Electronic Commerceand the Internet

Chapter 6

Future of the InternetFuture of the Internet

Today

Faster & cheaper access

Web surfing Search engines Publishing

Future

Secure transactions Business-to-Business (EDI) Extranets Filters/constraints Bandwidth Collaborative Computing Widely available in-home

services Multimedia Majority ONLINE!

Definitions

Electronic Commerce ( EC )

A new concept covering buying and selling of products, services and information via computer networks, including the internet.

EC applies different technologies, varying from EDI till e-mail.

In fact we can also consider buying food at a POS automate using a smart card as a form of electronic commerce.

In 10 years from now the term will be completely obsolete.

O’Brien 210

Electronic Market

Buyers and sellers negotiate on an on-line or off-line sales transaction.

Network of interactions and relations where information, products, services and payments are exchanged.

The business center is not a physical building but a network-based location.

Participants: sellers, buyers, brokers they are on different locations sometimes they don’t know each other

Electronic Market: B2C

O’Brien 211

ElectronicMarket

•IInformation request•Ddelivery

Payment authorization request

Payment

•PPayment notice

EFT

PurchaserSeller

Order

Order reply

Bank of the purchaser Transaction Handlers bankTrusted party

bank Supplier

•PPayment order

Interactive Marketing

Marketing-process on the Internet1.Define market segment and potential clients (Websites)

2.Develop promotional material, order forms, …

3.Push technology towards client display (email, newsgroup, web-broadcasting, …)

4. Interactive dialog with the clients

5. Feed-back from clients

6.Online client service.

Push and pull oriented marketing

Client Centric

Clients

Commercialkernel functions

Competitorsenvironment

Internet

Web-sitesIn

tran

ets

Ex

tran

ets

CompetitorsWorld wide-

markets

Suppliers

Costcontrol

Potentialmarkets

Technological developments

Commercialpartners

Communicationwithin the enterprise

Systems

Clientservices

Sales

Marketing

O’Brien 221

Technological Components

O’Brien 228

Location or enterprise

specific data

Web-browser

Browser-extensions

Informationretrieval

Data andtransaction

management

SecureCommuni-

cations

Database serversfor data andmultimedia

Third party software

and services

Database serversfor data andmultimedia

Interorganisational Systems (B2B)

Information flow between two or more organisationsefficient transaction processingno bargaining, only executionpre-defined formats, no telephone calls nor paper

Drivers reduced cost for routine business transactions (SWIFT) improved quality of the procedures because of less errors reduced processing time (Singapore) lower cost for paper handlingbusiness process easier for the users

TypesEDI, EFT,XML, e-mailshared databases

O’Brien 211

Establishing Trust

Without trust between parties online, the value of electronic transactions remains limited.

The concept of a certificate authority, trusted by all parties involved in electronic transactions, is at the heart of new security practices for E-business.

Outsourcing trust is not always the best solution; it has consequences for vulnerability and the degree of comfort.

Role of the certificate Authority

Facilitate E-commerce among parties.

Identify and authenticate certificate requesters and users.

Maintain records on certificates issued.

Audit itself and (as appropriate) its subscribers.

Where possible, avoid or resolve disputes due to the use of certificates.

Absorb risk and take fiduciary responsibility for certificate issuance.

Advantages for the Organisation

Lower cost for handling, creation and storage of paper information

electronic purchasing system

electronic payment 95% cheaper than check

Reduced stock and overhead with “pull-type” delivery

Reduced time between sales and payment

Supports BPR efforts , leading to higher efficiency

Advantages for the Client

More alternatives from various vendors

Cheaper products and services

Often immediate delivery

24 hours service

Relevant information can can be obtained after seconds instead of after days

Constraints

Lack of security standards

Insufficient bandwidth

Problems with Interoperability

Accessibility of the internet

Remaining legal aspects (digital signature)

Still in full evolution

Clients do not like changes

Still limited number of buyers and sellers

Problems with human relationships.

SET Secure Electronic Transaction

1. Client initiates a transaction by sending a request and a signed, encrypted authorization. The supplier can not access the credit card number because it is encrypted.

2. The supplier passes on authorization. The bank can decrypt this and see the credit card number. It can also check the signature.

3. Acquiring bank checks credit card with card issuer.

4. Card issuer authorizes and signs transaction.

5. Bank authorizes merchant and signs transaction.

6. Customer gets goods or service and a receipt.

7. Supplier asks to capture the transaction and get the money.

8. Supplier gets paid according to its contract.

9. Customer gets monthly bill from card issuer.

E-cash Electronic Cash

1. Customers open an account with a bank and either buy or receive free special software for their PC,s.

2. The customers buy electronic money by using the software. Their accounts are debited accordingly.

3. The bank sends an electronic money note to this customer, endorsing it with a digital signature (made with its private key). Customers then inquire whether the money is available by using the bank’s public key.

4. The money is stored on the buyer’s PC and can be spent in any store that accepts E-cash.

5. The software is used to transfer the E-cash to the seller’s computer. The seller uses the bank’s and customer’s public keys to verify that the money belongs to the specific buyer and is indeed at hand.

6. The seller then deposits the E-cash in the bank, crediting his regular or electronic account.

Electronic Credit CardsEncrypted payments

1. Customer sends the encrypted credit card information and digital signature to the supplier.

2. The merchant validates the customer’s identity as the owner of the credit card account.

3. The supplier checks the information with his own bank or credit card processor. Authorization is obtained by contacting the customer’s bank.

4. When the authorization is sent to the supplier’s bank, the deal can be concluded.

5. The customer’s account is debited and the supplier’s account is credited.

Electronic Credit CardsPayment using a third party

More secure since card details aren’t transmitted over the net. Expensive but fast. Using a trusted party like “First Virtual Holdings Company” (FV).

1. Customer opens a bank account with FV.

2. The customer buys an item and provides the supplier with his FV number and an authorization to access this account.

3. The supplier accesses FV to request fund authorization in the customer’s account.

4. FV verifies the customer and checks for sufficient funds.

5. FV sends an electronic message to the buyer: “Do you agree to pay?”

6. If customer approves, FV tells the merchant to proceed.

7. Customer’s account is debited.

Electronic checks

similar to regular checks, secured by public key cryptography.1. The customer establishes a checking account with a bank.

2. The customer contacts a supplier, buys a product or service and e-mails an encrypted electronic check.

3. The supplier deposits the check in his account; money is debited in the buyer’s account and credited to the seller,s account.

E-checks carry an encrypted digital signature and additional information.

Can be exchanged between financial institutions via electronic clearinghouses.

Can be used as payment instruments in EDI-applications. The NetCheck system.

Accept paper checks in exchange for crediting customer’s NetCheck account.

Integrated with financial institutions.

Electronic Payment Cards

Traditional bank cards

Payment cards for specific companies

(transportation)

Smart cards: electronic purse

NNE New Network Economy

500 million citizens and companies will soon use the internet

Internet technology becomes very user friendly

Competitive power of a country depends also on its internet penetration

Barriers are mainly mental and cultural (wait and see mentality)

85% of e-commerce is B2B

Sources of problems

Unstable softwareBugs are exploited

Uncareful system administrationSecurity optionsBad passwords

TipsWork with recent software (applications and operating

system)Install security options in your browserMake backups (long enough because they can contain

virusses)

Hackers

Internet financial transactionsnot more unsafe than FAX, telephone, regular mail, … Intrusion: also possible in normal shops or domicilesCertainly safer than credit cards Intrusion immediately reported worldwideEasier to encrypt than other communication techniques

Economy can not wait until the ultimate secure system is available

The critical value of NNE is already reached in US and Scandinavia

The value of a network increases with the square of the number of participants

The risk of e-mail

Reading an e-mail is not dangerous The risk is in the attachments

Can contain executable files that can import virussesA word or excel file can contain dangerous macrosVirus scanners

• McAfee• Norton Antivirus• F-prot• Thunderbyte scanner

Encrytion products also for authentication• PGP pretty good privacy

Risks of surfing the internet

Downloaded files should be scanned for virusses

Pages with active contents like Java applets or Actve-X controls can also import virusses

Recent browsers warn you if page contains active elements

Static pages are very safe

Privacy risks with surfing

Some websites ask personal data at login

Risk for undesired e-mail and publicity

IP-address is always known but difficult to use

Never transmit un-encrypted credit card numbers

Carlos Felipe Salgado Jr.

SSL encrypt credit card numbers (secure socket layer)