1

Electronic Commerce

Prof. Indranil Sen GuptaDept. of Computer Science & Engg.

I.I.T. Kharagpur, INDIA

Indian Institute of Technology Kharagpur

Lecture 35: Electronic Commerce

On completion, the student will be able to: 1. Illustrate the typical architecture of an electronic

commerce system.2. Identify the main challenges that need to be solved

in an e-commerce implementation.3. Explain the various electronic payment systems in

use.

2

Introduction

• What is E-commerce?Process of buying, selling, or exchanging products, services, and information through computer networks.

• How is it different from E-business?EB is a broader form of EC, that also includes:

Servicing customers.Collaborating with business partners.Carry out transactions electronically within an organization.

Dimensions of E-Commerce

Digital Product

Physical Product

Digital Agent

Physical Agent

Digital Process

Physical Process

3

• Traditional commerce:All the dimensions are physical in nature.Perform all business transactions off-line.Buy and sell products through physical agents and representatives.

• Pure E-commerce:All the dimensions are digital in nature.Pure online (virtual) organizations.Buy and sell products online.

• Hybrid approach:A combination of digital and physical dimensions.Primary business carried out in the physical world.Provide some services on-line.

4

5

Classification of E-commerce by Nature of Transaction

6

• Business-to-business (B2B):All the participants are businesses or other organizations.

• Business-to-consumer (B2C):The businesses sell their products to consumers (individual shoppers).

• Business-to-business-to-consumer (B2B2C)

A business provides some service to a client business.The client business maintains its own customers, to whom the service is finally provided.

• Consumer-to-business (C2B):Individuals can sell products or provide services through the Internet to organizations.

• Consumer-to-consumer (C2C):An individual can sell products or services directly to another individual.

• Mobile commerce (M-commerce):E-commerce in a wireless mobile environment.

• Location commerce (L-commerce):M-commerce transactions targeted to individuals in specific locations at specific times.

7

• Intrabusiness E-commerce:This includes all internal organizational activities among various departments and sections in an organization.

• Collaborative commerce (C-commerce):Individuals or groups collaborate online.

E-commerce is Interdisciplinary

• Encompasses several disciplines:Computer scienceConsumer behaviorManagement information systemBusiness laws and ethicsEconomicsAccounting and auditingNetwork security

8

Benefits of E-commerce

• Point-of-view of organizations:Can expand the marketplace beyond geographic boundaries.Reduce overheads of paper-based information processing.Lowers communication cost.Allows reduced inventories and overheads.

• Point-of-view of consumers:Allows shopping 24 hours a day.From any geographic location.Provides a wide variety of choices.Allows quick product and price comparisons before making final selection.Allows quick delivery of products.Virtual auctions are possible.

9

• Point-of-view of society:More number of individuals can work at home, less traveling for shopping.

Less traffic, less pollution.Enables people to have access to products which otherwise were out of their reaches.

Limitations of E-commerce

• Technical issues:Lack of standardization.Security becomes a very big issue.It is sometimes difficult to integrate EC technologies with existing applications.

10

Getting it to Work

• A big challenge to organizationsHow to put together tools and technologies and get competitive advantage in implementing EC.Setting up the required connectivity through networking is most important.Most of EC transactions carried out through:

InternetIntranetExtranet

• Major concern to many:How to transform themselves to take advantage of E-commerce?

A company selling cookwares.A company selling toys.A company selling food items.

11

Electronic Payment System

Basic Requirements

• An electronic payment system must possess the following desirable properties:

Widely recognized and accepted.Convenient to use.Hard to tamper with.Based on well-established security principles.

12

Payment by Cheques

Customer Merchant

Bank

Payment

Submit

ClearStatement

• Some issues:Merchant has no way of confirming the validity of the cheque until it is cleared by the bank.Consumer cannot detect any fraud anywhere until the statement arrives from the bank.Cost of processing errors can be fatal.

Vastly outweighs the cost of normal actions.

13

Payment by Credit Cards

Customer Merchant

Bank AuthorizationSystem

Payment

Statement

Settlement

Request authorization

Receive authorization

• Some issues:Authentication is carried out online.

Using credit card number, card holder’s name, date of expiry, etc.

Settlement with the bank is usually done offline.

Processed at the end of the day, for instance.Consumer cannot detect any fraud until the statement arrives.

This process can be sped up through Internet statement access.

14

Merchant carries the risk of fraud in “card not present” transactions.

Transactions carried out without the merchant physically verifying the card.Credit card companies often assume liabilities for their merchants, which banks with cheque cannot.

Internet Transactions

Customer Merchant

Bank

MiddlemanAuthorization

System

Payment instruction

Authorize

Settlement

15

• Some issues:These are “card not present” transactions.

Online nature provides instant verification.The most important issue is authentication and confidentiality.

All payment systems in existence today in Internet transaction systems are some small variation of this general principle.

Payment Systems

• Book entry systems:Credit cards over SSLE-cheque (Netcash)Virtual credit cards (First Virtual)Encrypted credit cards (Cybercash)Secure Electronic Transaction (SET)……

• Bearer certificate systems:True digital cash (Digicash)

16

SET : A Case Study

Introduction

• SET is based on two earlier protocols:STT (VISA / Microsoft)SEPP (MASTERCARD / IBM)

• Some features:Card details are never disclosed to the merchant.

Encrypted purchase instruction (PI) can only be decrypted by the acquirer.PI is cryptographically tied to the order instruction (OI) processed by the merchant.Client’s digital signature protects the merchant from client repudiation.

17

• The SET protocol is very complex.• Includes certification management also.

SET has complete public key infrastructure (PKI) using customized X.509 standard.Certificates implemented as X.509 profile with SET-specific extensions.Card based infrastructure makes certificate management relatively easy.

18

SOLUTIONS TO QUIZ QUESTIONS ON

LECTURE 34

Quiz Solutions on Lecture 34

1. What is the basic purpose of SSL record protocol?

The SSL record protocol is mainly responsible for data encryption and integrity. It is also used to encapsulate data sent by other higher level SSL protocols.

19

Quiz Solutions on Lecture 34

2. What does SSL handshake protocol aim to achieve?

The SSL handshake protocol serves the following purposes:

Initiate a session between the server and the client.Negotiate the algorithms and keys to be used for data encryption.Provide mutual authentication.

Quiz Solutions on Lecture 34

3. What is the difference between tunnel mode and transport mode in IPSec?

The tunnel mode encapsulates the entire IP packet within IPSec protection.

The transport mode encapsulates only the transport layer information within IPSec protection.

20

Quiz Solutions on Lecture 34

4. What is the difference in the functionalities of SSL and s-HTTP?

The main difference is:SSL is designed to establish a secure connection between two hosts.s-HTTP is designed to send individual messages securely.

QUIZ QUESTIONS ONLECTURE 35

21

Quiz Questions on Lecture 34

1. How is E-business different from E-commerce?

2. What is M-commerce? Why is it considered to be important in modern day scenario?

3. What benefits can E-commerce provide to consumers?

4. What are the requirements of a good electronic payment system?

5. What are “card not present” transactions? How are they handled in Internet shopping?