONS
1. 2. 3. List any three basic needs of consumer oriented e-commerce. List any three basic banking activities. What does ATM stand for
BSIT 62 E-Commerce
11
4. 5. 6. 7. 8. 9.
Why does an ATM does not involve a computer at customers level? What is the simples type of home shopping? What is movie on demand? Name any two concepts of TV based home entertainment? What is the need for seamless connections? What is the need for market place interacts?
10. What is the need for settling disputes?
2.7.1 Answers
1. Standard processes for buying and selling; well accepted hardware and software and secure commercial and transport practices. Account checking, ATM, payment of bills, fund transfer etc. Automated Teller machine. Because any average customer is more comfortable with simply inserting an ATM card. The channels describe the product, orders are placed over phone, delivery is made at home and payment in the standard mode. The viewer selects the movie to view an the TV against payment. Movie an demand and on line games. So that persons with different types of hardware and software can interact easily. To facilitate comparisons, negotiations, bargaining etc.
2. 3. 4. 5.
6. 7. 8. 9.
10. To ensure that disgruntled customers / traders can have a standard recourse for settlement.
12
Chapter 3
Chapter 3 - Electronic Commerce and the World Wide Web
Electronic Commerce and the World Wide Web
3.0 INTRODUCTION
n this chapter, we get a view of the frame work for e-commerce. The framework defines and creates tools for integrations of information. We look at the six layers of software in a conceptual framework that can provide a suitable e-commerce mechanism. Also we note that these frameworks help us to define three types of transactions business to business, consumer to business and intra organizational. We also get a brief concept of World Wide Web and a basic e-commerce architecture on the web. We have broadly defined electronic commerce as a modern business methodology that addresses the desire of firms, consumers, and management to cut costs while improving the quality of goods and increasing the speed of services. The need for electronic commerce stems from the demand within business and government to make better use of computing, that is, to better apply computer technology to improve business processes and information exchange both within an enterprise and across organizations. Electronic commerce applications are quite varied. In its most common form, e-commerce is also used to denote the paperless exchange of business information using EDI, electronic mail (e-mail), electronic bulletin boards, electronic funds transfer (EFT), and other similar technologies. The term electronic commerce is used to describe a new on-line approach to performing traditional functions such as payment and funds transfer, order entry and processing, invoicing, inventory management, car go tracking, electronic catalogs, and point-of-sale data gathering. These business functions act as initiators to the entire order management cycle that incorporates the more established notions of electronic commerce. In short, what we are witnessing is the use of the term electronic commerce as an umbrella concept to integrate a wide range of new and old applications.
12
BSIT 62 E-Commerce
13
3.1 ARCHITECTURAL FRAMEWORK FOR ELECTRONIC COMMERCE

In general a frame work is intended to define and create tools that integrate the information found in todays closed systems and allow the development of e-commerce applications. The architecture should focus on synthesizing the diverse resources already in place in corporations to facilitate the integration of data and software for better applications. The electronic commerce application architecture consists of six layers of functionality, or functionality, or services: (1) applications; (2) brokerage services, data or transaction management; (3) interface and support layers; (4) secure messaging, security, and electronic document interchange; (5) middleware and structured document interchange; and (6) network infrastructure and basic communications services.
3.1.1 Electronic Commerce Application Services

The application services layer of e-commerce will be comprised of existing and future applications built on the innate architecture. Three district classes of electronic commerce applications can be distinguished; customer-to-business, business-to-business, and intra-organization.
Application Services
Brokerage and data management
Interface layer
Secure messaging Middleware services Network infrastructure
Customer-to-business Business-to-business Intra-organizational Order processing-mail order houses Payment schemes electronic cash Clearinghouse or virtual mall Interactive catalogs Directory support functions Software agents Secure hypertext transfer protocol Encrypted e-mail, EDI Remote programming (RPC) Structured document (SGML, HTML) Compound Documents (OLE, OpenDoc) Wireless-cellular, radio, PCS Wireline POTS, coaxial, fiber optic
Fig. 3.1
Consumer-to-business Transactions
Here customers learn about products differently through electronic publishing, buy them differently using electronic cash and secure payment systems, and have them delivered differently.
14
Business-to-Business Transactions
Here, businesses, governments, and other organizations depend on computer-to-computer communication as a fast, an economical, and a dependable way to conduct business transactions. Small companies are also beginning to see the benefits of adopting the same methods. business-to-business transactions include the use of EDI and electronic mail for purchasing goods and services, buying information and consulting services, submitting requests for proposals, and receiving proposals.
Intra-organizational transactions
A Company becomes market driven by dispersing throughout the firm information about its customers and competitors; by spreading strategic and tactical decision making so that all units can participate; and by continuously monitoring their customers commitment by making improved customer satisfaction an ongoing objective. To maintain the relationships that are critical to delivering superior customer value, management must pay close attention to service, both before and after sales.
3.1.2. Information Brokerage and Management

The information brokerage and management layer provides service integration through the notion of information brokerages, the development of which is necessitated by the increasing information resource fragmentation. We use the notion of information brokerage to represent an intermediary who provides service integration between customers and information providers, given some constraint such as a low price, fast service, or profit maximization for a client. Information brokerage does more than just searching. It addresses the issue of adding value to the information that is retrieved. For instance, in foreign exchange trading, information is retrieved about the latest currency exchange rates in order to hedge currency holdings to minimize risk and maximize profit. With multiple transactions being the norm in the real world, service integration becomes critical. Another aspect of the brokerage function is the support for data management and traditional transaction services. Brokerages may provide tools to accomplish more sophisticated, time-delayed updates or futurecompensating transactions. These tools include software agents, distributed query generator, the distributed transaction generator, and the declarative resource constraint base-which describes a businesss rules and environment information. At the heart of this layer lies the work-flow scripting environment built on a software agent model that coordinates work and data flow among support services. Software agents are used to implement information brokerages. Agents are encapsulations of users instructions that perform all kinds of tasks in electronic marketplaces spread across networks. Information brokerages dispatch agents capable of information resource gathering, negotiating deals and performing transactions.
BSIT 62 E-Commerce
15
Although the notion of software agents sounds very seductive, it will take a while to solve the problems of inter-agent communication, interoperable agents, and other headaches that come with distributed computing and networking.
3.1.3. Interface and Support Services

Interface and support services, will provide interfaces for electronic commerce applications such as interactive catalogs and will support directory services functions necessary for information search and access. Interactive catalogs are the customized interface to consumer applications such as home shopping. An interactive catalog is an extension of the paper-based catalog and incorporates additional features such as sophisticated graphics and video to make the advertising more attractive. Directories, on the other hand, operate behind the scenes and attempt to organize the enormous amount of information and transactions generated to facilitate electronic commerce. The primary difference between the two is that unlike interactive catalogs, which deal with people, directory support services interact directly with software applications. For this reason, they need not have the multimedia glitter and jazz generally associated with interactive catalogs.
3.1.4. Secure Messaging and Structured Document Interchange Services

The importance of the fourth layer, secured messaging, is clear. Broadly defined, messaging is the software that sits between the network infrastructure and the clients or electronic commerce applications, masking the peculiarities of the environment. In general, messaging products are not applications that solve problems; they are more enablers of the applications that solve problems. Messaging services offer solutions for communicating non-formatted (unstructured) data-letters, memos, reports as well as formatted (structured) data such as purchase orders, shipping notices, and invoices. It supports both synchronous (immediate) and asynchronous (delayed) message delivery and processing. It is not associated with any particular communication protocol. No preprocessing is necessary, although there is an increasing need for programs to interpret the message. Messaging is well suited for both client-server and peer-to-peer computing models. The main disadvantages of messaging are the new types of applications it enables which appear to be more complex, especially to traditional programmers and the jungle of standards it involves. Also, security, privacy, and confidentiality through data encryption and authentication techniques are important issues that need to be resolved.
16 3.1.5 Middleware Services
Middleware is a relatively new concept that emerged only recently. With the growth of networks, client-server technology, and all other forms of communicating between / among unlike platforms, the problems of getting all the pieces to work together grew. In simple terms, middleware is the ultimate mediator between diverse software programs that enables them talk to one another. Another reason for middleware is the computing shift from application centric to data centric. To achieve data centric computing, middleware services focus on three elements: transparency, transaction security and management, and distributed object management and services.
3.1.6. Transparency
Transparency implies that users should be unaware that they are accessing multiple systems. Transparency is essential for dealing with higher-level issues than physical media and interconnection that the underlying network infrastructure is in charge of. The ideal picture is one of a virtual{ network: a collection of work-group, departmental, enterprises, and interenterprise LANs that appears to the end user o r client application to be a seamless and easily accessed whole. Transparency is accomplished using middleware that facilitates a distributed computing environment. The goal is for m the applications to send a request to the middleware layer, which then satisfies the request any way it can, using remote information.
3.2 WORLD WIDE WEB (WWW) AS THE ARCHITECTURE

Electronic commerce depends on the unspoken assumption that computers cooperate efficiently for seamless information sharing. Unfortunately, this assumption of interoperability has not been supported by the realities of practical computing. Computing is still a world make up of many technical directions, product implementations, and competing vendors. The Web community of developers and users is tackling these complex problems. Figure shows a block diagram depicting the numerous pieces that constitute a Web architecture. The architecture is made up of three primary entities: client browser, Web server, and third-party services. The client browser usually interacts with the WWW server, which acts as an intermediary in the interaction with third-party services.
BSIT 62 E-Commerce
17
WWW Server Functions Third-party Services
Client browser
Local or companyspecific data
Information retrieval
Digital library of document / data servers
Mosaic / WWW browser
Data and transaction management
Third party information processing tools / services
Browser Extensions
Secure massaging
Electronic payment servers
Fig. 3.2 Block diagram depicting an electronic commerce architecture.
The client browser resides on the users PC or workstation and provides an interface to the various types of content. The browser has to be smart enough to understand what file it is downloading and what browser extension it needs to activate to display the file. Browsers are also capable of manipulating local files. Web server functions can be categorized into information retrieval, data and transaction management, and security. The third-party services could be other Web servers that make up the digital library, information processing tools, and electronic payment systems.
3.3 SUMMARY
We discussed the framework for e-commerce, that defines and creates tools for integration of information. We identified six layers of software namely application services, brokerage and data management, interface layer, secure messaging, middleware services and network infrastructure. We also saw the concept of World Wide Web and also an e-commerce architecture suitable for WWW.
18 3.4 QUESTIONS
1. 2. 3. 4. 5. 6. 7. 8. 9. Define EDI. Define EFT.
Name a few operations performed by e-commerce. Define a framework. List the six layers of e-commerce architecture. Name the three classes of e-commerce applications based on transactions. Define a information Brokerage. Define a software agent. Define middleware.
10. Name the three stages of e-commerce architecture on web.
3.4.1 Answers
1. 2. 3. 4. 5. 6. 7. 8. 9. Electronic Data Interchange. Electronic Fund Transfer. Payment, fund transfer, order entry, invoicing et. Framework is intended to define and create tools that integrate information. Applications, brokerage services, interface, secure messaging, middleware and network infrastructure. Consumer to business, Business to business, intra organization. An intermediary who provides integration between customers and information providers. Agent is an encapsulation of users instructions. It is a mediator between diverse application programs that talk to each other.
10. Client browser, WWW server functions and third party services.
BSIT 62 E-Commerce
19
Chapter 4
Consumer-Oriented Electronic Commerce
4.0 INTRODUCTION
his chapter mainly deals with the actual process of e-commerce - The process as viewed from the consumers point of view as well as from the merchants point of view. We begin the discussions from where we left in chapter 2. We review the various characteristics that are desirable in a market place. This forms a background for the two mercantile models. The model from the consumers point of view has about 7 stages and as we can see, concentrates only on the product searching to postsales as well as the consumers and how this affects the model. The model from the merchants point of view can be called a order management cycle and has about 8 stages.
4.1 DESIRABLE CHARACTERISTICS OF AN ELECTRONIC MARKETPLACE

The following criteria are essential for consumer-oriented electronic commerce:
l
Critical mass of buyers and sellers. The trick is getting a critical mass of corporations and consumers to use electronic mechanisms. In other words, the electronic marketplace should be the first place customers go to find the products and services they need. Opportunity for independent evaluations and for customer dialogue and discussion. In the marketplace, not only do users buy and sell products or services, they also compare notes on who has the best products and whose prices are outrageous. The ability to openly evaluate the wares offered is a fundamental principle of a viable marketplace. Negotiation and bargaining. No market place is complete if it does not support negotiation.
BSIT 62 E-Commerce
19
20
Chapter 4 - Consumer-Oriented Electronic Commerce
Buyers and sellers need to be able to haggle over conditions of mutual satisfaction, including money, terms and conditions, delivery dates, and evaluation criteria.
l
New products and services. In a viable marketplace, consumers can make requests for products and services not currently offered and have a reasonable expectations that someone will turn up with a proposed offering to meet that request. Seamless interface. The biggest barrier to electronic trade is having all the pieces work together so that information can flow seamlessly from one source to another. This requires standardization. On the corporate side, companies need compatible EDI software and network services in order to send electronic purchase orders, invoices, and payments back and forth. Recourse for disgruntled buyers. A viable marketplace must have a recognized mechanism for resolving disputes among buyers and sellers. Markets typically include a provision for resolving disagreements by returning the product or through arbitrage in other cases.
4.2 MERCANTILE PROCESS MODELS

Mercantile processes define interaction models between consumers and merchants for on-line commerce. This is necessary because to buy and sell goods, a buyer, seller, and other parties must interact in ways that represent some standard business processes. The establishment of a common mercantile process (or set of processes) is expected to increase convenience for consumers who wont have to figure out a new business process for every single vendor.
4.3 MERCANTILE MODELS FROM THE CONSUMERS PERSPECTIVE

The business process model from a consumers perspective consist of seven activities that can be grouped into three phases: pre-purchase phase, purchase consummation, and post-purchase interaction. 1. The pre-purchase preparation phase includes search and discovery for a set of products in the larger information space capable of meeting customer requirements and products selection from the smaller set of products based on attribute comparison.
BSIT 62 E-Commerce
21
Product / service search and discovery in the information space
Comparison shopping and product selection based on various attributes Negotiation of terms, e.g., price, delivery times Placement of order
Pre-purchase determination
Authorization of payment
Purchase consummation
Receipt of product
Customer service and support (if not satisfied in X days, return product)
Fig. 4.1
Post-purchase interaction
2. The purchase consummation phase includes mercantile protocols that specify the flow of information and documents associated with purchasing and negotiation with purchasing and negotiation with merchants for suitable terms, such as price, availability, and delivery dates; and electronic payment mechanisms that integrate payment into the purchasing process. 3. The postpurchase interaction phase includes customer service and support to address customer complaints, product returns, and product defects. Lets consider each of the consumer purchasing phases in detail.
4.3.1 Pre-purchase Preparation

From the consumers perspective, any major purchase can be assumed to involve so me amount of pre-purchase deliberation, the extent of which is likely to vary across individuals, products, and purchase
22
situations. Purchase deliberation is defined as the elapsed time between a consumers first thinking about buying and the actual purchase itself. Information search should constitute the major part of the duration, but comparison of alternatives and price negotiation would be included in the continually evolving information search and deliberation process. In general, consumers can be categorized into three types: 1. Impulsive buyers, who purchase products quickly. 2. Patient buyers, who purchase products after making some comparisons. 3. Analytical buyers, who do substantial research before making the decision to purchase products or services. In fact, marketing researchers have isolated several types of purchasing:
l
Specifically planned purchases. The need was recognized on entering the store and the shopper bought the exact item planned. Generally planned purchases. The need was recognized, but the shopper decided in-store on the actual manufacturer of the item to satisfy the need. Reminder purchases. The shopper was reminded of the need by some store influence. This shopper is influenced by in-store advertisements and can substitute products readily. Entirely unplanned purchases. The need was not recognized entering the store.
While the technology for supporting search is important, we still need to understand the actual process that consumers and organizations employ in gathering information.
4.3.2. Information Brokers and Brokerages

To facilitate better consumer and organizational search, intermediaries called information brokers or brokerages are coming into existence. Information brokerages are needed for three reasons: comparison shopping, reduced search costs, and integration. Today, many on-line information providers are moving to a consumer services model, where they provide not only inexpensive access but lots of free information.
4.3.3. Purchase Consummation

After identifying the products to be purchased, the buyer and seller must interact in some way to
BSIT 62 E-Commerce
23
actually carry out the mercantile transaction. A mercantile transaction is defined as the exchange of information between the buyer and seller followed by the necessary payment. A single mercantile model will not be sufficient to meet the needs of every one. In very general terms, a simple mercantile protocol would require the following transactions. Although there may be many variants of this protocol, the basic flow remains the same. 1. Buyer contacts vendor to purchase product or service. This dialogue might be interactive online- through World Wide Web (WWW), e-mail, off-line through an electronic catalog and telephone. 2. Vendor states price. 3. Buyer and vendor may or may not engage in negotiation. 4. If satisfied, buyer authorizes payment to the vendor with an encrypted transaction containing a digital signature for the agreed price. 5. Vendor contacts his or her billing service to verify the encrypted authorization for authentication. 6. Billing service decrypts authorization and checks buyers account balance or credit and puts a hold on the amount of transfer. 7. Billing service gives the vendor the green light to deliver product and sends a standardized message giving details of transaction. 8. On notification of adequate funds to cover financial transaction, vendor delivers the goods to buyer or in the case of information purchase provides a cryptokey to unlock the file. 9. On receiving the goods, the buyer signs and delivers receipt. Vendor then tells billing service to complete the transaction. 10.At the end of the billing cycle, buyer receives a list of transactions. Buyer can then either deny certain transactions or complain about over billing. Suitable audit or customer service actions are then initiated depending on the payment scheme.
4.3.4. Postpurchase Interaction

As long as there is payment for services, there will be refunds, disputes, and other customer service issues that need to be considered. Returns and claims are an important part of the purchasing process that impact administrative costs, scrap and transportation expenses, and customer relations. Other complex customer service challenges arise in customized retailing that we have not fully understood or resolved:
24
l
Inventory issues. To serve the customer properly, a company should inform a customer right away when an item ordered is sold out-not with a rain check or back-order notice several days later. On the other hand, if the item is in stock, a company must be able to assign that piece to the customer immediately and remove it from available inventory. Database access and compatibility issues. Unless the customer can instantly access all the computers of all the direct-response vendors likely to advertise on the Information Superhighway on a real-time basis, with compatible software he or she is not likely to get the kind of service that customers normally get. Customer service issues. Customers often have questions about the product (color, size, shipment), want expedited delivery, or have one of a myriad of other things in mind that can be resolved only by talking to an order entry operator.
4.4 MERCANTILE MODELS FROM THE MERCHANTS PERSPECTIVE

The order-to-delivery cycle from the merchants perspective has been managed with an eye toward standardization and cost. To achieve a better understanding, it is necessary to examine the order management cycle (OMC) that encapsulates the more traditional order-to-delivery cycle. OMC has the following generic steps.
4.4.1. Order Planning and Order Generation

The business process begins long before an actual order is placed by the customer. The first step is order planning. Order planning leads into order generation. Orders are generated in number of ways in the e-commerce environment. The sales force broadcasts ads (direct marketing), sends personalized e-mail to customers (cold calls), or creates a WWW page.
4.4.2 Cost Estimation and Pricing

Pricing is the bridge between customer needs and company capabilities. Pricing at the individual order level depends on understanding, the value to the customer that is generated bye ach order, evaluating the cost of filling each order; and instituting a system that enables the company to price each order based on its valued and cost. Although order-based pricing is difficult work that requires meticulous thinking and deliberate execution, the potential for greater profits is simply worth the effort.
BSIT 62 E-Commerce
25
Customer inquiry and order planning generation Presales interaction Cost estimation and pricing of product services
Order receipt and entry
Order Selection and Prioritization Product service production and delivery
Order Scheduling
Order fulfillment and delivery
Order billing and account / payment management Post sales interaction Customer service and support
Fig. 4.2
4.4.3. Order Receipt and Entry

After an acceptable price quote, the customer enters the order receipt and entry phase of OMC. Traditionally, this was under the purview of departments variously titled customer service, order entry, the inside sales desk, or customer liaison. These departments are staffed by customer service representatives, usually either very experienced, long-term employees or totally inexperienced trainees. In either case, these representatives are in constant contact with customers.
26
4.4.4 Order Selection and Prioritization

Customer service representatives are also often responsible for choosing which orders to accept and which to decline. In fact, not all customer orders are created equal; some are simply better for the business than others. Another completely ignored issue concerns the importance of order selection and prioritization. Companies that put effort into order selection and link it to their business strategy stand to make more money.
4.4.5 Order Scheduling

During the ordering scheduling phase the prioritized orders get slotted into an actual production or operational sequence. This task is difficult because the different functional departments sales, marketing, customer service, operations, or production-may have conflicting goals. Communication between the functions is often nonexistent, with customer service reporting to sales and physically separated from production scheduling, which reports to manufacturing or operations. The result is lack of interdepartmental coordination.
4.4.6 Order Fulfillment and Delivery

During the order fulfillment and delivery phase the actual provision of the product or service is made. While the details vary from industry to industry, in almost every company this step has become increasingly complex. Often, order fulfillment involves multiple functions and locations. The more complicated the task the more coordination required across the organization.
4.4.7. Order Billing and Account / Payment Management

After the order has been fulfilled and delivered, billing is typically handled by the finance staff, who view their job as getting the bill out efficiently and collecting quickly.
4.4.8. Post-sales Service

This phase plays an increasingly important role in all elements of a companys profit equation: customer value, price, and cost. Depending on the specifics of the business, it can include such elements as
BSIT 62 E-Commerce
27
physical installation of a product, repair and maintenance, customer training, equipment upgrading and disposal. Because of the information conveyed and intimacy involved, post sales service can affect customer satisfaction and company profitability for years.
4.5 SUMMARY
In this chapter, we come across the process of purchase / sale of goods. The entire process can be viewed either from the buyers point of view or the merchants point of view. Accordingly, the consumers perspective can be considered to be made up of 3 stages purchase determination, purchase consummation and post purchase interaction. We also learnt that consumers can be categorized as impulsive, patient and analytical buyers. The purchases themselves can be specifically planned, generally planned, reminder purchases or unplanned purchases. We went through the details of each of these phases. Similarly from the merchants point of view, the stages can be presales interaction, product service production and postsales interaction.
4.6 QUESTIONS
1. 2. 3. 4. 5. 6. 7. 8. 9. Name the three broad phases of consumers perspective. What are the categories of consumers? What are the four types of purchases? Why are information brokerages needed? What issues are included in post purchase interaction? Name the phases from the merchants point of view? What is order selection? Why is a critical mass necessary for market? What is the need for standardization?
10. On what factors can negotiations take place?
4.6.1 Answers
1. 2. Pre-purchase determination, purchase consummation, post purchase interaction. Impulsive buyers, patient buyers and analytical buyers.
28
3. 4. 5. 6. 7. 8. 9.
Specifically planned, Generally planned, reminder purchases and unplanned purchases. To help in comparison shopping, reduce search costs and integration. Inventory issues, database access issues and customer service issues. Presales interaction, product service, production and delivery and post sales interaction. Prioritize orders based on same factors. Otherwise the cost per unit goes up. To move seamlessly across various hardware and software.
10. Over money, terms and conditions, delivery dates and evaluation criteria.
BSIT 62 E-Commerce
29
Chapter 5
Electronic Payment Systems
5.0 INTRODUCTION
n this chapter we discuss some very important issues of a market place regarding the payment procedures. In a purely long distance purchase scenario, payment also is to be made without the customer and the seller coming face to face. Hence traditional concept of buying with cash does not work. However, one can think of concepts like electronic tokens (e-cash), checks, and credit and debit cards. We also see that each of these present their own problems, unlike regular cash, which is guaranteed by the respective governments. We note that there are two major, conflicting issues anonymity of the buyer and the legality of the tender. Also, there are disputes regarding double payments, taxation laws and exchange rates. Hence, we see a very interesting combination of several issues to be solved simultaneously. Electronic payment systems and e-commerce are intricately linked given that on-line consumers must pay for products and services. We will examine the following issues
l
What form and characteristics of payment instruments for example, electronic cash, electronic checks, credit / debit cards will consumers use? In on-line markets, how can we manage the financial risk associated with various payment instruments privacy, fraud, mistakes, as well as other risks like bank failures? What security features (authentication, privacy, anonymity) need to be designed to reduce these risks? What are the step-by-step procedures and institutional arrangements that form the fabric of the electronic payment business processes that link consumers and organizations?
BSIT 62 E-Commerce
29
30
Chapter 5 - Electronic Payment Systems
5.1 DIGITAL TOKEN-BASED ELECTRONIC PAYMENT SYSTEMS

None of the banking or retailing payment methods are completely adequate in their present form for the consumer-oriented e-commerce environment. Their deficiency is their assumption that the parties will at some time or other be in each others physical presence or that there will be a sufficient delay in the payment process for frauds, overdrafts, and other undesirables to be identified and corrected. These assumptions may not hold for e-commerce. Entirely new forms of financial instruments are also being developed. One such new financial instrument is electronic tokens in the for m of electronic cash / money or checks. Electronic tokens are designed as electronic analogs of various forms of payment backed by a bank or financial institution. Simply stated, electronic tokens are equivalent to cash that is backed by a bank. Electronic tokens are of three types: 1. Cash or real-time. Transactions are settled with the exchange of electronic currency. An example of on-line currency exchange is electronic cash (e-cash) 2. Debit or prepaid. Users pay in advance for the privilege of getting information. Examples of prepaid payment mechanisms are stored in smart cards and electronic purses that store electronic money. 3. Credit or postpaid. The server authenticates the customers and verifies with the bank that funds are adequate before purchase. Examples of postpaid mechanisms are credit / debit cards and electronic checks. Here are four dimensions that are useful for analyzing the different initiatives 1. The nature of the transaction for which the instrument is designed. Some tokens are specifically designed to handle micro-payments, that is, payments for small snippets of information. Others are designed for more traditional products. Some systems target specific niche transactions; other seek more general transactions. The key is to identify the parties involved, the average amounts, and the purchase interaction. 2. The means of settlement used. Token must be backed by cash, credit, electronic bill payments (prearranged and spontaneous), cashiers checks, IOUs letters and line of credit, and wire transfers, to name a few. Each option incurs trade-offs among transaction speed, risk, and cost. Most transaction settlement methods use credit cards, while others use other proxies for value. 3. Approach to security, anonymity, and authentication. Electronic tokens vary in the protection of privacy and confidentiality of the transactions. Encryption can help with authentication, nonrepudiability, and asset management.
BSIT 62 E-Commerce
31
4. The question of risk Who assumes what kind of risk at what time? The tokens might suddenly become worthless and the customers might have the currency that nobody will accept. If the system stores value in a smart card, consumers may be exposed to risk as they hold static assets. Also electronic tokens might be subject to discounting or arbitrage. Risk also arises if the transaction has long lag times between product delivery and payments to merchants. This exposes merchants to the risk that buyers dont pay-or vice-versa that the vendor doesnt deliver.
5.2 ELECTRONIC CASH (E-CASH)

Electronic cash (e-cash) is a new concept in on-line payment systems because it combines computerized convenience with security and privacy that improve on paper cash. Its versatility opens up a host of new markets and applications. E-cash presents some interesting characteristics that should make it an attractive alternative for payment over the Internet. E-cash focuses on replacing cash as the principal payment vehicle in consumer-oriented electronic payments. The predominance of cash indicates an opportunity for innovative business practice that revamps the purchasing process where consumers are heavy users of cash. To really displace cash, the electronic payment systems need to have some qualities of cash that current credit and debit cards lack. For example, cash is negotiable, meaning it can be given or traded to some one else. Cash is legal tender, meaning the payee is obligated to take it. Cash is a bearer instrument, meaning that possession is prima facie proof of ownership. Also, cash can be held and used by anyone even those who dont have a bank account, and cash places no risk on the part of the acceptor that the medium of exchange may not be good. Now compare cash to credit and debit cards. First, they cant be given away because, technically, they are identification cards owned by the issuer and restricted to one user. Credit and debit cards are not legal tender, given that merchants have the right to refuse to accept them. Nor are credit and debit cards bearer instruments; their usage requires an account relationship and authorization system. Similarly, checks require either personal knowledge of the payer or a check guarantee system. Hence, to really create a novel electronic payment method, we need to do more than recreate the convenience that is offered by credit and debit cards. We need to develop e-cash that has some of the properties of cash.
5.2.1. Properties of Electronic Cash

Specifically, e-cash must have the following four properties: monetary value, interoperability, retrievability, and security.
32
E-cash must have a monetary value; it must be backed by either cash (currency), bank-authorized credit, or a bank-certified cashiers check. When e-cash created by one bank is accepted by others, reconciliation must occur without any problems. Stated another way, e-cash without proper bank certification carries the risk that when deposited, it might be returned for insufficient funds. E-cash must be interoperable that is, exchangeable as payment for other e-cash, paper cash, goods or services, lines of credit, deposits in banking accounts, bank notes or obligations, electronic benefits transfers, and the like. E-cash must be storable and retrievable. The cash could be stored on a remote computers memory, in smart cards, or in other easily transported standard or special-purpose devices. Because it might be easy to create counterfeit cash that is stored in a computer, it might be preferable to store cash on a dedicated device that cannot be altered. This device should have a suitable interface to facilitate personal authentication using passwords or other means and a display so that the user can view the cards contents. E-cash should not be easy to copy or tamper with while being exchanged; this includes preventing or detecting duplication and double-spending. Counterfeiting poses a particular problem, since a counterfeiter may, in the Internet environment, be anywhere in the world and consequently be difficult to catch without appropriate international agreements. Detection is essential in order to audit whether prevention is working. Then there is the tricky issue of double spending (DFN88). For instance, you could use your e-cash simultaneously to buy something in Japan, India, and England. Preventing double-spending from occurring is extremely difficult if multiple banks are involved in the transaction. For this reason, most systems rely on post-fact detection and punishment.
5.2.2 Electronic Cash in Action

Electronic cash is based on cryptographic systems called digital signatures. This method involves a pair of numeric keys (very large integers or numbers) that work in tandem: one for locking (or encoding) and the other for unlocking (or decoding). Messages encoded with one numeric key can only be decoded with the other numeric key and none other. The encoding key is kept private and the decoding key is made public. By supplying all customers (buyers and sellers) with its public key, a bank enables customers to decode any message (or currency) encoded with the banks private key. If decoding by a customer yields a recognizable message, the customer can be fairly confident that only the bank could have encoded it. These digital signatures are as secure as the mathematics involved and have proved over the past two decades to be more resistant to forgery than hand written signatures. Electronic cash can be completely anonymous. Anonymity allows freedom of usage to buy illegal products such as drugs or pornographic material or to buy legal product and services. This is accomplished in the following manner. When the e-cash software generates a note, it masks the original number of blinds the note using a random number and transmits it to a bank. The Blinding carried out by the
BSIT 62 E-Commerce
33
customers software makes it impossible for anyone to link payment to payer. Even the bank cant connect the signing with the payment, since the customers original note number was blinded when it was signed. In other words, it is a way of creating anonymous, untraceable currency. What makes it even more interesting is that users can prove unequivocally that they did or did not make a particular payment. This allows the bank to sign the note without every actually knowing how the issued currency will be used. The protocol behind blind signatures is as follows: 1. The customers software chooses a blinding factor, R, independently and uniformly at random and presents the bank with (XR)E (mod PQ), where X is the note number to be signed and E is the banks public key. 2. The bank signs it: (XRE)D = RXD (mod PQ). D is the banks private key. 3. On receiving the currency, the customer divides out the blinding factor: (RXD) / R = XD (mod PQ) 4. The customer stores XD , the signed note that is used to pay for the purchase of products or services. Since R is random, the bank cannot determine X and thus cannot connect the signing with the subsequent payment. To uncover double spending, banks must compare the note passed to it by the merchant against a database of spent notes. Just as paper currency is identified with a unique serial number, digital cash can also be protected. The ability to detect double spending has to involve some form of registration so that all notes issued globally can be uniquely identified. However, this method of matching notes with a central registry has problems in the online world. For most systems, which handle high volumes of micro payments, this method would simply be too expensive. In addition, the problem of double spending means that banks have to carry added overhead because of the constant checking and auditing logs. Double spending would not be a major problem if the need for anonymity were relaxed. In such situations, when the consumer is issued a bank note, it is transferred specifically to that other persons license. Each time the money changes hands, the old owner adds a tiny bit of information to the bank note based on the bank notes serial number and his or her license. If somebody attempts to spend money twice, the bank will now be able to use the two bank notes to determine who the cheater is. Even if the bank notes pass through many different peoples hands, whoever cheated will get caught, and none of the other people will ever have to know. One draw back of e-cash is its inability to be easily divided into smaller amounts. It is often necessary go get small denomination change in business transactions. A number of variations have been developed for dealing with the change problem. For the bank to issue users with enough separate electronic coins of various denominations would be cumbersome in communication and storage. So would a method that required payees to return extra change. To sidestep such costs, customers are issued a single
34
number called an open check that contains multiple denomination values sufficient for transactions up to a prescribed limit.
5.2.3 Business Issues and Electronic Cash

Electronic cash fulfills two main functions: as a medium of exchange and as a store of value. Digital money is a perfect medium of exchange. By moving monetary claims quickly and by effecting instant settlement of transactions, e-cash may help simplify the complex interlocking credit and liabilities that characterize todays commerce. The controversial aspects of e-cash are those that relate to the other role, as a store of value. Human needs tend to require that money take a tangible form and be widely accepted, or legal tender. If ecash had to be convertible into legal tender on demand, then for every unit there would have to be a unit of cash reserved in the real economy. This creates problems, because in an efficient system, if each ecash unit represents a unit of real cash, then positive balances of e-cash will earn no interest; for the interest they might earn would be offset by the interest foregone on the real cash that is backing them. The enormous currency fluctuations in international finance pose another problem. Unless, we have one central bank offering one type of electronic currency, it is very difficult to see e-cash being very prominent except in narrow application domains.
5.2.4. Operational Risk and Electronic Cash

Operational risk associated with e-cash can be mitigated by imposing constraints, such as limits on (1) the time over which a given electronic money is valid, (2) how much can be stored on and transferred by electronic money, (3) the number of exchanges that can take place before a money needs to be redeposited with a bank or financial institution, and (4) the number of such transactions that can be made during a given period of time. The objective of imposing constraints is to limit the issuers liability. A maximum upper limit could be imposed on the value that could be assigned to any single transaction or that could be transferred to the same vendor within a given period of time. Since the users computer could be programmed to execute small transactions continuously at a high rate over the network, a strategy of reporting transactions over a certain amount would be ineffective for law enforcement. Finally, exchanges could also be restricted to a class of services or goods. The exchange process should allow payment to be withheld from the seller upon the buyers instructions until the goods, or services are delivered within a specified time.
BSIT 62 E-Commerce
35
5.2.5. Legal Issues and Electronic Cash

Anonymous and virtually untraceable, cash transactions today occupy a place in a kind of underground economy. This underground economy is generally confined to relatively small-scale transactions because paper money in large quantities is cumbersome to use and manipulate. But if e-cash really is made to function the way that paper money does, payments we would never think of making in cash to buy a new car, say, or as the down payment on a house could be made in this new form of currency because there would be no problem of bulk and no risk of robbery. The threat to the governments revenue flow is a very real one. The question e-cash poses is not, Should the law take notice of this development? but rather, How can it not? By impacting Revenue raising capabilities e-cash cannot escape government scrutiny and regulation: but it is going to take some serious thinking to design a regulatory scheme that balances personal privacy speed of execution and ease of use.
5.3 ELECTRONIC CHECKS

Electronic checks are another form of electronic tokens. They are designed to accommodate the many individuals and entities that might prefer to pay on credit or through some mechanism other than cash. These checks may be sent using e-mail or other transport methods. When deposited, the check authorizes the transfer of account balances from the account against which the check was drawn to the account to which the check was deposited. The specifics of the technology work in the following manner: On receiving the check, the seller presents it to the accounting server for verification and payment. The accounting server verifies the digital signature on the check. Subsequent endorsers add successive layers of information onto the tickets, precisely as a large number of banks may wind up stamping the back of a check along its journey through the system. Electronic checks have the following advantages:
l l l
They work in the same way as traditional checks, thus simplifying customer education. Electronic checks are well suited for clearing micropayments. Electronic checks create float and the availability of float is an important requirement for commerce. Financial risk is assumed by the accounting server and may result in easier acceptance. Reliability and scalability are provided by using multiple accounting servers. There can be an interaccount server protocol to allow buyer and seller to belong to different domains, regions, or countries.
36
5.4 SMART CARDS AND ELECTRONIC PAYMENT SYSTEMS

Smart cards have been in existence since the early 1980s and hold promise for secure transactions using existing infrastructure. Smart cards are credit and debit cards and other card products enhanced with microprocessors capable of holding more information than the traditional magnetic stripe. The chip, at its current state of development, can store significantly greater amounts of data, estimated to be 80 times more than a magnetic stripe. Smart cards are basically of two types: relationship-based smart credit cards and electronic purses. Electronic purses, which replace money, are also known as debit cards and electronic money.
5.4.1 Relationship-Based Smart Cards

Relationship-based products are expected to offer consumers far greater options, including the following:
l
Access to multiple accounts, such as debit, credit, Investments or stored value for e-cash, on one card or an electronic device. A variety of functions, such as cash access, bill payment, balance inquiry, or funds transfer for selected accounts. Multiple access options at multiple locations using multiple device types, such as an automated teller machine, a screen phone, a personal computer, a personal digital assistant (PDA), or interactive TVs
5.4.2. Electronic Purses and Debit Cards

Despite their increasing flexibility, relationship-based cards are credit based and settlement occurs at the end of the billing cycle. There remains a need for a financial instrument to replace cash. To meet this need; banks, credit card companies, and even government institutions are racing to introduce electronic purses, wallet-sized smart cards embedded with programmable microchips that store sums of money for people to use instead of cash. The electronic purse works in the following manner. After the purse is loaded with money, at an ATM or through the use of an inexpensive special telephone, it can be used to pay for, say, candy in a vending machine equipped with a card reader. The vending machine need only verify that a card is authentic and there is enough money available for a chocolate bar. In one second, the value of the purchase is deducted from the balance on the card and added to an e-cash box in the vending machine. The remaining balance on the card is displayed by the vending machine or can be checked at an ATM or with a balance-reading device.
BSIT 62 E-Commerce
37
When the balance on an electronic purse is depleted, the purse can be recharged with more money.
5.5 CREDIT CARD-BASED ELECTRONIC PAYMENT SYSTEMS

To avoid the complexity associated with digital cash and electronic checks, consumers and vendors are also looking at credit card payments on the Internet as one possible time-tested alternative. There is nothing new in the basic process. If consumers want to purchase a product or service, they simply send their credit card details to the service provider involved and the credit card organization will handle this payment like any other. We can break credit card payment on on-line networks into three basic categories: 1. Payments using plain credit card details. The easiest method of payment is the exchange of unencrypted credit cards over a public network such as telephone lines or the Internet. The low level of security inherent in the design of the Internet makes this method problematic. Authentication is also a significant problem, and the vendor is usually responsible to ensure that the person using the credit card is its owner. Without encryption there is not way to do this. 2. Payments using encrypted credit card details. It would make sense to encrypt your credit card details before sending them out, but even then there are certain factors to consider. One would be the cost of a credit card transaction itself. Such cost would prohibit low-value payments (micro-payments) by adding costs to the transactions. 3. Payment using third party verification. One solution to security and verification problems is the introduction of a third party; a company that collects and approves payments from one client to another. After a certain period of time, one credit card transaction for the total accumulated amount is completed.
5.6 RISK AND ELECTRONIC PAYMENT SYSTEMS

One essential challenge of e-commerce is risk management. Operation of the payment systems incurs three major risks: fraud or mistake, privacy issues, and credit risk
5.6.1 Risks from Mistake and Disputes

Consumer Protection
Virtually all electronic payment systems need some ability to keep automatic records. Once information has been captured electronically, it is easy and inexpensive to keep.
38
Given the intangible nature of electronic transactions and dispute resolution relying solely on records, a general law of payment dynamics and banking technology might be: No data need ever be discarded. Features of these automatic records include (1) permanent storage; (2) accessibility and traceability; (3) a payment system database; and (4) data transfer to payment maker, bank, or monetary authorities. The need for record keeping for purposes of risk management conflicts with the transaction anonymity of cash. An anonymous payment system without automatic record keeping will be difficult for bankers and government to accept. However, customers might feel that all this record keeping is an invasion of privacy.
5.6.2. Managing Information Privacy

The electronic payment system must ensure and maintain privacy. Every time one purchases goods using a credit card, subscribes to a magazine or accesses a server, that information goes into a database somewhere. This violates one the unspoken laws of doing business: that the privacy of customers should be protected as much as possible. All details of a consumers payments can be easily be aggregated: Where, when, and sometimes what the consumer buys is stored. This collection of data tells much about the person and as such can conflict with the individuals right to privacy. Privacy must be maintained against eavesdroppers on the network and against unauthorized insiders. The users must be assured that they cannot be easily duped, swindled, or falsely implicated in a fraudulent transaction. This protection must apply throughout the whole transaction protocol.
5.6.3. Managing Credit Risk

Credit or systemic risk is a major concern in net settlement systems because a banks failure to settle its net position could lead to a chain reaction of bank failures. The digital central bank must develop policies to deal with this possibility. Various alternatives exist, each with advantages and disadvantages. A digital central bank guarantee on settlement removes the insolvency test from the system because banks will more readily assume credit risks from other banks. Without such guarantees the development of clearing and settlement systems and money markets may be impeded.
BSIT 62 E-Commerce
39
5.7 DESIGNING ELECTRONIC PAYMENT SYSTEMS

Despite cost and efficiency gains, many hurdles remain to the spread of electronic payment systems. These include several factors, many non-technical in nature, that must be addressed before any new payment method can be successful.
l l
Privacy. A user expects to trust in a secure system. Security. A secure system verifies the identity of two-party transaction through user authentication and reserves flexibility to restrict information / service through access control. Millions of dollars have been embezzled by computer fraud. No systems are yet fool-proof, although designers are concentrating closely on security. Intuitive interface. The payment interface must be as easy to use as a telephone. Generally speaking, users value convenience more than anything. Database integration. With home banking, for example, a customer wants to play with all his accounts. To date, separate accounts have been stored on separate databases. The challenge before banks is to tie these databases together and to allow customers access to any of them while keeping the data up-to-date and error free. Brokers. A network banker someone to broker goods and services, settle conflicts, and facilitate financial transactions electronically must be in place. Pricing. One fundamental issue is how to price payment system services. For example, should subsidies be used to encourage users to shift from one form of payment to another, from cash to bank payments, from paper based to e-cash. Standard. Without standards, the welding of different payment users into different networks and different systems is impossible. Standards enable interoperability, giving users the ability to buy and receive information, regardless of which bank is managing their money.
None of these hurdles are insurmountable. The biggest question concerns how customers will take to a paperless and (if not cashless) less-cash world.
5.8 SUMMARY
In this chapter, we had an overview of the payment mechanisms. We learnt that cash is the most flexible of the payment mediums it is anonymous and also legal. A concept similar to cash, namely ecash was discussed. However, it leads to several complexities it is not fully anonymous. This was over co me by a specially designed algorithm, secondly it may lead to forgings, illegal tenders and double spending. Each of these issues need to be tackled separately. Often, the solution of one problem may
40
lead to the other problem like that of anonymity and double spending. Then we discussed about echecks as also debit and credit cards. Each of them have their own limitations as well as plus points. Finally, we had a brief discussion about protecting from mistakes and disputes.
5.9 SELF STUDY

1. 2. 3. 4. 5. 6. 7. 8. 9. What are the three types of electronic tokens? What are the four properties that e-cash should have? How does digital signature works? What are the two desirable properties in any e-transaction? What is double spending? What is the difficulty in storing e-cash? What are the normal constraints put on e-cash? What is an electronic purse. What are the three ways in which payment through credit cards can be made over the net?
10. Name any four issues addressed in a e-payment system.
5.9.1 Answers
1. 2. 3. Cash, debit and credit (also called real time, prepaid and post paid) Monetary value, inter operability, retrievability and security. By providing two keys, one with the public and the other privately with the buyer. The signature is coded with both. Anonymity and security. Spending the same cash in more than one place. It does not provide interest. Also exchange fluctuations affect it. A validity limit, the more amount that can be stored, more no. of exchanges and no. of exchanges within a time period. It is card with a pre-determined amount of money loaded. Using plain cards, encrypted cards and cards with third party verification.
4. 5. 6. 7.
8. 9.
10. Privacy, security, database integration, brokers etc.,
BSIT 62 E-Commerce
41
Unit II
Introduction
he first chapter of this unit discusses about EDI Electronic Data Interchange. This is the basic technology behind the concept of e-commerce, the ability to transfer data from one computer to another. There are several legal, security and privacy issues t be discussed along with EDI.
Then we discus the implementation aspects The concept of software stacks, the value Added Networks (VANs) which provide the facilities etc. E-commerce need not always be between a seller and a buyer. Within an organization, different departments can use the concepts. This is covered in the chapter on Intra organizational commerce. We deal with concepts like work flow automation and supply chain management. In the next chapter, we begin discussing the concept of security in general, learn about the basic needs of a secure system, the various types of attacks one can expect and the strategies available to overcome them. We will specifically study the basics of a few security tools like Kerberos, UNIX security mechanisms etc. This chapter forms the basis for the next chapter that deals with the security aspects of e-commerce, specifically. The major goals of ensuring e-commerce security is to be able to protect privacy, integrity, authentication and availability. There are a few protocols that aim at providing such secure environment. We discuss about secure HTTP, secure socket layer protocol, secure payment Protocol and Secure Electronic Transaction.
BSIT 62 E-Commerce
41
42
Chapter 6
Chapter 6 - Inter-organizational Commerce and EDI(Electronic Data Interchange)
Inter-organizational Commerce and EDI (Electronic Data Interchange)
6.0 INTRODUCTION
n this chapter, we discuss the basic concept of Electronic Data Interchange (EDI). It helps trading partners to establish communication between their computers. The communication can be as simple as a floppy / CD, but normally we talk of an electronic connection. We discuss the concept of EDI layered architecture, which is a set of hypothetical layers that make the concept of connecting computers suited for different environments happen. The next stage obviously is to look at a mechanism for information flow through a flow diagram. We also discuss the tangible benefits of EDI. There are also several legal, security and privacy issues that come with EDI. We discuss some aspects like legal status of EDI messages and also the concept of digital signatures in the connect of EDI. We close the discussion with the concept of open EDI, which aims at linking two / more systems which are actually strangers to each other, through standard operations. EDI is defined as the interprocess communication (computer application to computer application) of business information in a standardized electronic form. In short, EDI communicates information pertinent for business transactions between the computer systems of companies, government organizations, small businesses, and banks. Using EDI, trading partners establish computer-to-computer links that enable them to exchange information electronically. This allows businesses to better cope with a growing avalanche of paperwork: purchase orders, invoices, confirmation notices, shipping receipts, and other documents. Manufacturers work with customers and suppliers to convert to an electronic exchange the huge volume of orders and records that now crawl back and forth on paper. In retailing, EDI can provide vendors with a snapshot of what stores are selling, enabling them to recognize and meet their customers needs much faster than in the past. In addition, it enables retailers and vendors to place orders and pay
42
BSIT 62 E-Commerce
43
bills electronically, reducing time and the expense of paperwork. The primary benefit of EDI to business is a considerable reduction in transaction costs, by improving the speed and efficiency.
6.1 ELECTRONIC DATA INTERCHANGE

Electronic commerce is often equated with EDI, so it is important to clarify that electronic commerce embraces EDI and much more. In electronic commerce, EDI techniques are aimed at improving the interchange of information between trading partners, suppliers, and customers by bringing down the boundaries that restrict how they interact and do business with each other. In short, EDI is aimed at forging boundaryless relationships EDI is one well-known example of structured document interchange with enables data in the form of document content to be exchanged between software applications that are working together to process a business transaction. EDI only specifies a format for business information, that the actual transmission of the information is tackled by other underlying transport mechanisms such a e-mail or point-to-point connections.
6.2 EDI LAYERED ARCHITECTURE

EDI architecture specifies four layers: the semantic ( or application ) layer, the standards translation layer, the packing ( or transport) layer, and the physical network infrastructure layer. The EDI semantic layer describes the business application that is driving EDI. The Information seen at the EDI semantic layer must be translated from a company-specific form to a more generic or universal form so that it can be sent to various trading partners, who could be using a variety of software applications at their end. To achieve this companies must adopt universal EDI standards that layout the acceptable fields of business forms. To facilitate the transfer of computer files between two trading partners requires that the computer applications of both sender and receiver use a compatible format for EDI document exchange. The sender must use a software application that creates an EDI file format similar to what the recipients computer application can read. It is not mandatory that both have identical file processing systems. When the trading partner sends a document, the EDI translation software converts the proprietary format into a standard mutually agreed on by the processing systems. When a company receives the document, their EDI translation software automatically changes the standard format into the proprietary format of their document processing software. EDI standards specify business form structure and to some extent influence content seen at the application layer.
44
EDI semantic layer EDI standard layer
EDI transport layer Physical layer
Application level services EDI FACT business form standards ANSI X12 business form standards Electronic mail X.435, MIME Point to Point FTP,TELNET World Wide Web HTTP Dial-up lines, Internet, I-way
Layered architecture of EDI
The EDI standards and application level, although separate, are closely intertwined. The EDI transport layer corresponds closely with the nonelectronic activity of sending a business form from one company A to company B. The content and structure of the form are separated from the transport carrier. More and more, the EDI transport carrier of choice is becoming e-mail. Here, EDI documents are exchanged rapidly over electronic networks using the existing e-mail programs and infrastructure. EDI document transport is far more complex than simply sending e-mail messages or sharing files through a network, a modem, or a bulletin board. These EDI documents are more structured than e-mail and typically are manipulated or processed more that e-mail messages by the sending and receiving software.
6.3 EDI IN ACTION

EDI seeks to take what has been a manually prepared form or a form from a business application, translates that data into a standard electronic format, and transmit it. At the receiving end, the standard format is untranslated into a format that can be read by the recipients application. Hence output from one application becomes input to another through the computer-to-computer exchange of information. The pervasive practice of converting digital data into hard copy data that is reconverted into electronic information again on the receiving end generates unnecessary costs. It is quite possible to exchange the information in its electronic format by means of other carriers. Such carriers include magnetic tapes and diskettes and, more recently, the EDI third-party services. The use of EDI carriers saves substantial administration costs by eliminating the bulk of circulating paperwork. Furthermore, the accessibility of the information is improved manifold, which enables a more efficient audit of the operations.
BSIT 62 E-Commerce
45
Buyer
Seller
Purchase request initiated in the organization
Finance department
Payment details
Finance department Purchaseorder delivery EDIcapable

Automated-order confirmation
Purchase department
EDIcapable
Sales department
Inventory and warehousing
Receiving department
Shipping department
Manufacturi ng
Fig. 6.1 Information flow with EDI
Step1 : Buyers computer sends Purchase Order to sellers computer. Step2 : Sellers computer sends Purchase Order Confirmation to buyers computer. Step3 : Sellers computer sends Booking Request to transport companys computer. Step4 : Transport companys computer sends Booking Confirmation to sellers Computer. Step5 : Sellers computer sends Advance Ship Notice to buyers computer. Step6 : Transport companys computer sends status to sellers computer. Step7 : Buyers computer sends Receipt Advice to sellers computer. Step8 : Sellers computer sends Invoice to buyers computer. Step9 : Buyers computer sends Payment to sellers computer. The Purchase Order Confirmation is the sellers acceptance of the price and terms of sale. Firms are adopting EDI as a fast, inexpensive, and safe method of sending invoices, purchase order, customs documents, shipping notices, and other frequently used business documents. The improved ability to exchange huge amounts of data in a fast and effective manner tends to speed up business processes.
46
Such flexibility allows firms to adopt business techniques aimed at removing the bottlenecks and making the business processes more efficient.
6.3.1 Tangible Benefits of EDI

EDI can be a cost- and time-saving system, for many reasons. The automatic transfer of information from computer to computer reduces the need to rekey information and as such reduces costly errors to near zero. EDI transactions produce acknowledgments of receipt of data. Saving also accrue from the following improvements:
l
Reduced paper-based systems: EDI can impact the effort and expense a company devotes to maintaining records, paper- related supplies, filing cabinets, or other storage systems and to the personnel required to maintain all of these systems. EDI can also reduce postage bills because of the amounts of paper that no longer need be sent. Improved problem resolution and customer service: EDI can minimize the time companies spend to identify and resolve interbusiness problems. EDI can improve customer service by enabling the quick transfer of business documents and a marked decrease in errors. Expanded customer/supplier base: Many large manufacturers and retailers with the necessary clout are ordering their suppliers to institute an EDI program. However, these are isolated islands of productivity because they are unable to build bridges to other companies. With the advent of electronic commerce, the bridge is now available.
6.4 EDI: LEGAL, SECURITY, AND PRIVACY ISSUES

Since in the case of EDI, we are dealing with trade between countries and corporations, issues of legal admissibility and computer security are paramount. However, careful assessment of the trade-offs must be part of this process and should satisfy legal requirements.
6.4.1 Legal Status of EDI Messages

There has been considerable debate concerning the legal status of EDI messages and electronic messages in general. No rules exist that indicate how electronic messages may be considered binding in business or other related transactions. The establishment of such a framework is essential if EDI is to become widespread.
BSIT 62 E-Commerce
47
6.4.2 Digital Signatures and EDI

The cryptographic community is exploring various technical uses of digital signatures by which messages might be time-stamped or digitally notarized to establish dates and times at which a recipient might claim to have had access or even read a particular message. If digital signatures are to replace handwritten signatures, they must have the same legal status as handwritten signatures. The digital signature provides a means for a third party to verify that the notarized object is authentic. Digital signatures should have greater legal authority than handwritten signatures. For instance, if a ten-page contract is signed by hand on the tenth page, one cannot be sure that the first nine pages have not been altered. If the contract was signed by digital signatures, however, a their party can verify that not one byte of the contract has been altered. Without such a framework, it is hard to see how EDI can fulfill the role envisioned for it in the future.
6.5 EDI AND ELECTRONIC COMMERCE

The economic advantages of EDI are widely recognized, but until recently, companies have been able to improve only discrete processes such as automating the accounts payable function or the funds transfer process. Companies are realizing that to truly improve their productivity they need to automate their external processes as well as their internal processes. This is the thrust of new directions in EDI. New EDI services for electronic commerce are seen as the future bridge that automates external and internal business processes, enabling companies to improve their productivity on a scale never before possible. They present information management solutions that allow companies to link their trading community electronically. Another goal of new EDI services is to reduce the cost of setting up an EDI relationship. These costs are still very high because of the need for a detailed bilateral agreement between the involved business partners and for the necessary technical agreements. Therefore most successful EDI implementations are either in long-term partnerships or among a limited number of partners. With the advent of interorganizational commerce, several new types of EDI are emerging that can be broadly categorized as traditional EDI and open EDI.
6.5.1 Traditional EDI

Traditional EDI replaces the paper forms with almost strict one-to-one mappings between parts of a paper form to fields of electronic forms called transaction sets. Traditional EDI covers two basic business areas: 1) Trade Data Interchange (TDI) encompasses transactions such as purchase orders, invoices, and acknowledgments.
48
2) Electronic Funds Transfer ( EFT) is the automatic transfer of funds among banks and other organizations.
6.5.2 Open EDI

The increased interest in open EDI is a result of dissatisfaction with traditional EDI. The big difference between the traditional EDI model and the needs of today is that business today has a much larger component of rapid project based partnerships that are created and dissolved in time scales too small to permit a full-blown standards process to play out its consensus building. Open EDI is a business procedure that enables electronic commerce to occur between organizations where the interaction is of short duration. In essence, open EDI is the process of doing EDI without the upfront trading partner agreement that is currently signed by the trading partners before they commerce trying to do business by EDI. The goal is to sustain ad hoc business or short-term trading relationships using simpler legal codes. In other words, open EDI is a business process for automating the operation of the law of contract within the context of electronic commerce where transactions are not repeated or sustained over a long period of time. The facilitates revisions and aids in more speedy agreement on a final version.
6.6 SUMMARY
We understand the basic concept behind EDI transferring of data from one computer to another, without the need for reentering. This is one of the grate attractions of EDI. We then moved on to discuss the layered architecture of EDI comprising of semantic layer, standard layer, transport layer and physical layer. WE then outlined the tangible benefits of EDI, like reduced paper based systems, better customer base etc. The next stage was to discuss a few of the legal, security and privacy issues. We discussed in principle the legal status of EDI messages and also the concept of signatures in EDI. The discussion ended with the concept of open EDI, which help electronic interaction between organizations for short durations.
6.7 QUESTIONS
1. 2. 3. Define EDI. List the four layers of EDI architecture. List any two tangible benefits of EDI.
BSIT 62 E-Commerce
49
4. 5. 6. 7.
Who is liable if an EDI network fails to deliver the message? Can the digital signature fully replace handwritten signature? What is EFT? What is the need for open EDI?
6.7.1 Answer
1. 2. 3. 4. 5. 6. 7. Inter-process communication of business information in standard electronic form. Semantic layer, standard layer, transport layer and physical layer. Reduced paper based systems, improved customer service. Not decided as yet. No Electronic Fund transfer. To allow e-commerce between two organizations for a short duration.
50
Chapter 7
Chapter 7 - EDI Implementation, Value-Added Networks
EDI Implementation, Value-Added Networks
7.0 INTRODUCTION
n this chapter, we discuss the concepts of an efficient EDI implementation. We learn that the basic kits needed for this are the common EDI standards, translation software, trading partners etc.
Through EDI standards can vary from application to application, they all have a common structure, made up of a transaction set, consisting of data segment which in a transaction set, consisting of data segment which in a transaction set, consisting of data segment which in turn are made up of data elements. We also note that in a normal EDI, there are four layers through which the data from a business application has to traverse, before it can go to the next application. We also discuss a few issues about the cost of EDI implementation the fixed costs, the maintenance fees, VAN charges etc. Then we have a brief discussion of Value Added Networks (VAN)s, their pricing structure etc., EDI implementation starts with an agreement between a company and its trading partner. An efficient EDI system requires that the data be input only once, and the system manages the rest. In other words, the data moves without much intervention to the trading partners application, with no additional steps to slow the process. To achieve this, both parties exchange messages based on a structured format-that is, for each type of message a standard format has been agreed on by the exchanging parties. These messages are exchanged by means of electronic transfer between autonomous computer application systems of the involved trading partners. EDI relies on the use of standards for the structure and interpretation of electronic business transactions. The basic kit necessary for EDI implementation includes the following:
l
Common EDI standards dictate syntax and standardize on the business language. EDI standards basically specify transaction sets complete sets of business documents. Chapter 7 - EDI Implementation, Value-Added Networks
50
BSIT 62 E-Commerce
51
Translation software sends messages between trading partners, integrates data into and from existing computer applications, and translates among EDI message standards. Trading partners are a firms customers and suppliers with whom business is conducted. Banks facilitate payment and remittance. EDI Value -Added Network services ( VANs). A VAN is a third-party service provider that manages data communications networks for businesses that exchange electronic data with other businesses. Proprietary hardware and networking if it is a hub company. Hubs, also called sponsors, are large companies, very active in EDI, that facilitate their business partners use of EDI.
l l l
An important feature of EDI is that software evaluates and processes structured messages. The information system then proceeds to act upon the message. The requested goods are shipped to the buyer, or information is forwarded to other in-house computer applications. The generation of messages might also be done automatically. In EDI, it is quite common to find a chain of automated actions and reactions because they are easy to implement. Human intervention can be minimized and is often limited to the overall management of the operations.
7.1 STRUCTURE OF EDI TRANSACTIONS

EDI standards are very broad and general because they have to meet the needs of all businesses. EDI messages, however, share a common structure 1. Transaction set is equivalent to a business document, such as a purchase order. Each transaction set is made up of data segments. 2. Data segments are logical groups of data elements that together convey information, such as invoice terms, shipping information, or purchase order line. 3. Data elements are individual fields, such as purchase order number, quantity on order, unit price. The Concept and theory of EDI has evolved from the transmission of data in fixed-length proprietary formats to the transmission of data in variable length standard formats. Without these standard formats, industry utilization of computer-to-computer communication technology would be encumbered by the use of different formats and data contents.
7.2 EDI SOFTWARE IMPLEMENTATION

EDI software has four layers, as shown in business application, internal format conversion, EDI translator,
52
and EDI envelope for document messaging. These four layers package the information and send it over the value-added network to the target business, which then reverses the process to obtain the original information.
7.2.1 EDI Business Application Layer

The first step in the EDI process creates a document in this case, an invoice in a software application. This software application then sends the document to an EDI translator, which automatically reformats the invoice into the agreed- on EDI standard. If these two pieces of software are from different vendors, it is very important that the document preparation application seamlessly integrate with the EDI translation software. If both the EDI translator and business application are on the same type of computer, the data will move faster and more easily from one to another. The translator creates and wraps the document in an electronic envelope EDI package that has a mailbox ID for the companys trading partners. The EDI wrapper software can be a module to the translator, a programming tool to write a different communications protocols, or a separate application.
Company A Business Application Internal format Conversion EDI translator EDI envelope for document messaging
Company B Business Application Internal format Conversion EDI translator EDI envelope for document messaging
Modem
Modem
Private value added network (VAN) or Public Internet How EDI works
BSIT 62 E-Commerce
53
Enter the information in the EDI form specified for that particular business transaction
EDI translator software changes the EDI form to fit the EDI standard that the target application can understand
The translator wraps the document in an electronic envelope EDI package that has an ID for your trading partner.
The preparation process followed by the application software
Fig. 7.1
7.2.2 EDI Translator Layer

Translation is an integral part of the overall EDI solution. Translators describe the relationship between the data elements in the business application and the EDI standards. For instance, a purchase order specific to a company must be mapped onto the data fields defined by the generic representation of purchase order as specified by the EDI standard. The translator ensures that the data are converted into a format that the trading partner can use. Because few EDI translators were available in the past large companies wrote their own custom EDI translators. Custom translators have several disadvantages.
l
A custom translator is very restrictive. It is often designed for one trading partner and limited transaction sets. Most commercial EDI translators, on the other hand, are designed for transacting with many trading partners and a multitude of documents. A custom translator is difficult to update. If the trading partner changes standards or wants additional transaction sets, precious weeks or even months can be wasted making the changes to the EDI translator and making sure that everything works correctly. A custom translator is unsupported. Theres no one to turn to when help is needed no one to talk you through a difficult-to implement requirement from your trading partner. Some software companies put customers in touch with someone who can solve their problem and walk the client through the tricky areas.
54
7.3 EDI COMMUNICATION LAYER

The communications portion which could be part of the translation software of a separate application dials the phone number for the value-added network service provider or other type of access method being used. Three main types of EDI access methods are available: 1) direct dial or modem to modem connection; 2) limited third-party value-added network services, and 3) full-service third-party VANs. These networks could be private networks or public networks such as the Internet. Direct-dial systems are by far the simplest and most common. The user has direct access to the partners modem and communicates by using the modem to dial the modem of the other party. A direct computer-to-computer transfer of documents ( uploading and downloading) through a modem, requires that both computer applications read the same format, such as ASCII text, or use translators. Limited VANs are regional and international communications services similar to those used with email. These VANs often provide only the very basic technical services such as protocol conversion and data error detection and correction, directing and delivering EDI traffic to thousands of buyers and sellers. Full third-party services provide more than just communication between two or more parties. Electronic mailboxes and associated extra features are the heart of these third-party services. Extra features include access control for security and document tracking, which allows users to track their own documents as they pass though the system. This feature supports audit needs. A third-party network can also provide a gateway to interconnect with other third-party networks. This facilitates communication between business having accounts with different third-party networks running a variety of protocols and systems.
7.4 HOW MUCH WILL AN EDI IMPLEMENTATION COST

Prices for EDI products vary from no cost ( for very simple one-function products) to several thousands of dollars for full-function applications. The final cost depends on several factors:
l
The expected volume of electronic documents: Generally speaking, PC products cost less but handle only a few documents and trading partners. Mid-range EDI packages can be a little more expensive but can handle a larger volume of multiple document types or multiple trading partners. Economics of the EDI translation software: Some products initially look like a bargain, but as needs grow, hidden costs suddenly appear. These costs can range from new transaction sets for doing different forms to expensive upgrades. Implementation time: Some applications are easier to learn and use than others. The more time
BSIT 62 E-Commerce
55
spent in training, the more time it takes to get into production mode. If the implementation time frame is tight, it is wise to look for a translator that doesnt require training before implementation. Maintenance fees and VAN charges can vary considerably and as such can affect the cost of EDI systems:
l
Maintenance fees: Most companies charge an annual maintenance fee, usually a percentage of the translators list price. This fee should include software updates, standards updates, technical support, and customer service. VAN charges: VANs bill for data transmission, similar to long-distance phone calls. Come base their billing per document & others charge based on the number of kilo-characters in each document. Some also bill for connect time.
7.5 VALUE-ADDED NETOWRKS (VANS)

A VAN is a communications network that typically exchanges EDI messages among trading partners. It also provides other services, including holding messages in electronic mailboxes, interfacing with other VANs and supporting many telecommunications modes and transfer protocols. A VANs electronic mailbox is a software feature into which a user deposits EDI transactions and then retrieves those messages when convenient. It works much like residential personal mailboxes, and it allows everybody involved to be flexible and cost-effective. Business can exchange data either by connecting to each other directly or by hooking into a VAN. Traditionally, by acting as middlemen between companies, VANs have allowed companies to automatically and securely exchange purchase orders, invoices, and payments. When a company sends and EDI transaction, it arrives at a message storehouse on the VAN to await pickup by the destination company. In this way VANs can safeguard the transaction network. Figure below illustrates the EDI process. Company A puts an EDI message for trading partner manufacturing company B in the VAN mailbox at a date and time of its choosing. The VAN picks up the message from the mailbox and delivers it to trading partner Bs mailbox, where it will remain until trading partner B logs on and picks it up. Trading partner B responds to trading partner A in the same fashion. The cycle repeats itself on a weekly, daily, or perhaps even hourly basis as needed. This service is generally referred to as mail-enabled EDI. The disadvantage of EDI- enabling VANs is that they are slow and high priced, charging by the number of characters transmitted. With connect time and mailbox charges factored in, companies incur charges of many thousands of dollars.
56
Company
Transport Company Third-Party Value Added Network

Translate incoming documents
Perform compliance checking
Route to mailbox ID
Format translation of ( X.12=>EDIFACT)
Financial Institution
Fig. 7.2 Functions of a third-party VAN
Manufacturing Company
7.5.1 VAN Pricing Structures

VANs bill in various ways for services rendered. Typically, customers can pick and choose from an array of VAN service and be billed accordingly., These sevices may include EDI translation software and support, EDI to fax support, email capability, inter-VAN connectivity, and, most commonly, transmission of X.12 documents.
Account Start-UP Costs

Opening an account with a VAN incurs start-up costs as well as other variable costs such as mailbox/ network fees. The network usage fee is a flat monthly rate that applies, whether or not the services are used. The network usage fee can also include a mailbox fee for maintaining an account and a password. Each account has a mailbox through which companies exchange EDI data.
BSIT 62 E-Commerce
57
The overall start-up costs vary depending on the EDI readiness of the organization and the trading partner, the number of trading partners, line attachment options(asynchronous), and software application options.
VAN Usage or Variable Costs

VANs charge session fees based on the of their services. Unlike the postal service, which charges only to send a letter, most VANs charge to both send and receive data. If a user agrees to cover all of the transaction costs, the VAN can charge twice for each transaction: 1) when the user sends or receives, and 2) when a trading partner sends or receives. The customer pays according to volume of usage. Usage is defined as the number of transactions sent and received by the customer or the trading partner. Transaction fee assessment is not consistent or straightforward. Some VANs allow users to bundle several transaction sets into a single envelope, as though sending several invoices in one paper envelope. Other VANs open the interchange and charge for each transaction set in the envelope. Other support and software costs are hidden. The session fee is a variable cost related to envelope/message fee delivery of functionally similar EDI documents. Support fee generally applies to updates to the software and telephone support for the VANs that provide software. Some VANs provide free software that works only with its sponsoring VAN. Other VANs provide customized software that may or may not operate with other VANs.
Interconnect Costs
A company that exchanges EDI data with a trading partner that subscribes to a different VAN will pay a VAN interconnect fee. Most VANs offer interconnects, but they often charge monthly fees for using them and may have other charges as well. If no transactions are sent, there is only the monthly charge for the mailbox and interconnect fee. Since most VANs offer volume discounts, the variable costs per transaction will decrease as the number of transactions sent increases.
7.6 INTERNET-BASED EDI

Several factors make the Internet useful for EDI:
l
Flat-pricing that is not dependent on the amount of information transferred. The Internet flatrate model is better for the customer as opposed to the standard VAN approach of charges per character. Cheap access with the low cost of connection often a flat monthly fee for leased line or dialup access. Business users have access to commercial and noncommercial Internet services in some 140 countries providing ubiquitous network coverage.
58
l
Common mail standards and proven networking and interoperable systems; another attraction is that Internet mail standards are nonproprietary and handle congestion and message routing exceptionally well. It has been noted that sometimes on a VAN network an e-mail message can take hours or days to reach its destination, while on the Internet it usually takes seconds to minutes. Security- public-key encryption techniques are being incorporated in various electronic mail systems. This will enable systems to ensure the privacy of EDI messages and give users a way to verify the sender or recipient.
Electronic commerce services on the Internet differ from earlier value added network offerings in several respects. First, theyre based on established technologies and applications available from independent vendors, whereas more traditional services are based on proprietary software and front ends. Not only does the proprietary approach limit interoperability, but it also narrows application choices. Older services limited the customer to what the vendor was willing to provide. Nonproprietary solutions, in contrast, allow the customer to choose the level of service needed. In addition, because the Internet supplies users with a working software infrastructure, VANs can work with companies to configure their applications for interacting with business partners.
7.7 SUMMARY
This chapter gave us an insight into the various concepts of EDI implementation. We began with a discussion of the various units needed to implement EDI namely EDI standard, translation software, trading partners, banks, VANs etc. WE also noted that the EDI standards can be though to be consisting of transaction sets, each set made up of data segments, the data segments themselves are a collection of data elements. We next learnt that the EDI software implementation is made up of four layers the Business application, Internal format conversion, EDI translator and EDI envelope for document messaging. WE briefly went into the details of each of them. The cost of EDI implementation was also dealt with the various constituents that make up for the fixed costs and the variable costs. The chapter ended with a discussion on value added Networks, their merits and demerits and their costing structure.
7.8 QUESTIONS
1. 2. 3. List any four components of EDI implementation. What is the common structure of EDI messages? What are the four layers of EDI implementation?
BSIT 62 E-Commerce
59
4. 5. 6. 7. 8. 9.
List any three disadvantages of custom translators. What are main types of EDI access methods? What are the costs of EDI implementation. List the factors that affect the fixed costs. What are the disadvantages of VANs for EDI. List the main costs of VAN.
10. List four advantages of Internets.
7.8.1 Answers
1. 2. EDI standard, translation software, trading partners, value added networks etc. Each message is made up of transaction sets which are divided into data segments, which in turn are made up of data elements. Business application layer, format conversion layer, translator layer and envelop for document messaging. They are restrictive, difficult to up date and are unsupported. Direct dialing, limited Third party VAN and full service Third party VAN Fixed costs, Maintenance fees, VAN charges. Volume of documents, cost of EDI translation software and implementation time. Slowness, high costs. Account startup costs, usage costs and interconnect costs.
3. 4. 5. 6. 7. 8. 9.
10. Flat pricing, cheap access, common standards and secure
60
Chapter 8
Chapter 8 - Intra organizational Electronic Commerce
Intra organizational Electronic Commerce
8.0 INTRODUCTION
n this chapter, we look at the concepts of how e-commerce can be come useful not only for interaction between two organizations, but also between the various components of an organization itself. They are helpful in work flow management, product service customization and supply chain management. There is a new paradigm in information architecture which talks about cross functional systems and also demands information, not just raw data. WE shall also discuss about the upcoming organization structures the vertical structure, the horizontal structures and the virtual structures. We shall also briefly study about work flow coordination and work flow related technologies. Finally we look at the concept of supply chain management, the two categories namely push bused and pull based supply chains. Internal commerce is the application of electronic commerce to process or operations. Specifically, we define internal commerce as using methods and pertinent technologies for supporting internal business process between individuals, departments, and collaborating organizations. Private commerce is significant because it is closely related to market orientation toward creating superior value for customers. This requires that a company understands a customers business value chain and tailor its operations, products, or services to deliver better value. To achieve better performance, a business must develop and sustain competitive advantage.
8.1 WORK-FLOW MANAGEMENT

The use of work flows for task coordination is important because people do not work in isolation but
60
BSIT 62 E-Commerce
61
collaborate to accomplish tasks. Companies have developed methods to optimize work flows by pruning unneeded operational steps and moving much of their internal paper handling onto computer networks. The most common work flows are administrative time consuming, unexciting tasks such as processing a trip request from initiation, through approval, to issuing the ticket, cutting a check for the cash advance, and debiting an account. These work flow reengineering efforts have been mostly localized to a few departments or tasks. Extending this effort to coordinating enterprise process using electronic commerce methods is the logical next step for most organizations. We see work flow as a gold mine for new electronic commerce application software.
8.2 PRODUCT OR SERVICE CUSTOMIZATION

Consumer demand and expectations are forecasted to drive made-to-order or customized products with rapidly shrinking lead times. Products will come configured as customers want them and provide a high level of reliability, excellent quality, and longer life spans. Customization focuses on two issues: time to market and flexible operations: Time-to-market depends largely on gathering the specific consumer preferences and using these preferences to custom design products or services. Custom designing any product or service requires tremendous coordination between various departments and functions. An implicit assumption in successful time to market is cross functional coordination built on the communications infrastructure. Flexible operations depend largely on implementation details or working practices that make time-tomarket a reality. A company convinced of the value of being just-in-time triggers production automatically on costumer orders, rather than stockpiling inventory. The key idea is to avoid tying up time and capital in terms of setup costs and inventory. A key point to remember is that in customization, it is customer demand that drives product or model varieties. The concept of customization has been around for a while but we still do not know how to do it effectively. The technology requirements for supporting customization are becoming the primary of focus of internal commerce
8.3 SUPPLY CHAIN MANAGEMENT

A supply chain is the network of suppliers and customers within which any business operates. For example, a computer manufacturer has a chain of supply suppliers for its microprocessors, disk drives, video monitors, power suppliers, system software supplies, and so on, and a chain of customers in its retailers, resellers, and ultimate consumers. Supply chain management is important as it is becoming impossible for companies to compete at the
62
business or industrial level as isolated entities. For competitive reasons, it is likely that one tightly aligned and coordinated network of companies a group of suppliers, distributors, retailers, manufacturers and other support providers will compete against other networks of companies. The result will be a blurring of corporate boundaries with significant implications for management practice.
8.4 INTERNAL INFORMATION SYSTEMS

What exactly do we mean by information in business organizations? Information usually begins with corporate data. Corporate data provide the building blocks to form the information and knowledge that underlie the operations of all enterprises regardless of industry, size, or country. Corporate information is created, managed, and stored in many forms and places, and its value is contingent on the ability of workers to access, manipulate, change, and distribute it. So the challenge of enabling internal commerce is plain and simple; How do we integrate the distributed corporate data using a high band-width network? Getting a handle on corporate data is not exactly a new problem. Many interesting concepts have been floated over the last three decades in the race to deliver information to manager and line worker.
8.4.1 A new paradigm: Information Architecture

The focus of the new paradigm lies in creating an information architecture that enables cross-functional systems and better information utilization. Cross-Functional system: Early on in business computing, unifunctional automation was the norm; applications were focused on automating discrete business tasks. Today, systems tend to be more broadly focused and tend to cut across functional boundaries. Cross functional automation with emphasis on integrating the enterprise, with information flowing from one business area to another, is rapidly becoming the norm. Cross-functional integration has shifted the entire thrust or corporate computing from monolithic mainframes toward client-server systems connecting corporate databases, workers, and tasks via the networking infrastructure. Information not data: The focus of competitive differentiation today is not on building better systems than those of the competitors, but is based on the use of corporate information. While the information systems and applications may have to change periodically to cope with changes in business operations, the information has a longevity of 10-25 years. Simply stated, the corporate systems of the future will be built around information and companies are attempting to become information architects rather than systems builders. Other trends have contributed to this paradigm shift. First, computers have become a substitutable
BSIT 62 E-Commerce
63
commodity and as such are as much a part of the business environment as telephones. Unlike proprietary systems of the past, information architecture today is based on the widespread adoption of standards and protocols in hardware, software, and telecommunications. Technology is changing faster than ever.
8.5 ORGANIZATIONAL STRUCTURE: VERTICAL VERSUS HORIZONTAL

The traditional approach views the organization as a collection of vertical departments or business units. More recently, horizontal or team-based organizations have come into vogue. In the future, we can expect to see another organization form, where human agents and software agents work in tandem as internal business partners.
8.5.1 The vertical organization

The vertical approach to corporate management poses two problems to smooth operations. First, it creates boundaries that discourage employees in different departments from interacting with one another. Second, departmental goals are typically set in a way that could cause friction among departments. For instance, goals for sales are typically set to maximize sales and pay little attention to account collection or service delivery. How can such an organization achieve or sustain superior performance? The vertical organization allows gaps to exist between employees from different departments and lacks a channel to facilitate interaction and communication. The lower the level in the hierarchy, the larger the gap. These gaps expand with geographic dispersion and corporate growth. Problems can result when a need arises for two departments to communicate at the lower level. This structure consumes time and resources, and the lack of communication channels and practices clearly contributes to misunderstanding and frustration among departments. Finally, three key ingredients are missing from the vertical organizations chart: The product, the process, and the customer. Operating in a fast changing environment without a clear picture of such components, it would be difficult for top management to run a business effectively. In short, a major drawback of the vertical organization is its failure to provide an environment that fosters understanding and cooperation between departments.
8.5.2 The Horizontal Organization

The principal goal of horizontal management is to facilitate the smooth transition of intermediate products
64
and services through its various functions to the customer. This is achieved by empowering employees, improving communication, and eliminating unnecessary work. The importance of having a clear view of how products and services flow from one departments to another, and eventually, to the customer is apparent. The structure of a horizontal organization is two-tiered instead of multilayered, as seen in vertical organizations: a core group of senior management responsible for strategic decisions and policies, and a stratum of employees in process teams. The objective of a horizontal structure is to change the staffs focus from coordinating and reporting to improving flow managements and work quality and increasing value for customers. Although the objectives seem reasonable on paper, they become rather vague and elusive during implementation because every group has a different view of what the goals should be and what information is needed to achieve them. Information in the horizontal organization is processed at eh local level by process teams. Team members are typically from the respective functions working in the process. Process teams can resolve problems quickly, and in this way permit the company to operate with flexibility and responsiveness in a continuously changing business environment. Employees from varies functions can obtain better understanding of one anothers responsibilities, thus reducing costly conflicts arising as a result of misunderstanding and disagreement. The horizontal structure eliminates the need to devote resources to vertical communication. However, there is an increased need for coordination of the various parties involved.
8.5.3 Virtual or Network Organizational Structure

In recent years, virtual enterprises have gained much attention as more and more such firms have emerged in industries ranging from computer chip manufacturing to aircraft manufacturing. The virtual organization is defined as being closely coupled upstream with its suppliers and downstream with its customers such that where one begins and the other ends means little to those who manage the business processes within the entire organization. In simplest terms, it is an organization having the essence or effect of a traditional corporation without the structure or appearance of one. In the virtual organization, each separate firm retains authority in major budgeting and pricing matters and functions as part of a greater organization coordinated by a core firm acting as integrator of the actions done by the various partners. Interdependence among partners differentiates the virtual corporation from the traditional hierarchy. Companies adept at coordinating and maximizing the capabilities of suppliers will gain more control over key elements of time from overall order to shipment lead time to product specific cycle time. In addition, full fledged alliances that tap the resources of multiple parties will effectively slash product-or process- development time.
BSIT 62 E-Commerce
65
8.5.3.1 Understanding the structure of virtual enterprises

Two major approaches are used to form virtual organizations: downward and lateral. Downward networking is initiated by a large, vertically integrated company seeking to reduce its overhead by outsourcing. Outsourcing has two purposes: to reduce costs associated with fixed assets and to maintain a focus on key operations. Outsourcing breaks down the companys vertical structure. A company that successfully out sources becomes economically slimmer and more adaptive. The lateral approach is observed in small, specialized firms that, in the interest of seeking strategic alliances, form partnerships along a valueadded chain. Each such core firm can benefit by modeling the adaptively and responsiveness of a small, specialized company and the scale economies of a large and integrated firm. Some networks emphasize reliable supply and close cooperation in scheduling and quality requirements. This requires that firms thoroughly adapt to one another, strengthening the bonds between the core firm and other firms and stabilizing the network. Naturally, virtual enterprises run risks of their own. For example, the firms with limited loyalty to the core firm are constantly exploring opportunities in other networks or markets. On the other hand, the core firm with a stable network of cooperating and committed partners must avoid becoming passive due to its strong relationships with its partners. Stagnation may prevent the core firm from eliminating unsatisfactory partners and injecting new blood into its network.
8.5.4. Electronic Organizations and Brokerages

Technological support for managing the creation and functioning of virtual firms is a special, but unexplored, aspect of electronic commerce. The specific issue is both complex and important because a poorly structured or managed virtual organization quickly degenerates into a chaotic entity. The goal of electronic brokerages is to increase the efficiency of the internal marketplace. Internal markets are beginning to appear not only in corporations but even in non-business institutions like the government. Many enterprises are abandoning their central-planning apparatus in favor of internal markets to foster internal competition, reduce costs, and increase efficiency. Once we accept the premise that the future organizational structure will be an internal marketplace populated by specialized brokerages, questions surface about the structure of this market place. We chose the notion of brokerage to describe the internal marketplace because in the real world, brokerages are widespread (realtors, stockbrokers, tax accountants) an play an important role in facilitating efficient markets. Our working definition of an electronic brokerage is: multiple services provided by a single interface with a single point of accountability on an order-by-order basis. Brokerage service providers are intimately involved in the details of customer operations, end to end, in order to understand customer needs and deliver better service.
66
Customer s Customer s Customer s Customer s Custome order
Internal Markets Order management and financial accounting Design brokerage Manufacturing planning and scheduling brokerage
Delivery
Shipping
Production brokerage
Logistics and supply chain management brokerage
Fig. 8.1
Several important issues must be resolved before electronic brokerages become commonplace. For instance, how are these brokerages built in an electronic environment? How are they internally organized? What technology components are needed for a good brokerage? What language do brokerages use to coordinate internally and among themselves? What languages do they use to communicate with customers? These issues need to be addressed before efficient electronic markets can be created. Of these, workflow automation and coordination issues are especially crucial.
8.6 WORK-FLOW AUTOMATION AND COORDINATION

A vision of speeding up or automating routine business tasks has come to be known as work-flow automation. The goal of work-flow automation is to offer more timely, cost-effective, and integrated ways to make decisions. A work flow portrays the movement of a business process and its associated tasks among workers and the operations required to process relevant information as it moves from initiation to completion.
BSIT 62 E-Commerce
67
Under the computing umbrella, a work flow is the movement of information from one users desktop to anothers. All work flows taken together constitute a process. For the purposes of automation, knowledge-based business processes can be defined as sets of rules and milestones that define and control the flow of information. Typically, work flows are decomposed into steps or tasks, which are then task ordered to determine which should be done first, second, and so on. Work flows can be simple or complex. Simple work flows typically involve one or two tasks, for example, an intelligent mail application helps prioritize and route a users mail. On the other hand, a work-flow application that can move a purchase order through the approval process and track the actual delivery of the product from the supplier to the warehouse is a complex task. A complex work flow may involve several other work flows, some of which may execute simultaneously. Organizational integration is extremely complex and typically involves three steps: (1) improving existing processes by utilizing technology where appropriate; (2) integrating across the business functions after identifying the information needs for each process; (3) integrating business functions, application program interfaces, and database across departments and end users have access to organization wide data, rather than relying on proprietary data.
8.6.1. Work-Flow Coordination

The key element of a market-driven business is the coordination of tasks and other resources throughout the company to create value for customers. Some of the simplest work-flow coordination tools to understand and implement are electronic formsrouting applications. These packages offer a network-based, automated alternative to paper documents (such as expense reports, purchase orders). A department manager, for example, might design an expense report form that is initiated by account executives, routed to an administrative assistant for error checking, then sent back to the manager for approval. After approving the report, the manager can print it out and send it to accounting for final settlement. The manager can print it out and send it to accounting for final settlement. The manager could also include an accounts payable person in the work flow, thus extending the routing process outside the sales department. As the number of parties in the work flow increases, good coordination becomes crucial. To facilitate better work flow coordination, companies are using software agents.
68
8.6.2. Work-Flow-Related Technology

For now, work-flow systems are limited to factory like work processes. For the foreseeable future, moreover, wide-scale work flow does not seem practical for all work environments. Realistically, then, work-flow systems will play a useful role in the important but boring world of repetitive, periodic work processes, especially relating to managing documents and images. Work flow in an unstructured context remains elusive, and the notion of comprehensive work-flow systems must be regarded as nothing more than a dream.
8.7 SUPPLY CHAIN MANAGEMENT (SCM)

Today, there is a growing realization that product excellence does not guarantee competitive advantage and profits. Many firms have been seeking a way of increasing profits through better management of their supply chain (network of partnerships) using technology and avoiding the extremes of either internalizing it or of outsourcing most functions. In the interest of acquiring an edge, these companies are beginning to use the supply chain network to reduce costs and complement their products with basic and value-added services. But supply chains need to be managed. Essentially, supply chain management (SCM) is an integrating process based on the flawless delivery of basic and customized services. Simply put, SCM optimizes information and product flows from the receipt of the order, to purchase of raw materials, to delivery and consumption of finished goods. SCM plays an important role in the management of processes that cut across functional and departmental boundaries. SCM goes beyond organizational boundaries, reaching out to suppliers and customers. SCM is in stark contrast to the traditional approach, whereby executives think in terms of component activities such as forecasting, purchasing, production planning, or warehousing. Typically, these activities were managed in a fragmented manner, and so it was not uncommon to find them under separate functions that do not share information. Firms are now realizing that in a world of rapid response and order fulfillment, a company that is incapable of managing cross-functional processes may become extinct. SCM is important in retailing because it helps manage the demand and supply functions. In electronic commerce, supply chain management has the following characteristics:
l l
An ability to source raw material or finished goods from anywhere in the world. A centralized, global business and management strategy with flawless local execution.
BSIT 62 E-Commerce
69
On-line, real-time distributed information processing to the desktop, providing total supply chain information visibility. The ability to manage information not only within a company but across industries and enterprises. The seamless integration of all supply chain processes and measurements, including third-party suppliers, information systems, cost accounting standards, and measurement systems. The development and implementation of accounting models such as activity-based costing that l ink cost to performance are used as tools for cost reduction. A reconfiguration of the supply chain organization into high performance teams going from the shop floor to senior management.
Figure shows the two primary models of supply chain management: push versus pull. These models contain three primary elements: 1. Logistics and distribution (integrated logistics). Logistics is a relatively new discipline that deals with the integration of materials management and physical distribution. Although logistics and SCM are sometimes interchanged, think of SCM as an umbrella that incorporates the logistics function. Over the years areas such as materials management and distribution have evolved into logistics, which in turn has become one integral component of SCM 2. Integrated marketing and distribution: Most managers often do not realize that order processing and fulfillment processes may exceed 15 percent of the cost of sales. Traditionally, the customer order process is initiated by sales personnel, who have an in-depth understanding of the customers product and service requirements. In electronic commerce, the order process could be initiated by marketing information systems such as point-of-sale systems. Today, with the aid of technology, we are able to integrate the customer directly and react to changes in demand by modifying the supply chain. 3. Agile manufacturing. Consumers and manufacturers are stressing quality and speed. One of the most influential visions of production goes by the name of agile manufacturing.
70
Consumers Purchase Merchandise Manufacturer Retail Store

l l l
Financial / marketing-driven forecast Master scheduling Replenishment based on Distribution center inventory (preset safety stock level) Manual purchase order and invoicing.
l l l
POS data collection Perpetual inventory tracked UPC level. Automatic replenishment using EDI services
Retail distribution center

l
Retail distribution center

l l l l
l l
Order point based on warehouse inventory (safety stock level) and historical forecasts. Deals, promotions, and forward buying Manual purchase orders, information entry and output
Automatic replenishment Shipping container marking Cross-dock receiving EDI services
Retail store
l l l
Manufacturer
l l l l l
Order point based on shelf inventory (safety stock level) and forecasts Promotions Manual entry of items to be reordered.
Demand driven forecast based on POS data and product movement. Micro-market-driven Short cycle manufacturing Advanced shipping notice and EDI services Bar code scanners and UPC ticketing
Consumers Purchase Merchandise

Fig. 8.2 Push-based supply chain vs. pull-based supply chain
8.8 SUMMARY
This chapter was about the use of e-commerce concepts to improve the intra organizational operations,
BSIT 62 E-Commerce
71
we briefly discussed how it can help in work-flow management, product customization and supply chain management. We discussed the various trade offs between vertical, horizontal and virtual organizations. We also studied the work flow related coordination and technology components. The last section dealt with the push based and pull based supply chains.
8.9 QUESTIONS
1. 2. 3. 4. 5. 6. 7. 8. 9. What is work flow management? What are the two main issues that are focused by customization? What is supply chain management? What is the main disadvantage of vertical organization? What is the main difference between horizontal and vertical organizations? Define virtual organization? What are the two approaches of virtual organization? What are the two main categories of SCM? What are the primary elements of SCM
8.9.1 Answers
1. 2. 3. 4. 5. 6. 7. 8. 9. It is the concept of task coordination for better results. Time to market and flexible operations. It is the chain of suppliers and customers for a particular business. It allows gaps to exist between employees of different departments. Horizontal organization is two tiered as against multiple tiered organization. It is a network closely coupled upstream with suppliers and downstream with customers. Downward and lateral. Push based and pull based. Logistics, integrated marketing and agile manufacturing.
72
Chapter 9
Chapter 9 - The Need for Computer Security
The Need for Computer Security
9.0 INTRODUCTION
n this chapter, we look into certain basic aspects of security as required by e-commerce. We begin with the standard need for security protecting resources and data. We classify the threats as active and passive threats and also discuss the specific approaches of attackers. The next concept is the strategy to overcome such attacks. Then a few security tools are introduced. In brief, we look at Kerberos, UNIX security mechanisms and password security systems. While studying the approaches for enterprise level security, we discuss about firewalls. A debate has taken place over the past decade whether security should be the burden of the host or of the network. To say that security is the responsibility of the Internet is surely wrong. Both hosts and networks must be secure: the responsibility is at least equally shared, if not more slanted toward the hosts. Some believe that, pragmatically, given how information is actually hacked today, the major burden lies with the end system (particularly in terms of confidentiality and integrity). The network is responsible for reliable connectivity with low chance of misrouting or loss (these last two are not security risks when the host does what it is supposed to do, but it would add, however, communication inefficiency). The hostmaster is responsible for securing the organizations hosts. Even assuming that planners believe that it is ultimately the responsibility of the network to provide security, they should compensate (while waiting for the network to develop techniques to support security in this view), by beefing up what they can control, namely their host security. Security addressed here relates to three general areas. 1. Secure file/information transfers, including secure transaction. 2. Security of information as stored on Internet-connected hosts.
72
BSIT 62 E-Commerce
73
3. Secure enterprise networks, when used to support Web commerce. Implementing security involves assessing the possible threats ones network, servers, and information. The goal is then to attempt to minimize the threat as much as possible without making it difficult for legitimate users to access information. After all, one the main purposes of the Internet and World Wide Web is to disseminate and make the sharing of information simple and easy. For companies doing business over the Internet, security is one of the foremost issues, at this juncture. In order for companies to succeed in the electronic world of goods and services, they first need to prove to prospective customers that shopping over the Internet is safe and convenient. Proving that the exchange of personal proprietary information (i.e. credit card numbers) is secure and confidential is crucial to the success of commerce over the Internet. Security in an Internet environment is important because information has significant value: information can be bought and sold directly or can be used to create new products and services that yield high profits. Security on the Internet is challenging, prima facie, because security involves understanding when and how participating users, computers, services and networks can trust one another, as well as understanding the technical details of network hardware and protocols. Furthermore, because TCP/IP supports a diversity of organizational boundaries, participating individuals and organizations may not agree on a level of trust or policies for handling data.
9.1 REASONS FOR INFORMATION SECURITY

The requirements of information security in an organization have undergone tow major changes in the last several decades. Prior to the widespread use of data processing equipment, the security of valuable information was provided primarily by physical and administrative means. With the introduction of the computer, the need for automated tools for protecting files and other information stored on the computer became evident. The need is even more acute for systems that can be accessed over a public network. In an enterprise network, the security of an entire network can, in principle, be compromised by a single penetrable host. The generic name for the collection of tools designed to protect data is computer security. The second major change that affects security is the introduction of distributed systems and the use of networks and communication facilities for transporting data between the user and computer (client and server) and between computers. Network security measures are needed to protect data during its transmission. Computer and network security can be defined as the protection of network-connected resources against unauthorized disclosure, modification, utilization, restriction, incapacitation, or destruction. Security has long been a subject of concern and of study, for both data processing systems and communications facilities; with open computer networks (such as internet), these concerns are combined. Security is needed for both external and internal threats. It requires physical and administrative controls,
74
as well as automated tools. There is not accurate way of measuing the threat that may be launched by an inimical agent.
9.2 PROTECTING RESOURCES

The term computer and network security refers in a broad sense to confidence that information an services available on a network cannot be accessed by unauthorized users. Security implies safety, including assurance of data integrity, freedom from unauthorized access, freedom from snooping or wiretapping, and freedom from disruption of service. Of course, just as no physical property is absolutely secure against crime, no host is absolutely secure. Organizations make an effort to secure hosts for the same reason they make an effort to secure buildings and offices. At the same time, organizations note that in practical terms, most security violations are from internal treats rater than from external threats. Providing security for information requires protecting both physical and abstract resources. Physical resources include storage devices such as magnetic tapes and disks, as well as active devices such as computers and servers. In a network environment, physical security extends to the cables, modem pools, switches, bridges, and routers that comprise the communication infrastructure. Good physical security can eliminate attacks, sabotage/denial of service, and exploitation (e.g. disabling a router and causing packets to be routed through an alternative path). Protecting an abstract resource such as information is usually more difficult than providing physical security. Data integrity (i.e. protecting information from an unauthorized change) is crucial; so is data availability (i.e. guaranteeing that outsiders cannot prevent legitimate data access by saturating a network). Because information can in principle be copied as it passes across a network, protection must also prevent unauthorized read/write/delete; that is, network security must include a guarantee of privacy. Often it can be difficult to discern the difference between legitimate and illegitimate access while a transfer is in progress. More important, while physical security often classifies people and resources into broad categories (e.g. all non employees are forbidden from using a given hallway), security related to information usually needs to be more restrictive (e.g. some parts of an employees record are available only to the personnel office, others are available only to the employees boss, and others are available to the payroll office).
9.3 TYPE OF RISKS

As the number of people utilizing the Internet increases, the risk of security violations increases with it. One can compare the Internet to a large department store with a lot of entrances, a lot of customers, and not security guards to discourage shoplifting. It is true that some times the cost of protecting the network outweighs the cost of just leaving it unprotected, but in most cases that is not true. Nonetheless, it is undeniable that the cost of protecting the network becomes non-trivial as more services become available, such as banking online and Internet commerce. The internet connected host, however, is not only host at
BSIT 62 E-Commerce
75
risk; almost all networked hosts are vulnerable. Security risks vary from uploading files with imbedded viruses or malicious code onto a network to stealing information or money. Each time a company deploys a new Internet gateway, LAN, or distributed client/server system, it risks leaving another virtual window open for cyber-prowlers, disgruntled employees, or unethical competitors to work through.
9.4 SECURITY THREATS

Some of the threats that stimulated the upsurge of interest in security include the following.
l
Organized and internal attempts to obtain economic or market information from competitive organizations in the private sector. Organized and intentional attempts to obtain economic information from government agencies. Inadvertent acquisition of economic or market information Inadvertent acquisition of information about individuals Intentional fraud through illegal access to computer repositories including acquisition of funding data, economic data, law enforcement data, and data about individuals. Government intrusion on the rights of individuals Invasion of individuals rights by the intelligence community.
l l l l
l l
Some hacking techniques are listed in table below. These are examples of specific threats that an organization needs to counter. The nature of the threat that concerns an organization will vary depending on the circumstances. The threats can be divided into the categories of passive and active communication security threats.
Some hacking Techniques

Stolen access Involves the use of another users ID or password without permission to gain access to the internet. Search for processors to store stolen software and data bases
Stolen resources
Internet virus Virus designed to traverse through the network, passing through (aka worm) multiple processors and either sending information back to the originator or doing damage to the processors it passes though. Email Impostures Sending email while falsifying the From field Email passes through at least two nodes to be received; as the email
76
Email snooping
passes through these nodes, and is stored transiently, it is susceptible to people tithe system access, unless secured. If a hacker has gained access to a host, the hacker may set up sniffing programs to observe traffic storing information (IDs/passwords)that can be used to compromise other systems. Assuming someone elses identity, whether it be a login ID, an IP address a server, or an e-commerce merchant. While programs are idle in host memory, a hacker may have the opportunity to access the programs data. Viruses concealed within a software package injected into a host. May be destructive or perform some covert activity designed to send data back to the hacker.
Sniffing
Spoofing
Async attacks
Trojan horses
Back doors
Applications/system programmers may implement a secret password that allows the programmer easy access to a host or application on the host; these passwords may be infiltrated.
Passive threats.
Passive threats involve monitoring the transmission data of an organization. The goal of the attacker is to obtain information that is being transmitted. In general, this is not the easiest task to undertake. Two types of threats are involved here: release of message contents and traffic analysis. The threat of release of message contents is clearly a concern. A telephone conversation, an electronic mail message, or a transferred file may contain sensitive or confidential information. One wants to prevent the attacker from learning the contents of these transmissions. The second passive threat, traffic analysis, is more subtle and often is more applicable to military situations. Even though one may have away of masking the contents of messages, the attacker may still determine the location and identity of communicating hosts and can also observe the frequency and length of messages being exchanged. This information might be useful in guessing the nature of the communication taking place. Passive threats are difficult to detect because they do not involve alteration of the data. However it is feasible to prevent these attacks from being successful. The emphasis in dealing with passive threats is on prevention rather than detection. Although these threats can be directed at communication resources they are generally perpetrated at the host level.
BSIT 62 E-Commerce
77
Active Threats
Active threats involve some modification of the data stream or the creation of a false stream. One can classify these threats into three categories: message-stream modification, denial of message of service, and masquerade. Message-stream modification means that some portion of a legitimate message is altered or that messages are delayed, replayed, or reordered to produce an unauthorized effect. For example, a message meaning Allow Emile to read confidential file accounts is modified to Allow Gabrielle to read confidential file accounts. The denial of service prevents or inhibits the normal use or management of communication facilities. This attack may have a specific target; for example, an attacker may suppress all messages directed to a particular destination. Another form of service denial is the disruption of an entire network, either by disabling the network or by overloading it with messages so as to degrade performance. A masquerade takes place when an attacker pretends to be someone else. A masquerade attack usually includes one of the other two forms of active attack. Such an attack can take place, for example, by capturing and replaying an authentication sequence. Active threats have the opposite characteristics of passive threats. Passive attacks are difficult to detect and there are measures available to prevent their success. On the other hand, it is difficult to ultimately prevent active attacks because this would require physical protections of all hosts and/or communications facilities all the time. Instead, the goad is to detect active attacks and recover from disruption or delays caused by the attack. Because the detection has a deterrent effect, this may also contribute to prevention. Again, these threats are most successful when directed to what could b the weakest link in th overall system, namely, the host level.
9.4.1 Bulletin boards

These Internet services provide a clearing house for information and correspondence about a large variety of subjects. Many commercial organizations, especially technology houses, use them to provide customer service. Bulletin boards have been notorious hangouts for hackers and other antisocial types. A lot of pirated and virus-laden software appears on bulletin boards.
9.4.2 Electronic mail

This store-and-forward mail service allows users to communicate throughout the network, requiring
78
only a target address and a point of access. Currently, e-mail is one of the most commonly used services and is all some organizations use. E-mail poses fewer security problems than other forms of Internet communication but is subject to interception (at the communication gateway level), if it is unencrypted. However, an organization should be careful about what it sends and accepts. For example, unsolicited, executable code sent via e-mail could be a virus.
9.4.3 File transfer

Using FTP and HTTP, users can request and send a variety of bulk data including databases, files in all formats, documents, software, images, and voice. While useful and convenient, file transfer can be insecure both in terms of confidentiality and virus threats (leading then to further confidentiality breeches or denial of service). The network administrator must control how outsiders gain access to internal files and protect the files form misuse or unauthorized use. Normally, this requires a dedicated and isolated server. Granting direct access to internal on-line production data via FTP can be dangerous and is generally not recommended.
9.4.4 IP Spoofing
IP spoofing is a technique that can lead to root access on a system. It is the tool that intruders often use to take over open terminal and login connections after they get root access. Intruders create packets with spoofed or impersonated source IP addresses. The attacks involve forging the source address of packets(usually claiming that they come from inside the organizations own network). Other types of IP attacks include user-in-the-middle attacks (the attacker is able to send you packets and intercept the packets you reply with) and source-routing attacks (attackers exploit the IP headers source-routing option to dictate the route the packets should take). The deterrent is to properly configure packet-filtering firewalls. Because of IP spoofing, no address-based authentication is possible.
9.4.5 Password guessing

Most host administrators have improved their password controls, but group accounts still abound, and password-dictionary and password-cracking programs can easily crack at least 10 percent of the passwords users choose. The deterrent is enforcement of good passwords.
9.4.6 Password sniffing

CERT estimates that, in 1994, thousands of systems were the victims of password sniffers. On
BSIT 62 E-Commerce
79
LANs, any internal machine on the network can see the traffic for every machine on that network. Sniffer programs exploit this characteristic, monitoring all IP traffic and capturing the first 128 bytes or so of every encrypted FTP or Telnet session. The deterrent is to utilize programs that provide on-time (nonreusable) passwords.
9.4.7 Telnet
Telnet enables users to log on to remote computers. Telnet does little to detect and protect against unauthorized access. Fortunately, Telnet is generally supported either by using an application gateway or by configuring a router to permit outgoing connection using something such as the established screening rules.
9.4.8 Viruses
Viruses do not necessarily give intruders access to a computer system, but may be a way to copy and forward information or otherwise create denial-of-service problems. A virus is a program that can infect other programs by modifying them to include a copy of itself. It is possible that any program that comes in contact with a virus will become infected with the virus. Similarly to how viruses attack humans, computer viruses can grow, replicate, travel, adapt and learn, attack and defend, camouflage themselves, and consume resources. The following lists various computer virus infractions. Alter data in files Change disk assignments Create bad sectors Decrease fee space on disk Destroy FAT (File Allocation Table) Erase specific programs Format specific tracks or entire disk Hang the system Overwrite disk directory Suppress execution of RAM resident programs Write a volume label on the disk
80 9.5 SECURITY STRATEGIES
There are basic security strategies that can be utilized to combat the threats discussed so for: access to control, integrity, confidentiality, and authentication. However, before defenses can be deployed, a security policy must be developed by an organization.
Policy guidelines
When a system administrator sets security policies, he or she is developing a plan for how to deal with computer security one way to approach this task is to do the following.
l l l l l
Look at what it is you are trying to protect Look at what you need to protect these data/resources from Determine how likely the threats are Implement measures which will protect your assets in a cost-effective manner Review the process continuously and improve processes when a weakness is found.
When the cost of protecting an asset exceeds the cost of replacing that asset if a threat were to strike, that method of protecting is not cost-effective. Without knowing what you are protecting, what your are protecting from, or what the asset is worth, the implementation of security mechanisms is very difficult. For e-commerce, the stakes are high because of the concentration of financial data in breachable files or because of the possibility of ordering goods in large quantities and not paying for them. There are a number of issues that need to be addressed when developing a security policy, some of these issues are as follows.
Who is allowed to use the resource?

The policy should explicitly state and explain who should have access to what parts of the system, and who is authorized to use which resources.
What is the proper use of the resources?

One needs to establish guidelines for the acceptable use of the resources. Those guidelines could be different if there is more than one category of users.
Who is authorized to grant access and approve usage?

The policy should clearly state who is authorized to use the resources. Further more, it must state what type of access those users ware permitted to give. A system administrator who has no control over who is granted access to his/her system, has no control over that system.
BSIT 62 E-Commerce
81
What are users rights and responsibilities?

The policy should incorporate a statement on the users rights and responsibilities concerning the use of organizations computer systems and services. It should be clearly stated that users are responsible for understanding and respecting the security rules of th system they are using.
What should be covered in the policy?

The following is a list of topics that should be covered in this area of the policy.
l l l l l l l l l
What guidelines you have regarding resource use What might constitute abuse Whether users are permitted to share accounts or let others use their accounts How users should keep their passwords secret How often users should change their passwords and any password restrictions or requirements. Restrictions on disclosure of information that may be proprietary. Statement or electronic mail privacy. Policy on electronic communications, mail forging, and so on. The organizations policy concerning controversial mail or postings to mailing lists or discussion groups.
9.6 SECURITY TOOLS

This section discuses some of the tools that (by implementing the mechanisms described this far) are available to the planner.
Secure transport stacks

The internet uses the transport control protocol / Internet protocol (TCP/IP) as the primary network protocol engine. Each IP packet contains the data that is to be sent to some endpoint destination. The IP packet consists of a 32 bit source and destination address (in IPv4), optional bit flags, a header checksum, and the data itself. There is guarantee at the network layer that the IP protocol data units will be received, and even if they are received, they may not be received in any particular order. There is also no guarantee that the packet was sent from the supplied source address; therefore, you cannot solely rely on the source address to validate the identity of the user who sent the packet. TCP provided retransmission of lost or corrupted protocol data units into their original order of transmission. Each packet contains a
82
sequence number which is what TCP uses to sort the protocol data units. The acknowledgement number is the sequence number of the last packet transmitted. Today most users access the Internet via a graphical interface known as a Web browser. Web browsers such as netscape navigator, Spyglass Enhanced Mosaic, or Microsoft Explorer communicate with a Web server by means of HTTP. The Web server runs a CGI which processes request from the Web browser in the form of HTML and displays the graphical representation of that request. Most web servers today are running on processors with the UNIX operating system. Web pages supported on a UNIX processor are protected by the standard UNIX system security environment. There are various network protocol encryption schemes offered to secure information being transmitted. The focus of these encryption schemes is to encrypt data that is sent across the network and then is decrypted at the destination. These schemes are low level protocols that work in conjunction with the higher level protocols such as HTTP and FTP. The two most prominent secure transmission protocols for secure Web communication are
l l
Secure sockets Layer Secure HTTP (S-HTTP)
It is important to note that, thus far, each one of these solutions requires a specific combination of server and browser in order to work appropriately. SSL, advanced by Netscape Communications Corporation, is used to encrypt communication within higher-level protocols, such as HTTP, NNTP, and FTP. The SSL protocol has the capability to do server authentication (verifying the server to the client), data encryption, and client authentication (verifying the client to the server). Until recently, the Netscape browser and some versions of the Netscape servers were the only applications that implemented SSL; however, other companies plan to support SSL in versions of their HTTP server. SSL employs RSA cryptographic techniques to implement data encryption. RSA is a variable-length public-key cryptographic algorithm which uses a mathematical formula to encrypt data. The length of the key can vary between 40 and 1024 bits. Netscape browsers sold in the United states (for use in US) support key length of 128 bits; any netscape secure server can support key lengths up to 128 bits. Netscape browsers exported from the US must support a 40 bit key length in order to comply with US export laws. The larger the key, the harder it is to decrypt the encrypted data. S-HTTP is an encryption algorithm advanced by commerce net. S-HTTP is a higher level protocol that currently only works with the HTTP protocol. On the server side, S-HTTP is currently being implemented on the open market place server and on the secure HTTP mosaic browser on the client side.
BSIT 62 E-Commerce
83
9.7 KERBEROS
Kerberos provides an authentication means in an open (unprotected) network. This is accomplished without relying on authentication by the host operating system, without basing trust on host addresses, without requiring physical security of all the hosts on the network, and under the assumption that protocol data units traveling along the network can be read, modified, and inserted at will. Kerberos performs authentication under these conditions as a trusted third party authentication service by using conventional (shared-secret key) cryptography. The Kerberos protocol was developed as a part of the Massachusetts Institute of Technologys project. Athena to provide authentication of users to distributed systems services running on the campus network. The Kerberos protocol is based, in part, on the symmetric versions of the Needham and Shroeders authentication protocol; this was modified using timestamps, reducing the number of messages needed for initial authentication. Subsequent authentication is supported by using a session key in place of a users password. Kerberos uses a trusted third-party authentication scheme, in which users and hosts rely on the third party to bear the burden of trust both the hosts and users trust the third party and not each other. The model postulates that the third party (also called key distribution centre KDC) verifies the identity of users and hosts, based on a encrypted password and thus prove the identity of a user or host without revealing its password. Some of the design principles of Kerberos are as follows.
l l l l
Both one-way and two-way authentication are supported. Authentication should be achieved without transmitting unencrypted passwords over a network. No unencrypted passwords should be stored in the KDC Clear text passwords entered by client users should be retained in memory for the shortest time possible, and then destroyed. Authentication compromises that might occur should be limited to the length of the users current login session. Each authentication should have a finite lifetime, lasting about as long as a typical logic session. During this lifetime, the authentication may be reused as often as needed. Network authentication should be nearly unnoticed by users: the only time users should be aware that authentication is occurring is when entering a password at the time of login. Minimal effort should be required to modify existing applications that formerly used other, lesssecure authentication schemes.
84
A user wishes to use a certain network service. The user accesses that service by starting a client program on a workstation. The client sends two items to the server: a session key and a service ticket. The ticket contains four things (1) the name of the user it was issued to (2) the address of the workstation that the person was using when he or she acquired the ticket (3) a session key (4) an expiration date in the form of a life span and a timestamp. All this information has been encrypted in the network services password.
l l
User sends [session key | ticket] The network service decrypts the ticket with the session key so the ticket resembles this :[ sessionkey: username:address:servicename: lifespan: timestamp] Authenticator [username:address] is encrypted with session key
The authentication occurs on three levels. First, the service tests that its ticket can be decrypted. The key is in the ticket, so if the ticket cannot be decrypted, it did not come from the actual user (the actual user would have encrypted the ticket with the services password). If the ticket decrypts successfully, the service knows that it came from the actual user. This test prevents access to a netwrk service via fake tickets. The second test checks the tickets lifespan and timestamp. If either has expired, the service rejects the ticket. This test stopts users from using old tickets or tickets that may have been stolen. The third test checks the ticket users name and workstation address against the name and address of the person specified in the ticket. If the test fails, the ticket user has obtained another persons ticket. If everything matches, the service has determined that the ticket sender is indeed the tickets real owner.
Kerberos Authentication process

Client sends a request to the authentication server requesting credentials for a given server. Authentication server responds with these credentials, encrypted in the clients key. The credentials consists of the following: 1. A ticket for the server 2. A temporary encryption key (often called a session key) Client transmits the ticket (which contains the clients identity and a copy of the session key, all
BSIT 62 E-Commerce
85
encrypted in the servers key) to the server. Session key (now shared by the client and server) is used to encrypt further communication between the two parties or to exchange a separate subsession key to be used to encrypt further communication.
9.8 UNIX SECURITY

Secure transport is of little use if the host from which the transmission originates can be broken into the credit card file or other financial files can be stolen. Unix provides various built-in security features, such as user passwords, file access, directory access, file encryption, and security on password files. A UNIX system can be used for web support or more generally for FTP or related support. Password security on UNIX systems provides eight-character passwords for users. Passwords are not displayed on the screen when they are typed in, to prevent anyone else from reading them. User passwords are generally encrypted using the DES algorithm. Once a password has been encrypted it cannot be decrypted back to its text format; this helps to prevent hackers from reading the password file and stealing passwords. Users have the responsibility for the maintenance of their passwords. A user can change passwords sporadically or as necessary, unless the administrator has set up password aging mechanisms, which forces the user to change the password on some regular interval. Many corporate security policies dictate that password aging should be set to 30-day intervals. The administrator has the ability to set specific characteristics for passwords, such as password minimum length, the minimum number of weeks a password must be set without a change, maximum number of weeks a password can be set before a user is prompted to change it. File ownership is setup into three groupings:
l
Owner of the file. The owner determines the accessibility for all other users, except systems administrators. File owners are usually the user who created the file. User group. Others (all other users)
l l
File access permissions are granted at three levels:

l l l
Read access (r) Write access (-w-) Execution access (x)
Each of the levels for file access apply to each one of the file ownership groupings. As an example,
86
to set a file to have read / write/ execute for the owners, no file access for the user group and read/ execute access for all other users, would look like this: Rwxr-x file1.ext Access permissions for directories are similar to those of files. These permissions determine which owners, groups, and others have access into the directory. It is important to use restrictive permissions on any shell scripts, executable programs, and system initialization files and directories. If one is using the UNIX operating system on their Web server, it is a good idea to restrict the write capability of the HTML source code as well as the directories that the HTML source is stored in.
9.9 PASSWORD SECURITY SYSTEM

As noted in the mechanisms section, passwords are the most widely used security measure in existence today. Passwords and password information files are often the target for many attackers. Once an attacker has obtained a password, there is little or no controlling what damage may be done or what proprietary information could be leaked out. Passwords should be changed regularly. The more often a password is changed the more secure the account becomes. As a general rule, passwords should not be written down; if a password is to be written down, it should not be located anywhere near where it could to log in (this apply to internal security threats). Login attempts should be limited to three or less tries. Password security is only as good as the password itself. As noted, attackers today have sophisticated password breaking tools, which will keep trying different combinations of numbers and characters until the password has been breached. It is not surprising then that most attacks are successful due to poorly chosen password. One-time passwords: One time passwords provide greater security because they can only be used once, then are not longer valid. This is accomplished via an authentication scheme. There are several ways to implement one-time passwords; however, one of the most common involves the use of internal clock, a secret key, and a handled display. The current time and the secret key are processed through some function and are displayed on the screen. The displayed value will change about once per minute, so that the value will not be repeated. The host processor proceeds to validate the user by matching the users output to the hosts calculated output. Smart Cards: A smart card is a portable device that contains some nonvolatile memory and a microprocessor. This card contains some kind of and encrypted key that is compared to a secret key contained on the users processor. Some smart cards allow users to enter a personal identification number (PIN) code. Smart cards are becoming relatively common, with 200 million cards expected in use world wide by 1998.
BSIT 62 E-Commerce
87
9.10 APPROACHES FOR ENTERPRISE LEVEL SECURITY

A firewall is a security device that allows limited access out of and into ones network from the Internet. So, a firewall is a piece of hardware that is connected to a network to protect it form agents reaching resources on the network via public open networks. In effect, it only permits approved traffic in and out of ones local site. This type of security measure allows an administrator to select applicable services necessary to ones business and screens out any services that may be a potential security risk (e.g., allow WWW transactions but screen out FTP transactions). Protecting a network involves keeping out unauthorized users and preventing access to sensitive data from unauthorized users, while allowing legitimate users unencumbered access to the network resources. In general, a firewall is placed between the internal trusted network and the external untrusted network. The firewall acts as a choke point that can be used for monitoring and rejecting application-level network traffic. Firewalls not only protect internal networks form untrusted networks (either internal or external), they may also be used to segment the enterprise network, based on operational functionality. This segmentation would be useful in keeping for example, sales personnel from gaining access to development/architecture systems, if such segmentation were deemed necessary. We focus in this discussion on external protection. Firewalls operate at the application layer of the protocol stack. They can also operate at the network and transport layers; in this case, they examine the IP and TCP headers of incoming and outgoing packets and reject and pass packets based on the programmed packet filer rules (in such cases, they are called packet filters). Security concerns go beyond the headquarters location. If a company has corporate-wide backbone that connects corporate sites in several cities or countries, the network manager at a given site may choose to connect the site to a local ISP. The organization must form a security perimeter by installing a firewall at each external connection. It needs an Internet firewall at the access (boundary) point of the network to be protected. For example, an organization can place a firewall at its connection to the global Internet to protect it from unwanted access. A fire-wall partitions an enterprise network into two areas, referred to informally as the inside and outside. To guarantee that the perimeter is effective, the organization must coordinate all firewalls to use exactly the same access restrictions. Otherwise, it may be possible to circumvent the restrictions imposed by one firewall by entering the organizations enterprise network through another fire wall. If the organizations has an unguarded external connection, an intruder will find it easier to locate and use the unguarded connection than to subvent the security mechanism on a guarded connection. In fact, the idea that a security system is only as strong as its weakest part is well known and has been termed the weakest-link axiom. Firewalls are classified into three main categories: 1. Packet filters
88
2. Application level gateways 3. Proxy servers.
Packet filtering
Packet filtering at the network layer can be use as a first defense. Basic filtering comes as part of most routers software. Each packet is either forwarded or dropped based on its source address destination address, or a defined (TCP) port. Configuring a filter involves some determination of what services/ addresses should and should not be permitted to access the network or server. The mechanism requires the manager to specify how the router should treat each protocol data unit. For example, the manager might decide to filer all protocol data units that come from a particular source or those used by a particular application, while choosing to route other protocol data units to their destination. The term packet filter arises because the filtering mechanism does not keep a record of interaction or a history of previous protocol data units. Instead, the filter considers each protocol data unit separately. When a protocol data unit arrives, the router passes the protocol data unit through its packet filter before performing any other processing. If the filter rejects the protocol data unit, the router drops it immediately. Many commercial routers have the capability to screen packets based on criteria such as the type of protocol, the source address, and destination address fields for a particular type of network-layer protocol and control fields that are part of the protocol. Many vendors call their screening router products firewalls; they are firewalls in the sense that they provide protection of the internal network based on information on the network level. Screening routers provide a mechanism to control the type of network traffic that can enter a subnetwork. By doing this, the screening routers can control the type of services that can exist on a network segment. One may setup filtering only to allow certain services through, as long as the requests come in on the corresponding TCP port. This security measure involves some trust on the part of the local administrator. There has been an assumption made that any request that came in on a specific port has been originated from the same service port on the sending machine. For example, the usual SMTP port is 25; however, not all systems may use port 25 for SMTP. A security breach could be caused by someone sending nonSMTP packets to port 25 from a foreign host. Filtering can occur on incoming packets, outgoing packets, or both limitations may exit on ones router as to where one can apply a filter. As a general rule, filtering of incoming packets may protect the router from becoming compromised by an attacker. Firewalls are generally a good way of protecting an organization against attacks through the Internet. Firewalls do have some limitations: the firewall can only provide effective protection assuming that the services and programs used within the firewall work properly and contain no exploitable bugs. If the
BSIT 62 E-Commerce
89
building blocks of he firewall are not solid, then the firewall is not solid and may be liable to attack. As discussed earlier, some security issues may co me in the form of IP address spoofing. IP address spoofing is defined as sending packets from an outside host that allege to be sent from an internal host. Attacks using IP address spoofing are difficult to detect unless logging is performed and activities are correlated against legitimate use. Hence, through filtering helps in the fight against security threats, it does not by itself prevent attacks from address spoofing. A threat could still be realized by an attacker portraying a trusted host that may not be on internal network.
Application-level gateways
An application-level gateway provides a mechanism for filtering traffic for various applications. The administrator defines and implements code specific to applications or services used by the users site (applications, such as SMTP, reside at the application layer). Services or users that can compromise the network security can then e restricted. To counter some weaknesses associated with packet filtering routers, firewalls utilize software applications to forward and filter connections for services such as Telnet, FTP, and HTTP. Application gateways mediate traffic between a protected network and the Internet. A key distinction between a protected network and the Internet. A key distinction between a packet-filtering router and an application-level gateway is the ability to filter and log at the application level rather than just the IP level. Usually, the most common services are the ones supported, which limits the flexibility of integrating new technology; however, by utilizing the most common services, one may decrease the possible security threats. In this way, administrators do not have to worry about possible security holes in foreign hosts which may only invoke simple security measures. Another advantage to an application-level gateway is that they control all traffic going in and out of the network and allow for logging. Utilizing a gateway provides a central point for monitoring and logging activity, which means administrators have the ability to analyze all data being passed through the gateway, which from a security perspective could be used to look for suspected illegal activity. Application gateways have a number of advantages over packet filtering routers, including logging, hiding of internal host names and IP addresses, robust authentication, and simple filtering rules. An FTP gateway might be configurable to permit incoming FTP and block outgoing FTP, a particularly useful combination in maintaining a secure firewall. Most application gateways run in a UNIX environment and are susceptible to UNIX security infractions and operation systems misconfigurations. Most firewall applications that run in a UNIX environment use a stripped-down kernel, modified to offer additional security.
Proxy Servers
A proxy server terminates a users connection (by application) and sets up a new connection to the
90
ultimate destination on behalf of the user, proxying for the user. A user connects with a port on the proxy; the connection is routed through the gateway to a destination port, which is routed to the destination address. Logging can be set up to track such transmission information as number of bytes sent, Inbound IP address, and the outbound destination IP address. Usually, if a proxy is used, the proxy server provides most of the Internet connectivity. An example of a proxy is a Web services proxy server (HTTP). As for the disadvantages, most proxy servers require two steps to connect inbound or outbound traffic and may require modified clients to work correctly.
9.11 VIRUSES AND WORMS

A new threat has arisen in the past few years to cause concern among data processing an data communications managers: the virus and its relative, the worm. These entities range from the harmless to the destructive. A virus is a program that can affect other programs by modifying hem; the modified program includes a copy of the virus program, which can then go on to infect other programs. A warm is a program that makes use of networking software to replicate itself and move from system to system. The worm performs some activity on each system it gains access to, such as consuming processor resources or depositing viruses. What is worrisome to the manager responsible for security is the prevalence of these computer contagions. What was once rare has reached epidemic proportions, disrupting operations, destroying data, and raising disturbing questions about the vulnerability of information systems everywhere. Java-based applets found on web sites could easily contain viruses.
9.11.1 The nature of viruses

Like its biological counterpart, a computer virus carries in its instructional code the capability for making copies of itself. Lodged in a host computer, the typical virus takes temporary control of a computers disk operating system. Then, whenever the infected computer comes into contact with an uninfected piece of software, a fresh copy of the virus passes into the new program. Thus, the infection can be spread from computer to computer by unsuspecting users who either swap disks or send programs on a network. In a LAN environment, the capability to access applications and system services on other computers provides a perfect culture for the spread of a virus. A virus can do anything that other programs do; the only difference is that it attaches itself to another program and executes secretly every time the host program is run. If this were all that there were to viruses, they would not cause concern. Unfortunately, after a virus is executing, it can perform any function, such as erasing files and programs. A simple virus that does nothing more than infect programs might work something like this:
BSIT 62 E-Commerce
91
l l l l l l
Find the first program instruction. Replace it with a jump to the memory location following the last instruction in the program. Insert a copy of the virus code at that location Have the virus simulate the instruction replaced by the jump Jump back to the second instruction of the host program Finish executing the host program.
9.11.2 Countering the threat of viruses

The best solution for the threat of viruses is prevention: do not allow a virus to get into the system in the first place. In general, this goal is impossible to achieve, although prevention can reduce the number of successful viral attacks. The next best approach is to do the following:
l l l
Detection : After the infection has occurred, determine that it has occurred and locate the virus. Purging: Remove the virus from all infected systems so that the disease cannot spread further. Recovery: Recover any lost data or programs.
Because of the variety of viruses, there is no universal remedy. A number of programs provide some protection, and the security manager should be advised to contact several vendors and assess their products.
9.12 SUMMARY
We learnt about the basic of computer security which is a very vital part of e-commerce. We listed the need for information and resource security. The next stage was to classify the treats Threats can be active, that modify the data or passive, which only access data. Then a few specific intruder approaches like bulletin boards, e-mails, FTP etc were discussed in brief. We learnt that even passwords are not a fool proof security method. Then we studies a few security tools Kerberos, which provides authentication in an open network, the concept of security inbuilt in Unix, smart cards etc. We also discussed a few issues for enterprise level security. In particular, we talked of fire walls and the three types of firewalls namely packet filters, application level gate ways and proxy filters.
92 9.13 QUESTIONS
1. 2. 3. 4. 5. 6. 7. 8. 9. What are the two basic types of physical data security? Name the two type of threats to data. What is masquerade? What is IP spoofing? What is Telnet? What is the basic principle of keyboards? What is the unit over which keyboards acts? What are the three ownership groupings in unix files?
What are the three levels of file access permissions in unix?
10. What are the three main categories of fire walls?
9.13.1 Answers
1. 2. 3. 4. 5. 6. 7. 8. 9. Data integrity and Data availability. Active threats and passive threats. The attacker pretends to e some one else. It is a tool that intruders use to take over an open terminal and login connections after they get root access. Telnet enables users to log in to remote computers. It provides authentication to messages in an open network. Tickets Owner, user, others. Read, write and execution.
10. Packet filters, application level gateways and proxy servers.
BSIT 62 E-Commerce
93
Chapter 10
Approaches to Safe Electronic Commerce
10.0 INTRODUCTION
n this chapter, we discuss the security concepts with specific reference to electronic commerce. WE first note that there are four fundamental goals of security namely privacy, integrity, authentication and availability. We shall briefly see how each of them affect the security scenario. Then we look at a few of the secure transport protocols These protocols, when followed, would ensure secure transmission of data. We discuss secure Hyper Text Transfer Protocol (S-HTTP), Secure Socket Layer Protocol (SSL) Secure Electronic Payment Protocol (SEPP) and secure Electronic Transaction (SET). The student is to note that none of these actually bring I any new technology, but only uses that available mechanisms to build protocols.
10.1 OVERVIEW
Observers and proponents articulate the thesis that the security issue must be addressed quickly in order for companies to start investing in electronic commerce. There are indications that merchants are taking a wait-and-see attitude in electronic commerce on the Internet until either there is a dominant standard or there is universal software that will support a variety of encryption and transaction schemes. The market is looking for a comprehensive solution (in a software product) that the merchants and banks can use to support all functions. Computer security has several fundamental goals. 1. Privacy: Keep private documents private, using encryption, passwords, and access-control systems. 2. Integrity: Data and applications should be safe from modification without the owners consent.
BSIT 62 E-Commerce
93
94
Chapter 10 - Approaches to Safe Electronic Commerce
3. Authentication: Ensure that the people using the computer are the authorized users of that system. 4. Availability: The end system (host) and data should be available when needed by the authorized user. Another issue to be tackled is just plain fraud, where the buyer simply supplies out-of-date or incorrect credit card information.
Requirement Content security
Description The ability to send information across the Internet in a manner in which unauthorized entities are not able to read the contents. Signature The ability to specifically identify the entity associated with the information Many things may be signed: contents, the message and, frequently, several signatures may be imbedded in a single message or information unit. Content integrity The ability to identify modification to the covered information Nonrepudiation of origin The ability to identify who sent the information originally versus which intermediary forwarded it. Nonrepudiation of The ability to identify that the information was receipt received by the final addressed destination in a manner that cannot be repudiated. The information has been opened and interpreted to some degree. Nonrepudiation of The ability to identify whether the information was delivery delivered to an appropriate in a manner if cannot repudiate. Key management The functionality necessary to create, distribute, revoke, and manage the public / private keys.
As discussed in the previous chapter, security concerns apply to both the network transport porting and to the host portion of the end-to-end infrastructure. The conventional wisdom is that the problem is in the network. Because information flows through the Internet in a store and forward fashion over shared facilities it is in fact, susceptible to security attacks. The TCP/IP packets flow through many different security attacks. The TCP/IP packets flow through many different nodes (routers) on the way to their final destination specified by the URL. Any of these intermediary nodes can in principle be the source of a security breach either by those having physical access to these devices or by hackers that log in into the administrative side of the node and possible reroute a trap or a data flow. This can cause concerns for both businesses and their customers. However, in routers data is only stored for a transcient
BSIT 62 E-Commerce
95
amount of time; furthermore routes are updated dynamically, so a hacker-defined route could be quickly eliminated. Some hold the opinion that security infaction are more likely at the host/server level. Corrupting the data while in transit is like shooting a moving target; it is easier to shoot a stationary target (data sitting in an Internet connected server, in this analogy). For example in the WWW environment, both Java and CGIs can become host-security problems. With java, applets can be downloaded into the client side of a Web setup. Applets are programs that execute locally on the users machine can, in principle, perform nefarious functions. In addition to taking on viruslike forms (e.g. reformatting the drive or erasing files), they could be programmed to contact a hackers system and send a copy of the users own password/profile file. CGI programs run on the WWW server in response to client requests. CGI programs perform general computational functions including accepting form data, communicating with other computers, and creating dynamic pages. On the nefarious side, CGI programs could be manipulated to crate havoc or transmit out files containing credit information. Naturally, from the buyers or merchants point of view, it does not matter where the potential liability lies what matters is that it exists. However, for planners, such as the readers of this book, the source and nature of the risk need to be properly understood so that it can be properly addressed. Business with computers containing confidential data connected to the Internet do not want the public to have unauthorized access to these files; at the same time, they might want the public to have access to specific parts of their information base. Business that offer services that require payment by methods including credit card transactions also need to be cautious: if these transactions are not secured, hackers can access the users account information. In general, a business should take the same precautions for Internet security as it does for any other (manual) business processes. For example, few businesses would leave customers credit card slips out in the open; comparable care must be taken for electronic credit instruments. Also, it should always be kept in mind that every study ever conducted on this topic shows that infractions from within the original organization represent 90 to 97 percent of all the cases of infractions. Uncertainty as related to security can discourage potential customers form using the Internet as a source of commerce. VANs have been using fears over Internet security as a marketing argument to help sell their own services, which are perceived to be more secure. It is true that the internet currently does not provide network security by itself. But the technology to solve the problem has been around for decades and the price to do so has also come down. The answer is simply for the client and server to encrypt the appropriate information using public key encryption methods before the information is transmitted. A related but not identical issue is that of privacy. A number of industry observes cite public concern
96
that Web merchants will propagate private information about the individuals and businesses. They maintain this is a major retarding factor for commerce on the Internet. A consortium of companies and industry watchers plans to launch the equivalent of the good housekeeping seal of approval for business that conduct commerce over the WWW. eTrust aims to ensure that electronic merchants abide by rules to protect privacy.
10.2 SECURE TRANSPORT PROTOCOL

The secure sockets layer systems from Netscape communications and the secure hypertext transfer protocol form commerce net offer secure means of transferring information through the Internet and the WWW. SSL and S-HTTP allow the client and servers to execute all encryption and decryption of Web transactions automatically and transparently to the end user. SSL works at the transport layer and it is simpler than S-HTTP which works at the application layer and supports more services (such as firewalls and generation and validation of electronic signature.
10.3 S-HTTP
S-HTTP is a secure extension of HTTP developed by the commerce Net consortium. S-HTTP offers security techniques and encryption with RSA methods, along with other payment protocols. For secure transport, S-HTTP supports end-to-end secure transactions by incorporating cryptographic enhancements to be used for data transfer at the application level. This is in contrast to existing HTTP authorization mechanisms, which required the client to attempt access and be denied before the security mechanism is employed. S-HTTP incorporates public-key cryptography from RSA Data security in addition to supporting traditional shared secret password and Kerberos based security systems. The RSA data security ciphers used by S-HTTP utilize two keys; files encrypted by one can only be decrypted by application of the other key. A company generates a pair of these keys, publishes one and retains the other. When another company wishes to send a file to the first company, it encrypts the file with the published key of the intended recipient. The recipient decrypts it with the private key. S-HTTP allows Internet users to access a merchants Website and supply their credit card numbers to their web browsers; S-HTTP encrypts the card numbers, and the encrypted files are then sent to the merchant. Then, S-HTTP decrypts the files and relays back to the users browsers to authenticate the shoppers digital signatures. The transaction proceeds as soon as the signatures are verified.
10.4 SECURE SOCKET LAYER (SSL)

The secure socket layer (SSL) protocol developed by Netscape communications is a security protocol
BSIT 62 E-Commerce
97
that provides privacy over the Internet. The protocol allows client/server applications to communicate in a way that data transmissions cannot be altered or disclosed. Servers are always authenticated and clients are exchanged algorithms and hardware tokens. The strength of SSL is that it is applicationindependent. HTTP, telnet, and FTP can be placed on top of SSL transparently. SSL provides channel security (privacy and authentication) through encryption and reliability through a message integrity check. Netscape states that SSL aims at making the cost of such an attack greater than the benefits gained from a successful attack, thus making it a waste of time and money to perform such an attack. SSL uses three-part process. First, information is encrypted to prevent unauthorized disclosure. Second, the information is authenticated to make sure that the information is being sent and received by the correct party. Finally, SSL provides message integrity to prevent the information from being altered during interchanges between the source and sink. SSL depends on RSA encryption for exchange of the session key and client/server authentication and for various other cryptographic algorithms. When a customer submits a request to purchase merchandise over the internet, the company responds with a public key that the customers computer uses to encrypt sensitive information. The information is sent to the company, which then uses a private key to decrypt the information. The process is transparent to customers (being handled by the browser), hence it is easy to use: the shoppers enter their credit card numbers, SSL encrypts them and sends the encrypted files to the merchant; the transmission proceeds as soon as SSL decrypts the files. SSL requires the merchant to use the netscape server software and the buyer to use the Netscape browser software. As SSL becomes more widely deployed and implemented, this restriction should go away. Mastercard and Visa, as well as many other large corporations, have endorsed SSL for financial transactions. There was recently a successful attack against SSL by two graduate students at Berkeley; Netscape has since distributed a patch for this key generation. Netscape has also developed secure courier, which uses SSL to allow financial data to be transmitted in a secure digital envelope. Information is encrypted at the time it leaves the users computer and remains so until it reaches the financial institution. This ensures that only the financial institution had access to the inputted financial information . Secure courier also can verify the authenticity of inputted financial account information. Before the development of secure courier, a dishonest business could steal credit information just as easily as a hacker.
10.5 SECURE TRANSACTIONS

The protocols previously discussed support secure transactions, as well as more advanced secure transport capabilities. The secure transaction protocols discussed here are more narrowly focused. For
98
secure payments, internet hardware/software vendors have made a variety of announcements in the past couple of years related to the support for most popular security payment protocols. Three methods have evolved in the recent past. Netscape communications corporation and Microsoft corporation have promoted their respective payment protocols and installed them in WWW browsers and servers. 1. SEPP has been championed by Mastercard and Netscape and by other supporters; the American National Standards Institute (ANSI)_ is fast tracking SEPP as a standard for the industry. 2. STT was developed jointly by Visa and Microsoft as a method to secure bankcard transactions over open networks. STT used cryptography to secure confidential information transfer, ensure payment integrity, and authenticate both merchants and cardholders. Confidentiality of information is ensured by the use of message encryption; payment information integrity is ensure by the use of digital signatures; cardholder account authentication is ensured by the use of digital signatures and cardholder credentials; merchant authentication is ensured by the use of digital signatures and merchant credentials; and interoperability is ensured by the use of specific protocols and message formats. 3. At this juncture, it appears that SET will become the industry de facto standard. SET has emerged recently as a convergence of the previous standards and has a lot in common with SEPP. SET is expected to be rapidly incorporated intyo industrial-strength merchantware already available from Netscape, Microsoft, IBM, and other software sellers.
10.6 SECURE ELECTRONIC PAYMENT PROTOCOL (SEPP)

IBM, Netscape, GTE, Cybercash, and mastercard have cooperatively developed SEPP- an open, vendor-neutral, nonproprietary, license free specification for securing on-line transactions. Many of its concepts were rolled into set, which is expected to become the de facto standard. Because of its development importance, SEPP is discussed briefly in this section. There are several major business requirements addressed by SEPP. 1. To enable confidentiality of payment information 2. To ensure integrity of all payment data transmitted. 3. To provide authentication that a cardholder is the legitimate owner of a card account. 4. To provide authentication that a merchant can accept mastercard, branded card payments with an acquiring member financial institution. SEPP is the electronic equivalent of the paper charge slip, signature, and submission process. SEPP takes input from the negotiation process and causes the payment to happen via a three-way communication
BSIT 62 E-Commerce
99
among the cardholder, merchant, and acquirer. SEPP only addresses the payment process; privacy of nonfinancial data is not addressed in the SEPP protocol-hence, it is suggested that all SEPP communication be protected with encryption at a lower layer, such as with netscapes SSL. Negotiation and delivery are also left to other protocols.
10.7 SEPP PROCESS

SEPP assumes that the cardholder and merchant have been communicating in order to negotiate terms of a purchase and generate an order. These processes may be conducted via a WWW browser, alternatively, this operation may be performed through the use of electronic mail, via the users reviews of a paper or CD-ROM catalog or other mechanisms. SEPP is designed to support transaction activity exchanged in both interactive and non interactive modes. The SEPP system is composed of a collection of elements involved in electronic commerce.
l
Card holder: This is an authorized holder of a bankcard supported by an issuer and registered to perform electronic commerce. Merchant: This is a merchant of goods, services, and/or e-products who accepts payment for them electronically and may provide selling services and / or electronic delivery of items for sale. Acquirer. This is a financial institution that supports merchants by providing service for processing credit card based transactions. Certificate management system: This is an agent of one or more bankcard associations that provides for the creation and distribution of electronic certificates for merchants, acquirers, and cardholders. Banknet: This represents the existing Network which interfaces acquirers, issuers and the certificate management systems.
These elements for ecommerce exist tow and interact through existing mechanisms, with the excepting of the certificate management system. In the SEPP systems, these components acquire expanded roles to complement existing functionality into the electronic commerce context. Several basic transaction messages are required in a SEPP based environment when variations to the canonical flow occur, additional data will be required in the supplementary messages. Messages for SEPP- compliant processing of payment transactions
l
Purchase order request
100
l l l l
Authorization request Authorization response Purchase order Inquiry Purchase order Inquiry Response
Additional messages for on-line customer

l l l
Initiate Invoice Purchase order response (with purchase order status)
Messages for off-line transactions or transactions sent to merchant not on-line with the acquirer
l
Purchase order response
In simplified form, the transaction occurs as follows. The buying cardholder begins the transaction by sending the merchant an Initiate message. The merchant responds with an Invoice message containing information used by the buying cardholder to validate the goods and service and the transaction information. The buying cardholder then prepares a purchase order request which contains goods and service instructions which are encrypted in a manner so as to only be decrypted by the acquirer. The merchant receives the purchase order request, formats an authorization request, and sends it to the holder payment instructions. The acquirer processes the authorization request. The acquirer then responds to the merchant with an authorization response. The merchant will respond to the buying cardholder with a purchase order response if a purchase order response message was not previously sent. At a later time, the buying cardholder may initiate a purchase order inquiry to which the merchant will respond with a purchase order inquiry response. The process of shopping is merchant specific. The process of transaction capture, clearing and settlement of the transaction is defined by the relationship between the merchant and the acquirer. In certain scenarios (e.g. shopping via a browser ) the buying cardholder may have already specified the goods and services before sending a purchase order request message. In other scenarios the order may be placed with payment instructions in the purchase order request message. In an interactive environment, SEPP activities start when the buying cardholder sends a message to the merchant indicating an initiation of a SEPP payment session. This message is referred to as an initiate message; it is used to request that the merchant prepare an invoice as the first step in the payment process. The merchant responds to the initiate message with an invoice message which contains the amount of the transaction, merchant identification information, and data used to validate subsequent transactions in the sequence.
BSIT 62 E-Commerce
101
The next transaction is initiated by the buying cardholder. This transaction is the purchase order request. This message contains the payment instructions of the buying cardholder. This information is protected in such a manner as to provide a high level of confidentiality and integrity. The payment instructions are encrypted so that they can only be read by the acquirer. The merchant sends an authorization request tot eh acquirer. The acquirer performs the following tasks.
l l l l l
Authenticates the merchant Verifies the acquirer/merchant relationship Decrypts the payment instructions form the buying cardholder Validates that the buying cardholder certificate matches the account number used in the purchase Validates consistency between merchants authorization request and the cardholders payment instruction data. Formats a standard authorization request to the issuer and receives the response. Responds to the merchant with a validated authorization request response.
l l
The merchant responds to the buying cardholder with a purchase order response indicating that either the merchant has received the purchase order request message and authorization request will be processed later or the authorization response has been processed by the acquirer. The buying cardholder can request a status of the purchase order by using a purchase order inquiry message. The merchant then responds with a purchase order inquiry message. In the scenario supporting e-mail, the purchase order request form the buying cardholder will be the first message and the purchase order response form the merchant will be sent back to the buying cardholder via e-mail.
10.8 SECURE ELECTRONIC TRANSACTION

At this juncture, the industry is counting on SET to accelerate internet electronic commerce. SET is becoming the de facto standard for security. Depicts its operation. The following list depicts key functions of the specification.
l
Provide for confidential payment information and enable confidentiality of order information that is transmitted with payment information
102
l l
Ensure integrity for all transmitted data Provide authentication that a buyer is a legitimate user of a branded (e.g. Visa, Master Card, American Express) bankcard account. Provide authentication that a merchant can accept bank card payments through its relationship with an appropriate financial institution. Ensure the use of the best security practices and design techniques to protect all legitimate parties in an electronic commerce transaction. Ensure the creation of a protocol that is neither department on transport security mechanisms no prevents their use. Facilitate and encourage interoperability across software and network providers.
SET offers buyers more security than is available in the commercial market. Instead of providing merchants with access to credit card numbers, SET encodes the numbers so only the consumer and financial institution have access to them.. Cardholders, merchants, and the financial institution each retain SET certificates that identify them and the public keys associated with their digital identifies. A third party provides digital certificates to the card-issuing financial institution; the institution then provides a digital certificate to the card holder. A similar process takes place for the merchant. At the time of the purchase, e ach partys SET-compliant software validates both merchant and cardholder before any information is exchanged. The validation takes place by checking the digital certificates that were issued by an authorized third party, such as VeriSign. SET is a combination of an application-level protocol and recommended procedures for handling credit card transactions over the Internet. Designed for cardholders, merchants, and bank (and other card processors), SET covers certification of all parties involved in a purchase as well as encryption and authenticating procedures. Stamped with trusted brand names, the new SET based systems will be a major impetus to the comfort level of Web shopping for both merchants and consumers. The merchantware that incorporates SET will provide on-line vendors with seamless, fraud-resistant ways to handle activities ranging from displaying goods on-line, to settling credit card transactions via back-office links to banks. SET requires that an individual possess a digital certificate for each credit cad that he or she plants to use. This requirement may cause some management concerns for those users with more than one credit card. To complete a transaction involving a digital certificate as used in SET, there can be substantial administrative tracking to ensure that the certificate for a credit card is trustworthy and valid.
10.9 SUMMARY
This chapter is intended to be specific application of the previous chapter in the sense that we are
BSIT 62 E-Commerce
103
trying to apply the general mechanisms of security specifically to e-commerce. There are four fundamental goals of computer security namely privacy, integrity of data, authentication of the users and availability of data when needed. Each of these needs take several forms. The next stage was to get a very brief overview of a few security protocols S-HTTP which is a secure extension of HTTP, SSL that provides security using encryption with RSA algorithm, SEPP which is an electronic payment protocol and SET which is also an electronic transaction protocol.
10.10 SELF STUDY

1. 2. 3. 4. 5. 6. 7. 8. List the four basic goals of electronic Security? What is non-repudiation? What is key Management? What is encryption of data? What is the encryption algorithm on which SSL depends? What are basic elements in a SEPP process? What does SET stand for? What is meant by integrity of data?
10.10.1 Answers
1. 2. 3. 4. 5. 6. 7. 8. Privacy, Integrity, authentication and availability. A person cannot deny after having sent / received a message. To create, distribute, revoke and manage keys. Encoding of data with a suitable key. The RSA algorithm. Card holder, merchant, acquirer and certificate management systems. Secure Electronic Transaction. The contents should not get changed.
104
Unit III
Unit Introduction
his last chapter is a case study type giving a detailed literature of Secure Electronic Transaction. The candidate is to note that this literature is neither up to date nor complete. Our aim is to familiarize him wit the insides of such a protocol.
104
BSIT 62 E-Commerce
105
Chapere 11
Secure Electronic Transaction
his chapter gives a standard protocol Secure Electronic Transaction (SET) specification wise. This will not only familiarize the student to the various terminologies, but he can also implement a part of this set as a term project.
SET aims at achieving secure, cost-effective, on-line transactions that will satisfy market demand in the development of a single, open industry specification. Visa and Master Card have jointly developed the SET protocol as a method to secure payment card transactions over open networks. SET is being published as open specifications for the industry. These specifications are available to be applied to any payment service and may be used by software vendors to develop applications. Key additional participants are GTE, IBM, Microsoft, Netscape, SAIC, Terisa and VeriSign.
This chapter covers the following topics

Introduction Business Requirements This section provides the background for Understanding SET. This section introduces the business requirements that are addressed by the SET specification. This section offers background information on Cryptography and certificate issuance. This section describes the most common SET Transaction flows.
Concepts
Payment Processing
BSIT 62 E-Commerce
105
106 11.0 INTRODUCTION 11.1 BACKGROUND

Impact of electronic commerce
Chapter 11 - Secure Electronic Transaction
There is no question that electronic commerce, as exemplified by the popularity of the Internet, is going to have an enormous impact on the financial services industry. No financial institution will be left unaffected by the explosion of electronic commerce.
l
The number of payment card purchases made through this medium will grow as Internet-based on-line ordering systems are created. Many banks are planning to support this new form of electronic commerce by offering card authorizations directly over the Internet. Several trials with electronic currency and digital cash are already underway.
Projected use
With more than 30 million users in 1998, and 90 million projected to come on board in the next two years, the Internet is a new way for businesses to establish computer-based resources that can be accessed by consumers as well as business partners around the world.
Internet
The Internet is changing the way we access and purchase information, communicate and pay for services, and acquire and pay for goods. Financial services such as bill payment, brokerage, insurance and home banking are now or soon will be available over the Internet. Any organization can become a global publisher by establishing an information site on the Internets World Wide Web.
World Wide Web

The Web can display text, sound, images and even video, allowing merchants to transmit information directly to potential consumers around the world around the clock.
Consumer payment devices

With open networks, payments will increasingly be made by consumer driven devices. As advanced technologies become more practical and affordable, the marketplace will move from brick and mortar to more convenient locations such as the home or office. As financial services evolve, consumers will consolidate their payment needs into one multifunctional relationship product that enables widespread,
BSIT 62 E-Commerce
107
around-the-clock access.
Publicity
Recently, an explosion of publicity has heralded the growth of the Internet and the possibilities for consumers and merchants to create a new type of shopping called electronic commerce. The publicity has focused on three areas:
l
Marketing opportunities to develop new ways to browse, select and pay for goods and services to on-line consumers, New products and services, and Security risks associated with sending unprotected financial information across public networks
l l
All areas must be addressed to facilitate the future growth of payment card transaction volume in the electronic marketplace.
Role of payment systems

Payment systems and their financial institutions will play a significant role by establishing open specifications for payment card transactions that:
l l l l
Provide for confidential transmission, Authenticate the parties involved, Ensure the integrity of payment instructions for goods and services order data, and Authenticate the identity of the cardholder and the merchant to each other.
Procedures needed
Because of the anonymous nature of communications networks, procedures must be developed to substitute for existing procedures used in face-to-face or mail order/ telephone order (MOTO) transactions including the authentication of the cardholder by the merchant. There is also a need for the cardholder to authenticate that the merchant accepts SET transactions and is authorized to accept payment cards.
Use of payment card products

Financial institutions have a strong interest in accelerating the growth of electronic commerce. Although electronic shopping and ordering does not require electronic payment, a much higher percentage of these transactions use payment card products instead of cash or checks. This will hold true both in the consumer marketplace and in the commercial marketplace.
108
Purpose of Secure Electronic Transaction
To meet these needs, the Secure Electronic Transaction (SET) protocol uses cryptography to:
l l l
Provide confidentiality of information, Ensure payment integrity, and Authenticate both merchants and cardholders.,
These specifications will enable greater payment card acceptance, with a level of security that will encourage consumers and businesses to make wide wue of payment card products in this emerging marker.
11.2 OBJECTIVES
Motivation
The primary motivation for the bankcard associations to provide specifications for secure payments are:
l
To have the bankcard community take a leadership position in establishing secure payment specifications and, in the process, avoid any cost associated with future reconciliation of implemented approaches, To respect and preserve the relationship between merchants and Acquirers and between cardholders and Issuers, To facilitate rapid development of the marketplace, To respond quickly to the needs of the financial services market, and To protect the integrity of bankcard brands.
l l l
Payment security
The objectives of payment security are to:
l l l l
Provide authentication of cardholders, merchants and acquirers, Provide confidentiality of payment data, Preserve the integrity of payment data, and Define the algorithms and protocols necessary for these security services.
BSIT 62 E-Commerce
109
Interoperability
The objectives of interoperability are to:
l
Clearly define detailed information to ensure that applications developed by one vendor will interoperate with applications developed by other vendors, Create and support an open payment card standard, Define exportable technology throughout, in order to encourage globally interoperable software, Build on existing standards where practical, Ensure compatibility with and acceptance by appropriate standards bodies, and Allow for implementation on any combination of hardware and software platforms such as PowerPC, Intel, Sparc, UNIX, MS-DOS, OS/2, Windows and Macintosh
l l l l l
Market acceptance
The objectives of market acceptance are to:
l
Achieve global acceptance, via ease of implementation and minimal impact on merchant and cardholder end users, Allow for bolt-on implementation of the payment protocol to existing client applications, Minimize change to the relationship between acquirers and merchant, and cardholders and issuers, Allow for minimum impact to existing merchant, acquirer and payment system applications and infrastructure, and
l l
11.3 BUSINESS REQUIREMENTS 11.3.1 Requirements

Introduction
This section introduces the business requirements for secure payment processing using payment card products over both public networks ( such as the Internet) and private networks.
110
Security issues noncompetitive
Security issues regarding electronic commerce must be viewed as non-competitive in the interests of financial institutions, merchants and cardholders.
Seven business requirements

There are seven major business requirements addressed by SET: 1. Provide confidentiality of payment information and enable confidentiality or order information that is transmitted along with the payment information. 2. Ensure integrity for all transmitted data. 3. Provide authentication that a cardholder is a legitimate user of a branded payment card account. 4. Provide authentication that a merchant can accept branded payment card transactions through its relationship with an acquiring financial institution. 5. Ensure the use of the best security practices and system design techniques to protect all legitimate parties of an electronic commerce transaction. 6. Ensure the creation of a protocol that is neither dependent on transport security mechanisms nor prevents their use. 7. Facilitate and encourage interoperability across software and network providers.
11.3.2 Features
Features of the specifications
These requirements are addressed by the following features of these specifications:
l l l l l
Confidentiality of information Integrity of data Cardholder account authentication Merchant authentication Interoperability
For the sake of clarity, each of these features has been described as a distinct component. It should be noted, however, that these elements do not function independently; all security functions must be implemented.
BSIT 62 E-Commerce
111
Confidentiality of information
To facilitate and encourage electronic commerce using payment card products, it will be necessary to assure cardholders that their payment information is safe and accessible only by the intended recipient. Therefore, cardholder account and payment information must be secured as it travels across the network, preventing interception of account numbers and expiration dates by unauthorized individuals. On-line shopping: In todays on-line shopping environment, payment instructions containing account information are often transmitted from cardholders to merchants over open networks with little or no security precautions. However, this account information provides the key elements needed to create counterfeit cards or fraudulent transactions. Fraud: While it is possible to obtain account information in other environments, there is a heightened concern about the ease of doing so with public network transactions. This concern reflects the potential for high volume fraud, automated fraud ( such as using filters on all messages passing over a network to extract all payment card account numbers out of a data stream), and the potential for mischievous fraud that appears to be characteristic of some hackers. In addition, the transmission of account information in a relatively unsecured manner has triggered a great deal of negative press.
Integrity of data
The specifications must guarantee that message content is not altered during the transmission between originator and recipient. Payment information sent from cardholders to merchants includes order information, personal data and payment instructions. If any component is altered in transit, the transaction will not be processed accurately. In order to eliminate this potential source of fraud and/or error, SET must provide the means to ensure that the contents of all order and payment messages received match the contents of messages sent.
Cardholder account authentication

Merchants need a way to verify that a cardholder is a legitimate user of a valid branded payment card account number. A mechanism that uses technology to line a cardholder to a specific payment card account number will reduce the incidence of fraud and therefore the overall cost of payment processing. These specifications define the mechanism to verify that a cardholder is a legitimate user of a valid payment card account number. Note: these specifications do not define the process whereby a financial institution determines if an individual is a legitimate user of an account.
112
Merchant authentication
The specifications must provide a way for cardholders to confirm that a merchant has a relationship with a financial institution allowing it to accept payment cards. Cardholders also need to be able to identify merchants with whom they can securely conduct electronic commerce.
Interoperability
The specifications must be applicable on a variety of hardware and software platforms and must include no preference for one over another. Any cardholder with compliant software must be able to communicate with any merchant software that also meets the defined standard.
11.3.3 Scope
Use of payment cards
The SET specifications address a portion of the message protocols that are necessary for electronic commerce. It specifically addresses those parts of the protocols that use or payment cards.
Electronic shopping experience

The electronic shopping experience can be divided into several distinct states
Stage
1
Description
The cardholder browses for items This may be accomplished in a variety of ways, such as:
Using a browser to view an on-line catalog on the merchants World Wide Web page; Viewing a catalog supplied by the merchant on a CD-ROM; or Looking at a paper catalog. 2 3 The cardholder selects items to be purchased. The cardholder is presented with a order form containing the list of items, their prices, and a total price including shipping, handling and taxes This order form may be delivered electronically from the merchants server or created on the cardholders computer by electronic shopping software. Some on-line merchants may also support the ability for a cardholder to negotiate for the price
BSIT 62 E-Commerce
113
of items ( such as by presenting frequent shopper identification or information about a competitors pricing). 4 5 The cardholder selects the means of payment. The cardholder sends the merchant a completed order along with a means of payment. In these specifications, the order and the payment instructions are digitally signed by cardholders who possess certificates. 6 7 8 9 The merchant requests payment authorization from the cardholders financial institution. The merchant sends confirmation of the order. The merchant ships the goods or performs the requested services from the order The merchant requests payment from the cardholders financial institution.
Even though these stages have been described as occurring in a specific order, variations are possible; many such variations are described later in these specifications. These specifications focus on stages 5,6,7 and 9 when the card holder chooses to use a payment card as the means of payment.
Within the scope

The following are within the scope of these specifications:
l l l l l l
Application of cryptographic algorithms ( such as RSA and DES) Certificate message and object formats Purchase messages and object, formats Authorization messages and object formats Capture messages and object formats Message protocols between participants
Outside the scope

The following are outside the scope of the set specifications:
l l
Message protocols for offers, shopping, delivery of goods, etc., Operational issues such as the criteria set by individual financial institutions for the issuance of cardholder and merchant certificates
114
l
Screen formats including the content, presentation and layout of order entry forms as defined by each merchant. General payments beyond the domain of payment cards Security of data on cardholder, merchant, and payment gateway systems including protection from viruses, trojan horse programs, and hackers
l l
Note : This list illustrates categories of things that are outside the scope of the SET specifications; it is not intended to be complete.
11.4 CONCEPTS 11.4.1 Payment System Participants

Interaction of participants
SET changes the way that participants in the payment system interact. In a face-to-face retail transaction or a mail order transaction, the electronic processing of the transaction begins with the merchant or the Acquirer. However, in an SET transaction, the electronic processing of the transaction begins with the cardholder.
Cardholder
In the electronic commerce environment, consumers and corporate purchasers interact with merchants from personal computers. A card holder uses a payment card that has been issued by an Issuer. SET ensures that the interactions the cardholder has with a merchant keep the payment card account information confidential.
Issuer
An Issuer is the financial institution that establishes an account for a cardholder and issues the payment card. The Issuer guarantees payment for authorized transactions using the payment card in accordance with payment card brand regulations and local legislation.
Merchant
A merchant offers goods for sale or provides services in exchange for payment. SET allows a merchant to offer electronic interactions that cardholders can use securely. A merchant that accepts payment cards must have a relationship with an Acquirer.
BSIT 62 E-Commerce
115
Acquirer
An Acquirer is the financial institution that establishes an account with a merchant and processes payment card authorizations and payments.
Payment gateway
A payment gateway is a device operated by an Acquirer or a designated third party that processes merchant payment messages ( including payment instructions from cardholders).
Brand
Financial institutions have founded bankcard associations that protect and advertise the brand, establish and enforce rules for use and acceptance of their bankcards, and provide networks to interconnect the financial institutions. Other brands are owned by financial services companies that advertise the brand and establish and enforce rules for use and acceptance of their payment cards. These brands combine the roles of Issuer and Acquirer in interactions with cardholders and merchants.
Third parties
Issuers and Acquirers sometimes choose to assign the processing of payment card transactions to third party processors. This document does not distinguish between the financial institution and the processor of the transactions.
11.5 CRYPTOGRAPHY
Protection of sensitive information
Cryptography has been used for centuries to protect sensitive information as it is transmitted from one location to another. In a cryptographic system, a message is encrypted using a key. The resulting ciphertext is then transmitted to the recipient where it is decrypted using a key to produce the original message. There are two primary encryption methods in use today: secret-key cryptography and publickey cryptography. SET uses both methods in its encryption process.
Secret key cryptography

Secret Key cryptography, also known as symmetric cryptography, uses the same key to encrypt and decrypt the message. Therefore, the sender and recipient of a message must share a secret, namely the key. A well known secret-key cryptography algorithm is the Data Encryption Standard(DES), which is used by financial institutions to encrypt PINs.
116
Fig. 11.1
Public Key cryptography, also known as asymmetric cryptography, uses two keys: one key to encrypt the message and the other key to decrypt the message. The two keys are mathematically related such that data encrypted with either key can only be decrypted using the other. Each user has two keys: a public key and a private key. The user distributes the public key. Because of the relationship between the two keys, the user and anyone receiving the public key can be assured that data encrypted with the public key and sent to the user can only be decrypted by the user using the private key. This assurance is only maintained if the user ensures that the private key is not disclosed to another. Therefore, the key pair should be generated by the usr. The best known public-key cryptography algorithm is RSA ( named after its inventors Rivest, Shamir and Adleman).
Fig. 11.2
Secret-key cryptography is impractical for exchanging messages with a large group of previously unknown correspondents over a public network. In order for a merchant to conduct transactions securely with millions of Internet subscribers, each consumer would need a distinct key assigned by the merchant and transmitted over a separate secure channel. On the other hand, by using public-key cryptography, that same merchant could create a public/private key pair and publish the public key allowing any consumer to send a secure message to the merchant.
BSIT 62 E-Commerce
117
Encryption
Confidentiality is ensured by the use of message encryption.
Encryption: relationship of keys

When two users want to exchange messages securely, each transmits one component of their key pair, designated the public key, to the other and keeps secret the other component, designated the private key. Because messages encrypted with the public key can only be decrypted using the private key, these messages can be transmitted over an insecure network without fear that an eavesdropper can use the key to read encrypted transmissions.
Encryption: use of symmetric key

SET will rely on cryptography to ensure message confidentiality, In SET, message data will initially be encrypted using a randomly generated symmetric encryption key. This key, in turn, will be encrypted using the message recipients public key. This is referred to as the digital envelope of the message and is sent to the recipient along with the encrypted message itself. After receiving the digital envelope, the recipient decrypts it using his or her private key to obtain the randomly generated symmetric key and then uses the symmetric key to unlock the original message.
Note
To provide the highest degree of protection, it is essential that the programming methods and random number generation algorithms generate keys such that the keys cannot be easily reproduced using information about either the algorithms or the environment in which the keys are generated.
Digital signatures
Integrity and authentication are ensured by the use of digital signatures.
Digital signatures: relationship of keys

Because of the mathematical relationship between the public and private keys, data encrypted with either key can only be decrypted with the other. This allows the sender of a message to encrypt it using the senders private key. Any recipient can determine that the message came from the sender by decrypting the message using the senders public key. For example, Alice can encrypt a known piece of data, such as her telephone number, with her private key and transmit it to Bob. When Bob decrypts the message suing Alices public key and compares the result to the known data, he can be sure that the message could only have been encrypted using Alices private key.
118
Digital signatures: using message digests
When combined with message digests, encryption using the private key allows users to digitally sign messages. A message digest is a value generated for a message ( of document) that is unique to that message. A message digest is generated by passing the message through a one way cryptographic function, i.e., one that cannot be reversed. When the digest of a message is encrypted using the senders private key and is appended to the original message, the result is known as the digital signature of the message. The recipient of the digital signature can be sure that the message really came from the sender. And, because changing even one character in the message changes the message digest in an unpredictable way, the recipient can be sure that the message was not changed after the message digest was generated.
Digital signatures: example

For example, Alice computers the message digest of a property description and encrypts it with her private key yielding a digital signature for the message. She transmits both the message and the digital signature to Bob. When Bob receives the message, he computes the message digest of the property description and decrypts the digital signature with Alices public key. If the two values match, Bob knows that the message was signed using Alices private key and that it has not changed since it was signed.
Two key pairs

SET uses a distinct public/ private key pair to create the digital signature. Thus, each SET participant will posses two asymmetric key pairs: a key exchange pair, which is used in the process of encryption and decryption, and a signature pair for the creation and verification of digital signatures. Note that the roles of the public and private keys are reversed in the digital signature process where the private key is used to encrypt ( sign) and the public key is used to decrypt ( verify the signature).
Certificates
Authentication is further strengthened by the use of certificates.
Certificates: need for authentication

Before two parties use public-key cryptography to conduct business, each wants to be sure that the other party is authenticated. Before Bob accepts a message with Alices digital signature, he wants to be sure that the public key belongs to Alice and not to someone masquerading as Alice on an open network One way to be sure that the public key belongs to Alice is to receive it over a secure channel directly from Alice. However, in most circumstances this solution is not practical
BSIT 62 E-Commerce
119
Certificates: need for trusted third party

An alternative to secure transmission of the key is to use a trusted third party to authenticate that the public key belongs to Alice. Such a party is known as a certificate Authority (CA). The Certificate Authority authenticates Alices claims according to its published policies. For example, a Certificate Authority could supply certificates that offer a high assurance of personal identity, which may be required for conducting business transactions: this Certificate Authority may require Alice to present a drivers license or passport to a notary public before it will issue a certificate. Once Alice has provided proof of her identity, the Certificate Authority creates a message containing Alices name and her public key. This message, known as a certificate, is digitally signed by the Certificate Authority. It contains owner identification information, as well as a copy of one of the owners public keys ( key exchange or signature). To get the most benefit, the public key of the Certificate Authority, should be known to as many people as possible. Thus, by trusting a single key, an entire hierarchy can be established in which one can have a high degree of trust. Because SET participants have two key pairs, they also have two certificates. Both certificates are created and signed at the same time by the Certificate Authority.
SET authentication
The means that a financial institution uses to authenticate a card holder or merchant is not defined by these specifications. Each payment card brand and financial institution will select an appropriate method.
Introduction of dual signature

SET introduces a new application of digital signatures, namely the concept of dual signatures. To understand the need for this new concept, consider the following scenario: Bob wants to send Alice an offer to purchase a piece of property and an authorization to his bank to transfer the money if Alice accepts the offer, but Bob does not want the bank to see the terms of the offer nor does he want Alice to see his account information. Further, Bob wants link the offer to the transfer so that the money is only transferred if Alice accepts his offer. He accomplishes all of this by digitally signing both messages with a single signature operation that creates a dual signature.
Generation of a dual signature

A dual signature is generated by creating the message digest of both messages, concatenating the two digests together, computing the message digest of the result and encrypting this digest with the signers private signature key. The signer must include the message digest of the other message in order for the recipient to verify the dual signature. A recipient of either message can check its authenticity by generating
120
the message digest on its copy of the message, concatenating it with the message digest of the other message (as provided by the sender) and computing the message digest of the result. If the newly generated digest matches the decrypted dual signature, the recipient can trust the authenticity of the message.
Example
If Alice accepts Bobs offer, she can send a message to the bank indicating her acceptance and including the message digest of the offer. The bank can verify the authenticity the same offer by using its digest of the authorization and the message digest presented by Alice of the offer to validate the dual signature. Thus the bank can check the authenticity of the offer against the dual signature, but the bank can not see the terms of the offer.
Use of dual signatures

Within SET, dual signatures are used to link an order message sent to the merchant with the payment instructions containing account information sent to the Acquirer. When the merchant sends an authorization request to the Acquirer, it includes the payment instructions sent to it by the cardholder and the message digest of the order information. The Acquirer uses the message digest from the merchant and computers the message digest of the payment instructions to check the dual signature.
Import/ export issues

A number of governments have regulations regarding the import or export of cryptography. As a general rule, these governments allow cryptography to be used when:
l l l l
The data being encrypted is of a financial nature; The content of the data is well-defined; The length of the data is limited; and The cryptography cannot easily be sued for other purposes.
The SET protocol is limited to the financial portion of shopping and the content of the SET messages has been carefully reviewed to satisfy the concerns of governments. As long as software vendors can demonstrate that the cryptography used for SET cannot easily be put to other purposes, import and export licenses should be obtainable.
BSIT 62 E-Commerce
121
11.6 CERTIFICATE ISSUANCE

Cardholder certificates
Cardholder certificates function as an electronic representation of the payment card. Because they are digitally signed by a financial institution, they cannot be altered by a third party and only the financial institution can generate one. A cardholder certificate does not contain the account number and expiration date. Instead the account information and a secret value known only to the cardholders software are encoded using a one-way hashing algorithm. Within the SET protocol, the cardholder supplies the account information and the secret value to the payment gateway where the link is verified. A certificate is only issued to the cardholder upon approval of the cardholders issuing financial institution. By requesting a certificate, a cardholder has indicated the intent to perform commerce via electronic means. This certificate is transmitted to merchants with purchase requests and encrypted payment instructions. Upon receipt of the cardholders certificate, a merchant can be assured, at a minimum, that the account number has been validated by the card-issuing financial institution or its agent. In these specifications, cardholder certificates are optional at the payment card brands discretion.
Merchant certificates
Merchant certificates function as an electronic substitute for the payment brand decal that appears in the store window. Because they are digitally signed by the merchants financial institution, they cannot be altered by a third party and only the financial institution can generate one. These certificates are approved by the acquiring financial institution and provide assurance that he merchant holds a valid agreement with an Acquirer.
Payment gateway certificates

Payment gateway certificates are obtained by Acquirers or their processors for the systems that process authorization and capture messages. Payment gateway certificates are issued to the Acquirer by the payment brand.
Acquirer certificates
An Acquirer must have certificates in order to operate a Certificate Authority that can accept and process certificate requests directly from merchants over public and private networks. Acquirers receive their certificates from the payment card brand.
Issuer certificates
An Issuer must have certificates in order to operate a Certificate Authority that can accept and
122
process certificate requests directly from cardholders over public and private networks. Issuers receive their certificates from the payment card brand.
Hierarchy of trust
SET certificates are verified through a hierarchy of trust. Each certificate is linked to the signature certificate of the entity that digitally signed it. By following the trust tree to a known trusted party, one can be assured that the certificate is valid. A cardholder certificate is linked to the certificate of the Issuer or the Association on behalf of the Issuer. The public signature key of the root is known to all SET software and may be used to verify each of the certificates in turn.
Root
Association
Geopolitical
User
Acquirer
Cardholder
Merchant
Merchant
Fig. 11.3
A payment card brand may not always operate a geopolitical CA between itself and the financial institutions.
BSIT 62 E-Commerce
123
Root key distribution

The root key will be distributed in a self-signed certificate. This root key certificate will be available to software vendors to include with their software.
Root key validation

Software can confirm that it has a valid root key be sending an initiate request to the Certificate Authority that contains the hash of the root certificate. In the event that the software does not have a valid root certificate, the Certificate Authority will send one in the response.
Root key replacement

When the root key is generated, a replacement key will also be generated. This replacement key is stored securely until it is needed. The self-signed root certificate and the hash of the replacement key are distributed together. Software will be notified of the replacement through a message that contains a self-signed certificate of the replacement root and the hash of the next replacement root key. Software validates the replacement root key by calculating its hash and comparing it with the hash of the replacement by contained in the root certificate.
11.7 KINDS OF SHOPPING

Variety of experiences
There are many ways that cardholders will shop. This section describes two ways. The SET protocol supports each of these shopping experiences and should support others as they are defined.
On-line catalogues
The growth of electronic commerce can largely be attributed to the popularity of the World Wide Web. Merchants can tap into this popularity by creating virtual storefronts on the Web that contain on-line catalogues. These catalogues can be quickly updated as merchants product offerings change or to reflect seasonal promotions. Cardholders can visit these Web pages selecting items for inclusion on an order. Once the cardholder finishes shopping, the merchants Web server can send a completed order form for the cardholder to review and approve. Once the cardholder approves the order and chooses to use a payment card, the SET protocol
124
provides the mechanisms for the card holder to securely transmit payment instructions as well as for the merchant to obtain authorization and receive payment for the order.
Electronic catalogues
Merchants may distribute catalogues on electronic media such as diskettes or CD-ROM. This approach allows the cardholder to browse through merchandise off-line. With an on-line catalogue, the merchant has to be concerned about bandwidth and may choose to include fewer graphics or reduce the resolution of the graphics. By providing an off-line catalogue, such constraints are significantly reduced. In addition, the merchant may provide a custom shopping application tailored to the merchandise in the electronic catalogue. Cardholders will shop by browsing through the catalogue and selecting items to include on an order. Once the cardholder approves the order and chooses to use a payment card, an electronic message using the SET protocol can be sent to the merchant with the order and payment instructions. This message can be delivered on-line, such as to the merchants Web page, or sent via a store-and-forward mechanism, such as electronic mail.
11.8 PAYMENT PROCESSING

Transactions described
This section describes the flow of transactions as they are processed by various systems. SET defines a variety of transaction protocols that utilize the cryptographic concepts introduced in previous section to securely conduct electronic commerce. The section describes the following transactions:
l l l l l
Cardholder registration Merchant registration Purchase request Payment authorization Payment capture
Other transactions
The following additional transactions are part of these specifications, but are not described in this section:
BSIT 62 E-Commerce
125
l l l l l l l l
Certificate query Purchase inquiry Purchase notification Sale transaction Authorization reversal Capture reversal Credit Credit reversal
Protocol description
In the event that the description of the processing in this section differs from the Formal Protocol Definition, the Formal Protocol Definition take precedence.
Certificate Authority functions

The primary functions of the Certificate Authority are to:
l l l
Receive registration requests; Process and approve/ decline requests; and Issue certificates.
The following list presents some suggestions for some possible arrangements with variations on distribution:
l l
A company that issues proprietary cards performs all three steps for its cardholders. A financial institution receives, processes and approves certificate requests for its cardholders or merchants and forwards the information to the appropriate payment card brand(s) to issue the certificates. Certificate requests are received by an independent Registration Authority that processes payment card certificate applications for multiple payment card brands and forwards requests to the appropriate financial institution( Issuer or Acquirer) for processing; the financial institution forwards approved requests to the payment card brands to issue the certificates.
These scenarios are simply suggestions of some possible arrangements. Payment card brands and financial institutions will select an appropriate solution based on their individual business needs.
126
Optional cardholder certificates
The diagrams and processing flows that follow describe the processing of the transactions when the cardholder is in possession of a signature certificate issued under the trust hierarchy of the payment card brand. Payment card brands at their option may allow cardholders to process transactions without a certificate as a temporary measure to facilitate implementation of these specifications.
No digital signature
When a cardholder does not possess a signature certificate, no digital signature is generated. In place of the digital signature, the cardholder generates the message digest of the data and inserts the message digest into the digital envelope.
Assurance of integrity
The recipient of data from the cardholder uses the message digest from the digital envelope to confirm the integrity of the data.
Strength of cardholder certificates

A cardholder certificate is not a guarantee of the identity of the cardholder. The strength of a cardholder certificate is wholly dependent on the methods employed by the payment card brand and the payment card issuer to authenticate the cardholder prior to the certificate being issued.
Cardholder authentication
The SET protocol uses a cardholder signature certificate to confirm that a transaction is from a registered user of a payment card. If a cardholder signature certificate is not present, authentication of the cardholder must be performed by other means
11.9 CARDHOLDER REGISTRATION

The figure shown below provides a high level overview of the cardholder registration process. The scenario is divided into its seven fundamental steps in the following detailed sections. The icon to the left corresponds to the diagram below and serves as a map to this scenario; it is repeated in the explanations of the more detailed diagrams with a shaded region that indicates which step is being described.
BSIT 62 E-Commerce
127
CARDHOLDER REGISTRATION CARDHOLDER COMPUTER

CARDHOLDER INITIATES REGISTRATION
INITIATE REQUEST
CERTIFICATE AUTHORITY(CA) PROCESS CERTIFICATE AUTHORITY SENDS RESPONSE
CARDHOLDER RECEIVES RESPONSE AND REQUESTS REGISTRATION FORM CARDHOLDER RECEIVES REGISTRATION FORM AND REQUESTS CERTIFICATE CARDHOLDER RECEIVES CERTIFICATE
INITIATE RESPONSE
REGISTRATION FORM REQUEST
CERTIFICATE AUTHORITY PROCESSES REQUEST AND SENDS REGISTRATION FORM
REGISTRATION FORM
CARDHOLDER CERTIFICATE REQUEST
CARDHOLDER CERTIFICATE
CERTIFICATE AUTHORITY PROCESSING REQUEST AND CREATES CERTIFICATE
Fig. 11.4
Cardholder must register with a Certificate Authority (CA) before they can send SET messages to merchants,. In order to send SET messages to the CA, the cardholder must have a copy of the CA public key exchange-key, which is provided in the CA key-exchange certificate. The cardholder also needs a copy of the registration form from the cardholders financial institution. In order for the CA to provide the registration form, the cardholder software must identify the issuing financial institution to the CA. Obtaining the registration form requires two exchanges between the cardholder software and the CA. The registration process is started when the cardholder software requests a copy of the CAs key-
128
exchange certificate. When the CA receives the request, it transmits its certificates to the cardholder. The CA key-encryption certificate provides the cardholder software with the information necessary to protect the payment card account number in the registration form request.
Certificate Authority sends response

The cardholder software verifies the CA certificate by traversing the trust chain to the root key. The software must hold the CA certificates to use later during the registration process. Once the software has copy of the CA key-exchange certificate, the cardholder can request a registration form. The cardholder software creates a registration form request message. Next the software generates a random symmetric encryption key. It uses this random key to encrypt the registration form request message. The random key is then encrypted along with the account number into the digital envelope using CA public key-exchange key. Finally, the software transmits all of these components to the CA.
Cardholder receives response and requests registration form

The CA identifies the cardholders financial institution ( using the first six to eleven digits of the account number) and selects the appropriate registration form. It digitally signs and then returns this registration form to the cardholder. In some cases, the CA may not have a copy of the registration form but can inform the cardholder software where the form can be obtained. For example, the cardholders issuing financial institution may operate its own CA. In this event, the CA returns a referral response instead of the registration form. ( this referral response is not shown in the diagram below) The cardholder software verifies the CA certificate by traversing the trust chain to the root key. The cardholder needs a signature public/ private key pair for use with SET. The cardholder software generates this key pair if it does not already exist. To register an account, the cardholder fills out the registration form that was returned by the CA with information such as the cardholders name, expiration date, account billing address, and any additional information the issuing financial institution deems necessary to identify the certificate requester as the valid cardholder. The cardholder software generates a random number that will be used by the CA in generating the certificate. The usage of this random number is described in the processing performed by the CA. The cardholder software takes this registration information and combines it with the public key in a registration message. The software digitally signs the registration message. Next the software generates two random symmetric encryption keys. The software places one random key inside the message; the CA will use this key to encrypt the response. It uses the other random key to encrypt the registration message. This random key is then encrypted along with the account number, expiration data, and the
BSIT 62 E-Commerce
129
random number into the digital envelope using the CA public key-exchange key. Finally, the software transmits all of these components to the CA. Note: If the CA returned a referral response as described earlier in the CA processing, the cardholder software will return to the beginning of the registration process communicating with the referral CA to receive that CAs certificates and the appropriate registration form.
Cardholder receives registration form and requests certificate

When the CA receives the cardholders request, it decrypts the digital envelope to obtain the symmetric encryption key, the account information, and the random number generated by the cardholder software. It uses the symmetric key to decrypt the registration request. It then uses the signature key in the message to ensure the request was signed using the corresponding private signature key. If the signature is verified, the message processing continues; otherwise, the message is rejected and an appropriate response message is returned to the cardholder. Next the CA must verify the information from the registration request using the cardholders account information. The process by which the CA and the Issuer exchange information and the steps taken to verify the information in the registration request are outside the scope of these specifications. As described in previous section, there are several ways to configure the processing performed by the CA and the Issuer, such as having the payment card brand provide some or all of the functions on behalf of the Issuer or having the Issuer provide all of the functions. If the information in the registration request is verified, a certificate will be issued. First, the CA generates a random number that is combined with the random number created by the cardholder software to generate a secret value. This secret value is used to protect the account information in the cardholder certificate. The account number, expiration date, and the secret value are encoded using a one-way hashing algorithm. The result of the hashing algorithm is placed into the cardholder certificate. If the account number, expiration date, and the secret value are known, the link to the certificate can be proven, but the information cannot be derived by looking at the certificate. Next, the CA creates and digitally signs the cardholder certificate. The validity period of this certificate will be determined by CA policy; often it will correspond to the expiration date of the payment card, but it may expire sooner. A response message containing the random number generated by the CA and other information ( such as the brand logo) is then generated and encrypted using the symmetric key sent by the cardholder software in the registration message. The response is then transmitted to the cardholder.
Certificate Authority processes request and creates certificate

When the cardholder software receives the response from the CA. It verifies the certificate by traversing the trust chain to the root key. It stores the certificate on the cardholders computer for use in future electronic commerce transactions.
130
Next, the cardholder software decrypts the registration response using the symmetric encryption key that it sent to the CA in the registration message. It combines the random number returned by the CA with the value that it sent in the registration message to determine the secret value. It then stores the secret value to use with the certificate. Cardholder software vendors will ensure that the certificate and related information is stored in a way to prevent unauthorized access.
11.10 MERCHANT REGISTRATION

The figure shown below provides a high level overview of the merchant registration process. This scenario is divided into its five fundamental steps in the following detailed sections. The icon to the left corresponds to the diagram below and serves as a map to this scenario; it is repeated in the explanations of the more detailed diagrams with a shaded region that indicates with step is being described.
MERCHANT REGISRATION
CERTIFICATE AUTHORITY(CA) PROCESS
MERCHA NT COMPUTER
MERCHANT REQUESTS REGISTRATIO N FORM
INITIATE REQUEST
MERCHANT RECEIVES REGISTRATIO N FORM AND REQUESTS CERTIFICATES
REGISTRATION FORM
CERTIFICATE AUTHORITY PROCESSES REQUEST AND SENDS REGISTRATI ON
MERCHANT CERTIFICATE REQUEST
MERCHANT RECEIVES CERTIFICATES
MERCHANT CERTIFICATE
CERTIFICATE AUTHORITY PROCESSES REQUEST AND CREATES CERTIFICATE
Fig. 11.5
BSIT 62 E-Commerce
131
Merchants must register with a Certificate Authority (CA) before they can receive SET payment instructions from cardholders or process SET transactions through a payment gateway. In order to send SET messages to the CA, the merchant must have a copy of the CA public key-exchange key, which is provided in the CA key-exchange certificate. The merchant also needs a copy of the registration form from the merchants financial institution. The merchant software must identity the Acquirer to the CA. The registration process is started when the merchant software requests a copy of the CAs keyexchange certificate and the appropriate registration form.
Merchant requests registration form

The CA identifies the merchants financial institution and selects the appropriate registration form. It returns this registration form along with a copy of its own key-exchange certificate to the merchant.
Certificate Authority processes request and sends registration form

The merchant software verifies the CA certificate by traversing the trust chain to the root key. Merchant software must hold the CA certificate to use later during the registration process. Once the software has a copy of the CA key-exchange certificate, the merchant can register to accept SET payment instructions and process SET transactions. The merchant must have a relationship with an Acquirer that process SET transactions before a certificate request can be processed. The merchant needs two public/ private key pairs for use with SET; key-exchange and signature. The merchant software generates these key pairs if they do not already exist. To register, the merchant fills out the registration form on the screen with information such as the merchants name, address, and merchant ID. The merchant software takes this registration information and combines it with the public keys in a registration message. The software digitally signs the registration message. Next the software generates a random symmetric encryption key. It uses this random key to encrypt the message. The random key is then encrypted into the digital envelope using the CA public key-exchange key. Finally, the software transmits all of these components to the CA.
Merchant receives registration form and requests certificates

When the CA receives the merchants request, it decrypts the digital envelope to obtain the symmetric encryption key, which it uses to decrypt the registration request. It then uses the signature key in the message to ensure the request was signed using the corresponding private signature key. If the signature
132
is verified, the message processing continues; otherwise, the message is rejected and an appropriate response message is returned to the merchant. Next the CA must verify the information from the registration request using known merchant information. The process by which the CA and the Acquirer exchange information and the steps taken to verify the information in the registration request are outside the scope of these specifications. As described in previous section, there are several ways to configure the processing performed by the CA and the Acquirer, such as having the payment card brand provide some or all of the functions on behalf of the Acquirer or having the Acquirer provide all of the functions. If the information in the registration request is verified, the CA creates and digitally signs the merchant certificates. The validity period of these certificates will be determined by CA policy; often it will correspond to the expiration data of the merchants contract with the Acquirer, but it may expire sooner. The certificates are then encrypted using a new randomly generated symmetric key, which in turn is encrypted using the merchant public key-exchange key. The response is then transmitted to the merchant.
Certificate Authority processes request and creates certificates

When the merchant software receives the response from the CA, it decrypts the digital envelope to obtain the symmetric encryption key. It uses the symmetric key to decrypt, the registration response containing the merchant certificates. After the merchant software verifies the certificates by traversing the trust chain to the root key, it stores the certificates on the merchants computer for use in future electronic commerce transactions.
11.11 PURCHASE REQUEST

The figure shown below provides a high level overview of the purchase request portion of a cardholders order process. This scenario is divided into its five fundamental steps in the following detailed sections. The icon to the left correspondence to the diagram below and serves as a map to this scenario; it is repeated in the explanations of the more detailed diagrams with a shaded region that indicates which step is being described.
BSIT 62 E-Commerce
133
PURCHASE REQUEST
MERCHANT COMPUTER
CARDHOLDER COMPUTER
CARDHOLDER INITIATES REQUEST
INITIATE REQUEST
MERCHANT SENDS CERTIFICATE(S)
CARDHOLDER RECEIVES RESPONSE AND SENDS REQUEST
INITIATE RESPONSE
PURCHASE REQUEST
MERCHANT PROCESSES REQUEST MESSAGE
CARDHOLDER RECEIVES PURCHASE RESPOSE
PURCHASE RESPONSE
Fig. 11.6
The SET protocol is invoked after the cardholder has completed browsing, selection and ordering. Before this flow begins, the cardholder will have been presented with a completed order form and approved its contents and terms such as the number of installment payments if the merchant is billing for the transaction in installments. In addition, the cardholder will have selected a payment card as the means of payment. In order to send SET message to a merchant, the cardholder must have a copy of the merchant public key-exchange key as well as the Payment Gateways key-exchange keys. The SET order process is started when the cardholder software requests a copy of the merchants and gateways certificates. The message from the cardholder indicates which payment card brand will be used for the transaction.
134
Cardholder initiates request
When the merchant receives the request, it assigns a unique transaction identifier to the message. It then transmits the merchant and gateway certificates that correspond to the payment card brand indicated by the cardholder along with the transaction identifier to the cardholder.
Merchant sends certificate(s)

The cardholder software verifies the merchant and gateway certificates by traversing the trust chain to the root key. The software must hold these certificates to use later during the ordering process. The cardholder software creates the Order Information (OI) and Payment Instruction (PI). The software places the transaction identifier assigned by the merchant in the OI and the PI; this identifier will be used by the Payment Gateway to link the OI and the PI together when the merchant requests authorization. Note: The OI does not contain the order data such as the description of goods ( the items and quantities) or the terms of the order ( such as number of installment payments). This information is exchanged between the cardholder and merchant software during the shopping phase before the first SET message. The cardholder software generates a dual signature for the OI and the PI by computing the message digests of both concatenating the two digests, computing the message digest of the result and encrypting that using the cardholder private signature key. The message digests of the OI and the PI are sent along with the dual signature. Next the software generates a random symmetric encryption key and uses it to encrypt the dual signed PI. The software then encrypts the cardholder account number as well as the random symmetric key used to encrypt the PI into a digital envelope using the Payment Gateways key-exchange key. Finally, the software transmits a message consisting of the OI and the PI to the merchant.
Cardholder receives response and sends request

When the merchant software receives the order, it verifies the card holder signature certificate by traversing the trust chain to the root key. Next it uses the cardholder public signature key and the message digest of the PI (included with the OI) to check the digital signature to ensure that the order has not been tampered with in transit and that it was signed using the cardholder private signature key. The merchant software then processes the order including the payment authorization described in previous section. Note: it is not necessary for the merchant to perform the authorization phase prior to sending a response to the cardholder. The cardholder can determine later if the authorization has been performed by sending an order inquiry message.
BSIT 62 E-Commerce
135
After the OI has been processed, the merchant software generates and digitally signs a purchase response message, which includes the merchant signature certificate and indicates that the cardholders order has been received by the merchant. The response is then transmitted to the cardholder. If the authorization response indicates that the transaction was approved, the merchant will ship the goods or perform the services indicated in the order.
Merchant processes request message

When the cardholder software receives the purchase response message from the merchant, it verifies the merchant signature certificate by traversing the trust chain to the root key. It uses the merchant public signature key to check the merchants digital signature. Finally, it takes some action based on the contents of the response message, such as displaying a message to the a message to the cardholder or updating a database with the status of the order. The cardholder can determine the status of the order (such as whether it has been authorized or submitted for payment) by sending an order inquiry message.
Payment Authorization
The figure shown below provides a high level overview of a merchants payment authorization process. This scenario is divided into its three fundamental steps in the following detailed sections. The icon to the left corresponds to the diagram below and serves as a map to this scenario; it is repeated in the explanations of the more detailed diagrams with a shaded region that indicates which step is being described.
PAYMENT AUTHORIZATION MERCHANT COMPUTER

MERCHANT REQURESTS AUTHORIZATION MERCHANT PROCESSES RESPONSE
AUTHORIZATION REQUEST
PAYMENT GATEWAY
PAYMENT GATEWAY PROCESSES AUTHORIZATI ON RQUEST
AUTHORIZATION RESPONSE
Fig. 11.7
136
During the processing of an order from a cardholder (see Section), the merchant will authorized the transaction. The merchant software generates and digitally signs an authorization request, which includes the amount to be authorized, the transaction identifier from the OI and other information about the transaction. The request is then encrypted using a new randomly generated symmetric key, which in turn is encrypted using the public key-exchange key of the Payment Gateway. (This is the same key the cardholder used to encrypt the digital envelope of the payment instructions) The authorization request and the cardholder payment instructions are then transmitted to the Payment Gateway. Note: The SET protocol also includes a sales transaction that allows a merchant to authorize a transaction and request payment in a single message. While the sales message includes an additional block of data on the request from the merchant, it otherwise parallels the message flow being described in this section. Details about the processing of a sales transaction are provided in Book 2: Programmers Guide. When the Payment Gateway receives the authorization request, it decrypts the digital envelope of the authorization request to obtain the symmetric encryption key. It uses the symmetric key to decrypt the request. It then verifies the merchant signature certificate by traversing the trust chain to the root key; it also verifies that the certificate has not expired. It uses the merchant public signature key to ensure the request was signed using the merchant private signature key. Next the Payment Gateway decrypts the digital envelope of the Payment Instructions to obtain the symmetric encryption key and the account information. It uses the symmetric key to decrypt the PI. It then verifies the cardholder signature certificate by traversing the trust chain to the root; it also verifies that the certificate has not expired. Next it uses the cardholder public signature key and the message digest of the OI (included in the PI) to check the digital signature to ensure that the PI has not been tampered with in transit and that it was signed using the cardholder private signature key. Next, the Payment Gateway verifies that the transaction identifier received from the merchant matches the one in the cardholder Payment Instructions. The Payment Gateway then formats and send an authorization request to the Issuer via a payment system. Upon receiving an authorization response from the Issuer, the Payment Gateway generates an digitally signs an authorization response message, which includes the Issuers response also includes an optional capture token with information the Payment Gateway will need to process a capture request. The capture token is only included if required by the Acquirer. The response is then encrypted using a new randomly generated symmetric key, which in turn is encrypted using the merchant public key-exchange key. The response is then transmitted to the merchant.
Payment Gateway Processes Authorization request:

When the merchant software receives the authorization response message from the Payment Gateway,
BSIT 62 E-Commerce
137
it decrypts the digital envelope to obtain the symmetric encryption key. It uses the symmetric key to decrypt the response message. It then verifies the Payment Gateway signature certificate by traversing the trust chain to the root key. It uses the Payment Gateway public signature key to check the Payment Gateway digital signature. The merchant software will store the authorization response and the capture token to be used when requesting payment through a capture request. The merchant then completes processing of the cardholders order y shipping the goods or performing the services indicated in the order.
Payment Capture
The figure shown below provides a high level overview of a merchants payment capture process. This scenario is divided into its three fundamental steps in the following detailed sections. The icon to the left corresponds to the diagram below and serves as a map to this scenario; it is repeated in the explanations of the more detailed diagrams with a shaded region that indicates which step is being described.
PAYMENT CAPTURE MERCHANT COMPUTER

MERCHANT REQUESTS PAYMENT MERCHANT RECEIVES RESPONSE
CAPTURE REQUEST
PAYMENT GATEWAY
PAYMENT GATEWAY PROCESSES CAPTURE REQUEST
CAPTURE RESPONSE
Fig. 11.8
After completing the processing of an order from a cardholder the merchant will request payment. There will often be a significant time lapse between the message requesting authorization and the message requesting payment. The merchant software generates and digitally signs a capture request, which includes the final amount of the transaction, the transacting identifier from the OI and other information about the transaction. The request is then encrypted suing anew randomly generated symmetric key, which in turn is encrypted suing
138
the public key-exchange key of the Payment Gateway. The capture request and optionally the capture token if one was included in the authorization response are then transmitted to the Payment Gateway. Note: While the flow described here contains only a single capture request, the merchant software is permitted to batch multiple request into a single message.
Merchant request payment

When the Payment Gateway receives the capture request, it decrypts the digital envelope of the capture request to obtain the symmetric encryption key. It uses the symmetric key to decrypt the request. It then uses the merchant public signature key to ensure the request was signed using the merchant private signature key. The Payment Gateway decrypts the capture token (if present) and then uses the information from the capture request and the capture token to format a clearing request, which it sends to the Issue via a payment card payment system. The payment Gateway then generates a digitally signs a capture response message, which includes a copy of the Payment Gateway Signature certificate. The response is then encrypted using a new randomly generated symmetric key, which in turn is encrypted using the merchant public key-exchange key. The response is then transmitted to the merchant. When the merchant software receives the capture response message from the Payment Gateway, it decrypts the digital envelope to obtain the symmetric encryption key. It uses the symmetric key to decrypt the response message. It then verifies the Payment Gateway signature certificate by traversing the trust chain to the root key. It uses the Payment Gateway digital signature. The merchant software will store the capture response to be used for reconciliation with payment received from the Acquirer.
Additional Messages
Programmers Guide: Book 2: Programmers Guide contains information about additional messages that are not described here. Certificate Inquiry: If the CA is unable to complete the processing of a certificate request quickly, it will send a reply to the cardholder or merchant indicating that the requester should check back later. The Certificate Inquiry message is used to determine the status of the certificate request and to receive the certificate if the request has been approved. Purchase Inquiry: Cardholders can check the status of the processing of an order after the purchase response has been received by sending an Order Inquiry. Note that this message does not include information such as the status of back ordered goods, but does indicate the status of authorization, capture and credit processing.
BSIT 62 E-Commerce
139
Authorization Reversal: The Authorization Reversal message allows a merchant to correct previous authorization requests. If the order will not be completed, the merchant will reverse the entire authorization. If part of the order will not be completed (such as when goods are back ordered), the merchant will reverse part of the amount of the authorization. Capture Reversal: The Capture Reversal message allows a merchant to correct errors in capture requests such as transaction amounts that were entered incorrectly by a clerk. Credit: The Credit message allows a merchant to issue a credit to a card holders account such as when goods are returned or were damaged during shipping. Note that the SET Credit message is always initiated by the merchant, not the cardholder. All communications between the cardholder and merchant that result in a credit being processed happen outside of SET. Payment Gateway Certificate Request: The Payment Gateway Certificate Request message allows a merchant to query the Payment Gateway and receive a copy of the gateways current key-exchange and signature certificates. Batch Administration: The Batch Administration message allows a merchant to communicate information to the Payment Gateway regarding merchant batches.
11.12 REFERENCE BOOKS

1. 2. Ravi Kalkota and A.B. Whinston, Frontiers of Electronic Commerce Daniel Minoli and Emma Minoti, Web Commerce Technology Hand Book
m m m

BSIT 62 Book

Cargado por

Información del documento

Título original

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

BSIT 62 Book

Cargado por

Copyright:

Formatos disponibles

BSIT 62 E-Commerce

Chapter 1 - Web commerce

1.1 CONCEPT OF COMMERCE AND E-COMMERCE

Chapter 1 - Web commerce

Chapter 1 - Web commerce

Chapter 2 - Fundamentals of consumer oriented e-commerce

Fundamentals of consumer oriented e-commerce

2.1 BASIC TENETS OF E-COMMERCE IN A CONSUMER ORIENTED SCENARIO

Chapter 2 - Fundamentals of consumer oriented e-commerce

2.2 BASIC BANKING SERVICES

Chapter 2 - Fundamentals of consumer oriented e-commerce

B an k S w itch in g cen tre

B an k S w itch in g cen tre

B an k S w itch in g cen tre

A ssociatio n sw itch in g c e n tre

B an k S w itch in g cen tre

2.3 HOME SHOPPING

2.4 HOME ENTERTAINMENT

2.5 MICROTRANSACTIONS FOR INFORMATION

2.6 DESIRABLE CHARACTERISTICS OF E-MARKETING

Chapter 2 - Fundamentals of consumer oriented e-commerce

2.6.1 A minimal size of the place

2.6.2 A scope for interactions

2.6.3 Scope for designing new products

2.6.4 A seamless connection to the marketplace

2.6.5 Recourse for disgruntled users

10. What is the need for settling disputes?

Chapter 3 - Electronic Commerce and the World Wide Web

Electronic Commerce and the World Wide Web

Chapter 3 - Electronic Commerce and the World Wide Web

3.1 ARCHITECTURAL FRAMEWORK FOR ELECTRONIC COMMERCE

3.1.1 Electronic Commerce Application Services

Brokerage and data management

Secure messaging Middleware services Network infrastructure

Chapter 3 - Electronic Commerce and the World Wide Web

3.1.2. Information Brokerage and Management

3.1.3. Interface and Support Services

3.1.4. Secure Messaging and Structured Document Interchange Services

16 3.1.5 Middleware Services

Chapter 3 - Electronic Commerce and the World Wide Web

3.2 WORLD WIDE WEB (WWW) AS THE ARCHITECTURE

Local or companyspecific data

Digital library of document / data servers

Mosaic / WWW browser

Data and transaction management

Third party information processing tools / services

Electronic payment servers

Fig. 3.2 Block diagram depicting an electronic commerce architecture.

Chapter 3 - Electronic Commerce and the World Wide Web

10. Name the three stages of e-commerce architecture on web.

Consumer-Oriented Electronic Commerce

4.1 DESIRABLE CHARACTERISTICS OF AN ELECTRONIC MARKETPLACE

Chapter 4 - Consumer-Oriented Electronic Commerce

4.2 MERCANTILE PROCESS MODELS

4.3 MERCANTILE MODELS FROM THE CONSUMERS PERSPECTIVE

Product / service search and discovery in the information space

4.3.1 Pre-purchase Preparation

Chapter 4 - Consumer-Oriented Electronic Commerce

4.3.2. Information Brokers and Brokerages

4.3.3. Purchase Consummation

4.3.4. Postpurchase Interaction

Chapter 4 - Consumer-Oriented Electronic Commerce

4.4 MERCANTILE MODELS FROM THE MERCHANTS PERSPECTIVE