320 likes | 416 Views
Chapter 6. Electronic Commerce and the Internet. Today Faster & cheaper access Web surfing Search engines Publishing. Future Secure transactions Business-to-Business (EDI) Extranets Filters/constraints Bandwidth Collaborative Computing Widely available in-home services Multimedia
E N D
Chapter 6 Electronic Commerceand the Internet
Today Faster & cheaper access Web surfing Search engines Publishing Future Secure transactions Business-to-Business (EDI) Extranets Filters/constraints Bandwidth Collaborative Computing Widely available in-home services Multimedia Majority ONLINE! Future of the Internet
Definitions • Electronic Commerce ( EC ) • A new concept covering buying and selling of products, services and information via computer networks, including the internet. • EC applies different technologies, varying from EDI till e-mail. • In fact we can also consider buying food at a POS automate using a smart card as a form of electronic commerce. In 10 years from now the term will be completely obsolete. O’Brien 210
Electronic Market • Buyers and sellers negotiate on an on-line or off-line sales transaction. • Network of interactions and relations where information, products, services and payments are exchanged. • The business center is not a physical building but a network-based location. • Participants: sellers, buyers, brokers • they are on different locations • sometimes they don’t know each other
Electronic Market: B2C Seller Purchaser Electronic Market • IInformation request • Ddelivery Order Order reply • PPayment order • PPayment notice Payment authorization request EFT Payment Bank of the purchaser Transaction Handlers bank Trusted party bank Supplier O’Brien 211
Interactive Marketing • Marketing-process on the Internet 1.Define market segment and potential clients (Websites) 2. Develop promotional material, order forms, … 3. Push technology towards client display (email, newsgroup, web-broadcasting, …) 4. Interactive dialog with the clients 5. Feed-back from clients 6. Online client service. • Push and pull oriented marketing
Client Centric Web-sites Competitors World wide- markets Technological developments Communication within the enterprise Systems Sales Suppliers Clients Client services Commercial partners Extranets Intranets Marketing Cost control Commercial kernel functions Potential markets Competitors environment Internet O’Brien 221
Technological Components Database servers for data and multimedia Information retrieval Location or enterprise specific data Web-browser Data and transaction management Third party software and services Secure Communi- cations Browser- extensions Database servers for data and multimedia O’Brien 228
Interorganisational Systems (B2B) • Information flow between two or more organisations • efficient transaction processing • no bargaining, only execution • pre-defined formats, no telephone calls nor paper • Drivers • reduced cost for routine business transactions (SWIFT) • improved quality of the procedures because of less errors • reduced processing time (Singapore) • lower cost for paper handling • business process easier for the users • Types • EDI, EFT,XML, e-mail • shared databases O’Brien 211
Establishing Trust • Without trust between parties online, the value of electronic transactions remains limited. • The concept of a certificate authority, trusted by all parties involved in electronic transactions, is at the heart of new security practices for E-business. • Outsourcing trust is not always the best solution; it has consequences for vulnerability and the degree of comfort.
Role of the certificate Authority • Facilitate E-commerce among parties. • Identify and authenticate certificate requesters and users. • Maintain records on certificates issued. • Audit itself and (as appropriate) its subscribers. • Where possible, avoid or resolve disputes due to the use of certificates. • Absorb risk and take fiduciary responsibility for certificate issuance.
Advantages for the Organisation • Lower cost for handling, creation and storage of paper information • electronic purchasing system • electronic payment 95% cheaper than check • Reduced stock and overhead with “pull-type” delivery • Reduced time between sales and payment • Supports BPR efforts , leading to higher efficiency
Advantages for the Client • More alternatives from various vendors • Cheaper products and services • Often immediate delivery • 24 hours service • Relevant information can can be obtained after seconds instead of after days
Constraints • Lack of security standards • Insufficient bandwidth • Problems with Interoperability • Accessibility of the internet • Remaining legal aspects (digital signature) • Still in full evolution • Clients do not like changes • Still limited number of buyers and sellers • Problems with human relationships.
SET Secure Electronic Transaction 1. Client initiates a transaction by sending a request and a signed, encrypted authorization. The supplier can not access the credit card number because it is encrypted. 2. The supplier passes on authorization. The bank can decrypt this and see the credit card number. It can also check the signature. 3. Acquiring bank checks credit card with card issuer. 4. Card issuer authorizes and signs transaction. 5. Bank authorizes merchant and signs transaction. 6. Customer gets goods or service and a receipt. 7. Supplier asks to capture the transaction and get the money. 8. Supplier gets paid according to its contract. 9. Customer gets monthly bill from card issuer.
E-cash Electronic Cash 1. Customers open an account with a bank and either buy or receive free special software for their PC,s. 2. The customers buy electronic money by using the software. Their accounts are debited accordingly. 3. The bank sends an electronic money note to this customer, endorsing it with a digital signature (made with its private key). Customers then inquire whether the money is available by using the bank’s public key. 4. The money is stored on the buyer’s PC and can be spent in any store that accepts E-cash. 5. The software is used to transfer the E-cash to the seller’s computer. The seller uses the bank’s and customer’s public keys to verify that the money belongs to the specific buyer and is indeed at hand. 6. The seller then deposits the E-cash in the bank, crediting his regular or electronic account.
Electronic Credit CardsEncrypted payments 1. Customer sends the encrypted credit card information and digital signature to the supplier. 2. The merchant validates the customer’s identity as the owner of the credit card account. 3. The supplier checks the information with his own bank or credit card processor. Authorization is obtained by contacting the customer’s bank. 4. When the authorization is sent to the supplier’s bank, the deal can be concluded. 5. The customer’s account is debited and the supplier’s account is credited.
Electronic Credit CardsPayment using a third party • More secure since card details aren’t transmitted over the net. • Expensive but fast. • Using a trusted party like “First Virtual Holdings Company” (FV). 1. Customer opens a bank account with FV. 2. The customer buys an item and provides the supplier with his FV number and an authorization to access this account. 3. The supplier accesses FV to request fund authorization in the customer’s account. 4. FV verifies the customer and checks for sufficient funds. 5. FV sends an electronic message to the buyer: “Do you agree to pay?” 6. If customer approves, FV tells the merchant to proceed. 7. Customer’s account is debited.
Electronic checks • similar to regular checks, secured by public key cryptography. 1. The customer establishes a checking account with a bank. 2. The customer contacts a supplier, buys a product or service and e-mails an encrypted electronic check. 3. The supplier deposits the check in his account; money is debited in the buyer’s account and credited to the seller,s account. • E-checks carry an encrypted digital signature and additional information. • Can be exchanged between financial institutions via electronic clearinghouses. • Can be used as payment instruments in EDI-applications. • The NetCheck system. • Accept paper checks in exchange for crediting customer’s NetCheck account. • Integrated with financial institutions.
Electronic Payment Cards • Traditional bank cards • Payment cards for specific companies (transportation) • Smart cards: electronic purse
NNE New Network Economy • 500 million citizens and companies will soon use the internet • Internet technology becomes very user friendly • Competitive power of a country depends also on its internet penetration • Barriers are mainly mental and cultural (wait and see mentality) • 85% of e-commerce is B2B
Sources of problems • Unstable software • Bugs are exploited • Uncareful system administration • Security options • Bad passwords • Tips • Work with recent software (applications and operating system) • Install security options in your browser • Make backups (long enough because they can contain virusses)
Hackers • Internet financial transactions • not more unsafe than FAX, telephone, regular mail, … • Intrusion: also possible in normal shops or domiciles • Certainly safer than credit cards • Intrusion immediately reported worldwide • Easier to encrypt than other communication techniques • Economy can not wait until the ultimate secure system is available • The critical value of NNE is already reached in US and Scandinavia • The value of a network increases with the square of the number of participants
The risk of e-mail • Reading an e-mail is not dangerous • The risk is in the attachments • Can contain executable files that can import virusses • A word or excel file can contain dangerous macros • Virus scanners • McAfee • Norton Antivirus • F-prot • Thunderbyte scanner • Encrytion products also for authentication • PGP pretty good privacy
Risks of surfing the internet • Downloaded files should be scanned for virusses • Pages with active contents like Java applets or Actve-X controls can also import virusses • Recent browsers warn you if page contains active elements • Static pages are very safe
Privacy risks with surfing • Some websites ask personal data at login • Risk for undesired e-mail and publicity • IP-address is always known but difficult to use • Never transmit un-encrypted credit card numbers • Carlos Felipe Salgado Jr. • SSL encrypt credit card numbers (secure socket layer)