E Commerce
E Commerce
(DISTANCE MODE)
DBA 1727
E-COMMERCE TECHNOLOGY
AND MANAGEMENT
III SEMESTER
COURSE MATERIAL
i
Author
Mr.A.K.Sheik Manz
Mr.A.K.Sheik oor
Manzoor
Lecturer
Department of Management Studies,
Anna University Chennai,
Chennai- 600025
Reviewer
Dr. L. Suganthi
Professor
Department of Management Studies
Anna University Chennai
Chennai - 600 025
Editorial Board
Dr.T
Dr.T.V
.T.V.Geetha
.V.Geetha Dr.H.P
Dr.H.P eer
.H.Peer
eeruu Mohamed
Professor Professor
Department of Computer Science and Engineering Department of Management Studies
Anna University Chennai Anna University Chennai
Chennai - 600 025 Chennai - 600 025
Dr.C
.C.. Chella
Dr.C ppan
Chellappan D rr.A.K
.A.K annan
Professor Professor
Department of Computer Science and Engineering Department of Computer Science and Engineering
Anna University Chennai Anna University Chennai
Chennai - 600 025 Chennai - 600 025
Copyrights Reserved
(For Private Circulation only)
ii
iii
iii
iv
ACKNOWLEDGEMENT
The author has drawn inputs from several sources for the preparation of this course material, to meet the
requirements of the syllabus. The author gracefully acknowledges the following sources:
Inspite of at most care taken to prepare the list of references any omission in the list is only accidental and
not purposeful.
A.K.Sheik Manzoor
Author
v
vi
DBA 1727 E- COMMERCE TECHNOLOGY AND MANAGEMENT
Dividing forces –benefits and limitations of e-commerce- Basics of data mining, data warehousing and network
infrastructure requirements - Overview of IP, TCP, HTML, OLAP and cryptography.
Retailing in E-commerce –Market research on internet customers – e-commerce for services sector-Advertising
in e-commerce –B2B e-commerce.
Intranet, internet & extranet- Structure, Architecture, Applications & Business models.
E-payments and protocols-Security schemes against internet fraud. Principles of e-fund transfer, credit and
debit card usages, E-check and unified payment systems.
Legal, ethics and privacy issues –Protection needs and methodology –Consumer protection, Cyber laws, contracts
and warranties, Taxation and Encryption polices.
REFERENCES
1. Efaim Turban etal.’Electronic Commerce –A Managerial Perspective’, Pearson Education Asia, 2002.
5. Nabil Adam et al,’Electronic Commerce –Technical, Business and Legal Issues’. Prentice Hall.1998.
vii
viii
CONTENT
UNIT I
FUNDAMENTAL OF E-COMMERCE
ix
1.5.3 Advantages of data warehouse 45
1.5.4 Types of data warehouses: 46
1.5.5 Aspects of data warehouse architecture 47
1.6 NETWORK INFRASTRUCTURE REQUIREMENTS 49
1.6.1 The Existing Network 49
1.6.2 Network Infrastructure Components 50
1.6.3 Planning Your Network Infrastructure Layout 52
1.7 TRANSMISSION CONTROL PROTOCOL/
INTERNET PROTOCOL TCP / IP 55
1.7.1 Introduction to TCP/IP 55
1.7.2 Internet Protocols 56
1.7.3 What is TCP/IP? 57
1.7.4 TCP/IP Services 58
1.7.5 Features of TCP/IP 59
1.7.6 TCP/IP Terminology 60
1.7.7 TCP/IP – Connectionless technology 64
1.8 HYPERTEXT MARKUP LANGUAGE (HTML) 64
1.8.1 Web Based Client / Server 64
1.8.2 Mark up Languages and the Web 66
1.8.3 Hypertext Markup Language (HTML) 66
1.9 OLAP: ON-LINE ANALYTICAL PROCESSING 73
1.9.1 Introduction: 73
1.9.2 What is OLAP? 73
1.9.3 Olap Server 77
1.9.4 Uses of Olap 78
1.9.5 OLAP Benefits 78
1.10 CRYPTOGRAPHY 79
1.10.1 Introduction to Cryptography 79
1.10.2 Cryptographic services 79
1.10.3 Cryptographic primitives 83
1.10.4 Authentication primitives 85
1.10.5 Cryptographic protocols 87
x
UNIT II
BUSINESS APPLICATIONS IN E-COMMERCE
xi
UNIT III
E-COMMERCE INFRASTRUCTURE
UNIT IV
E-COMMERCE PAYMENTS AND SECURITY
xii
4.1.3 Secure Electronic Transaction (SET) Protocol 217
4.2 SECURITY SCHEMES AGAINST INTERNET FRAUD 220
4.2.1 Security Issues 220
4.2.2 Security Schemes 221
4.2.3 Creating a Secure System 228
4.2.4 Storing Secure Information 229
4.3 ELECTRONIC FUNDS TRANSFER 231
4.3.1 What is EFT? 231
4.3.2 Where do we find EFT? 231
4.3.3 Advantages of EFT: 231
4.3.4 Electronic Funds Transfers Initiated By Third Parties 232
4.3.5 Online Catalogs 235
4.3.6 Intelligent Agents 236
4.4 CREDIT CARD BASED-ELECTRONIC PAYMENT SYSTEM 237
4.4.1 What is credit card? 237
4.4.2 Secured credit cards 237
4.4.3 Credit cards in ATMs 239
4.4.4 Credit Card payment-online networks 240
4.4.5 Encryption and Credit Cards 241
4.4.6 Advantages and Disadvantage of credit cards 242
4.4.7 Infrastructure for On-Line Credit Card Processing 244
4.4.8 Risks from Mistake and Disputes: Consumer Protection 245
4.5 DEBIT CARD BASED-ELECTRONIC PAYMENT SYSTEM 247
4.5.1 What is a debit card 247
4.5.2 Types of debit card 248
4.5.3 Online and offline debit transactions 249
4.5.4 Advantages and Disadvantages 250
4.6 ELECTRONIC CHECKS 252
4.6.1 E-Checks 252
4.6.2 Benefits of Electronic Checks 252
4.6.3 How do Electronic Check works? 253
4.6.4 Why do we use e-checks? 254
4.6.5 Comparison with other payment instruments 255
4.7 STORED VALUE CARDS AND E-CASH 256
4.7.1 Smart Cards 256
4.7.2 Smart Cards and Electronic Payment Systems 256
xiii
4.7.3 Electronic or Digital Cash 259
4.7.4 Using the Digital Currency 261
4.7.5 Drawback of E-cash 263
4.7.6 Business Issues and Electronic Cash 263
4.7.7 Operational Risk and Electronic Cash 264
4.7.8 Legal Issues and Electronic Cash 265
4.7.9 Electronic Tokens 267
4.7.10 Other Emerging Financial Instruments 268
UNIT V
LEGAL AND PRIVACY ISSUES
IN E-COMMERCE
xiv
5.5.3 Taxation of Ecommerce - The Significant Issues 298
5.5.4 The Future for Ecommerce Taxation 301
5.5.5 Encryption policy 301
5.5.6 Customer’s Trust Online 303
5.5.7 Steps to Plan Successful E-Commerce 304
xv
E-COMMERCE TECHNOLOGY AND MANAGEMENT
NOTES
UNIT I
FUNDAMENTAL OF E-COMMERCE
1.1.1 Introduction
Two thousand years ago, Roman roads brought trade and commerce to Europe in
an unprecedented manner. A thousand years ago, the spice routes linked the cultures of
East and West. At the dawn of the second millennium, the Internet, the world’s largest
computer network, the network of networks, is making fundamental changes to the lives
of everyone on the planet-changing forever the way business is conducted.
Internet has become an important medium for doing global business based on the
state of the art technology. Global business was conducted in a new way: electronically,
using networks and the Internet. The availability of Internet has led to the development of
E-Commerce (Electronic commerce), in which business transactions take place via
telecommunication networks. E-Commerce has two major aspects: economical and
technological. The stress of this course will show you how to get started in the complex
and exciting world of Electronic Commerce. New standards and new facilities are constantly
emerging and their proper understanding is essential for the success of an operation and
especially for those who are assigned a duty to select, establish, and maintain the necessary
infrastructure.
• The first is by use of a relatively simple Web site consisting of a few pages whereby
you tell potential customers who you are, what you do, where you are and how
NOTES
they can contact you ( easiest done by giving them your email address).
• The second way of enabling world-wide customers to buy from you is to provide
them with an On-Line Catalogue of your products which they can browse at
their leisure without having to go to your place of business.
On-Line Catalogue:
On-Line Catalogue is that catalogue where people access via the Internet. On-
Line Catalogue is an integral part of website, enabling customers to...
The next step is to request the order by filling in their details and method of payment
on a form which is waiting for them at the Check-Out. The form is already partially completed
with a breakdown of the items in their shopping cart, prices inclusive of tax, and shipping
& handling charges, if any. If they choose to pay by credit card, the form includes a place
for them to fill in their credit card number. And then, with one press of a button, they send
the order to you.
Let’s see how Electronic Commerce (EC) is defined under each perspective.
1. Communications Perspective
EC is the delivery of information, products /services, or payments over the telephone
lines, computer networks or any other electronic means.
3. Service Perspective
EC is a tool that addresses the desire of firms, consumers, and management to cut
service costs while improving the quality of goods and increasing the speed of
service delivery.
4. Online Perspective
EC provides the capability of buying and selling products and information on the
internet and other online services.
Electronic Markets:
The principle function of an electronic market is to facilitate the search for the
required product or service. Airline booking systems are an example of an electronic market.
The two key aspects of EDI that distinguish it from other forms of electronic communication,
such as electronic mail, are:
NOTES
1. The information transmitted is directly used by the recipient computer without the
need for human intervention is rarely mentioned but often assumed that EDI refers
to interchange between businesses. It involves two or more organization or parts of
organization communicating business information with each other in a common agreed
format.
2. The repeated keying of identical information in the traditional paper-based business.
Communication creates a number of problems that can be significantly reduced
through the usage of EDI. These problems include: -
• Increased time
• Low accuracy
• High labour charges
• Increased uncertainty.
To take full advantage of EDI’s benefits, a company must computerize its basic
business applications. Trading partners are individual organization that agrees to exchange
EDI transactions. EDI cannot be undertaken unilaterally but requires the cooperation and
active participation of trading partners. Trading partners normally consists of an organization’s
principal suppliers and wholesale customers. Since large retail stores transact business
with a large number of suppliers they were among the early supporters of EDI. In the
manufacturing sector, EDI has enabled the concept of Just-In-Time inventory to be
implemented. JIT reduces inventory and operating capital requirements.
EDI provides for the efficient transaction of recurrent trade exchanges between
commercial organizations. EDI is widely used by, for example, large retail groups and
vehicle assemblers when trading with their suppliers.
Internet Commerce
The Internet (and similar network facilities) can be used for advertising goods and
services and transacting one-off deals. Internet commerce has application for both business-
to-business and business to consumer transactions.
NOTES
Typically in the B2B environment, E-Commerce can be used in the following processes:
• Procurement;
• order fulfilment;
• Managing trading-partner relationships.
B2C can also relate to receiving information such as share prices, insurance quotes,
on-line newspapers, or weather forecasts. The supplier may be an existing retail outlet
such as a high street store; it has been this type of business that has been successful in using
E-Commerce to deliver services to customers. These businesses may have been slow in
gearing-up for E-Commerce compared to the innovative dot.com start ups, but they usually
have a sound commercial structure as well as in-depth experience of running a business -
something which many dotcoms lacked, causing many to fail.
Example: A home user wishes to purchase some good quality wine. The user accesses the
Internet site http://www.craigs.com.au and follows the links to read a report on the
recommended wines. After reading the tasting notes the user follows the links to place an
order along with delivery and payment details directly into the merchants’ inventory system.
The wine is then dispatched from the supplier’s warehouse and in theory is delivered to the
consumer without delay.
These sites are usually some form of an auction site. The consumer lists items for
sale with a commercial auction site. Other consumers access the site and place bids on the
items. The site then provides a connection between the seller and buyer to complete the
transaction. The site provider usually charges a transaction cost. In reality this site should
be call C2B2C.
B2A is the least developed area of E-Commerce and it relates to the way that
public sector organisations, at both a central and local level, are providing their services
on-line. Also known as e-Government, it has the potential to increase the domestic and
business use of e-Commerce as traditional services are increasingly being delivered over
the Internet. The UK government is committed to ensuring this country is at the forefront
of e-Commerce and it is essential that e-Government plays a significant part in achieving
this objective.
Scenario 1
The consumer’s credit card information goes directly through a private gateway to
a processing network, where the issuing and acquiring banks complete or deny the
transaction. This generally takes place in no more than 5-7 seconds and the consumer is
then informed that the order was received, the credit card was authorized, and that the
product will ultimately be shipped.
Scenario 2
The consumer’s entire order and credit card information is electronically submitted
back to the merchant’s server (usually via email, FTP, or SSL connection) where the order
can be reviewed first and then approved for credit card authorization through a processing
network. The consumer then receives an email shortly afterwards, confirming the order
being received, the credit card being authorized, and status on when the product will
exactly be shipped.
In both scenarios, the process is transparent to the consumer and appears virtually
the same. However, the first scenario is a more simplistic method of setting up a shopping
NOTES
cart application and does not take into consideration any back office issues that may delay
shipment (i.e., items out of stock, back orders, orders submitted after office hours or
during holidays, etc.). ManageMore’s eCommerce Manager relies on the second scenario
to handle all of its ecommerce orders. This second scenario keeps the consumer accurately
informed throughout the entire ordering process.
Let us assume an ecommerce implementation that uses the second scenario mentioned
above.
There are several basic steps you will need to accomplish before becoming Commerce
enabled.
In order to be able to accept credit cards, you must apply for an account with a
credit card merchant account provider. This can be relatively easy or somewhat difficult,
depending on which country you live in, and the type of business you are running.
When choosing a merchant account provider, the following should also be noted:
3. When choosing a merchant account provider, you should do a little research on the
NOTES company’s reputation, years in business, and company size. Constantly changing to
a new merchant account provider when your old one goes out-of business can be
costly and time consuming.
4. Avoid merchant account providers that ask for a non-refundable fee before you get
approved.
5. Avoid merchant account providers that require 1 or 2 year contract terms. Since
there are so many merchant account providers available, it doesn’t make sense to
lock your company into a commitment for any period of time.
6. Expect merchant account providers to have some form of a sign up fee after being
approved only. These fees can come in the form of an application fee, processing
fee, software fee, etc. Typically expect to pay around $100 to $500 for getting an
account setup to accept credit cards and sometimes electronic checks.
7. You should be able to find a merchant account provider that can offer you discount
credit cards rates ranging from 1.75% to 2.75% and no more than .25 cent per
transaction. If not, contact Intellisoft regarding our merchant account provider
affiliates and the free Intellicharge Interface just for signing up with them.
8. You will need a dedicated phone line or data line for processing credit cards and
electronic checks. Note: If your computer or local area network is already connected
to the internet, a separate data line will not be necessary if you use the Intellicharge
Interface for electronic payment.
Web Hosting
Web hosting is a very important step in this process, as this is how you gain a
presence on the internet in the first place. There are actually two scenarios that can be used
for web hosting. Scenario1 involves setting up and maintaining your own web server,
while Scenario 2 involves farming out all web hosting administration to an ISP.
An Internet Service Provider (ISP) is a company that provides you with internet
access and limited hard drive space on their web servers for hosting your web site.
The following should be noted when searching for an Internet Service Provider:
1. Always try to find an ISP that can provide a local telephone number for you to
connect to the internet.
The online transaction providers that offer the actual web store itself can sometimes
be hosted by your same ISP or may require a completely different provider, referred to as
a Commerce Service Provider (CSP). Many small businesses tend to choose CSP’s for
creating a web store because it gives them the flexibility of choosing a provider that offers
competitive pricing and the best shopping cart application for their needs. Online transaction
providers will usually provide one shopping cart solution they feel is better than the many
others that exist and differ by price, appearance, layout, functionality, and ease of use.
The following should be noted when dealing with shopping cart applications:
1. Online transaction providers will either sell or rent you the use of an online shopping
cart application for your business. Be forewarned that purchasing an online shopping
cart application is very expensive. Most businesses will rent these online web store
programs rather than committing to such a steep investment.
2. Rental pricing for the use of shopping cart programs vary depending on number of
transactions generated a month, number of products listed on the shopping cart
application, and the sophistication of the shopping cart application itself.
3. There are a lot of online transaction providers out there, and they all have varying
packages. Deciding on a provider’s package that fits your needs is perhaps the
most important aspect.
With little knowledge of HTML and a lot of patience, you can probably create
your own corporate web site with the help of products like Microsoft FrontPage™ or
DreamWeaver™. However, when adding a web store to your web site, you may want to
seek the help of professional web designers to make the look and feel of your web store
consistent with the rest of your corporate web site. Most shopping cart applications, like
SoftCart by Mercantec, allow its templates to be modified just for this purpose. In many
cases, the same ISP or CSP you choose can provide web design and consultation.
Contact a domain name registrar on the internet to register for a domain name.
There are many to choose from, just do a web search on “domain name registrar” to get
you started.
2. Select a unique domain name you would like others to use for finding your web site.
A digital certificate, also known as a SSL Server Certificate, enables SSL (Secure
Socket Layer encryption) on the web server. SSL protects communications so you can
take credit card orders securely and ensure that hackers cannot eavesdrop on you. Any
ecommerce company that provides you with an online web store will require you to have
SSL before you can use their services. Thankfully, for most people obtaining a digital
certificate is not a problem. For a minimal fee, one can usually use the certificate owned by
the web hosting company where your page resides. If you are a larger company, however,
you may want to get your own digital certificate.
A framework is intended to define and create tools that integrate the information
found in today’s closed systems and allows the development of e-commerce applications.
It is important to understand that the aim of the architectural frame-work itself is not to
build new database management systems, data repository, computer languages, software
agent based transaction monitors, or communication protocols. Rather, the architecture
should focus on synthesizing the diverse resources already in place in corporations to
facilitate the integration of data and software for better applications. The electronic
commerce application architecture consists of six layers of functionality, or services:
NOTES
1) applications;
2) brokerage services, data or transaction management;
3) interface, and; support layers”
4) secure messaging, security and electronic document interchange;
5) middle ware and structured document interchange; and
6) network infrastructure and basic communications services (see Table. 1.1.8 a).
In the ensuing discussion of each of these layers, we will not elaborate on the
various aspects of the network infrastructure that transports information. These were
discussed extensively earlier and will not be addressed here. We begin our discussion with
the application level services.
Consumer-to-Business Transactions
Transport.” In this new environment, brand equity can rapidly evaporate forcing
firms to develop new ways of doing business
The current accounts payable process occurs through the exchange of paper
documents. Each year the trading partners exchange millions of invoices, checks, purchase
orders, financial reports, and other transactions. Most of the documents are in electronic
form at their point of origin but are printed and key-entered at the point of receipt. The
current manual process of printing, mailing is costly, time consuming, and error-prone.
Given this situation and faced with the need to reduce costs, small businesses are looking
toward electronic commerce as a possible savior.
NOTES
Intra-organizational Transactions
Most professionals have enough trouble keeping track of files of 1 interest on one
or two database services. With all the complexity associated with large numbers of on-line
databases and service bureaus, if it is impossible to expect humans to do the searching. It
Another aspect of the brokerage function is the support for data management and
traditional transaction services. Brokerages may provide tools to accomplish more
sophisticated, time-delayed updates or future compensating transactions. These tools include
software agents, distributed query generator, the distributed transaction generator, and the
declarative resource constraint base which describes a business’s rules and-environment
information. At the heart of this layer lies the work-flow scripting environment built on a
software agent model that coordinates work and data flow among support services.
For example, suppose you send an agent to an on-line store with a request to
order a bouquet of roses for Rs. 25 or less. If the shop offers roses starting at Rs. 30, your
agent can either choose a different bouquet or find a different store by consulting an online
“Yellow Pages” directory, depending on prior instructions. Although the notion of software
agents sounds very seductive, it will take a while to solve the problems of interregna
communication, interoperable agents, and other headaches that come with distributed
computing and net-working. To some critics, the prospect of a single-agent language like
NOTES
Telescript as a world standard is disturbing. They worry that agents sound a bit too much
like computer viruses, which instead of running errands may run amok. Vendors such as
General Magic go to great lengths to explain the precautions it has taken to make this
impossible: the limits placed on the power of agents, the “self-destruct” mechanism built
into their codes. Yet until electronic commerce services are up and running on a large scale,
it is impossible to know how well software agents will work.
The third layer, interface and support services will provide interfaces for electronic
commerce applications such as interactive catalogs and will sup-port directory services-
functions necessary for information search and access. These two concepts are very
different.
The primary difference between the two is that unlike interactive catalogs, which
deal with people, directory support services interact directly with soft-ware applications.
For this reason, they need not have the multimedia glitter and jazz generally associated
with interactive catalogs. From a computing perspective, we can expect that there will be
no one common user interface that will glaze the surface of all electronic commerce
applications, but graphics and object manipulation will definitely dominate. Tool developers
and designers might incorporate common tools for interface building, but the shape of
NOTES catalogs or directories will depend on the users’ desires and functional requirements.
The importance of the fourth layer, secured messaging, is clear. Everyone in business
knows that electronic messaging is a critical business issue. Consider a familiar business
scenario:
You hand over an urgent fax Monday and find out Tuesday that it’s still sitting on
your fax operator’s desk. What happened?
The line was busy and he thought he’d try again later. Or, the number was wrong,
but he forgot to let you know. Or you’re in London and you need to send a spreadsheet
that details a marketing plan for a product introduction strategy to a co-worker in New
York. This must be done today, not tomorrow when the courier service would deliver.
There is a solution to these common and frustrating problems. It’s called Integrated
Messaging: a group of computer services that through the use of a network send, receive,
and combine messages, faxes, and large data files. Some better-known examples are
electronic mail, enhanced fax, and electronic data interchange.
Broadly defined, messaging is the software that sits between the network
infrastructure and the clients or electronic commerce applications, masking the peculiarities
of the environment. Others define messaging as a frame-work for the total implementation
of portable applications, divorcing you from the architectural primitives of your system. In
general, messaging products are not applications that solve problems; they are more enablers
of the applications that solve problems. Messaging services offer solutions for
communicating non formatted (unstructured) data-letters, memos, and reports as weft as-
formatted (structured) data such as purchase orders, shipping notices, and invoices.
Unstructured messaging consists of fax, e-mail, and form-based systems like Lotus Notes.
Structured documents messaging consist of the automated inter-change of standardized
and approved messages between computer applications, via telecommunications lines.
Examples of structured document messaging include EDI. Messaging is gaining momentum
in electronic commerce and seems to have many advantages. It supports both synchronous
(immediate) and asynchronous (delayed) message delivery and processing. With
asynchronous messaging, when a message is sent, work continues (software doesn’t wait
for a response).This allows the transfer of messages through store-and-forward methods.
The main disadvantages of messaging are the new types of applications it enables-
which appear to be more complex, especially to traditional programmers and the jungle of
standards it involves. Because of the lack of standards, there is often no interoperability
between different messaging vendors leading to islands of messaging. Also, security, privacy,
and confidentiality through data encryption and authentication techniques are important
issues that need to be resolved for ensuring the legality of the message-based transactions
themselves.
Middleware is a relatively new concept that emerged only recently. Like so many
other innovations, it came into being out of necessity. Users in the 1970s, when vendors,
delivered homogeneous systems that worked, didn’t have a need for middleware3&heR
conditions changed-along with the hardware and the software the organizations couldn’t
cope: The tools were inadequate, the backlog was enormous, and the pressure was
overwhelming. And, the users were dissatisfied. Something was needed to solve all the
interface, translation, transformation, and interpretation problems that were driving
application developers crazy. With the growth of networks, client-server technology, and
all other forms of communicating between/among unlike platforms, the problems of get-
ting all the pieces to work together grew from formidable to horrendous. As the cry for
distributed computing spread, users demanded interaction between dissimilar systems,
networks that permitted shared resources and applications that could be accessed by
multiple software programs. In simple terms, middleware is the ultimate mediator between
NOTES diverse software pro-grams that enables them talk to one another.
Another reason for middleware is the computing shift from application centric to
data centric. That is, remote data controls all of the applications in the network instead of
applications controlling data. To achieve data-centric computing, middleware services focus
on three elements: transparency, transaction security and management, and distributed
object management and services.
Transparency
Transparency implies that users should be unaware that they are accessing multiple
systems. Transparency is essential for dealing with higher-level issues than physical media
and interconnection that the underlying network infrastructure is in charge of. The ideal
picture is one of a “virtual” network: a collection of workgroup, departmental, enterprise,
and inter enterprise LANs that appears to the end user or client application to be a seamless
and easily accessed whole.
Transaction integrity must be a given for businesses that cannot afford any loss or
inconsistency in data. Some commercial sites have had gigantic centralized TP systems
running for years. For electronic commerce, middleware provides the qualities expected in
The best example of this approach is an active document. If you create a new
document that is an integration of the spreadsheet, word processor, and presentation
package, what you’ll see in the next generation of operating systems is that as you scroll
through your document, the tool bar will automatically change from a spreadsheet too bar,
to a word processing tool bar, to a presentation package tool bar. These applications will
also be able to access and retrieve data from any file in the computing network.
Last but not the least is the Network Infrastructure, which will be dealt in this unit
later.
Economic Forces
• Lower marketing costs: marketing on the Internet maybe cheaper and can
reach a wider crowd than the normal marketing medium.
• Lower sales costs: increase in the customer volume do not need an increase
in staff as the sales function is housed in the computer and has virtually unlimited
accessibility
• Lower ordering processing cost: online ordering can be automated with
checks to ensure that orders are correct before accepting, thus reducing errors
and the cost of correcting them.
• New sales opportunities: the website is accessible all the time and reaches
the global audience which is not possible with traditional storefront.
Among the companies with efficient corporate intranets are Procter and Gamble, IBM,
NOTES Nestle and Intel. EG. SESAMi.NET: Linking Asian Markets through B2B Hubs
SESAMi.NET is Asia’s largest B2B e-hub, a virtual exchange integrating and connecting
businesses (small, medium or large) to trading partners, e-marketplaces and internal
enterprise systems for the purpose of sourcing out supplies, buying and selling goods and
services online in real time. The e-hub serves as the centre for management of content and
the processing of business transactions with support services such as financial clearance
and information services.
It is strategically and dynamically linked to the Global Trading Web (GTW), the
world’s largest network of trading communities on the Internet. Because of this very important
link, SESAMi reaches an extensive network of regional, vertical and industry-specific
interoperable B2B e-markets across the globe.
Market Forces
Technology Forces
Moreover, the principle of universal access can be made more achievable with
convergence. At present the high costs of installing landlines in sparsely populated rural
NOTES
areas is incentive to telecommunications companies to install telephones in these areas.
Installing landlines in rural areas can become more attractive to the private sector if revenues
from these landlines are not limited to local and long distance telephone charges, but also
include cable TV and Internet charges. This development will ensure affordable access to
information even by those in rural areas and will spare the government the trouble and cost
of installing expensive landlines
Organizations’ major responses are divided into five categories: strategic systems
for competitive advantage, continuous improvement efforts, business process reengineering
(BPR), business alliances and EC. These several responses can be interrelated and E-
commerce can also facilitate the other categories. The four categories are described below.
Strategic Systems
competitors from entering into their territory. There is a variety of EC supported strategic
NOTES systems. An example is FedEx’s overnight delivery system and the company’s ability to
track the status of every individual package anywhere in the system. Most of FedEx’s
competitors have already mimicked the system. So FedEx moved the system to the Internet.
However, the competitors quickly followed and now FedEx is introducing new activities.
Improved productivity
Improved decision making
Managing Information
Change in management
Customer service Innovation and
Creativity.
For example, Dell Computer takes its orders electronically and improved moves
them via Enterprise Resources Planning software (from SAP Corp.) into the just-in-time
assembly operation. Intel is taking its products’ consumption in 11 of its largest customers,
using its extranets, almost in real time, and determining production schedules and deliveries
accordingly.
• Reducing cycle time and time to market: Reducing the business process time
(cycle time) is extremely important for increasing productivity and competitiveness.
Similarly, reducing the time from the inception of an idea until its implementation—
time to market—is important because those who can be first on the market with a
product, or who can provide customers with a service faster than competitors,
NOTES
enjoy a distinct competitive advantage.
• Empowerment of employees and collaborative work: Empowerment is related
to the concept of self-directed teams. Management delegates authority to teams
who can execute the work faster and with fewer delays. Information Technology
allows the decentralization of decision making and authority but simultaneously
supports a centralized control. For example, the Internet and the intranets enable
empowered employees to access data, information and knowledge they need for
making quick decisions.
• Knowledge management: Employees can access organizational know-how via
their company’s intranet. Some knowledge bases are open to the public for a fee
over the Internet, generating income.
• Customer-focused approach: Companies are becoming increasingly customer
oriented. This can be done in part by changing manufacturing processes from
mass production to mass customization. In mass production, a company produces
a large quantity of identical items. In mass customization, items are produced in a
large quantity but are customized to fit the desires of each customer. Electronic
commerce is an ideal facilitator of mass customization.
Business alliances
Many companies realize that alliances with other companies, even competitors
can be beneficial. There are several types of alliances, such as sharing resources, establishing
permanent supplier-company relationships and creating joint research efforts. One of the
most interesting types is the temporary joint venture, in which companies form a special
organization for a specific, limited-time mission.
What it is that will drive e-commerce in the future? — in a word, it’s community.
We certainly have the technology to build great business-to-consumer and business-to-
business ecommerce applications into our business models. And, yes, attributes such as
viable application design, integration with business processes, and overall performance
matter.
A successful community strategy must embrace the idea of moving the one-on-
NOTES one communication that occurs offline into the virtual world of e-commerce. Such a strategy
currently requires multiple technical approaches. However, we believe community solutions
will soon become more integrated and far-reaching.
The tools that form online communities include discussion or forum software, chat
functions, instant messaging, two-way mailing lists, online collaboration tools, audio, video,
and more. You may choose to invest slowly at first and increase your community commitment
over time.
Online conversation with business partners will also give net positive results. A
private discussion area or secured online meetings can go a long way toward building
stronger relationships between companies. This will also serve to potentially drive new
business opportunities for both parties. Building community has to be at the heart of any
successful ecommerce strategy.
While some use e-commerce and e-business interchangeably, they are distinct
concepts. In e-commerce, information and communications technology (ICT) is used in
inter-business or inter-organizational transactions (transactions between and among firms/
organizations) and in business-to-consumer transactions (transactions between firms/
organizations and individuals).
In e-business, on the other hand, ICT is used to enhance one’s business. It includes
any process that a business organization (either a for-profit, governmental or non-profit
entity) conducts over a computer-mediated network. A more comprehensive definition of
e-business is: “The transformation of an organization’s processes to deliver additional
customer value through the application of technologies, philosophies and computing paradigm
of the new economy.”
The Internet economy pertains to all economic activities using electronic networks
as a medium for commerce or those activities involved in both building the networks linked
to the Internet and the purchase of application services such as the provision of enabling
hardware and software and network equipment for Web-based/online retail and shopping
malls (or “e-malls”).
• The new markets could be accessed through the online and extending the
service offerings to customers globally.
• Internet shrinks the globe and broaden current geographical parameters to
operate globally
• Marketing and promotional campaigns can be done globally at the reduced
cost.
• Retaining the customer and the customer services could be improved
drastically.
• Strengthen relationships with customers and suppliers ?
• Streamline business processes and administrative functions
Of the many non-technical limitations that slow the spread of EC, the following are
the major ones.
Most companies already collect and refine massive quantities of data. Data mining
NOTES techniques can be implemented rapidly on existing software and hardware platforms to
enhance the value of existing information resources, and can be integrated with new products
and systems as they are brought on-line.
Data mining differs from traditional statistics in several ways: formal statistical
inference is assumption driven in the sense that a hypothesis is formed and validated against
the data. Data mining in contrast is discovery driven in the sense that patterns and hypothesis
are automatically extracted from data. Said another way, data mining is data driven, while
statistics is human driven. The branch of statistics that data mining resembles most is
exploratory data analysis, although this field, like most of the rest of statistics, has been
focused on data sets far smaller than most that are the target of data mining researchers.
Data mining also differs from traditional statistics in that sometimes the goal is to
extract qualitative models which can easily be translated into logical rules or visual
representations; in this sense data mining is human centered and is sometimes coupled with
human-computer interfaces research.
Data mining is a step in the data mining process, which is an interactive, semi-
automated process which begins with raw data. Results of the data mining process may be
insights, rules, or predictive models.
The field of data mining draws upon several roots, including statistics, machine
learning, databases, and high performance computing.
Here, we are primarily concerned with large data sets, massive data sets, and
distributed data sets. By large, we mean data sets which are too large to fit into the memory
of a single workstation. By massive, we mean data sets which are too large to fit onto the
disks of a single workstation or a small cluster of workstations. Instead, massive clusters
or tertiary storage such as tape are required. By distributed, we mean data sets which are
geographically distributed.
The focus on large data sets is not a just an engineering challenge; it is an essential
feature of induction of expressive representations from raw data. It is only by analyzing
NOTES
large data sets that we can produce accurate logical descriptions that can be translated
automatically into powerful predictive mechanisms. Otherwise, statistical and machine
learning principles suggest the need for substantial user input (specifying meta-knowledge
necessary to acquire highly predictive models from small data sets).
Data mining derives its name from the similarities between searching for valuable
business information in a large database — for example, finding linked products in gigabytes
of store scanner data — and mining a mountain for a vein of valuable ore. Both processes
require either shifting through an immense amount of material, or intelligently probing it to
find exactly where the value resides. Given databases of sufficient size and quality, data
mining technology can generate new business opportunities by providing these capabilities:
Many of these technologies have been in use for more than a decade in specialized
analysis tools that work with relatively small volumes of data. These capabilities are now
evolving to integrate directly with industry-standard data warehouse and OLAP platforms.
The technique that is used to perform these feats in data mining is called modeling.
Modeling is simply the act of building a model in one situation where you know the answer
and then applying it to another situation that you don’t. For instance, if you were looking
for a sunken Spanish galleon on the high seas the first thing you might do is to research the
times when Spanish treasure had been found by others in the past. You might note that
these ships often tend to be found off the coast of Bermuda and that there are certain
characteristics to the ocean currents, and certain routes that have likely been taken by the
ship’s captains in that era. You note these similarities and build a model that includes the
characteristics that are common to the locations of these sunken treasures. With these
models in hand you sail off looking for treasure where your model indicates it most likely
might be given a similar situation in the past. Hopefully, if you’ve got a good model, you
find your treasure.
NOTES
This act of model building is thus something that people have been doing for a long
time, certainly before the advent of computers or data mining technology. What happens
on computers, however, is not much different than the way people build models. Computers
are loaded up with lots of information about a variety of situations where an answer is
known and then the data mining software on the computer must run through that data and
distil the characteristics of the data that should go into the model. Once the model is built it
can then be used in similar situations where you don’t know the answer.
For example, say that you are the director of marketing for a telecommunications
company and you’d like to acquire some new long distance phone customers. You could
just randomly go out and mail coupons to the general population - just as you could randomly
sail the seas looking for sunken treasure. In neither case would you achieve the results you
desired and of course you have the opportunity to do much better than random - you
could use your business experience stored in your database to build a model.
As the marketing director you have access to a lot of information about all of your
customers: their age, sex, credit history and long distance calling usage. The good news is
that you also have a lot of information about your prospective customers: their age, sex,
credit history etc. Your problem is that you don’t know the long distance calling usage of
these prospects (since they are most likely now customers of your competition). You’d
like to concentrate on those prospects who have large amounts of long distance usage.
You can accomplish this by building a model. Table 1.4.4.(a) illustrates the data used for
building a model for new customer prospecting in a data warehouse.
The goal in prospecting is to make some calculated guesses about the information
NOTES in the lower right hand quadrant based on the model that we build going from Customer
General Information to Customer Proprietary Information.
Test marketing is an excellent source of data for this kind of modeling. Mining the
results of a test market representing a broad but relatively small sample of prospects can
provide a foundation for identifying good prospects in the overall market. Table 1.4.4.(b)
shows another common scenario for building models: predict what is going to happen in
the future.
If someone told you that he had a model that could predict customer usage how
would you know if he really had a good model? The first thing you might try would be to
ask him to apply his model to your customer base - where you already knew the answer.
With data mining, the best way to accomplish this is by setting aside some of your data in
a vault to isolate it from the mining process. Once the mining is complete, the results can be
tested against the data held in the vault to confirm the model’s validity. If the model works,
its observations should hold for the vaulted data.
• A pharmaceutical company can analyze its recent sales force activity and their
results to improve targeting of high-value physicians and determine which
marketing activities will have the greatest impact in the next few months. The
data needs to include competitor market activity as well as information about
the local health care systems. The results can be distributed to the sales force
via a wide-area network that enables the representatives to review the
recommendations from the perspective of the key attributes in the decision
process. The ongoing, dynamic analysis of the data warehouse allows best
practices from throughout the organization to be applied in specific sales
situations.
• A credit card company can leverage its vast warehouse of customer transaction
data to identify customers most likely to be interested in a new credit product.
Using a small test mailing, the attributes of customers with an affinity for the
product can be identified. Recent projects have indicated more than a 20-
fold decrease in costs for targeted mailing campaigns over conventional
approaches.
• A diversified transportation company with a large direct sales force can apply
data mining to identify the best prospects for its services. Using data mining to
analyze its own customer experience, this company can build a unique
segmentation identifying the attributes of high-value prospects. Applying this
segmentation to a general business database such as those provided by Dun
& Bradstreet can yield a prioritized list of prospects by region.
• A large consumer package goods company can apply data mining to improve
its sales process to retailers. Data from consumer panels, shipments, and
competitor activity can be applied to understand the reasons for brand and
NOTES store switching. Through this analysis, the manufacturer can select promotional
strategies that best reach their target customer segments.
• Each of these examples has a clear common ground. They leverage the
knowledge about customers implicit in a data warehouse to reduce costs and
improve the value of customer relationships. These organizations can now
focus their efforts on the most important (profitable) customers and prospects,
and design targeted marketing strategies to best reach them.
In this section, we describe five external trends which promise to have a fundamental
impact on data mining.
Data Trends.
Perhaps the most fundamental external trend is the explosion of digital data during
the past two decades. During this period, the amount of data probably has grown between
six to ten orders of magnitude. Much of this data is accessible via networks. On the other
hand, during this same period the number of scientists, engineers, and other analysts available
to analyze this data has remained relatively constant. For example, the number of new
Ph.D.’s in statistics graduating each year has remained relatively constant during this period.
Only one conclusion is possible: either most of the data is destined to be write-only, or
techniques, such as data mining, must be developed, which can automate, in part, the
analysis of this data, filter irrelevant information, and extract meaningful knowledge.
Hardware Trends.
Network Trends.
NOTES
The next generation internet (NGI) will connect sites at OC-3 (155 MBits/sec)
speeds and higher. This is over 100 times faster than the connectivity provided by current
networks. With this type of connectivity, it becomes possible to correlate distributed data
sets using current algorithms and techniques. In addition, new protocols, algorithms, and
languages are being developed to facilitate distributed data mining using current and next
generation networks.
Business Trends.
Today businesses must be more profitable, react quicker, and offer higher quality
services than ever before, and do it all using fewer people and at lower cost. With these
types of expectations and constraints, data mining becomes a fundamental technology,
enabling businesses to more accurately predict opportunities and risks generated by their
customers and their customers’ transactions.
The primary concept of data warehousing is that the data stored for business
analysis can most effectively be accessed by separating it from the data in the operational
systems. A data warehouse is a collection of computer-based information that is critical to
successful execution of enterprise initiatives. A data warehouse is more than an archive for
corporate data and more than a new way of accessing corporate data. A data warehouse
is a subject-oriented repository designed with enterprise-wide access in mind. It provides
tools to satisfy the information needs of the employees organizational levels-not just for
complex data queries, but as general facility for getting quick, accurate and often insightful
information. A data warehouse is designed so that its users can recognize the information
NOTES they want and access that information using simple tools.
1.5.2 Definitions
Data Warehouse:
The term Data Warehouse was coined by Bill Inmon in 1990, which he defined in
the following way: “A warehouse is a subject-oriented, integrated, time-variant and non-
volatile collection of data in support of management’s decision making process”. He defined
the terms in the sentence as follows:
Subject Oriented:
Data that gives information about a particular subject instead of about a company’s
ongoing operations.
Integrated:
Data that is gathered into the data warehouse from a variety of sources and merged
into a coherent whole.
Time-variant:
All data in the data warehouse is identified with a particular time period.
Non-volatile
NOTES
Data is stable in a data warehouse. More data is added but data is never removed.
This enables management to gain a consistent picture of the business.
This definition remains reasonably accurate almost ten years later. However, a
single-subject data warehouse is typically referred to as a data mart, while data warehouses
are generally enterprise in scope. Also, data warehouses can be volatile. Due to the large
amount of storage required for a data warehouse, (multi-terabyte data warehouses are not
uncommon), only a certain number of periods of history are kept in the warehouse. For
instance, if three years of data are decided on and loaded into the warehouse, every month
the oldest month will be “rolled off” the database, and the newest month added.
The term data warehouse is currently being used to describe a number of different
facilities each with diverse characteristics.
Physical data warehouse: This is an actual, physical database into which all the corporate
data for the data warehouse are gathered, along with schemas (information about data)
and the processing logic used to organize, package and pre-process the data for end user
access.
Logical data warehouse: This contains all the metadata, business rules and processing
logic required scrub, organize, package, and pre-process the data. In addition, it contains
the information required to find and access the actual data, wherever it actually resides.
Data library: This is a subset of the enterprise wide data warehouse. Typically, it performs
the role of departmental, regional, or functional data warehouse. As part of the data
warehouse process, the organization builds a series of data libraries over time and eventually
links them via an enterprise wide logical data warehouse.
Decision support systems (DSSs): These systems are not data warehouses but
applications that make use of the data warehouse. They are also called executive information
systems (EIS)
This is the choice of what data sources, dimensions, business rules, semantics, and
metrics an organization chooses to put into common usage. It is also the equally important
choice of what data sources, dimensions, business rules, semantics, and metrics an
organization chooses not to put into common usage. This is by far the hardest aspect of
architecture to implement and maintain because it involves organizational politics. However,
determining this architecture has more to do with determining the place of the data warehouse
in your business than any other architectural decision. In my opinion, the decisions involved
in determining this architecture should drive all other architectural decisions.
The main reasons we store data in a data warehousing systems are so they can be:
1) reported against,
2) cleaned up, and (sometimes)
3) transported
Tool architecture
This is your choice of the tools you are going to use for reporting and for what I call
infrastructure.
This is your choice of what physical platforms will do what pieces of the concurrent
processing that takes place when using a data warehouse. This can range from an
architecture as simple as host-based reporting to one as complicated.
Security architecture
If you need to restrict access down to the row or field level, you will probably
have to use some other means to accomplish this other than the usual security mechanisms
at your organization. Note that while security may not be technically difficult to implement,
it can cause political consternation.
In the long run, decisions on data consistency architecture will probably have much
more influence on the return of investment in the data warehouse than any other architectural
decisions. To get the most return from a data warehouse (or any other system), business
practices have to change in conjunction with or as a result of the system implementation.
Conscious determination of data consistency architecture is almost always a prerequisite
to using a data warehouse to effect business practice change.
After completing this inventory, you need to review that information in conjunction
NOTES with your project goals to determine what changes are required so that you can successfully
deliver the deployment.
Firewalls
Firewalls sit between a router and application servers to provide access control.
Firewalls were originally used to protect a trusted network (yours) from the untrusted
network (the Internet). These days, it is becoming more common to protect application
servers on their own (trusted, isolated) network from the untrusted networks (your network
and the Internet).
Router configurations add to the collective firewall capability by screening the data
presented to the firewall. Router configurations can potentially block undesired services
(such as NFS, NIS, and so forth) and use packet-level filtering to block traffic from untrusted
hosts or networks.
NOTES
Load Balancers
Use load balancers to distribute overall load on your Web or application servers,
or to distribute demand according to the kind of task to be performed. If, for example, you
have a variety of dedicated applications and hence different application servers, you might
use load balancers according to the kind of application the user requests.
If you have multiple data centers, you should consider geographic load balancing.
Geographic load balancing distributes load according to demand, site capacity, and closest
location to the user. If one center should go down, the geographic load balancer provides
failover ability.
For load balancers on Web farms, place the hardware load balancers in front of
the servers and behind routers because they direct routed traffic to appropriate servers.
Software load balancing solutions reside on the Web servers themselves. With software
solutions, one of the servers typically acts a traffic scheduler.
A load balancing solution is able to read headers and contents of incoming packets.
This enables you to balance load by the kind of information within the packet, including the
user and the type of request. A load balancing solution that reads packet headers enables
you to identify privileged users and to direct requests to servers handling specific tasks.
independent of the servers used in conjunction with it. Deploying SANs can represent a
NOTES decrease in the time to recover from a non-functional server as the machine can be replaced
without having to relocate the storage drives.
Servers which make heavy usage of DNS queries should be equipped with a local
caching DNS server to reduce lookup latency as well as network traffic.
When determining your requirements, consider allocating host names for functions
such as mailstore, mail-relay-in, mail-relay-out, and so forth. You should consider this
policy even if the host names all are currently hosted on one machine. With services
configured in such a way, relocation of the services to alternate hardware significantly
reduces the impacts of the change.
In deriving your infrastructure topology, you need to consider the following topics:
• DMZ
• Intranet
• Internal network
• Proxies
• Firewall Configuration
• Mobile users
These days, most company networks are configured for a DMZ. The DMZ
separates the corporate network from the Internet. The DMZ is a tightly secured area into
which you place servers providing Internet services and facilities (for example, web servers).
These machines are hardened to withstand the attacks they might face. To limit exposure in
NOTES
case of a security breach from such attacks, these servers typically contain no information
about the internal network. For example, the name server facilities only include the server
and the routers to the Internet.
Progressively, DMZ implementations have moved the segment behind the firewall
as firewall security and facilities have increased in robustness. However, the DMZ still
remains segmented from the internal networks. You should continue to locate all machines
hosting Web servers, FTP servers, mail servers, and external DNS on a DMZ segment.
A simpler network design might only define separate DMZ segments for Internet
services, VPN access, and remote access. However, security issues exist with VPN and
remote access traffic. You need to separate appropriate connections of these types from
the rest of the network.
The firewall providing the DMZ segmentation should allow only inbound packets
destined to the corresponding service ports and hosts offering the services within the DMZ.
Also, limit outbound initiated traffic to the Internet to those machines requiring access to
the Internet to carry out the service they are providing (for example, DNS and mail). You
might want to segment an inbound-only DMZ and an outbound-only DMZ, with respect
to the type of connection requests. However, given the potential of a denial-of-service
attack interrupting DNS or email, consider creating separate inbound and outbound servers
to provide these services. Should an email-based Trojan horse or worm get out of control
and overrun your outbound mail server, inbound email can still be received. Apply the
same approach to DNS servers.
Intranet
The DMZ provides a network segment for hosts that offer services to the Internet.
This design protects your internal hosts, as they do not reside on the same segment as
hosts that could be compromised by an external attack. Internally, you also have similar
services to offer (Web, mail, file serving, internal DNS, and so on) that are meant solely for
internal users. Just as the Internet services are segmented, so too, are the internal services.
Separation of services in this manner also permits tighter controls to be placed on the
router filtering.
Just as you separate the Internet-facing services into the DMZ for security, your
NOTES private internal services should reside in their own internal DMZ. In addition, just as multiple
DMZs can be beneficial—depending on your services and your network’s size—multiple
intranets might also be helpful.
The firewall rules providing the segmentation should be configured similarly to the
rules used for the DMZ’s firewall. Inbound traffic should come solely from machines relaying
information from the DMZ (such as inbound email being passed to internal mail servers)
and machines residing on the internal network.
Internal Network
The segments that remain make up your internal network segments. These segments
house users’ machines or departmental workstations. These machines request information
from hosts residing on the intranet. Development, lab, and test network segments are also
included in this list. Use a firewall between each internal network segment to filter traffic to
provide additional security between departments. Identify the type of internal network
traffic and services used on each of these segments to determine if an internal firewall
would be beneficial.
Proxies
Only the machines directly communicating with machines on the Internet should
reside in the DMZ. If users require Internet access, though, this creates a problem based
on your previous topology decisions. In this situation, proxies become helpful. Place a
proxy on an internal network segment, or, better yet, an intranet segment. A machine
requiring access to the Internet can pass its request onto the proxy, which in turn makes the
request on the machine’s behalf. This relay out to the Internet helps shield the machine
from any potential danger it might encounter.
Because the proxy communicates directly with machines on the Internet, it should
reside in the DMZ. However, this conflicts with the desire to prevent internal machines
NOTES
from directly communicating with DMZ machines. To keep this communication indirect,
use a double proxy system. A second proxy residing in the intranet passes connection
requests of the internal machines to the proxy in the DMZ, which in turn makes the actual
connection out on the Internet.
Firewall Configuration
For instance, if there is only one entry point into your network from the Internet
and a packet is received from the Internet with a source address of one of your internal
machines, it was likely spoofed. Based on your network’s topology, the only packets
containing a source IP address from your internal machines should come from within the
network itself, not from the Internet. By preventing IP spoofing, this possibility is eliminated,
and the potential for bypassing IP address-based authorization and the other firewall-
filtering rules is reduced. Use the same IP-spoofing protection on any internal firewall as
well.
Mobile Users
When you have remote or mobile users, pay attention to how you will provide
them access to the facilities. Will there be any facilities they cannot access? What kind of
security policies do you need to address? Will you require SSL for authentication? Also,
examine whether your mobile user population is stable or is expected to increase over
time.
The realization that stand - alone computers made no sense made the network
possible. When there were too many of them, people realized that stand - alone networks
made little sense either, and that they also needed to talk to one another. This was the
NOTES problem confronting the US Government and the academic community in the late 60s.
Everything they had was heterogeneous-computers, networks, operating systems and
networking software. Connecting these networks was either impossible or done using
expensive proprietary network devices. Something had to be done.
A protocol is a set of rules that determines how two computers communicate with
one another over a network. The protocols around which the Internet was designed
embody a series of design principles.
The most accurate name for the set of protocols are describing is the “Internet
protocol suite”. TCP and IP are two of the protocols in this suite. Because TCP and IP are
the best known of the protocols, it has become common to use the term TCP/IP or IP/
TCP to refer to the whole family.
TCP/IP is a family of protocols. A few provide “low- level” functions needed for many
NOTES applications. These include IP, TCP, and UDP.
Others are protocols for doing specific tasks, e.g. transferring files between
computers, sending mail, or finding out who is logged in on another computer.
• File transfer.
The file transfer protocol (FTP) allows a user on any computer to get files from
another computer, or to send files to another computer. Security is handled by
requiring the user to specify a user name and password for the other computer.
• Remote login
The network terminal protocol (TELNET) allows a user to log in on any other
NOTES
computer on the network. You start a remote session by specifying a computer to
connect to. From that time until you finish the session, anything you type is sent to
the other computer. Note that you are really still talking to your own computer. But
the telnet program effectively makes your computer invisible while it is running. Every
character you type is sent directly to the other system. Generally, the connection to
the remote computer behaves much like a dialup connection. That is, the remote
system will ask you to log in and give a password, in whatever manner it would
normally ask a user who had just dialed it up.
• Computer mail.
This allows you to send messages to users on other computers. Originally, people
tended to use only one or two specific computers. They would maintain “mail files”
on those machines. The computer mail system is simply a way for you to add a
message to another user’s mail file. There are some problems with this in an
environment where microcomputers are used. The most serious is that a micro is not
well suited to receive computer mail.
When you send mail, the mail software expects to be able to open a connection to
the addressee’s computer, in order to send the mail. If this is a microcomputer, it may be
turned off, or it may be running an application other than the mail system. For this reason,
mail is normally handled by a larger system, where it is practical to have a mail server
running all the time. Microcomputer mail software then becomes a user interface that
retrieves mail from the mail server.
A protocol is a set of rules that have to use by two or more machines to talk to one
another. These rules are independent of the applications that have no idea of what is going
on at the two ends of the communication channel. The goals of TCP/IP were set by the US
Department of Defence, and today, they are its inherent features:
• Failure recovery - Being originally meant for the defence network, it should
NOTES be able to divert data immediately through other routes if one or more parts of
the network went down.
• Facility to connect new sub networks without significant disruption of services
• High error rate handling - The transmission, irrespective of the distance
travelled, must be 100% reliable, with facilities for full error control.
• Enable reliable transmission of files, remote login and remote execution of
commands.
The Internet standards use a specific set of terms when referring to network elements
and concepts related to TCP/IP networking. These terms provide a foundation for
subsequent chapters illustrates the components of an IP network.
\
NOTES
Elements of an IP network
• Node Any device, including routers and hosts, which runs an implementation
of IP.
• Router A node that can forward IP packets not explicitly addressed to itself.
On an IPv6 network, a router also typically advertises its presence and host
configuration information.
• Host A node that cannot forward IP packets not explicitly addressed to
itself (a non-router). A host is typically the source and the destination of IP
traffic. A host silently discards traffic that it receives but that is not explicitly
addressed to itself.
• Upper-layer protocol A protocol above IP that uses IP as its transport.
Examples include Internet layer protocols such as the Internet Control Message
Protocol (ICMP) and Transport layer protocols such as the Transmission
Control Protocol (TCP) and User Datagram Protocol (UDP).
• LAN segment A portion of a subnet consisting of a single medium that is
bounded by bridges.
• Subnet One or more LAN segments that are bounded by routers and use
the same IP address prefix. Other terms for subnet are network segment and
link.
• Network Two or more subnets connected by routers. Another term for
network is internet work.
61 ANNA UNIVERSITY CHENNAI
DBA 1727
Every TCP/IP network has an address that is used by external networks to direct
their messages. Every host in the network has an address as well, and the combination of
these two addresses forms the complete network address of the host. For instance, 192.168
(or strictly speaking, 192.168.0.0) could be the address of a network, and a host within
the network could have the host address of 45.67. In that case, 192.168.45.67 represents
the complete network address of the host. This address has to be unique not only within
the network, but also to all connected networks. And, if the network is hooked up to the
Internet, it has to be unique throughout the world.
When two or more networks are connected together, and uses the TCP/IP protocol
for communication, we have an internet, popularly known as an intranet, which is the super
– network of all networks. A local internet or intranet may easily be connected to the
Internet which also uses the same protocol. Now many installations have several kinds of
computers, including microcomputers, workstations, minicomputers, and mainframes. These
computers are likely to be configured to perform specialized tasks. Although people are
still likely to work with one specific computer, that computer will call on other systems on
the net for specialized services. This has led to the “server/client” model of network services.
A server is a system that provides a specific service for the rest of the network. A client is
another system that uses that service. (Note that the server and client need not be on
different computers. They could be different programs running on the same computer.)
Here are the kinds of servers typically present in a modern computer setup. Note that
these computer services can all be provided within the framework of TCP/IP.
• network file systems. A network file system provides the illusion that disks
or other devices from one system are directly connected to other systems.
NOTES
There is no need to use a special network utility to access a file on another
system. Your computer simply thinks it has some extra disk drives. These
extra “virtual” drives refer to the other system’s disks. This capability is useful
for several different purposes. It lets you put large disks on a few computers,
but still give others access to the disk space. Aside from the obvious economic
benefits, this allows people working on several computers to share common
files. It makes system maintenance and backup easier, because you don’t
have to worry about updating and backing up copies on lots of different
machines. A number of vendors now offer high-performance diskless
computers. These computers have no disk drives at all. They are entirely
dependent upon disks attached to common “file servers”.
• remote printing. This allows you to access printers on other computers as if
they were directly attached to yours. (The most commonly used protocol is
the remote lineprinter protocol from Berkeley Unix)
• remote execution. This is useful when you can do most of your work on a
small computer, but a few tasks require the resources of a larger system.
There are a number of different kinds of remote execution. Some operate on
a command by command basis. That is, you request that a specific command
or set of commands should run on some specific computer. However there
are also “remote procedure call” systems that allow a program to call a
subroutine that will run on another computer.
• name servers. In large installations, there are a number of different collections
of names that have to be managed. This includes users and their passwords,
names and network addresses for computers, and accounts. It becomes very
tedious to keep this data up to date on all of the computers. Thus the databases
are kept on a small number of systems. Other systems access the data over
the network.
• terminal servers. Many installations no longer connect terminals directly to
computers. Instead they connect them to terminal servers. A terminal server is
simply a small computer that only knows how to run telnet (or some other
protocol to do remote login). If your terminal is connected to one of these,
you simply type the name of a computer, and you are connected to it. Generally
it is possible to have active connections to more than one computer at the
same time. The terminal server will have provisions to switch between
connections rapidly, and to notify you when output is waiting for another
NOTES connection.
• network-oriented window systems. Until recently, high-performance
graphics programs had to execute on a computer that had a bit-mapped
graphics screen directly attached to it. Network window systems allow a
program to use a display on a different computer. Full-scale network window
systems provide an interface that lets you distribute jobs to the systems that
are best suited to handle them, but still give you a single graphically-based
user interface.
Over the past three or four years, the World Wide Web (WWW) has come to
dominate the traffic on the Internet. The vast majority of EC applications are Web based.
In such applications, the clients are called Web browsers and the servers are simply called
Web servers. Like other client/server applications, Web browsers and servers need as
way
1) to locate each other so they can send requests and responses back and forth and
2) to communicate with one another.
NOTES
To fulfil these needs, a new addressing scheme – the URL - and a new protocol –
the Hypertext Transport Protocol (HTTP) were introduced.
Hypertext Transfer Protocol (HTTP) is the set of rules, or protocol that governs
the transfer of hypertext between two or more computers. The World Wide Web
encompasses the universe of information that is available via HTTP.
Hypertext is text that is specially coded using a standard system called Hypertext
Markup Language (HTML). The HTML codes are used to create links. These links can
be textual or graphic and when clicked on, can “link” the user to another resource such as
other HTML documents, text files, graphics, animation and sound.
When a user selects a hypertext link, the client program on their computer uses
HTTP to contact the server, identify a resource, and ask the server to respond with an
action. The server accepts the request, and then uses HTTP to respond to or perform the
NOTES action.
HTTP also provides access to other Internet protocols like File Transfer Protocol
(FTP), Simple Mail Transfer Protocol (SMTP), Network News Transfer Protocol (NNTP),
WAIS, Gopher, Telnet, etc.
Web pages can include many elements, such as graphics, photographs, sound
clips, and even small programs that run in the web browser. Each of these elements is
stored on the Web server as a separate file. The most important parts of a Web page,
however, are the structure of the page and the text that makes up the main part of the page.
The page structure and text are stored in a text file that is formatted, of marked up, using a
text mark up language. A text mark up language specifies a set of tags that are inserted into
the text. These mark up tags, also called tags, provide formatting instructions that Web
client software can understand. The Web client software uses those instructions as it renders
the text and page elements contained in the other files into the Web page that appears on
the screen of the client computer.
The markup language most commonly used on the web is HTML, which is a
subset of a much older and far more complex text markup language called Standard
Generalized Markup Language (SGML). HTML, XML and XHTML have descended
from the original SGML specification. SGML was used for many years by the publishing
industry to create documents that needed to be printed in various formats and they were
revised frequently. In addition to its role as a markup language, SGML is a meta language,
which is a language that can be used to define other languages. Another markup language
that was derived from SGML for use on the Web is Extensible Markup Language
(XML), which is increasingly used to mark up information that companies share with each
other over the Internet
A web page is created using HTML. HTML stands for Hypertext Markup
Language. HTML is a special kind of text document that is used by Web browsers to
present text and graphics.HTML consists of standardized codes or ‘tags’ that are used to
define the structure of information on a web page.
The text includes markup tags such as <p> to indicate the start of a paragraph,
and </p> to indicate the end of a paragraph. HTML documents are often referred to as
NOTES
“Web pages”. The browser retrieves Web pages from Web servers that thanks to the
Internet can be pretty much anywhere in World.
HTML is standardized and portable. A document that has been prepared using
HTML markup “tags” can be viewed using variety of web browsers such as Netscape,
Lynx etc... A browser interprets the tags in an HTML file and presents the file as a formatted
readable web page.
HTML tags are used to define areas of document as having certain characteristics.
The tags used in HTML usually consist of a code in between two “wickets”. These codes
are called container tags because the formatting described by the tag affects only the text
contained between the tags.
Every HTML document needs a title. Here is what you need to type:
Change the text from “My first HTML document” to suit your own needs. The title
text is preceded by the start tag <title> and ends with the matching end tag </title>. The
title should be placed at the beginning of your document.
To try this out, type the above into a text editor and save the file as “test.html”, then
view the file in a web browser. If the file extension is “.html” or “.htm” then the browser will
recognize it as HTML. Most browsers show the title in the window caption bar. With just
a title, the browser will show a blank page. Don’t worry. The next section will show how
NOTES to add displayable content.
If you have used Microsoft Word, you will be familiar with the built in styles for
headings of differing importance. In HTML there are six levels of headings. H1 is the most
important; H2 is slightly less important, and so on down to H6, the least important.
Images can be used to make your Web pages distinctive and greatly help to get
your message across. The simple way to add an image is using the <img> tag. Let’s assume
you have an image file called “peter.jpg” in the same folder/directory as your HTML file. It
is 200 pixels wide by 150 pixels high.
The src attribute names the image file. The width and height aren’t strictly necessary
but help to speed the display of your Web page. Something is still missing! People who
can’t see the image need a description they can read in its absence. You can add a short
description as follows:
NOTES
The alt attribute is used to give the short description, in this case “My friend Peter”.
For complex images, you may need to also give a longer description. Assuming this has
been written in the file “peter.html”, you can add one as follows using the longdesc attribute:
You can create images in a number of ways, for instance with a digital camera, by
scanning an image in, or creating one with a painting or drawing program. Most browsers
understand GIF and JPEG image formats, newer browsers also understand the PNG
image format. To avoid long delays while the image is downloaded over the network, you
should avoid using large image files.
Generally speaking, JPEG is best for photographs and other smoothly varying
images, while GIF and PNG are good for graphics art involving flat areas of color, lines
and text. All three formats support options for progressive rendering where a crude version
of the image is sent first and progressively refined.
What makes the Web so effective is the ability to define links from one page to
another, and to follow links at the click of a button. A single click can take you right across
the world!
Links are defined with the <a> tag. Lets define a link to the page defined in the file
“peter.html” in the same folder/directory as the HTML file you are editing:
The text between the <a> and the </a> is used as the caption for the link. It is
common for the caption to be in blue underlined text.
If the file you are linking to is in a parent folder/directory, you need to put “../” in
NOTES front of it, for instance:
If the file you are linking to is in a subdirectory, you need to put the name of the
subdirectory followed by a “/” in front of it, for instance:
The use of relative paths allows you to link to a file by walking up and down the
tree of directories as needed, for instance:
Which first looks in the parent directory for another directory called “college”, and
then at a subdirectory of that named “friends” for a file called “john.html”.
To link to a page on another Web site you need to give the full Web address
(commonly called a URL), for instance to link to www.w3.org you need to write:
You can turn an image into a hypertext link, for example, the following allows you
to click on the company logo to get to the home page:
HTML supports three kinds of lists. The first kind is a bulletted list, often called an
unordered list. It uses the <ul> and <li> tags, for instance:
<ul>
<li>the first list item</li>
<li>the second list item</li>
<li>the third list item</li>
</ul>
Note that you always need to end the list with the </ul> end tag, but that the </li>
is optional and can be left off. The second kind of list is a numbered list, often called an
NOTES
ordered list. It uses the <ol> and <li> tags. For instance:
<ol>
<li>the first list item</li>
<li>the second list item</li>
<li>the third list item</li>
</ol>
Like bulletted lists, you always need to end the list with the </ol> end tag, but the </li> end
tag is optional and can be left off.
The third and final kind of list is the definition list. This allows you to list terms and
their definitions. This kind of list starts with a <dl> tag and ends with </dl> Each term starts
with a <dt> tag and each definition starts with a <dd>. For instance:
<dl>
<dt>the first term</dt>
<dd>its definition</dd>
The end tags </dt> and </dd> are optional and can be left off. Note that lists can
be nested, one within another. For instance:
<ol>
<li>the first list item</li>
<li>
the second list item
<ul>
<li>first nested item</li>
<li>second nested item</li>
</ul>
71 ANNA UNIVERSITY CHENNAI
DBA 1727
</li>
NOTES <li>the third list item</li>
</ol>
You can also make use of paragraphs and headings etc. for longer list items.
If you use your web browser’s view source feature (see the View or File menus)
you can see the structure of HTML pages. The document generally starts with a declaration
of which version of HTML has been used, and is then followed by an <html> tag followed
by <head> and at the very end by </html>. The <html> ... </html> acts like a container for
the document. The <head> ... </head> contains the title, and information on style sheets
and scripts, while the <body> ... </body> contains the markup with the visible content.
Here is a template you can copy and paste into your text editor for creating your own
pages:
</body>
</html>
A convenient way to automatically fix markup errors is to use HTML Tidy which
also tidies the markup making it easier to read and easier to edit. I recommend you regularly
run Tidy over any markup you are editing. Tidy is very effective at cleaning up markup
created by authoring tools with sloppy habits. Tidy is available for a wide range of operating
systems from the TidyLib Sourceforge site, and has also been integrated into a variety of
HTML editing tools.
The term OLAP (On-Line Analytical Processing) was coined by E.F. Codd in
1993 to refer a type of application that allows a user to interactively analyze data. An
OLAP system is often contrasted to an OLTP (On-Line Transaction Processing) system
that focuses on processing transactions such as orders, invoices or general ledger
transactions.
OLAP allows business users to slice and dice data at will. Normally data in an
organization is distributed in multiple data sources and are incompatible with each other. A
retail example: Point-of-sales data and sales made via call-center or the Web are stored in
different location and formats. It would a time consuming process for an executive to
obtain OLAP reports such as - What are the most popular products purchased by customers
between the ages 15 to 30?
Part of the OLAP implementation process involves extracting data from the various
data repositories and making them compatible. Making data compatible involves ensuring
that the meaning of the data in one repository matches all other repositories. An example of
incompatible data: Customer ages can be stored as birth date for purchases made over the
web and stored as age categories (i.e. between 15 and 30) for in store sales.
It is not always necessary to create a data warehouse for OLAP analysis. Data
stored by operational systems, such as point-of-sales, are in types of databases called
OLTPs. OLTP, Online Transaction Process, databases do not have any difference
from a structural perspective from any other databases. The main difference, and only,
difference is the way in which data is stored.
Examples of OLTPs can include ERP, CRM, SCM, Point-of-Sale applications, Call Center.
OLTPs are designed for optimal transaction speed. When a consumer makes a
purchase online, they expect the transactions to occur instantaneously. With a database
design, call data modeling, optimized for transactions the record ‘Consumer name, Address,
Telephone, Order Number, Order Name, Price, Payment Method’ is created quickly on
the database and the results can be recalled by managers equally quickly if needed.
NOTES
The central table in an OLAP start data model is called the fact table. The surrounding
tables are called the dimensions. Using the above data model, it is possible to build reports
that answer questions such as:
• The supervisor that gave the most discounts.
• The quantity shipped on a particular date, month, year or quarter.
• In which zip code did product A sell the most.
To obtain answers, such as the ones above, from a data model OLAP cubes are
created. OLAP cubes are not strictly cuboids - it is the name given to the process of linking
data from the different dimensions. The cubes can be developed along business units such
as sales or marketing. Or a giant cube can be formed with all the dimensions.
NOTES
OLAP can be a valuable and rewarding business tool. Aside from producing reports,
OLAP analysis can aid an organization evaluate balanced scorecard targets.
For all the above applications is the ability to provide managers with the information
they need to make effective decisions about an organization’s strategic directions. The key
indicator of a successful OLAP application is its ability to provide information, as needed,
i.e., its ability to provide “just – in - time” information for effective decision- making. This
requires more than a base level of detailed date.
Analyzing and modelling complex relationships are practical only if response times
are consistently short. In addition, because the nature of data relationships may not be
known in advance, the data model must be flexible. A truly flexible data model ensures that
OLAP systems can respond to changing business requirements as needed for effective
decision making.
IT developers also benefit from using the right OLAP software. Although it is
possible to build an OLAP system using software designed for transaction processing or
data collection, it is certainly not a very efficient use of developer time. By using software
specifically designed for OLAP, developers can deliver applications to business users faster,
providing better service. Faster delivery of applications also reduces the applications
backlog
NOTES
OLAP reduces the applications backlog still further by making business users self-
sufficient enough to build their own models. However, unlike standalone departmental
applications running on PC networks, OLAP applications are dependent on data warehouses
and transaction processing systems to refresh their source level data. As a result, IT gains
more self-sufficient users without relinquishing control over the integrity of the data.
IT also realizes more efficient operations through OLAP. By using software designed
for OLAP, IT reduces the query drag and network traffic on transaction systems or the
data warehouse.
1.10 CRYPTOGRAPHY
The origin of the word cryptology lies in ancient Greek. The word cryptology is
made up of two components: “kryptos”, which means hidden and “logos” which means
word. Cryptology is as old as writing itself, and has been used for thousands of years to
safeguard military and diplomatic communications. For example, the famous Roman emperor
Julius Caesar used a cipher to protect the messages to his troops. Within the field of
cryptology one can see two separate divisions: cryptography and cryptanalysis. The
cryptographer seeks methods to ensure the safety and security of conversations while the
cryptanalyst tries to undo the former’s work by breaking his systems.
The main goals of modern cryptography can be seen as: user authentication, data
authentication (data integrity and data origin authentication), non-repudiation of origin, and
data confidentiality.
User Authentication
If you log to a computer system there must (or at least should) be some way that
you can convince it of your identity. Once it knows your identity, it can verify whether you
are entitled to enter the system. The same principal applies when one person tries to
communicate with another: as a first step you want to verify that you are communicating
NOTES with the right person. Therefore there must be some way in which you can prove your
identity. This process is called user authentication. There are several ways to obtain user
authentication.
You can give him something only you can know: a password, a (predesigned)
user-id, a pincode, and so on. Or you could have some specific items with which you can
identify yourself: a magnetic strip card, a smart card (a hand-held computer the size of a
credit-card), a token. One might make use of biometric properties; it is a well-known fact
that fingerprints, the shape of the hand and retinal pattern of a person are good decision
criteria. These however require specialized equipment and thus a big investment. However,
these biometric systems are not perfect: some legitimate users will inevitably fail the
identification and some intruders will be accepted as genuine. Other techniques include
measurements of how a person types his name or writes his signature, or can take into
account the location of the user.
For the time being the first two methods are the ones generally applied, and many
practical systems use a combination of both. Since the user’s memory is limited, this
information should not vary too much over time. Whether it is a password, a pincode or a
user-id, all these items are being defined at a certain time and often don’t change from
there on. One might argue that you could change your password, but this is not done each
time you access the computer. This indicates that someone who can eavesdrop this
information will later be able to impersonate the user. A similar observation holds true for a
magnetic strip card or memory chip. All these systems provide static authentication only.
If the user possesses a device which can perform simple computations, the security
can be increased significantly by introducing the well-known challenge-response idea. If a
person tries to identify himself to the system, the system generates a random challenge and
sends it to the person or to his device. In case of a token (a mini-calculator), the user will
have to enter the challenge on the keyboard. The device will then compute the corresponding
response, using secret information which has been assigned to him. This response is then
sent back to the system, which verifies it. If more sophisticated protocols are used, the
verifier does not need secret information (this requires public-key protocols), or will even
not learn the secret of the users (this requires zero-knowledge protocols). Note that in this
case the procedure does not authenticate the user but rather his device. In order to increase
the security, the user should authenticate himself with respect to the device, using something
Data authentication
Data authentication consists of two components: the fact that data has not been
modified (data integrity) and the fact that you know who the sender is (data origin
authentication).
Data integrity
A data integrity service guarantees that the content of the message, that was sent,
has not been tampered with. Data integrity by itself is not meaningful: it does not help you
to know that the data you have received has not been modified, unless you know it has
been sent directly to you by the right person. Therefore it should always be combined with
data origin authentication.
You should always be alert for possible intruders in your network or in your
communication system. A well-known example is the Internet that connects universities
and companies world-wide. Electronic mail over the Internet does not offer any security.
As a consequence, an educated computer user can tap into the messages that are being
transmitted over the line. It is very easy to read and modify someone’s electronic mail,
which is commonly seen as being private.
We have A(lice) who sends a message to B(ob). There is also an enemy who taps
the line between them. If you don’t support data integrity, this enemy can just change the
message and then relay it to B. B will not see that the message has been tampered with and
will assume A really intended it the way he got it. One could argue that active wire-tapping
is difficult. In general wire-tapping is only a matter of cost: tapping a telephone line is
obviously easier than tapping a coaxial cable or a micro-wave. Active wire-taps (modifying
and then relaying the messages) are also more difficult than passive wire-taps (listening in
on the messages).
Non-repudiation of origin
Data confidentiality
This aspect of data security certainly is the oldest and best known. The example of
Caesars cipher given in the introduction clearly demonstrates this. The fact that confidentiality
was considered to be much more important than authentication of both sender and data,
together with non-repudiation of origin can be explained as follows: the latter services have
been provided implicitly by the physical properties of the channel: a letter was written in a
recognizable handwriting, with a seal and a signature.
important in the medical world and also in the banking sector. World-wide there are several
million transactions each day and all of these have to be passed from one financial institution
NOTES
to another. If there were no way to protect confidentiality, everybody would be able to see
who had purchased what, who has made what kind of withdrawal, and so on.
Clearly this would violate individuals and companies rights to privacy. In order to
provide confidentiality, it is necessary to transform the message with a cipher.
Encryption primitives
This key is the only thing one needs to know in order to encipher or decipher. Thus
it is really important to manage one’s keys and keep them secret where necessary. .
Symmetric ciphers
Basically there are two kinds of encryption-schemes. The oldest ones and most
used until now are the symmetric ciphers. In these schemes, the key used to decipher the
cipher-text is equal to the one used to encipher the plaintext.
The best known cipher in this category is the Data Encryption Standard (DES)
NOTES that was adopted in 1977 by the American NBS (National Bureau of Standards) as FIPS
46. Since then it has been used all over the world and until now no major flaws have been
discovered.
Asymmetric ciphers
The asymmetric or public-key ciphers are the most recent cryptographic tools. In
contrary to the symmetric systems the key used to encipher and the one used to decipher
are different. Each partner thus has two keys. He keeps one key secret and makes the
other one public. If A wants to send a message to B, he just enciphers it with B’s public
key. Since B is the only one who has access to the secret key, B is the only one who can
decipher the message and read the contents.
The most popular public-key cipher is the RSA system (RSA stands for Rivest,
Shamir and Adleman, the names of the three inventors). The security of this scheme is
related to the mathematical problem of factorization: it is easy to generate two large primes
and to multiply them, but given a large number that is the product of two primes, it requires
a huge amount of computation to find the two prime factors.
The biggest drawback of the asymmetric systems up until now has been the relative
low performance compared to the symmetric ones.
In systems without a central trusted server, the number of keys can be reduced.
Indeed, suppose we have a network of n users each of whom wanting to communicate
with the others. Since each communication requires a secret key, the total number of keys
required equals n*(n-1)/2.
A one-way function is defined as a function f such that for every x in the domain of
f, f(x) is easy to compute; but for virtually all y in the range of f, it is computationally
infeasible to find an x such that y=f(x). In addition one requires that it is hard to find a
second pre-image: given an x and the corresponding value of f(x), it should be hard to find
an x’ different from x which has the same image under f.
One-way functions are used to protect passwords: one will store a one-way image
of the password in the computer rather than the password itself. One applies then the one-
way function to the input of the user and verifies whether the outcome agrees with the value
stored in the table.
A hash function is a function which maps an input of arbitrary length into a fixed
number of output bits. In order to be useful for cryptographic applications, a hash function
has to satisfy some additional requirements. One can distinguish two types of hash functions.
A MAC (Message Authentication Code) that uses a secret key, and an MDC (Manipulation
Detection Code) that works without a key. For a MAC one requires that it should be
impossible to compute the MAC without knowledge of the secret key. For an MDC one
requires that it is a one-way function, and - in most cases - that it is collision resistant,
which means that it should be hard to find two arguments hashing to the same result.
Hash functions can be used to protect the authenticity of large quantities of data
with a short secret key (MAC), or to protect the authenticity of a short string (MDC).
Sometimes an MDC is used in combination with encryption, which can yield protection of
both confidentiality and authenticity.
There are several schemes which have been proposed for use as hash functions.
The widely used construction for a MAC is the CBC mode of the DES (with an additional
output transformation), as specified in ISO-9797. Several MDC’s have been constructed
based on the DES. Other dedicated designs are SHA (Secure Hash Algorithm or FIPS
180), and RIPE-MD 160. These hash functions achieve a very high throughput (Mbit/s),
even in software implementations.
Digital signature
NOTES
Public-key techniques can also be used for other purposes than for enciphering
information. If Alice adds some redundancy to her message and transforms the result using
her secret key, anyone who knows Alice’s public key can verify that this message was sent
by Alice (by verifying the redundancy). In this way one can create a digital signature, which
is the equivalent of the hand-written signature on a document.
Since it is not physically connected to the signed data or the originator, it will
depend on this data and on the secret key of the originator. Several signature schemes
have been proposed. The RSA public-key cryptosystem is the only one which can be
used for both enciphering and digital signatures. Schemes which can only be used for
digital signature purposes are the DSA and the Fiat-Shamir scheme.
Hash functions can only be used in a situation where the parties mutually trust each
other: they cannot be used to resolve a dispute (unless one uses, in addition tamper resistant
hardware).
While a huge number of protocols have been developed, we will restrict this section
to two types of protocols: protocols for user authentication and protocols for key
management.
One of the main links in the cryptographic keychain is the key management protocol:
every cryptographic service will make use of cryptographic keying material, whose
confidentiality and/or integrity has to be protected. For the distribution of this keying material,
one can use a new cryptographic primitive, and ultimately, a physical channel.
In this way one builds a key hierarchy: secret keys for bulk encryption with a
symmetric cipher system will be encrypted using an asymmetric cipher system and signed
with a digital signature scheme. The public keys of the asymmetric cipher can be distributed
via an authentic channel which can be provided for example by combining conventional
mail with voice authentication. An alternative is to sign these public keys with a single
master key: now one only has to distribute a single master key via an authentic channel.
These signed public keys are called certificates. The central authority certifies that a certain
NOTES public key belongs to a particular user. The commonly used scheme nowadays in based on
the ITU-T X.509 recommendation.
Note that there also exist public-key protocols which result in the agreement of a
secret key between two parties, by exchanging public keys or parameters. A well known
example in this class is the Diffie-Hellman key agreement scheme. This protocol is different
from a key transport protocol, in which one party generates the secret key and enciphers
it with the public key of the other party. The key agreement protocols have the advantage
that they result in an increased security level.
SUMMARY
1) Applications
2) brokerage services, data or transaction management;
3 Benefits of EC: The global nature of the technology, low cost, opportunity to
reach hundreds of millions of people, interactive nature, variety of possibilities, and
resourcefulness and rapid growth of the supporting infrastructures (especially the
Web) result in many potential benefits to organizations, individuals, and society.
5 Data mining and techniques used in Data mining: Data mining, the extraction
of hidden predictive information from large databases, is a powerful new
technology with great potential to help companies focus on the most important
information in their data warehouses. The most commonly used techniques in data
mining are: Artificial neural networks, Decision trees, Genetic algorithms, nearest
neighbour method, and Rule induction:
6 Trends that Effect Data Mining: Five external trends which promise to have a
fundamental impact on data mining are Data Trends, Hardware Trends, Network
Trends, Scientific Computing Trends and Business Trends.
10 HTML: HTML stands for Hypertext Markup Language. HTML is a special kind
of text document that is used by Web browsers to present text and graphics.HTML
consists of standardized codes or ‘tags’ that are used to define the structure of
information on a web page.
1. What is eCommerce?
2. What so you understand by EDI?
3. Explain different types of EC?
4. Explain Electronic Commerce Application Services
5. List the advantages and disadvantages of EC:
NOTES
NOTES
UNIT II
BUSINESS APPLICATIONS IN
E-COMMERCE
Retailing is expected to change with the rapid development of new online sales
and distribution channels that literally can be used from anywhere, anytime-from work,
school, a hotel, car, or airplane. These developments should impact retailing as much as
the advent of strip malls, catalogue retailing, and TV-based home shopping.
Almost every retailer is re-evaluating every aspect of its operation from customer
service to advertising, merchandising to store design, and logistics to order fulfilment.
Furthermore, reacting to the pressure of retailers, suppliers are assessing technology based
solutions to drive down costs (labour, delivery, and production) and become more efficient
producers of goods. Online channels such as online services and the Web are also impacting
traditional retail business models. In the traditional model, the customer went to the store
and located the product. In the online model, the retailer seeks out the customer. The
success of catalog retailers demonstrates that a significant portion of consumers have
embraced the reverse model: the retailer going to the consumer.
However, retailers need to consider the following issues in developing a business model:
• Product/Content Issues: What kind of products are suited for online re-
tailing?
• Software Interface Issues: What kind of features will constitute an effective
interface? What features make it easy to find and select items for on-line
purchase?
• Malls
• generalized stores (e.g. department store)
• specialized stores
• franchise stores
It is useful to reflect that even in traditional retailing we have moved away from just
using a static physical outlet within which a customer can have direct contact with the
retailer. Thus, more recent forms of traditional retailing include
• direct mailing
• telemarketing
• door-to-door sales
• vending machines
E-retailing
customers and sellers. Thus, we see lastminute.com, which allows last minute purchases of
NOTES travel tickets, gift, and entertainment to be matched against last minute sellers of the same
items. Here, we see specialization not in a product line but in a class of purchasers and a
class of sellers. This kind of specialization would not have been possible before we had the
internet.
Examples of these e-malls are Yahoo! Store, GEO Shops, and CNET stores:
To the customer
The first of these is convenience. It is convenient for the customer as he does not
have to move from shop to shop physically in order to examine goods. He is able to sit in
front of a terminal and search the net and examine the information on goods. The second
aspect of convenience he gets is in terms of time. Normally, the traditional shop has an
opening time and a closing time and the customer can only visit the shop within these
periods. On the net, the customer can choose at any time to visit a site to examine the
goods that are available and actually carry out his purchasing at one’s own convenient
time. The third type of convenience that the customer gets is that he has access to a search
engine, which will actually locate the products that he describes’ and also the site where
they may be available, or perhaps even locate the sites where they may be available at the
best price
The second type of benefit to customers is better information. The Internet and
the World Wide web are essentially communication media that allow retailers to put on
quite extensive information related to their products, which is available to the customers.
The third type of benefit that the customer gets is competitive pricing. This is due
to two factors.
NOTES
• The first is lowered costs to the retailer because he does not have to maintain a
physical showroom, he does not have to hire several shop assistants, and these
savings can be passed on to customers in the form of reduced prices.
• Secondly, competitive pricing pressure that arises from the fact that the customer
is now able to look at prices at several sites. Therefore, the pressure is always
there on the retailer to maintain a competitive price for his products.
To the business
• The first of these is global reach. The retailer now is no longer restricted to
customers who are able to reach the store physically. They can be from
anywhere around the globe. The retailer must, of course, deliver the goods of
a purchase to the customer.
• The second benefit is better customer service. The use of email and the use
of electronic interchange of messages between the customer and the retailer
allow better communication between the customer and the retailer. These
allow one to easily inquiries and deal with complaints. These also allow a
much more rapid response time than was possible in the days of faxes and
postal mail.
• The third benefit is the lowered capital cost to the retailer. The retailer
does not have to maintain showrooms; he can probably have lower inventories.
Thus, while Amazon.com lists over a few million titles, it keeps an inventory of
a few thousand best selling titles only. Therefore, the retailer has lower
warehousing costs. He does not have to have many shop assistants who are
physically answering questions and. Showing the customer goods.
• The next advantage is targeted marketing. The retailer is now able to pick
NOTES on a specific targeted group of customers and direct marketing towards these
customers. The retailer is also able to provide more value-added services
in the way of better information, add-on services to basic services, or add-on
options to products that he is selling.
• The last advantage to the retailer consists of different new forms of
specialized stores that he is now able to utilize.
• Specialized e-store
• Generalized e-store
• E-mall
• Direct selling by the manufacturer
• Supplementary distribution channel
• E-broker
• E-services
Specialized e-stores
The first class of model what we mention in e-retailing was the specialized e-store
and here you can distinguish between two different kinds of specialization: the more traditional
specialization along product lines and specialization by function. When you have specialization
by product line, essentially you have a store that decides to pick one particular product
line, say books, flowers, CDs, clothes, and sells only this particular product line. It may
also choose to position itself in a particular part of the product line, e.g. clothes; it could
choose to position itself at the very expensive end of the market selling brand names _
Gucci and Armani. Alternatively it could do more mass marketing by selling non - brand
names at a much lower price, or it could go into discount selling. So, you can have a
specialization by product line, and then you could have specialization - positioning within
that product line to cater for a particular part of the marker.
minute shoppers who want to purchase these items at a very short notice. Generally, when
one purchases an item at a very short notice (e.g. travel), he often pays a premium, which
NOTES
is an extra amount for the convenience of booking the travel at the last minute. Now, this
means that the air ticket is likely to cost much more than if he had purchased it some time
before traveling and made use of different discounts or promotions. The producers of the
web site lastminute.com realized that there are groups of customers who make these
purchases at the last minute and feel some degree of angst at having to pay the premium for
doing this shopping at the last minute. On the other hand, you will find that you may have
sellers, e.g. airline companies, that have empty seats at the last minute which they are
unable to fill. So, what lastminute.com does is bring together travelers who want to book
at the last minute and an airline which has got spare capacity at the last minute, and allow
the former to buy from the latter at the last minute. In this situation, the purchaser may get
his airline ticket at a reduced price.
So, there is a win-win situation for both the purchaser and the seller. This is a
unique kind of specialization. It is very difficult to do this unless one utilizes the internet to
carry out this kind of specialization.
Generalized e-stores
E-malls
However, unlike the generalized e-store which is under a single unified management,
in an e-mall, each store is under its own management. E-mall management is responsible
only for creating the cyber sites that can be rented and can support services and marketing
of the mall. It, thus, provides a web hosting service. Several e-malls also provide software
tools, which can be utilized by a prospective e-store to create and maintain it_ e-store.
The advantage for an e-store is that it is grouped together with other stores in a well-
known e-mall site and, therefore, is likely to pick up visitors to the mall.
99 ANNA UNIVERSITY CHENNAI
DBA 1727
A note of caution is important here. By and large, this approach can be used by
manufacturers of well-known brands of products because the customer already knows
the pro-duct. Secondly, the manufacturer must have a thorough understanding of customer
preferences, otherwise he has to rely on the customer knowledge of a retailer.
Brokers or intermediaries
Thus, brokers provide comparison shopping, order taking and fulfilment, and
services to a customer. That is the reason why they are sometimes referred to as electronic
intermediaries.
There are several different models for electronic brokers and these include:
1. The provision of an on-line catalogue, which allows one to browse through different
categories of goods. Thus, it is dynamic and linked with order process.
2. The provision of a search engine, which is a very important feature that does not
exist in traditional retailing.
3. The provision of a shopping cart, which allows convenient goods selection. An ability
to provide an automatic price update.
4. Personalization of store layouts, promotions, deals, and marketing.
5. The ability to distribute digital goods directly. Thus, these goods can be downloaded
instantly.
6. An on-line customer salesperson, “who” can help customers to navigate through the
site.
7. An order status checking facility, which is a useful feature before submission.
8. The use of Forums (collaborative purchasing circles) to create a customer community
and thus increase “stickiness.”
The 1980s was a period of overexpansion and turmoil for retailers. By the end of
the decade, complaints about excessive retail space were being voiced. Profits were declining
and control of operating expenses became a paramount management objective. Retailers
reduced staff and minimized merchandising in order to enhance profits. Sales growth and
market share development were given second priority behind profit enhancement. In the
1990s, companies are under pressure to grow and produce profit. An important
measurement of profit gains is gross margin per square foot. For many retailers, these
numbers is either growing slowly or declining, partially reflecting a less favorable product
mix and more competition. Inadequate productivity, both per worker and per unit of space,
is also reducing profit margins. Overbuilding also resulted in a growing shortage of low-
cost, entry-level workers for the retail industry. The shortage of entry -level workers
means that retailers are using under trained workers who are less able to empathize with
shopper needs-leading to a perception that retailers in general and shopping centres in
particular are unable or unwilling to provide quality service.
Clearly, with crowded domestic markets and competition constantly grinding away at
operating profit, new ways of retailing are being explored by forward-thinking companies
such as Wal-Mart.
Demographic Changes
Shopping patterns are beginning to change with the increase of time -strapped,
two-career couples and the aging of America. Value and time management are the consumer
concerns driving interest in online retailing. Recent retail data shows a decline in the amount
of time Americans are spending in shopping malls [EDR95]. The suggested reasons vary:
time constraints, safety concerns, and growing frustration with the lack of courteous service
and insufficient product information. Understanding the implications of time constraints on
consumer shopping behavior is important as they portend the trends to come. For instance,
Americans have openly embraced shopping channels like QVC and Home Shopping
Network and retailers like CUC International.
Today’s time-strapped shoppers have less time and want better values, fewer hassles, and
more options. Today, a shopping trip requires a consumer to decide what he or she or the
NOTES
family needs, brave the traffic on the way to a store, hunt for parking, find and select items
for purchase, take them to a checkout, wait in line, pay for the items, sometimes bag them,
and carry them back home. It can be a hassle and a lot of work, so most working
professionals have learned to dread shopping trips. As technology improves, it may not be
long before driving to the store gives way to online shopping with home delivery as provided
by Peapod.
In contrast, there is a growing segment of the population for whom time constraints
are less of a problem. The demographic outlook in the United States is for an increasing
share of older shoppers (age 50 and above) who prefer shopping at stores rather than
online. However, the product mix offered by many department stores and malls is increasingly
out of touch with the aging population and does not reflect the shift in purchasing power.
Also, with the aging of the population, there is evidence to indicate a shift in consumer
interest away from material goods and toward experiences, such as travel and recreation.
In addition, as people get older, they tend to become more frugal.
Retailers will need to concentrate on value by offering new product mixes. By this
we mean a product mix that includes not only merchandise but also bundles in entertainment
and “recreational” shopping with movie theatres, restaurants, bookstores, libraries, and
community meeting facilities. This sort of change is already occurring in bookstore design
(such as Borders Bookstores and Barnes and Noble), which include a variety of facilities
such as coffee shops. However, building shopping malls based on these new business
models is a risky venture and requires huge investments.
Consumer Behavior
Consumer behavior is more volatile than ever before, and companies need new
ways of responding to consumer needs and satisfying demand. According to one survey,
the typical consumer spent only four hours a month in a shopping mall in 1990 versus ten
hours in 1985, and sales per square foot dropped. Specialty retailing-power centres, discount
malls, discount stores, and catalogue shopping-has become one solution for closely
monitoring consumer trends and reacting to them quickly. All of these alter-natives have
one thing in common: they provide consumers with a very large selection of producers
priced with deep discounts.
Consumers are no longer as influenced by brand names as they used to be. The
NOTES emergence of the value shopper is changing retailing. Today, the shopper is less willing to
pay the premium for the brand name and much more attentive to quality and value. The
decline in gross margins is the first evidence of the impact of that change, reflecting lower
initial mark-ups and more discriminating shoppers in that segment clearly, retailers that are
focused on providing value-the best price, service, and selection-regardless of the brand
name will be successful. The real differentiating characteristic for retailers will be in their
ability to define what the broad or niche consumer segment is looking for, identifying
characteristics of customers in each target segment, and learning how to bundle products
and package brands so that they become the preferred choice for
online customers
Today, electronic retailing is still far from being a competitive threat to more
traditional store retailing (see Table), but it is becoming increasingly attractive as technology
and applications improve, and retailers gain experience.
Three dominant forms of electronic retailing channels are: television re-tailing, CD-
ROM retailing, and online service based retailing, in which we include Web-based retailing.
NOTES
Now we can discuss about the most prominent one: the television retailing.
Television Retailing:
Television retailing grossed an estimated Rs. 3.2 billion in 1994. One of the pioneers
in this area is Home Shopping Network, Inc. (HSN), which began broadcasting electronic
retailing to a small, local audience in 1982. Three years later they took this still unproven
idea national- and made it work. Today, HSN is a television-based retail, entertainment
company, and online retailer (owns Internet Shopping Network), with coast-to-coast
customers and annual sales of $1 + billion.
The breadth and reach of TV retailing are amazing. In. 1994, HSN reached 65.8
million television households throughout the United States. These households received the
signals via cable, broadcast, and satellite dish, twenty-four hours a day, seven days a
week. Unlike online audiences, which tend to be predominantly affluent and well educated
(net annual in-come is estimated at Rs. 60,000 - Rs. 80,000), the target audience for
television re-tailing is moderate income households and mostly women.
How does it work? The TV retail marketing and programming are divided into
segments that are televised live, with a show host who presents the merchandise and
conveys information relating to the product, including price, quality, features, and benefits.
Show hosts engage callers in on-air discussions regarding the currently featured product
or the caller’s previous experience with the company’s products. Viewers place orders for
products by calling a toll-free telephone number. Generally, merchandise is delivered to
customers within seven to ten business days of placing an order. The purchased item may
be returned within thirty days for a full refund of the purchase price, including the original
shipping and handling charges.
The success of television shopping is the result of the effective utilization of electronic
media for capturing the power and influence of celebrity and the magic of showmanship,
and bringing them to bear on a sale. In its annual report, the Home Shopping Network
states that a celebrity can de-but a line of jewelry on HSN and sell more than Rs. 2 million
in a single weekend. Of course, there’s another advantage to television retailing. When
customer interest, which is monitored by the number of calls being received, begins to
wane, the retailer knows it instantly and can simply move on to the next product. More
NOTES recently, infomercials have become a crucial retailing topic. The infomercial has become a
new and interesting way to retail specialty products. Modem filming techniques and ingenuity
make it possible to create high-quality, cost-efficient, and entertaining documentaries that
sell.
This Coincides with the television viewing public’s appetite for information.
Infomercials are an especially logical medium since retailers have the opportunity to
economically test and evaluate a product through mass channels such as television retailing
before committing major capital resources to infomercial production.
Peapod, CUC International, and Virtual Vineyards help to explain the intricacies
of online retailing.
Peapod, based in Evanston, Illinois, is using the online medium for food retailing
services. Founded in 1989 by two brothers, Peapod (http://www.peapod.com/) is a
member of an online grocery / drug-store shopping and delivery service that already has
thousands of customers in the Chicago, San Francisco, and Boston areas.
NOTES
Peapod was founded on the idea that people do not want to go to the grocery
store. Peapod has an online database of over 25,000 grocery and drugstore items, and
allows comparison shopping based on price, nutritional content, fat, or calories. Other
features include electronic coupons, retailer preferred customer discounts, and other benefits
like recipes, tips, and information. Peapod membership also allows users to use the shopping
and home delivery service. Peapod has a staff of professional shoppers, produce specialists,
and delivery people who fulfil the order.
Peapod provides customers with home shopping ser-vices via Pc. Customers
need to buy a software application that enables them to access Peapod’s database through
an online computer service. Peapod initially had a DOS-based system with graphics. They
introduced a new version of the software in 1995-a Windows platform in which product
pictures are available. Using the PC, a consumer can access all of the items in a grocery
store and drug store. Peapod customers create their own grocery aisles in their own virtual
store. Customers can request a list of items by category (cereals), by item (Frosted Flakes),
by brand (Kellogg’s), or even by what is on sale in the store on a given day. Within categories,
they can choose to have the items arranged alphabetically by brand or sorted by lowest
cost per ounce, package size, unit price, or nutritional value. Customers also can cre-ate
repeated use shopping lists (baby items, barbecue needs, and the like). Peapod’s back
office is linked with the mainframe databases of the super-markets at which it shops for its
customers (Jewel in Chicago and Safeway in San Francisco), allowing it to provide the
supermarkets’ stock keeping units and shelf prices electronically to its customers. Once
consumers have made a selection, they can then give specific shopping instructions, such
as “substitute with same calories,” or red grapes only.” They can click on the “Comment”
button and type in any extra information they would like the Peapod shopper to know. At
any time during the order, a consumer can subtotal the amount purchased, or access the
“Help” screen for immediate assistance. Online ordering is simple: users double-click on
the Peapod icon and then enter their user IDs and passwords. On verification, users get
access to a whole grocery store and drug store of items. Before the actual purchase of an
item, users can view images of it and the nutritional content as well. The system allows
users to sort items by various criteria like price, price/ unit, total calories, fat, protein,
carbohydrates, and cholesterol. With these features, Pea pod aims to target the health and
NOTES fitness conscious consumer who chooses foods tailored to specific dietary needs. There
are also search features to help locate a particular item. A “Find Item” option at the top of
the screen lets users search either by brand name or product type. When users have
finished shopping, they click on “Done” and the order is electronically routed to Peapod.
During the transaction closing process, users need to choose a delivery time within a 90-
minute slot. Pinpoint delivery within a 3Dminute window) can be selected for a small
additional charge. Payment can be made by check, charge, or Peapod Electronic Payment.
Eighty-five to ninety percent of Peapod’s orders come in via computer; the rest
are faxed or phoned. Peapod orders are taken centrally, and then faxed to the stores. The
store gets a printout with the order, the delivery ad-dress, and instructions for getting there.
Each order is filled by a Peapod employee, who shops the aisles of the store. The employee
pays for the groceries, often at special Peapod counters in the back of the store. The
order is then taken to a holding area in the supermarket, where the appropriate items are
kept cold or frozen until the deliverer picks up a set of orders and takes them to the
customers within their 90-minute pre-selected windows. At each stage-ordering, shopping,
holding, and delivery-the processes are tailored to provide personalized service at a relatively
low cost.
Peapod members are charged actual shelf prices, plus a monthly service fee, a
per-order charge of Rs. 5.00 plus 5 percent of the order amount. Customers are willing to
pay these extra charges for convenience and because Peapod provides a lower cost shopping
experience for the consumer. Consumers save money-despite the extra overhead-because
they use more coupons, do better comparison shopping, and buy fewer impulse items than
they would if they shopped at a real supermarket. Reducing impulse purchases is important
when you consider that 80 percent of the items purchased in a grocery store are impulse
items-non-planned purchases. In addition, consumers save time and have more control
because they can shop from home or work whenever they want.
Traditional retailers make money from the suppliers. They provide access to
customers and make their money by buying on deals, volume discounts, and getting coop
advertising. Peapod makes all of its money on the customers it serves, it is a mass customizer.
It creates the supply chain after identifying a specific demand from a specific customer, and
it feeds off the existing infrastructure to do it.
Is Peapod a competitor to the retail grocer? Not really. Peapod’s strategy has
been to partner with the retailer rather than compete directly. A lot of credibility comes
with the name of the retailer in its individual market. Peapod can help grocers expand into
places that might not otherwise be practical from a capital investment standpoint. However,
it is quite possible that in the future Peapod may be tempted to compete with grocers by
emulating certain aspects of their warehousing. Why? As these new retail formats emerge
, and once Peapod gains enough customers, Peapod will be tempted to say it is costing a
lot to go to the store and pick up product off the shelf. To avoid the overhead , Peapod
could have its own warehouse. As soon as the Peapod does that it is likely to fall into the
same traps as the retailers, such as having an overflow warehouse when something is
available on a deal or buying products before there is actual need.
A Process
The goal of marketing is to build and create lasting customer relationships. Hence,
the focal point shifts from finding customers to nurturing a sufficient number of committed,
loyal customers. Successful marketing programs move target customers through three stages
of relationship building: awareness, exploration, and commitment. It is important to stress
that the goal of Internet marketing is not simply building relationships with online customers.
Rather, the goal is to build offline (as relevant) as well as online relationships. The Internet
marketing program may well be part of a broader campaign to satisfy customers who use
both online and offline services.
Online
NOTES
By definition, Internet marketing deals with levers that are available in the world of
the Internet. However, as noted above, the success of an Internet marketing program
‘may rest with traditional, offline marketing vehicles. Consider, for example, the recruiting
and job-seeking service Monster.com. Monster’s success can be tied directly to the
effectiveness of its television advertising and, in particular, its widely successful of the past
two years.
Exchange
At the core of both online and offline marketing programs is the concept of exchange.
In both the online and offline worlds, exchange is still the heart of marketing. In the new
economy, firms must be very sensitive to cross-channel exchanges. That is, an online
marketing program must be evaluated according to its overall exchange impact-not just
the online exchange impact. Hence, online marketing may produce exchanges in retail
stores. Firms must be increasingly sensitive to these cross channel effects if they are to
measure the independent effects of online and offline marketing programs.
One of the authors of this book is a loyal user of the website weather.com. Each
day he arises and checks the weather in his city as well as the weather in cities he will be
traveling to during the week. He is clearly satisfied with and loyal to the site. To the extent
that weather.com can monetize this loyalty-most likely, in the form of advertising revenue-
both parties will be satisfied. However, if the firm is unable to meet its financial obligations
to employees, suppliers, or shareholders, then the exchange is unbalanced. Customers are
still happy, but the firm is unable to sustain its revenue model. Both parties must be satisfied
for exchange to continue.
Marketing is a Process
Strong marketing programs do not involve one action, such as the design of a
great product. Rather, the most successful marketing programs involve mixing the
ingredients of marketing to deliver value to customers. This mixing entails blending the right
amounts of the 4P ingredients, at the right time, and in the right sequence. Too often,
marketing programs fail because they allocate too many (or too few) resources in an
uncoordinated way. How often have you witnessed the hot Christmas toy advertised-but
not found it on the shelf? In the Internet environment, this translates into significant problems
with order fulfilment at the most pressing times of the year.
It is about Exchange
Marketing is not successful unless two parties exchange something of value. The
buyer may exchange time, money, or services, while the seller must exchange something of
value to the buyer. The traditional retail context provides the simplest illustration of this
principle. A given consumer exchanges money for a particular good or service. However,
exchange also occurs in a wide variety of contexts, many of which are non monetary.
These include bartering, volunteering services, and political donations.
With the emergence of the Internet and its associated technology-enabled, screen-
to-face interfaces (e.g., mobile phones, interactive television), a new era of marketing has
emerged. Well-respected academics and practitioners have called for new rules and urged
debate about fundamental tenets of marketing, including segmentation, mass marketing,
and regionalized programs.) At the ‘other extreme, pundits and academics alike have argued
that both the basic building blocks of marketing strategy and the pathways to competitive
advantage have remained the same The approach taken in the current volume falls between
these polar views. That is, new levers have been added to the marketing mix, segments
have been narrowed to finer gradations, consumer expectations about convenience have
forever been altered, and competitive responses happen in real time. In short, these are
new, exciting changes that have a profound impact on the practice of marketing. At the
same time, some of the fundamentals of business strategy-seeking competitive advantage
based on superior value, building unique resources, and positioning in the minds of customers-
have remained the same.
The intent of this text is to provide a clear indication of what has changed and what
has not changed. At the same time, the text would not be complete (and indeed might be
actionable from the standpoint of business practice!) if it did not propose a broader
The given figure provides an overview of the seven stages of Internet marketing.
The seven stages are these: setting corporate and business-unit strategy, framing the market
NOTES
opportunity, formulating the marketing strategy, designing the customer experience, designing
the marketing program, crafting the customer interface, and evaluating the results of the
marketing program.
Stage two entails the analysis of market opportunities and an initial first pass of the
business concept-that is, collecting sufficient online and offline data to establish the burden
of proof of opportunity assessment. Let’s say, for example, that you are running a major
dot-com business such as Amazon. The senior management team is continually confronted
with go/no-go decisions about whether to add a new business unit or develop a new
product line within an existing business unit. What mechanism do they put in place to
evaluate these opportunities? In this second part of the Internet-marketing process, a simple
six-step methodology helps evaluate the attractiveness of the opportunity The six steps
include: seeding the opportunity, specifying unmet or underserved customer needs, identifying
the target segment, declaring the company’s resource-based opportunity for advantage,
assessing opportunity attractiveness, and making the final go/no-go decision. The final go/
no-go choice is often a corporate or business-unit decision. However, it is very important
to stress that marketing plays a critical role in this market-opportunity assessment phase.
In order for the firm to make an informed choice about the opportunity, the
management team needs to obtain a sufficient picture of the marketplace and a clear
articulation of the customer experience that is at the core of the opportunity. Thus, during
NOTES the market-opportunity assessment phase, the firm also needs to collect sufficient market
research data.
Stage Three: Formulating the Marketing Strategy
Internet marketing strategy is based upon corporate, business unit, and overall
marketing strategies of the firm. This set of linkages is shown in figure . The marketing
strategy goals, resources, and sequencing of actions must be tightly aligned with the business-
unit strategy. Finally, the overall marketing strategy comprises both offline and online
marketing activities.
Firms must understand the type of customer experience that needs to be delivered
to meet the market opportunity. The experience should correlate with the firm’s positioning
and marketing strategy. Thus, the design of the customer experience constitutes a bridge
between the high-level marketing strategy (step three) and the marketing program tactics
(step five).
A relationship can be defined as a bond or connection between the firm and its
customers. This bond can originate from cognitive or emotional sources. The connection
may manifest itself in a deep, intense commitment to the brand (e.g., the Harley-Davidson
HOG club-member) or a simple, functional based commitment (e.g., regular use of
weather.com). Whether defined as a function or an organization-wide culture, marketing is
responsible for acquiring and retaining target customers. In this process, successful marketers
manage to move desirable customers from awareness through exploration and, finally,
commitment. Once customers reach commitment, the firm is in
Awareness
with the firm. However, as one can imagine, awareness without action is not in the best
NOTES interests of the firm.
Exploration
In the exploration stage, the customer (and firm) begin to initiate communications
and actions that enable an evaluation of whether or not to pursue the four key stages of
customer relationship.
This stage is also likely to include some trial on the part of the customer. Exploration
is analogous to sampling songs, going on a first date, or test- driving a car. In the online
world, exploration may take the form of frequent site visits, some e-commerce retail
exchanges, and possibly even the return of merchandise. It may include phone call follow-
ups on delivery times or e-mails about product inventory. The exploration stage may take
only a few visits or perhaps years to unfold.
Commitment
Dissolution
Not all customers are equally valuable to the firm. In an industrial- marketing context,
managers often refer to the 80/20 rule of profitability. That is, 20 percent of customers
provide 80 percent of the profit. By implication, therefore, a large number of customers
are unprofitable or have high cost to serve. Firms should segment their most valuable and
less valuable customers. The most valuable customers may be identified based on profit,
revenue, and/or strategic significance (e.g., a large well-regarded customer may not be
profitable but opens the door to new accounts). The firm does not want this set of customers
to terminate the relationship. Unprofitable, non strategic customers are a different matter.
Often it is in the best interests of the firm to terminate the relationship or encourage this set
of customers to disengage with the firm. The four stages vary by the ‘intensity of the
NOTES
connection between the firm and the customer Intensity of connection may be defined as
the degree or amount of connection that unfolds between the firm and its target customers.
Three dimensions capture intensity:
1. The frequency of the connection. (How often does the customer visit the site?)
2. The scope of the connection. (How many different points of contact does the customer
have with the firm?)
3. The depth of contact. (How thoroughly is the customer using the site?)
A customer might visit a website such as Amazon on a regular basis, but only to
purchase books. This visitor would have a high level of frequent contact but a low level of
scope. Another customer might visit Amazon frequently but not stay on the site for a long
duration or engage in deeper connections such as writing reviews, commenting on products,
or communicating with other Amazon users. This customer would have high frequency but
low depth. In all cases, relationship intensity is correlated with the stage of the relationship.
The Internet has shifted the locus of the exchange from the marketplace (i.e.,
face—to-face interaction) to the market space (i.e., screen-tb-face interaction). The key
difference is that the nature of the exchange relationship is now mediated by a technology
interface. This interface can be a desktop PC, sub-notebook, personal digital assistant,
mobile phone, wireless applications protocol (WAP) device, or other Internet enabled
appliance. As this shift from people-mediated to technology -mediated interfaces unfolds,
it is important to consider the types of interface design considerations that confront the
senior management team. What is the look-and— feel, or context, of the site? Should the
site include commerce activities? How important are communities in the business model?
This last stage involves the evaluation of the overall Internet marketing program.
This includes a balanced focus on both customer and financial metrics.
This application has the capability to qualify prospects, track contact or the “moments
of truth and refer them to sales persons when appropriate. By implementing a cross-sell
strategy, complete with the applications necessary to track customer contacts, triggers can
be established to identify prospects for additional sales. For example, in a bank an event
would be a large deposit, which would then trigger a sales person to call the customer and
ask if she or he would be interested in investment options. Cross-sell and up-sell application
may be used to schedule sales calls, keep detailed records of sales activities, and check on
the status of the customer orders.
Customer support provides customer care and other services. The applications
include support for service request management, account management, contact and activity
management, customer surveys, return material authorizations, and detailed service
agreements. These discrete applications work together to ensure that customer service
representatives can quickly assign, create and manage service requests, as well as look up
detailed information about customer service contracts, contacts and activities.
Customer support capabilities are used to manage customers who are having
problems with a product or service and to resolve those problems. Help-desk software
automates the management and resolution of support calls and improves efficiency and
effectiveness. These applications typically include capabilities to verify customer status
(e.g., what level of support they are entitled to) track specific tasks needed to resolve
problems across multiple workgroups, monitor service-level agreements, maintain permanent
incident histories, and capture support costs for charge backs. Armed with this complete
customer and product information, service professional can resolve customer issues efficiently
and effectively.
There is nothing like the hands-on approach to in they with of the customers about
the company your company. Field service is the hands on extension of external customer
support, activated when a problem can be solved over the phone and requires sending a
repair person to the customer site to perform maintenance or repair. Field service and
dispatch applications have become mission critical tools that affect a company’s ability to
deliver effective customer service and contain costs. The field service application provides
the organization with features for scheduling and dispatching repair personnel, managing
inventory and logistics, and handling contracts and accounting.
Retention Management
distinctions. The ability to effectively segment customers depends on the decision support
NOTES technology, which most executives see as a powerful enabler of Customer Relation
Management.
The internet is changing the balance of power between business and the customer.
Before online shopping, companies could be reasonably certain that buying almost anything
was not easy, so once a customer found a supplier they were comfortable with they tended
to stick with them, at least until something went wrong.
But with the advent of e-commerce, customers can check out the options anywhere,
and then buy from anyone. Customers can use comparison sites or shopping agents, or
“bots” as they are known, to search the web for a bundle of products and report back on
which supplier is offering them the cheapest. As a general rule, whatever sells in print in a
catalogue will also sell on the internet.
There are several major advantages to developing an e-commerce sales strategy:
Efficiency: Electronic purchase orders and sales orders are more economical to
place, track and manage.
Convenience: Buying and selling can go on 24 hours a day, 7 days a week, 365
days a year from any location.
Speed: It takes far less time to complete the entire buy/sell process, thus speeding
payment.
Accuracy: Virtually eliminates processing errors. Buying and selling firms have the
same views of the transactions, which make online commerce more precise.
Global Reach: Gives businesses an instant global reach to find supplies anywhere
in the world, in any time or currency zone.
Low Cost Entry: Before the web, selling direct to consumers could be expensive.
Setting up a retail outlet or printing a glossy catalogue could cost hundreds of thousands of
NOTES
pounds. On the web, you can sell direct to consumers worldwide for a hundred pounds a
month.
Up-to-date Status and Alerts: Generates instant pager, fax and e-mail notification
to identify potential problems, enabling problem avoidance or swifter solutions. Also provides
order histories.
Marketers have always been in the business of anticipating and managing change,
and technology has been their principle tool for managing it. The Internet presents an
adaptive challenge for the marketing executive. Today’s Internet marketing exec-utive must
have all the traditional skills of the offline marketing professional, but must place extra
emphasis on some of them to account for the new economy. These critical new skills
include customer advocacy and insight, integration, balanced thinking, and a willingness to
accept risk and ambiguity.
Integration
NOTES
The Internet represents both a new channel and a new communications medium.
The new-economy marketing professional needs to have an integrated or’ holistic view of
the customer and the enterprise in order to create a uniquely advantaged strategic plan. In
today’s multi channel environment, a consistent message and experience must be maintained
across customer touch points in order to create a consistent brand image. Beyond strategy,
a marketing manager must fundamentally understand how to integrate these new tools into
the overall marketing mix. Managers who are able to hone their marketing plan in a highly
integrated fashion are more likely to capitalize on the synergies between marketing elements
and thus drive greater effectiveness.
Balanced Thinking
Although very hard to objectively assess, passion, or fire in the belly, is what will
differentiate leaders from followers in the new economy. Trying to change the status quo is
never easy and only people with conviction and passion will be heard over the din of the
inevitable naysayer. Successful marketing managers use this passion to fuel their
entrepreneurial instincts and vision, creating “bleeding edge” tools as they lead their teams
to success.
Internet has enabled customers to have much more information and many more choices
than ever before, thus shifting the balance of power toward the customer and creating the
NOTES
need for a whole new set of “pull” -based marketing tools. Successful Internet professionals
need to rely on a whole new set of marketing tools that work in an extraordinarily dynamic
environment. Having the courage to try new things is the key to developing break-through
Internet marketing. The risk and ambiguity of managing in such uncharted territory is
tremendous, and the most successful Internet marketers will be willing to play at the edges.
Today’s online marketing professionals must have the basic skill set of the offline
marketing professional. But they must also react more quickly and manage more information
and channels in order to stay one step ahead of the competition. The skill set has not
changed tremendously, but-the tools need to be applied with more vigor and sometimes
with greater speed. Successful Internet marketers will build their business models and
value propositions around a deep understanding of customer needs-not around the product.
2.3.1 E-Services
The delivery of services via the internet to consumers or other businesses can be
referred to by the generic term of e-services. There is a wide range of e-services currently
offered through the internet and these include banking, loans, stock trading, jobs and career
sites, travel, education, consultancy advice, insurance, real estate, broker services, on-line
publishing, and on-line delivery of media content such as videos, computer games, etc.
This list is by no means exhaustive and it is growing all the time. In this lecture, we will give
an overview of eservices.
In order to bring some order to the discuss of these wide variety of e-services, we
organize them into the following categories, namely
In some cases, this may bring a new dimension to the original service, enhancing
and altering it. E-education is an example of this. It may also bring into the catchments
new groups of consumers of the service to whom it might not have been previously
accessible.
The advantage of this kind of matchmaking through the internet is that the ability to
search electronically over a wider area to satisfy the customer need and to more precisely
meet the customer need is greatly facilitated by both computerization and communication
over the internet.
• consultancy advice
• specialized financial or other information
5. Specialized services such as auctions. Many different auction sites have appeared
and these are discussed further in this lecture. It is not possible to discuss all the
different eservices in this lecture and so we will briefly sample only a few examples
for each category.
E-banking
Security First Network Bank (SFNB; www.sfnb.com/)was the first internet bank. It
provides most of the banking services on the web. Therefore, you can do your banking
with your fingers instead of your feet. Looking at e-banking, we can distinguish between
twp distinct models:
While not all banks offer the full range of services on the internet, banks in both the
mentioned groups offer a varied range of services including
1. personal banking
2. commercial banking for both small businesses and large corporations
3. financial services
4. loan application services
5. international trade including settlement instruments, foreign exchange transactions,
etc.
There are significant advantages for both the individual or corporation as well as
NOTES the bank in using e-banking. An individual doing personal banking on the internet can,
amongst other things, pay bills, do account transfers, make queries on account balances,
obtain statements, in some cases view images of checks, etc., and import transactions
directly into home account management software. Furthermore, one can make such
transactions 24 hours a day from any place with internet access around the world.
3. the internet trader has to confirm this trade or cancel it Several companies allow one
to create a simulated portfolio, which one watches over time without actually buying
NOTES
or selling the stocks in reality. An example of this can be found on the Smart Money
site (www.smartmoney.com).
E-education
A number of e-universities are being spawned around the world. Again, three
models can be seen:
name. There are a variety of issues that need to be explored carefully when preparing
NOTES to deliver educational material on the internet and these include the following:
1. Does one use a distance learning model where the student uses a PULL model
to acquire the material?
2. Does one use a traditional lecture model using video streaming? This is a
PUSH model whereby a teacher “pushes” the materials to the students.
The use of the ‘internet for education opens up many possibilities, namely use of
quizzes, tests to provide the student with instant feedback on his/her mastery of the materials,
use of graphics and animation to explain concepts, particularly those that have a dynamic
character to them. It is anticipated that the internet will not only lead to cyber universities of
one kind or another but will also have a marked effect on teaching and learning in traditional
universities. One among some of the innovations that are being explored is the joint teaching
by two universities on different continents in order to enhance the learning experience.
This has perhaps been the area in which there has been the greatest growth in e-
services. Essentially, in most of these applications, the customer who could be an individual
or business specifies his requirements in relation to the service.
The e-commerce site then does a search over its own databases or over the internet
using mobile agents, or over other databases or web sites to look for one or more matches
to these requirements. The information is then returned to the e-service provider site to
give the customer the required service.
Travel Services
Before the internet, one might have gone along to a travel agent in order to book
one’s travel requirements such as air tickets, train tickets, car hire, hotel, tours, etc. The
travel agent would try his best to meet these requirements by providing information regarding
schedules, pricing, promotions, as well as suggestions on changes to de itinerary. These
bookings could be for individuals or corporations involving corporate rates, etc. A large
number of e-commerce sites have appeared, which address this precise market segment.
These include trip.com travelweb.com, and priceline.com. These web sites work in exactly
the same way. When a customer provides requirements, these sites do a search of their
own databases or send agents our _ explore other web sites and respond to the consumer.
NOTES
Amongst the requirement that the customer could specify is an acceptable price. A number
of sites, such as priceline.com, require that provided the price specified is met, the customer
cannot refuse the offer found. These ecommerce sites are beginning to grab an increasing
part of the travel market. They are attractive to consumers because of the convenience,
the ability to meet requirements such as specified prices, and in some cases like
lastminute.com, a special customer need (i.e” booking at the last minute). These travel
sites often also have a lot of information on promotions, suggestions, etc., which are useful
for customers. These ecommerce sites are having a strong “disintermediation” effect.
Disintermediation refers to the removal of intermediaries such as travel agents from the
process involved in the purchase of the service. A recent increasing trend has also seen the
primary provider of a service such as an airline introducing internet based booking at
reduced prices, further emphasizing the disintermediation effect.
1. sites where you can get advice on developing your resumes and can post your
resumes on the web
2. recruiters who use the web site to post available jobs, such as Hot jobs
(www.hotjobs.com) or Jobdirect
3. employers who list available jobs on the web sites
a. matchmaking facilities that search the internet for jobs for jobseekers based
on a specification, such as www.monster.com
b. matchmaking facilities to search the internet for resumes that best fit a job
description given by a prospective employer use of agents to do the search
These approaches of using the internet for e-employment or ejobs avoid many
of the costs and difficulties associated with traditional approaches to
advertising, such as high cost, limited duration, and minimal information.
Others
E-Entertainment
Increasingly help to reduce operating costs and still provide adequate customer
service. Innovation and technology are becoming the key differentiators in the financial
services business. Advance in networking, processing, and decision analytics have allowed
institutions to lower service costs. Technology has also accelerated the pace of product
innovation. For example, sophisticated arbitrage instruments like derivatives are changing
the nature of investment banking. The Securities and Exchange Commission’s decision to
allow Spring Street Brewery to trade its stock online may also fundamentally change
investment banking by disinter mediating the traditional role of underwriting.
Technology is enabling the development of new products and services. For example,
technology is capable of replacing or expediting tedious financial exercises like check
writing, filing taxes, and transferring funds. Although large businesses have automated these
tasks, many small businesses and most households still do them manually. This is not
surprising; large businesses have been undergoing computerization for more than thirty
years, whereas PCs have been entering households in significant numbers only in the last
few years. Technology is changing the interaction between banks and consumers.
In recent years, there has been a major change in the way banks strive for increased
profitability. In the past, the banking industry was chiefly concerned with asset quality and
capitalization; if the bank was performing well along these two dimensions, then the bank
would likely be profitable. Today, performing well on asset quality and capitalization is not
enough. Banks need to find new ways to increase revenues in a “mature market” for most
traditional banking services, particularly consumer credit. A thorough understanding of this
competitive environment is needed before banks can determine their online strategy.
From the bank’s perspective, developing and maintaining this relation-ship is difficult.
Although financial products are essentially information products and financial institutions
are highly automated, there is a gulf between automated information and the bank’s ability
to reach the consumer in a unified way. This gulf is filled with established methods, such as
branches, postage and mail, advertising, and people on telephones. These methods can be
costly and impersonal. Electronic banking provides a method of communication that will
enable the bank customer to be reached, served, and sold products and services in their
homes and offices whenever it is convenient for them-twenty-four hours a day, seven days
a week.
Although personal finance software allows people to manage their money, it only
represents half of the information management equation. No matter which software package
is used to manage accounts, information gets man-aged twice once by the consumer and
once by the bank. If the consumer uses personal finance software, then both the consumer
and the bank are responsible for maintaining systems; unfortunately, these systems do not
communicate with one another, thus giving new meaning to double-entry bookkeeping.
For example, a consumer enters data once into his system and transfers this information to
paper in the form of a check, only to have the bank then transfer it from paper back into
electronic form.
With the explosive growth in Internet use, banking via the World Wide Web will
undoubtedly catch on quickly. The goal of this approach to banking is to provide superior
Banking on the Internet is not the same as banking via online services. Internet
banking means that:
Consumers do not have to purchase any additional software (the Web browser is
sufficient), store any data on their computer, back up any information, or wait months for
new versions and upgrades, since all transactions occur on a secure server over the Internet.
Consumers can conduct banking anywhere as long as they have a com-puter (not
necessarily their own computer) and a modem-whether at home, at the office, or in a place
outside the United States. Banking via online services is restrictive in that the consumer has
to install a soft-ware package onto her computer. This limits the customer to banking only
from that computer, making a call to access a separate network, working with a separate
software company, and banking during limited hours of operation.
Consumers can download account information into their own choice of programs
rather than following the dictates of the service provider.
Internet banking allows banks to break out of the hegemony of software developers.
If bank customers (end users) install personal financial management software on their PCs,
these customers become direct customers of software firms. By controlling the software
interface, software firms such as Intuit can control the kinds of transactions end users
make and with whom these transactions occur. By maintaining a direct relationship with
end users via the Web, banks can offer additional services and provide a personal feel to
the interface, without seeking the cooperation of a software company. If banks choose to
offer home banking via personal financial management software, they lose control over the
end user interface and the relationship they have with customers. This loss of control has
tremendous long-term implications. The software industry history offers com-pelling proof
of the importance of organizations having a direct relationship with consumers. In the early
1980s, IBM decided that operating systems were not central to IBM business strategy. As
a result, IBM licensed DOS from a small software company called Microsoft. IBM called
this operating system PC-DOS and allowed Microsoft to market this same operating
system to competing computer manufacturers under the name of MSDOS. IBM’s seal of
approval made DOS an industry standard. However, IBM was unable to move the industry
NOTES to a new operating system called OS/2 in the late 1980s because Microsoft controlled the
customer relationship and was able to convert most end -users to Windows. For banks,
too, losing control over the interface could have dire consequences.
The challenge facing the banking industry is whether management has the creativity
and vision to harness the technology and provide customers with new financial products
necessary to satisfy their continually changing financial needs. Banks must deliver high
quality products at the customers’ convenience with high-tech, high-touch personal and
affordable service. In order to achieve this, management has to balance the five key values
that increasingly drive customers’ banking decisions: simplicity, customized ser-vice,
convenience, quality, and price. Online banking will realize its full potential when the following
key elements fall into place:
The benefits of online banking are often not made clear to the potential user.
Consumer question includes :
Banks must also look beyond home consumers for online banking consumers.
The rapidly growing use of personal computers by small business- provides a solid
opportunity for banks to build a profitable base of small business until a broader consumer
market evolves. There are mil-lions of small businesses with annual sales ranging from
Rs. 250,000 to Rs. 5 million. Many of these firms have PCs and modems. New services
like interactive cash management services could generate significant revenues for banks.
Industry studies indicate that 20 percent of small businesses are immediate prospects for
online banking and are willing to pay more than individual consumers for the service-up to
$100 a “month. Thus, banks have opportunity to tap into this market segment.
1. Banks must switch the costs of moving from one software platform to other to keep
customers from moving. Customers are increasingly familiar with using technology
to access bank accounts and to handle financial affairs, and this familiarity increases
interest in additional vices and increases switching costs.
2. Banks must provide integrated services. The oftcited time squeeze on consumers-
long commutes, heavy workload, family obligations, household management is
pushing consumers toward integrated services that can speed up financial procedures.
These integrated services contribute to cementing the customer relationship.
3. Banks can realize the positive cost implications for the longterm value of building
customer loyalty. In the online world, there is not a big cost dif-ference between
serving one customer and serving 100,000 customers. Clearly, marketers must also
work on building a loyal customer base not only in order to maintain the existing
base, but also in order to be attractive to potential customers.
With the intention of attracting advertising dollars, magazines and newspapers have
also set up sites on the Web. Many online periodicals include traditional advertisements as
well as icons, which display an advertiser’s logo and, when clicked with a mouse, send a
user across the Web to the advertiser’s Web site. Among periodicals that have gone from
print to online advertising with some degree of advertising success are: Knight-Ridder’s
San Jose Mercury News newspaper, which reportedly charges Rs. 100 per day for an
advertisement, and magazines such as Hot Wired, Playboy, and People, which reportedly
charge Rs. 30,000-Rs. 45,000 per quarter for an advertiser to place an icon in the periodical.
Promotions are also common. In many cases, advertisers ask site visitors to provide their
names and addresses in exchange for a product discount.
New Internet users will be attracted by reduced ac-cess fees, with part of the
reduction covered by advertisers. The cost of the access fee itself can be shared by an
advertiser if, for example, the advertiser pays for the access time used when accessing
online yellow pages.
1. an online publisher can use it to determine advertising rates and the appeal of its
articles, and
2. an advertiser can use it to justify the cost of promoting a Web site, maintaining a
Web site, and placing a site -linked icon in an online page.
Despite the popularity of advertising on Web sites, few publishers have attempted
to measure how many advertising dollars are being spent. There are three reasons for this:
• The market is too small to justify the cost of measuring its size.
• There is not a clear definition of what advertising expenses should be counted.
• Spending can be the amount that advertisers pay other Web sites such as
periodicals and games to display their icons or product offerings.
Advances in technology have raised the stakes considerably. Today, virtually any
work can be “digitized,” archived, and used in the digital format. This increases the ease
and speed with which a work can be reproduced, the quality of the copies, the ability to
manipulate and change the work, and the speed with which copies (authorized and
unauthorized) can be “delivered” to the public. Works also can be combined with other
works into a single medium, such as a CD-ROM, causing a blurring of the traditional
content lines. The establishment of high-speed networking makes it possible for one
individual, with a few key strokes, to deliver perfect copies of digitized works to scores of
other individuals.
The stakes are high. Owners of copyrights are not willing to put their interests at
risk if appropriate protections are not in place to permit them to set and enforce the terms
NOTES
and conditions under which their works are made available online. Likewise, the public
will not use the services avail-able and create the market necessary for online publishing’s
success un-less access to a wide variety of works is provided under equitable and
reasonable terms and conditions, and unless the integrity of those works is assured.
1. Restricting access to the source of the work. This includes controlling Web server
access or controlling individual document access.
2. Restricting manipulation of the electronic file containing the work.
The Web may have blossomed because of peer-to-peer publishing, but judging
from recent product offerings, there is an enormous groundswell of interest among both
commercial and corporate publishers in the Web. For instance, it was reported that, in less
than three months, the Wall Street Journal Interactive Edition attracted 500,000 registered
readers on the Web, and that number is growing by some 3,000 readers per day. Also, the
electronic edition has attracted more than thirty advertisers paying to reach this audience.
Initially, growth in the online publishing marketplace was driven by the potential of
new interactive technologies and applications. The promise of new interactive publishing
captured the imagination of both content providers and the public. However, from 1993 to
1995 much of online publishing was inhibited by a lack of business purpose. At that time,
the con-tent creation side of online publishing was dominated by techno-savvy individuals
who were not experienced at selling and who did not under-stand the business of publishing.
In addition, there were publishing companies who took a “Just Get Me on the Web!”
approach, failing to define the business purposes driving their online presence. As the
initial euphoria wore off, publishers realized that simply having a presence on the Web did
not guarantee profits. They discovered that offering exciting technology without compelling
content is insufficient to capture market share. These firms are learning that the best way to
capture consumers’ attention is to develop a business model that allows the company to
offer unique and valuable information, programming, and services. This content, no matter
NOTES how it is delivered, must be packaged so that it provides more value than alternative
sources of information. The key is to identify what the customer wants and finds interesting
and to avoid being distracted by new technologies. Publishers need to pay more attention
to their core competency of packaging and delivering content and making money online.
These are tricky but necessary conditions to successful online publishing.
Many online publishing pioneers have gone up the technology curve and are
confronting tough management questions such as how to gain market share and how to be
profitable sooner than later. Some of these firms have invested tens of millions of dollars in
people, equipment, and marketing, and they have not yet turned a profit. Some of the sites
employ hundreds of people, with millions of dollars in payroll alone. Many early pioneers
invested a huge amount of money into brand building, marketing, and content, but they
have not been able to figure out which business model works best for making money.
Online publishers are developing new business models to charge customers directly
and convince them that such charges are justified. As more and more firms begin to offer
online content, they are being forced to adjust to new customer attitudes regarding pricing.
Publishers currently finance their businesses by offering advertisers mass markets for
delivering their message in return for large advertising fees. The public has been trained to
think that the news, information, and entertainment they receive should be subsidized or
nearly free and that advertisers will pay the bill. This approach may not be viable in the
online medium when mass markets are re-placed by customers selecting their information
and delivery methods. The early online publishing pioneers are trying to accomplish a
difficult feat.
Newspaper and magazine publishers, some of the first to stake their claims on the
Internet, are tinkering with new advertising models for their fledgling Web sites. In general,
mainstream advertisers have been skittish about pumping money into a medium with an
audience whose size and habits are nearly impossible to figure out. As a result of relatively
low ad revenues, none of the Web publishers have turned a profit. While ad revenues are
not coming close to covering expenses now, they could grow substantially in coming years
as the traffic increases and brand names become established. Brand development is
important because every time a user sits in front of a Web browser, she needs to make a
decision about where to go. The better the brand, the more likely it is to pop up in the
consumer’s mind another key issue in online publishing relates to digital copyrights.
As with any new development, there are generally three strategies for publishing
companies to consider:
Early Movers
These are highly skilled independent publishers with existing access to such key
capabilities as direct marketing and order fulfilment. These publishers have the capacity to
derive the highest benefits from new media as their learning curves are much shorter than
others, and they already have many of the necessary resources at hand.
Watchers
These are large publishing companies that employ scale-sensitive economics. They
are unlikely to view online publishing as a sufficiently attractive channel until costs fall and
distribution widens. This category includes publishers of unbranded or less distinctive content
who cannot attract a sufficiently large initial consumer franchise, as well as fo-cused publishers
in categories not easily suited for the online medium.
Testers
These are the majority of publishers that face either attractiveness and/ or skill
challenges. Gathered here are many multi category and specialty publishers who are
competing successfully in traditional markets, who are uncertain who will win in the online
marketplace, and who neither need nor want to make a choice now. Testers also include
branded general publishers with robust consumer franchises and attractive distribution
NOTES channels already in place. For this group, the online medium appears to be an alternative.
• The online archive approach. This is new to the Web, but is a logical extension of
the trends in electronic delivery over the past several years.
• The new medium approach. This is more controversial and more difficult to
implement, but also more exciting.
• The publishing intermediation approach. This is an online extension of the third-
party publisher role off-line.
• The dynamic and just-in-time approach. In this approach, content is assembled in
real-time and transmitted in the format best suited to the user’s tastes and
preferences.
The online archive approach (including bibliographic databases and full-text search/
retrieval services) is one that appeals to corporate publishers and, to some extent,
commercial publishers (such as academic or journal publishers) who have an existing digital
archive that they want to deliver over the Web as well as on paper, CD- ROM, or other
NOTES
media. The most prevalent example of online archive approach is library catalogs and
bibliographic databases. Most libraries have replaced traditional card catalogs with
sophisticated electronic online bibliographic databases offering an incredible range of
functions. At revenues of over $1 billion a year, bibliographic databases represent a sizable
chunk of the online data-base market. An example of a bibliographic database is MEDLINE,
developed by the National Library of Medicine (NLM), which caters to an increasing
number of physicians who rely on online medical databases to keep up to date with the
latest developments and literature. The spread of PCs has enabled physicians to directly
search databases used only by librarians in the past. MEDLINE and other medical
databases are available free of charge on the Internet.
The online archive approach is also being used by niche publishers such as Ziff-
Davis, which began its venture into electronic publishing in .1985 with a bulletin board
system for readers of PC Magazine. That bulletin board evolved in 1988 to become PC
Mag-Net on CompuServe, which quickly grew in popularity. In 1991, Ziff-Davis created
the ZD Net subscription service on CompuServe to provide a service supporting online
versions of all its publications. Members of the ZD Net/CompuServe edition have access
to several features, including the ZD Net University series of comprehensive online
“continuing education courses, sophisticated on-line forums with top industry personalities,
and a comprehensive database of past articles. In addition to its successful CompuServe
subscription ser-vice, the ZD Net Web Edition (http://www.zdnet.com) logs access by
more than 700,000 Internet hosts each month and is reportedly showing a profit.
The new medium approach (including real -time news delivery, personalized news
delivery, and edutainment) aims to create new material for the Web-to treat the Web as its
own medium, one deserving its own material. This approach will have the most appeal to
commercial print publishers, such as magazines, that view the Web as an alternative, not a
replacement, for print publications. For example, Wired magazine sees very little crossover
in content between its magazine and its HotWired venture. Some writers may write for
both media, but separate content streams will be developed for each medium. This approach
currently has some teething problems because of technological limitations. For instance,
the formatting limitations of the Web are frustrating at the moment, but with technological
advancements they will soon be forgotten. The frustrations are more than offset by the
NOTES excitement of the interactivity the Web offers; its model is both broadcasting and
conversation at the same time. With online publishing there may be a well-known starting
point, but with no controlling gatekeeper, the subsequent value-added improvisation from
readers makes each online magazine a unique experience.
Even if the technology constraints were overcome, the expectations of the Web
are so different from print media that new content, written for a Web audience, must be
created. It quickly becomes apparent that under this model, the old paradigms do not
work. The publisher gives up not only its brand name, but its intellectual content, too-once
the information is out there, it is no longer, owned. Faced with that model, all a publisher
can do is “be the first with the most interesting stuff,” an approach that HotWired is taking
in its attempt to create a place where readers can see what the world has to say on a
minute-by minute basis.
Online directories are important for several reasons. Companies and consumers
interested in conducting electronic commerce often struggle to navigate the Internet to
create an electronic marketplace. Once on that sprawling network, they are having trouble
finding other companies, products, and services. The success of Yahoo’s initial public
offering (IPO) underscores the importance of online directories. Yahoo (which stands for
Yet Another Hierarchical Officious Oracle) was created in 1994 by David Filo and Jerry
Yang, two Stanford, University electrical engineering PhD students who began DY simply
compiling lists of their favorite Web sites. It went on to become one of the most popular
means of navigating around the Internet. Yahoo is the first place millions of Internet users
go when they try to find their way around the rapidly growing Internet. At one time, Yahoo
was getting about 6 million visitors per day, which made it the second most active Web site
next to Netscape’s home page.
Clearly, there will be a demand for intermediation because there will al-ways be a
need for a good directory to help people locate goods, services, and products. The future
NOTES
is bright for the publishing intermediaries who offer ease of operation, speed, and detailed
information.
Online content is no longer static information. Content can now be created in real-
time and transmitted on the fly in the format best suited to the user’s location, tastes, and
preferences. More importantly, the content engine recognizes repeat visitors to a site and
configures the Web pages to match the individual’s known preferences. For example, a
publisher planning to deploy a large product catalog will no longer have to author and
update each individual Web page. Instead, the elements of each page-text, graphics, video,
and sound-are stored separately in a database and used to create individualized pages on
the fly as each user browses the site. The page content can be further customized to reflect
which Web browser is being used, the user’s geographic location, and modem speed.
Another way of looking at dynamic publishing is that it is just-in-time publishing. That is,
the stories, applets, and content flow into the computer just as consumers need them, and
then self-destruct after usage.
E-commerce has been in use for quit a few years and is more commonly known as
EDI (electronic data interchange). In the past EDI was conducted on a direct link of some
form between the two businesses where as today the most popular connection is the
internet. The two businesses pass information electronically to each other. B2B e-commerce
currently makes up about 94% of all e-commerce transactions.
• Procurement;
• order fulfilment;
• Managing trading-partner relationships.
For many Welsh SMEs, B2B E-Commerce is synonymous with the vision of
integrated supply chains. This might be the ultimate objective, but, in the short term, B2B
E-Commerce could be used as a significant enabler in their move towards greater trading
partner collaboration.
Electronic links between businesses are not new. They have existed for decades,
in the form of electronic data interchange (EDI) supplied by value-added networks (VAN)
operated over leased telephone lines. Large manufacturing firms are the main users of
EDI. General Electric (GE), one of the largest EDI service suppliers, estimates that 80 per
cent of suppliers are not connected to an EDI system but rely on from, telephone or mail.
The first factor, reduced transaction costs, drives the second and third and will be
explored in greater detail in the next chapter. However, electronic commerce clearly reduces
these costs and thus drives its adoption.
suppliers to each other and to original equipment manufacturers (OEM) (e.g. GM, Ford
NOTES and Chrysler). Dispensing with the multiple networks and protocols that now link first-tier
suppliers to OEMs, the new system will provide a single common system that can be
extended to include all suppliers. The largest impact of business –to – business e-commerce
is likely to be on small and medium sized enterprises (SMEs), because many large business
already have EDT’ systems in place. The accessibility of the Internet makes electronic
commerce realistic possibility for SMEs and is likely to lead to its widespread diffusion. In
addition to migrating existing activity to e-commerce, new business—to-business products
are being created which did not, or could not, exist before electronic commerce over the
Internet made them economically viable. For example, spot markets that match buyers
and sellers for a wide variety of goods ranging from electronic components to agricultural
commodities to transportation futures have sprung up; they represent only the beginning of
what is expected to be a wide number of new business-to-business opportunities. Another
example is the extension of EDI-type links via the Internet. Parcel delivery, logistics and
order fulfillment services, frequently by the same firm, are also experiencing growth as
ecommerce increases. As businesses move to “build-to-order” processing and just-in-
time inventories, a premium is placed on timely, accurate inbound and outbound logistics.
In addition, there is greater demand by final consumers for fast order fulfillment and the
ability to track an order as it is being processed and delivered.
The volume of B2B transactions is much higher than the volume of B2C transactions.
One reason for this is that businesses have adopted electronic commerce technologies in
greater numbers than consumers. Also, in a typical supply chain there will be many B2B
transactions but only one B2C transaction, as the completed product is retailed to the end
customer.
“institutional sales”). For example, a company selling photocopiers would more likely be a
B2B sales organization than a B2C sales organization.
NOTES
Business – to – business electronic commerce implies that both the sellers and
buyers are Business Corporation, while business – to – consumer electronic commerce
implies that the buyers are individual consumers. Business-to – business EC is expected to
grow to $1,330.9 billion by 2003 and continue to be the major share of the EC market
(Free-man 1998, Retter and Calyniuk 1998). The percentage of Internet – based B2B
EC compared to total B2B commerce will expand from.2 percent in 1997 to 2.1 percent
in 2000 and 9.4 percent in2003. Computing electronics, utilities, shipping and warehousing,
motor vehicles, petrochemicals, paper and office products, food, and agriculture are the
leading items in B2B EC.
Positioning Statement
The next step is to develop your messages. There is usually a primary message
that conveys more strongly to your customers what you do and the benefit it offers to
them, supported by a number of secondary messages, each of which may have a number
of supporting arguments, facts and figures.
Whatever form your B2B marketing campaign will take, build a comprehensive
plan up front to target resources where you believe they will deliver the best return on
investment, and make sure you have all the infrastructure in place to support each stage of
the marketing process - and that doesn’t just include developing the lead - make sure the
entire organization is geared up to handle the inquiries appropriately.
NOTES
Briefing an agency
A standard briefing document is usually a good idea for briefing an agency. As well
as focusing the agency on what’s important to you and your campaign, it serves as a
checklist of all the important things to consider as part of your brief. Typical elements to an
agency brief are: Your objectives, target market, target audience, product, campaign
description, your product positioning, graphical considerations, corporate guidelines, and
any other supporting material and distribution.
Measuring results
The real value in results measurement is in tying the marketing campaign back to
business results. After all, you’re not in the business of developing marketing campaigns
for marketing sake. So always put metrics in place to measure your campaigns, and if at all
possible, measure your impact upon your desired objectives, be it Cost Per Acquisition,
Cost per Lead or tangible changes in customer perception.
B2B standards
2.5.5 E-Marketplace
Vertical e-Marketplace
A vertical e-marketplace spans up and down every segment of one specific industry.
Each level of the industry has access to every other level, which greatly increases
collaboration. Buyers and sellers in the industry are connected to increase operating efficiency
and decrease supply chain costs, inventories and cycle times. This is possible because
buying/selling items in a single industry standardizes needs, thereby reducing the need for
outsourcing many products. E-commerce has a variety of different opinions going out
towards different people in different organization that are committed to such technology.
Therefore e-commerce is not well no where near the advanced technology that us in
organizations use now a days.
Horizontal e-Marketplace
No-frills e-Marketplace
clear “business rules.” This provides the basis of differentiation from conventional B2B
sales/purchasing channels.
NOTES
Etymology
EDI stands for Electronic Data Interchange. This is one of the applications of E
Commerce which makes Business to Business transactions possible over a network.
Electronic data interchange (EDI) is a technology poised for explosive growth in use as the
Internet provides an affordable way for businesses to connect and exchange documents
with customers and suppliers of any size. EDI is the electronic exchange of business
documents, data, and other information in a public-standard format. It cuts the cost of
managing business-to-business transactions by eliminating the need for labor-intensive
manual generation and processing of documents. In this lecture we will discuss the EDI
standards, the EDI networks and the EDI software that interfaces these two elements and
the business applications. These elements together with the EDI Agreement are covered in
detail in this lecture.
EDI Standards
At the heart of any EDI application is the EDI standard. The essence of EDI is the
coding and structuring of the data into a common and generally accepted format -anything
less is nothing more than a system of file-transfers. Coding and structuring the documents
for business transactions is no easy matter. There have been a number of EDI standards
developed in various industry sectors or within a specific country and there are complex
committee structures and procedures to support them.
Following on from the various sectorial and national EDI standards is the United
NOTES Nations (UN) EDI Standard:
EDIFACT. This is the standard that should be adopted for any new EDI application.
It is also possible that new exchanges added to the system will have requirements not
envisaged when the data formats were originally agreed; this would require a change to the
NOTES
existing standard or the introduction of an additional standard. The overall picture is one of
unnecessary complexity and incompatibility. EDI standards overcome these difficulties.
The EDI standard provides, or attempts to provide, a standard for data interchange that is:
Most of the work on EDI standards has been concerned with the interchange of
trade documentation and financial transactions but the principle applies to any interchange
where the data can be systematized and codified. EDI standards are used for the interchange
of information as diverse as weather station readings and school exam results. Now let’s
see how the various standards evolve.
The first EDI standards evolved from the formats used for file transfer of data
between computer applications. The evolution of EDI standards can be seen as having
three stages (although in practice it was and is somewhat more complex than that):
1. The first formats that might properly be called EDI were developed by organizations
that had to process data from a large number of customer organizations. The data
recipients set the standard and the customers conformed to it.
2. The concept of EDI as an application independent interchange standard evolved
and several industry sector and / or national standards bodies developed EDI
standards to meet the needs of a specific user community.
3. The requirements of international and cross sector trade meant that the sector and
NOTES national standards were becoming an impediment to the further development of
electronic trading. EDIFACT was developed, under the auspices of the United
Nations (UN), as a universal standard for commercial EDI.
As already outlined, EDI developed in closed user communities within trade sectors
and / or national boundaries. The use of sector and national standards for this type of trade
was satisfactory. However, as electronic trade developed to cover wider trading relationships
there is a growing problem of trade between organisations using different EDI standards.
In addition to the problem of cross sector trade there is a desire to use EDI for
international trade. This (sensibly) requires a common format for the exchange of the standard
business forms (order, invoice, etc.) between organisations in differing countries.
International trade also requires a great deal of additional documentation for shipping,
customs authorities, international credit arrangements, etc. - all of this is potentially electronic
and obviously a common format is very desirable. To facilitate this cross sector and
international development of EDI the EDIFACT standard has been, and is being,
developed.
Business – to-business auctions are growing very rapidly due to the following
benefits they provide:
Generating Revenue
• New sales channel that supports existing online sales. For example, Weirton
steel Corp. doubled its customer base when it started auctions,
• New venue for disposing of excess, obsolete, and returned products quickly
and easily.
There are three major types of B2B auctions according to Forrester Research:
1. Independent auctions. In this case companies use a third – party auctioneer to create
the site and sell the goods. (e.g., www.fairmarket.com, www.imx exchange.com,
and www.auctionagate.com).
2. Commodity auctions. In this case many buyers and sellers come together to a third
– party Web site. For example, access energy, utilities, and telecommunications are
sold at www.band – x.com. The Dutch flower market is another example. Typical
intermediaries are www.metalsite.net and www.fastparts.com.
3. Private auctions by invitation only. Several companies by pass the intermediaries
and auction their products by themselves. Ingram Micro has its own site,
www.autionblock.com, for selling obsolete computer equipment to its regular business
customers.
Many companies provide services that are intended to facilitate B2B. Some of
these services are provided by intermediaries, others by specialists. Here are some examples.
CommerceNet
It does contain information about members, which can be buyer or supplier companies.
NOTES However, no specific product information is stored in its database. In fact, CommerceNet
mainly acts as a services provider, not dealing with any of the individual transactions.
ConnectUS
ConnectUS provides all the necessary information that supports card purchasing
and facilities trades done EDI. The service is now as part of www.geis.com and
www.thomasregister.com systems.
Summary
5. E-Services: The delivery of services via the internet to consumers or other businesses
can be referred to by the generic term of e-services. There is a wide range of e-
services currently offered through the internet and these include banking, loans, stock
trading, jobs and career sites, travel, education, consultancy advice, insurance, real
estate, broker services, on-line publishing, and on-line delivery of media content
such as videos, computer games, etc We organize e-services into the following
categories, namely Web-enabling services, Matchmaking services, Entertainment
services, Specialized services such as auctions
7. EC and On-line publishing: The Web may have blossomed because of peer-to-
peer publishing, but judging from recent product offerings, there is an enormous
groundswell of interest among both commercial and corporate publishers in the
Web.
NOTES
UNIT III
E-COMMERCE INFRASTRUCTURE
3.1 INTERNET
The Internet and the World Wide Web are not synonymous. The Internet is a
collection of interconnected computer networks, linked by copper wires, fiber-optic cables,
wireless connections, etc. In contrast, the Web is a collection of interconnected documents
and other resources, linked by hyperlinks and URLs. The World Wide Web is one of the
services accessible via the Internet, along with various others including e-mail, file sharing,
online gaming and others described below.
The server software for the World Wide Web is called an HTTP server (or
informally a Web server). Examples are Apache and IIS. The client software for World
Wide Web is called a Web browser. Examples are: Netscape, Internet Explorer, Safari,
Firefox, and Mozilla. These examples are particular “brands” of software that have a
similar function, just like Lotus 123 and Excel are both spreadsheet software packages.
One popular component of the Internet is electronic mail, or e-mail, which people
at separate locations can use to send messages to one another. In general, each of these
people has an e-mail address, which usually looks something like this:
mark.canada@uncp.edu. The first part of the address (.mark.canada) specifies the individual
user, and the rest of the address refers to the server (uncp.edu), which is a computer that
can store a lot of information.
In addition to allowing people to send e-mail messages to one another, the Internet
also allows organizations and individuals to post information about themselves so that
others can see it. For example, many companies post pictures and descriptions on World
Wide Web sites. In fact, you can set up your own World Wide Web site by reserving
space on a server. To understand how this process works, imagine that you wanted to
NOTES
store some articles you have written at a library so that people could come and read them.
First, you would need to obtain permission from the librarians, who would assign you a
folder where they would store your articles. Whenever you finished a new article, you
would put a name on it and send it to the librarians, who would then place it in your folder.
When people wanted to read one of these articles, they would need to know the address
of the library, the name of your folder, and the name of the specific article they want to
read. When they supplied this information, the librarian would give them the article they
want.
The World Wide Web works the same way. First you need to identify an Internet
company (librarian) and ask permission to save Web pages (articles) on its server (library).
The company (librarian) then assigns you a directory (folder) where it will store your Web
pages (articles). As you create each Web page (article), you give it a filename (name) and
publish it on the server (send it to the library). When people want to read your Web page
(article), they need your Web address, sometimes called a Uniform Resource Locator, or
URL. The URL consists of the domain name of the server (address of the library), name
of your directory (name of your folder), and the filename of the particular Web page (name
of article).
The Internet by the late 1990s has evolved into a complex environment. Originally
a military communication’s network it is now routinely used for five types of operations: (i)
long-distance transactions (e.g. e-commerce, form-filling, remote work, entertainment);
(ii) interpersonal communication; (iii) data storage; (iv) research (i.e. data finding); (v)
remote data access and downloading.
The Internet is a dynamic and mercurial system endowed with a number of traits.
These are:
The evolution of the Internet is punctuated by the introduction and mass acceptance
of such key resources and tools as Unix, Email, Usenet newsgroups, Telnet, Listserv Mailing
List Software, File Transfer Protocol, Internet Relay Chat, WAIS, Gopher, WWW, and
more recently by the Altavista search engine, Java language
UNIX
The foundations of an operating system called Unix were laid at AT&T Bell
Laboratories in 1969. Unix is not a product of Internet culture. It is its catalyst and
cornerstone. Internet culture owes Unix a major debt in the four areas. These conceptual
and procedural debts are: multitasking, community fostering, openness and extensibility,
and public access to the source code. Let’s briefly look at each of these debts.
Unix was one of the first operating systems which embodied the principle of
multitasking (time-sharing). In most general terms it means that several users could
NOTES
simultaneously operate within a single environment and that the system as a whole coped
well with this complicated situation. Unix was the first operating system which demonstrated
in practical terms robustness and tolerance for the variety of it’s users simultaneous activities.
Email is the first of the Internet’s tools dedicated to the provision of fast, simple
and global communication between people. This revolutionary client/server software implied
for the first time that individuals (both as persons and roles) could have their unique electronic
addresses. Within this framework messages were now able to chase their individual
recipients anywhere in the world.
Usenet Newsgroups
Usenet (Unix Users Network), the wide-area array of sites collating and swapping
UUCP-based messages was pioneered in 1979. Usenet was originally conceived as a
surrogate for the Internet (then called ARPANET). It was to be used by people who did
not have ready access to the TCP/IP protocol and yet wanted to discuss their various Unix
tools. It was only in 1987 that the NNTP (Network News Transfer Protocol) was established
in order to enable Usenet to be carried on the Internet (i.e. TCP/IP) networks (Laursen
1997).
Telnet
NOTES
The networking tool called Telnet was invented in 1980 (Postel 1980). It allowed
people (with adequate access rights) to login remotely into any networked computer in the
world and to employ the usual gamut of computer commands. Thereby files and directories
could be established, renamed and deleted; electronic mail read and dispatched; Usenet
flame wars indulged in; and statistical packages run against numeric data - all at a distance.
Moreover, results of all these and other operations could be remotely directed to a printer
or via FTP to another networked computer. In short, Telnet gave us the ability to engage in
long distance man-machine transactions, that is, ability to do the work as telecommuters.
The FTP client/server technology was first introduced in 1985 (Barnes 1997). Its
usefulness to Internet culture is three-fold.
Firstly, the FTP was a first widely-accepted tool for systematic permanent storage
and world-wide transmission of substantial electronic information (e.g. programs, text files,
image files). Secondly, FTP archives promoted the use of anonymous login (i.e. limited
public access) techniques as a way of coping with the mounting general requests for access
to the archived information. That novel technique placed electronic visitors in a strictly
circumscribed work environment. There they could browse through data subdirectories,
copy relevant files, as well as deposit (within the context of a dedicated area) new digital
material. However, the FTP software would not let them wander across other parts of the
host, nor did the visitors have the right to change any component part of the accessed
electronic archive.
Thirdly, the rapid proliferation in the number of public access FTP archives all over
the world necessitated techniques for keeping an authoritative, up-to-date catalogue of
their contents. This was accomplished through the Archie database (Deutsch et al. 1995)
and its many mirrors. Archie used an automated process which periodically scanned the
entire contents of all known “anonymous FTP” sites and report findings back to its central
database. This approach, albeit encumbered by the need to give explicit instructions as to
which of the FTP systems need to be monitored, nevertheless integrated a motley collection
of online resources into a single, cohesive, distributed information system.
Gopher client/server software was used for the first time in 1991 (La Tour nd; Liu,
C. et al. 1994). It was a ground-breaking development on two accounts. Firstly, it acted
as a predictable, unified environment for handling an array of other electronic tools, such
as Telnet, FTP and WAIS. Secondly, Gopher acted as electronic glue which seamlessly
linked together archipelagos of information tracked by and referenced by other gopher
systems. In short, Gopher was the first ever tool capable of the creation and mapping of a
rich, large-scale, and infinitely extendable information space.
The first prototype of the WWW server was built in 1991 (Cailliau 1995, Berners-
Lee, nd; Berners-Lee 1998). The WWW server is an invention which has redefined the
way the Internet is visualized by its users.
Firstly, the WWW server introduced to the Internet the powerful point-and-click
hypertext capabilities. The hypertext notions of a home page and links spanning the entire
body of data was first successfully employed on a small, standalone scale in 1986 in the
Macintosh software called Hypercard (Goodman 1987). The WWW however, was the
first hypertext technology applied to distributed online information. This invention was
previously theoretically anticipated by a number of writers, including in the 1945 by Vannevar
Bush of the Memex fame, and again in the 1965 by Theodor Nelson who embarked on
the never-completed Project Xanadu (Nielsen 1995, Gilster 1997:267). Hypertext itself
is not an new idea. It is already implicitly present (albeit in an imperfect because a paper-
based form) in the first alphabetically ordered dictionaries such as Grand dictionnaire
historique, compiled in 1674 by Louis Moreriego; or John Harris’ Lexicon Technicum
which was published in 1704 (PWN 1964). It is also evident in the apparatus, such as
footnotes, commentaries, appendices and references, of a 19th century scholarly
monograph.
The hypertext principle as employed by the WWW server meant that any part of
any text (and subsequently, image) document could act as a portal leading directly to any
other nominated segment of any other document anywhere in the world.
Thirdly, the WWW provided a common, simple, effective and extendable language
for document markup. The HTML language could be used in three different yet
complementary ways: (a) as a tool for establishing the logical structure of a document; (b)
as a tool for shaping the size, appearance and layout of lines of text on the page; (c) as a
tool for building the internal (i.e. within the same document) and external (to a different
document residing on the same or totally different server) hypertext connections.
The interlocking features of the hypertext, URLs and the markup language, have
laid foundations for today’s global, blindingly fast and infinitely complex cyberspace.
Moreover, the World Wide Web, like gopher before it, was also a powerful electronic
glue which smoothly integrated not only most of the existing Internet tools (Email, Usenet,
Telnet, Listservs FTP, IRC, and Gopher (but, surprisingly, not WAIS), but also the whole
body of online information which could accessed by all those tools.
However, the revolutionary strengths of the Web have not been immediately obvious
to the most of the Internet community, who initially regarded the WWW as a mere (and
possibly clumsy) variant of the then popular Gopher technology. This situation has changed
only with the introduction of PC-based Web browsers with user-friendly, graphics-interfaces.
The principle of a client/server division of labour was put to work yet again in the
form of a series of WWW browsers such as Mosaic (built in 1993), Lynx (which is an
ASCII, Telnet-based client software), Erwise, Viola, Cello, as well as, since 1994, several
editions of Netscape and Explorer Each of the Web browsers, except for Lynx, which
constitutes a deliberately simplified and thus very fast software, provided Internauts with
series of novel capabilities.
These are: (a) an ability to handle multi-format, or multimedia (numbers, text, images,
animations, video, sound) data within the framework of a single online document; (b) the
ability to configure and modify the appearance of received information in a manner which
best suits the preferences of the reader; (c) the ability to use the browser as a WYSIWYG
NOTES
(“what you see is what you get”) tool for crafting and proofreading of the locally created
HTML pages on a user’s PC; (d) ability to acquire, save and display the full HTML source
code for any and all of the published web documents.
• Protocol Layering
• Networks
• Routers
• Addressing Architecture
Protocol Layering
To communicate using the Internet system, a host must implement the layered set
of protocols comprising the Internet protocol suite. A host typically must implement at least
one protocol from each layer.
Application Layer
The Application Layer is the top layer of the Internet protocol suite. The Internet
suite does not further subdivide the Application Layer, although some application layer
protocols do contain some internal sub-layering. The application layer of the Internet suite
essentially combines the functions of the top two layers - Presentation and Application - of
the OSI Reference Model [ARCH:8]. The Application Layer in the Internet protocol suite
also includes some of the function relegated to the Session Layer in the OSI Reference
Model.
There are a number of other standardized user protocols and many private user
protocols.
Support protocols, used for host name mapping, booting, and management include
SNMP, BOOTP, TFTP, the Domain Name System (DNS) protocol, and a variety of
routing protocols.
Transport Layer
Internet Layer
All Internet transport protocols use the Internet Protocol (IP) to carry data from
source host to destination host. IP is a connectionless or datagram internetwork service,
providing no end-to-end delivery guarantees. IP datagrams may arrive at the destination
host damaged, duplicated, out of order, or not at all. The layers above IP are responsible
for reliable delivery service when it is required. The IP protocol includes provision for
addressing, type-of-service specification, fragmentation and reassembly, and security.
Link Layer
To communicate on a directly connected network, a host must implement the
communication protocol used to interface to that network. We call this a Link Layer protocol.
Some older Internet documents refer to this layer as the Network Layer, but it is
not the same as the Network Layer in the OSI Reference Model.
This layer contains everything below the Internet Layer and above the Physical
Layer (which is the media connectivity, normally electrical or optical, which encodes and
transports messages). Its responsibility is the correct delivery of messages, among which it
does not differentiate.
Protocols in this Layer are generally outside the scope of Internet standardization;
the Internet (intentionally) uses existing standards whenever possible. Thus, Internet Link
Layer standards usually address only address resolution and rules for transmitting IP packets
over specific Link Layer protocols.
Networks
NOTES
The constituent networks of the Internet system are required to provide only packet
(connectionless) transport. According to the IP service specification, datagrams can be
delivered out of order, be lost or duplicated, and/or contain errors.
For reasonable performance of the protocols that use IP (e.g., TCP), the loss rate
of the network should be very low. In networks providing connection-oriented service, the
extra reliability provided by virtual circuits enhances the end-end robustness of the system,
but is not necessary for Internet operation.
Routers
the next-hop router or (for the final hop) the destination host. This choice, called relaying
or forwarding depends upon a route database within the router. The route database is also
NOTES
called a routing table or forwarding table. The term “router” derives from the process of
building this route database; routing protocols and configuration interact in a process called
routing.
Routers provide datagram transport only, and they seek to minimize the state
information necessary to sustain this service in the interest of routing flexibility and robustness.
Packet switching devices may also operate at the Link Layer; such devices are
usually called bridges. Network segments that are connected by bridges share the same IP
network prefix forming a single IP subnet. These other devices are outside the scope of
this document.
The concept of sending electronic text messages between parties in a way analogous
to mailing letters or memos predates the creation of the Internet. Even today it can be
important to distinguish between Internet and internal e-mail systems. Internet e-mail may
travel and be stored unencrypted on many other networks and machines out of both the
sender’s and the recipient’s control. During this time it is quite possible for the content to
be read and even tampered with by third parties, if anyone considers it important enough.
Purely internal or intranet mail systems, where the information never leaves the corporate
or organization’s network, are much more secure, although in any organization there will
be IT and other personnel whose job may involve monitoring, and occasionally accessing,
the e-mail of other employees not addressed to them.
Many people use the terms Internet and World Wide Web (or just the Web)
interchangeably, but, as discussed above, the two terms are not synonymous.
The World Wide Web is a huge set of interlinked documents, images and other
NOTES resources, linked by hyperlinks and URLs. These hyperlinks and URLs allow the web
servers and other machines that store originals, and cached copies, of these resources to
deliver them as required using HTTP (Hypertext Transfer Protocol). HTTP is only one of
the communication protocols used on the Internet.
Web services also use HTTP to allow software systems to communicate in order
to share and exchange business logic and data.
Software products that can access the resources of the Web are correctly termed
user agents. In normal use, web browsers, such as Internet Explorer and Firefox, access
web pages and allow users to navigate from one to another via hyperlinks. Web documents
may contain almost any combination of computer data including photographs, graphics,
sounds, text, video, multimedia and interactive content including games, office applications
and scientific demonstrations.
Through keyword-driven Internet research using search engines like Yahoo! and
Google, millions of people worldwide have easy, instant access to a vast and diverse
amount of online information. Compared to encyclopedias and traditional libraries, the
World Wide Web has enabled a sudden and extreme decentralization of information and
data.
It is also easier, using the Web, than ever before for individuals and organizations
to publish ideas and information to an extremely large audience. Anyone can find ways to
publish a web page or build a website for very little initial cost. Publishing and maintaining
large, professional websites full of attractive, diverse and up-to-date information is still a
difficult and expensive proposition, however.
Many individuals and some companies and groups use “web logs” or blogs, which
are largely used as easily updatable online diaries. Some commercial organizations encourage
staff to fill them with advice on their areas of specialization in the hope that visitors will be
impressed by the expert knowledge and free information, and be attracted to the corporation
as a result. One example of this practice is Microsoft, whose product developers publish
their personal blogs in order to pique the public’s interest in their work.
and GeoCities have existed since the early days of the Web, newer offerings from, for
example, Facebook and MySpace currently have large followings. These operations often
NOTES
brand themselves as social network services rather than simply as web page hosts.
Advertising on popular web pages can be lucrative, and e-commerce or the sale
of products and services directly via the Web continues to grow.
In the early days, web pages were usually created as sets of complete and isolated
HTML text files stored on a web server. More recently, websites are more often created
using content management system (CMS) or wiki software with, initially, very little content.
Contributors to these systems, who may be paid staff, members of a club or other
organization or members of the public, fill underlying databases with content using editing
pages designed for that purpose, while casual visitors view and read this content in its final
HTML form. There may or may not be editorial, approval and security systems built into
the process of taking newly entered content and making it available to the target visitors.
Remote access
The Internet allows computer users to connect to other computers and information
stores easily, wherever they may be across the world. They may do this with or without the
use of security, authentication and encryption technologies, depending on the requirements.
This is encouraging new ways of working from home, collaboration and information
sharing in many industries. An accountant sitting at home can audit the books of a company
based in another country, on a server situated in a third country that is remotely maintained
by IT specialists in a fourth. These accounts could have been created by home-working
bookkeepers, in other remote locations, based on information e-mailed to them from offices
all over the world. Some of these things were possible before the widespread use of the
Internet, but the cost of private leased lines would have made many of them infeasible in
practice.
An office worker away from his desk, perhaps on the other side of the world on a
business trip or a holiday, can open a remote desktop session into his normal office PC
using a secure Virtual Private Network (VPN) connection via the Internet. This gives the
worker complete access to all of his or her normal files and data, including e-mail and
other applications, while away from the office.
This concept is also referred to by some network security people as the Virtual Private
NOTES Nightmare, because it extends the secure perimeter of a corporate network into its
employees’ homes; this has been the source of some notable security breaches, but also
provides security for the workers.
Collaboration
The low cost and nearly instantaneous sharing of ideas, knowledge, and skills has
made collaborative work dramatically easier. Not only can a group cheaply communicate
and test, but the wide reach of the Internet allows such groups to easily form in the first
place, even among niche interests. An example of this is the free software movement in
software development, which produced GNU and Linux from scratch and has taken over
development of Mozilla and OpenOffice.org (formerly known as Netscape Communicator
and StarOffice). Films such as Zeitgeist, Loose Change and Endgame have had extensive
coverage on the Internet, while being virtually ignored in the mainstream media.
Internet “chat”, whether in the form of IRC “chat rooms” or channels, or via instant
messaging systems, allow colleagues to stay in touch in a very convenient way when working
at their computers during the day. Messages can be sent and viewed even more quickly
and conveniently than via e-mail. Extension to these systems may allow files to be exchanged,
“whiteboard” drawings to be shared as well as voice and video contact between team
members.
File sharing
In any of these cases, access to the file may be controlled by user authentication;
the transit of the file over the Internet may be obscured by encryption, and money may
NOTES
change hands before or after access to the file is given. The price can be paid by the
remote charging of funds from, for example, a credit card whose details are also passed—
hopefully fully encrypted—across the Internet. The origin and authenticity of the file received
may be checked by digital signatures or by MD5 or other message digests.
These simple features of the Internet, over a worldwide basis, are changing the
basis for the production, sale, and distribution of anything that can be reduced to a computer
file for transmission. This includes all manner of print publications, software products,
news, music, film, video, photography, graphics and the other arts. This in turn has caused
seismic shifts in each of the existing industries that previously controlled the production and
distribution of these products.
Streaming media
Many existing radio and television broadcasters provide Internet “feeds” of their
live audio and video streams (for example, the BBC). They may also allow time-shift
viewing or listening such as Preview, Classic Clips and Listen Again features. These providers
have been joined by a range of pure Internet “broadcasters” who never had on-air licenses.
This means that an Internet-connected device, such as a computer or something more
specific, can be used to access on-line media in much the same way as was previously
possible only with a television or radio receiver. The range of material is much wider, from
pornography to highly specialized, technical web casts. Pod casting is a variation on this
theme, where—usually audio—material is first downloaded in full and then may be played
back on a computer or shifted to a digital audio player to be listened to on the move. These
techniques using simple equipment allow anybody, with little censorship or licensing control,
to broadcast audio-visual material on a worldwide basis.
updates slowly. Internet users can watch animals around an African waterhole, ships in the
NOTES Panama Canal, the traffic at a local roundabout or their own premises, live and in real time.
Video chat rooms, video conferencing, and remote controllable webcams are also popular.
Many uses can be found for personal webcams in and around the home, with and without
two-way sound.
VoIP stands for Voice over IP, where IP refers to the Internet Protocol that underlies
all Internet communication. This phenomenon began as an optional two-way voice extension
to some of the instant messaging systems that took off around the year 2000. In recent
years many VoIP systems have become as easy to use and as convenient as a normal
telephone. The benefit is that, as the Internet carries the actual voice traffic, VoIP can be
free or cost much less than a normal telephone call, especially over long distances and
especially for those with always-on Internet connections such as cable or ADSL.
Voice quality can still vary from call to call but is often equal to and can even
exceed that of traditional calls.
Remaining problems for VoIP include emergency telephone number dialling and
reliability. Currently, a few VoIP providers provide an emergency service, but it is not
universally available. Traditional phones are line-powered and operate during a power
failure; VoIP does not do so without a backup power source for the electronics.
Most VoIP providers offer unlimited national calling, but the direction in VoIP is
NOTES
clearly toward global coverage with unlimited minutes for a low monthly fee.
VoIP has also become increasingly popular within the gaming world, as a form of
communication between players. Popular gaming VoIP clients include Ventrilo and
Teamspeak, and there are others available also. The PlayStation 3 and Xbox 360 also
offer VoIP chat features.
Internet access
Common methods of home access include dial-up, landline broadband (over coaxial cable,
fiber optic or copper wires), Wi-Fi, satellite and 3G technology cell phones.
Public places to use the Internet include libraries and Internet cafes, where computers
with Internet connections are available. There are also Internet access points in many
public places such as airport halls and coffee shops, in some cases just for brief use while
standing. Various terms are used, such as “public Internet kiosk”, “public access terminal”,
and “Web payphone”. Many hotels now also have public terminals, though these are usually
fee-based. These terminals are widely accessed for various usage like ticket booking,
bank deposit, online payment etc. Wi-Fi provides wireless access to computer networks,
and therefore can do so to the Internet itself. Hotspots providing such access include Wi-
Fi cafes, where would-be users need to bring their own wireless-enabled devices such as
a laptop or PDA. These services may be free to all, free to customers only, or fee-based.
A hotspot need not be limited to a confined location. A whole campus or park, or even an
entire city can be enabled. Grassroots efforts have led to wireless community networks.
Commercial Wi-Fi services covering large city areas are in place in London, Vienna, Toronto,
San Francisco, Philadelphia, Chicago and Pittsburgh. The Internet can then be accessed
from such places as a park bench.
Apart from Wi-Fi, there have been experiments with proprietary mobile wireless
networks like Ricochet, various high-speed data services over cellular phone networks,
and fixed wireless services.
High-end mobile phones such as smartphones generally come with Internet access
through the phone network. Web browsers such as Opera are available on these advanced
handsets, which can also run a wide variety of other Internet software. More mobile phones
NOTES have Internet access than PCs, though this is not as widely used. An Internet access provider
and protocol matrix differentiates the methods used to get online.
3.1.8 Marketing
The Internet has also become a large market for companies; some of the biggest
companies today have grown by taking advantage of the efficient nature of low-cost
advertising and commerce through the Internet, also known as e-commerce. It is the fastest
way to spread information to a vast number of people simultaneously. The Internet has
also subsequently revolutionized shopping—for example; a person can order a CD online
and receive it in the mail within a couple of days, or download it directly in some cases.
The Internet has also greatly facilitated personalized marketing which allows a company to
market a product to a specific person or a specific group of people more so than any other
advertising medium.
• Revenue increases
• Ability to generate profits
• Success in creating meaningful alliances
• Success in expanding into new markets
• Differentiating itself from other business models
What are the key areas that a profitable web site needs to concentrate on?
NOTES
• Develop a unique e-business website
• Control the product line
• Introduce new products on a regular basis
• Ensure easy and reliable credit-card payment methods
• Provide customer-friendly policies
• On-time delivery
• Keep promises
• Develop a clever marketing strategy
• Be the best in your field
Most successful companies pursue several related but different models concurrently.
They defy easy categorization by diversifying revenue streams and becoming hybrids in a
cost-efficient way.
Let’s take a look at some of the top e-businesses in the field today:
• E-Bay
• HomeStore.com
• Oracle
• CISCO
• Amazon.com
• DoubleClick.com
• YAHOO!
NOTES EBAY
A company that has emerged unscathed from the recent dot-com bust with profits
soaring to almost 400% and revenues doubling in the past one year. It has transformed
auctions that were limited to garage sales and flea markets into highly evolved e-
marketplaces. Selling just about anything, from antiques and jewelry to computers,
automobiles and even auto insurance, it has 29.7 million registered users today.
Adopting an amazing and unique culture, where buyers and sellers of all items are
allowed to post their comments online, where credit-card payment facilities are secure and
easy, the company projects a trustworthy and reliable image.
Apart from bidding, certain high quality goods can be sold at prices fixed by the
seller. This site also offers professional services for all kinds of business needs. A widespread
global reach makes its easy for a buyer in Hong Kong to bid and buy a product from a
seller in Paris while the regional sites in North America are able to offer hard-to-ship
merchandise.
HOMESTORE.COM
NOTES
Statistics have revealed that realty sites account for about 9.6% of all online visitors.
Homestore.com is a company that has dominated the real estate field with 3.28 million
customers in January 2001 and is listed among the Fortune top e-50. It registered a growth
of 252% at one stage.
Their main revenue came in from subscriptions (52%) and the remaining from
advertising. As a subscription site they picked a specific topic which a segment of the
population would be passionate about and marketed their services through strategic
advertising.
Subscription sites that allow users access to a regularly updated online database
of any kind for a fee are fast evolving into healthy and strong e-businesses.
ORACLE
This software and service provider entered the digitized world only in 1998, and
metamorphosed into a digital pioneer in the span of two years. Innovative products and
services and integration of these services have brought them into the forefront of web
innovation today.
Internet business models like the Biz Online Initiative that deliver simple and complete
online services and a host of other tools that customers require in setting up an e-business
model, have made them a one stop shop for e-businesses today. Their built-in self-service
system for customers, employees and suppliers improved productivity and accuracy and
brought down costs by 100’s of millions of dollars. Consulting services with major firms
like Sun Professional Systems have established their reliability with customers.
35% of their revenue comes from a very successful e-business consulting firm
whom they have partnered with (Sapient). They are expanding from 19 data centers to 34
data centers this year.
CISCO
Cisco develops switches and routers for Local Area Networks (LAN) and Wireless
Area Networks (WAN) and the related software. They have become the worldwide leaders
in networking for the Internet today.
90% of their sales are conducted over the Internet. They offer expertise in planning
and executing Internet enabled solutions.
The company has grown in the past 7 years with 71 acquisitions to its credit, the
latest being its investments in an optical equipment company and speech recognition software
makers. Their business model could be termed an acquisition one!
AMAZON.COM
The customer is King here! Amazon pampers their customers, tracks their tastes
and uses this information to create a unique customer experience. This e-tailer cultivates
relationships that lead to customers liking and trusting them. This kind of service surpasses
the most brilliant technology in use today. Amazon brought in the world of successful one-
to-one marketing, a personal touch from another era.
Recently though, they have suffered heavy losses, proving that any successful e-
business strategy will survive provided it is based on a solid brick and mortar foundation,
NOTES
a la Barnes and Noble, another famous online bookseller. Although barnesandnoble.com
and Barnes the Noble Ltd. are run separately, a customer tends to associate trust and
comfort in a known and established brand.
DOUBLECLICK.COM
This Fortune e-50 company offers a collection of premium sites for custom ad-
buys and sponsorships in various fields - Business, automobiles, entertainment, technology,
travel and health. They help markets build brands, increase sales, maximize revenue and
build one-to-one relationships with their customers. They offer agencies plans to manage
online campaigns.
Their direct marketing strategies use customer data to refine marketing messages
and increase investment returns. One of their divisions, Abacus is one of the largest databases
of buyer behavior in about 90 million households in the United States itself. Another division,
www.diameter.net conducts online research to evaluate and understand online campaigns
and strategies. Some of their clients include www.macromedia.com, www.nasdaq.com,
www.networldsolutions.com and www.palm.net.
The web has proven to be an amazing vehicle for advertising and reaching millions
without spending a dime on postage and printing. Stu Heinecke Services, an advertising
solutions company used personalized cartoon direct mail and achieved response rates as
high as 100%.
YAHOO!
NOTES
The “operating system” of the net and a site for evolving search engines, free news
and information services, online ads, banner ads, sports and news, video and audio, clubs
and auction stores has become the most popular directory in the web. The value of this
successful business model lies in its unique and easy categorization of all pages and subjects
- a completely professional looking web site in all.
But, a BPI (Buying Power Index) report reveals that more online buying and
popularity of a site don’t go hand in hand. Other search engines like Altavista, Excite and
Juno seem to have raked in more profits recently.
Online advertising was the main revenue for Yahoo!, but they didn’t really check
on what kind of ads worked online. Immediate success stopped them from evolving and
developing other important aspects of e-business. As a result, this year they have been
forced to cut budgets and ads, showing that generalized media doesn’t work compared to
specialized media. Also, all of Yahoo’s content is owned by other sites and only licensed
for their use.
Among the other successful dot-coms, trends revealed that online e-brokers offer
the best economic models among consumer-centered Internet companies. Instead of
spending on physical infrastructure they concentrated in increasing the volume of transactions.
Smart thinking, brilliant business plans, great and innovative promotional ideas are
an integral part of any e-success. There is no doubt that in the near future, an average
person anywhere in the world will surf the Internet more often than he or she watches
television or uses the telephone. As a result, it makes sense for entrepreneurs of all kinds to
come up with ideas of generating income by marketing their products or services to these
surfers. Competition in cyberspace may become even fiercer in the future and therefore
the right business plan is what will eventually ensure long-term success.
3.2 INTRANET
NOTES
3.2.1What is an Intranet?
The Internet has captured world attention in recent years. In reality, growth of
internal networks based on Internet technologies known as the Intranet is outpacing the
growth of the global Internet itself.
The TCP/IP protocol suite includes the Transport Control Protocol, the Internet
Protocol and other protocols. The protocol suite manages all the information that moves
across the Intranet and Internet and each protocol transferring data across the network
NOTES uses a different format. These protocols work together to transfer information across the
network. Table 3.2.2.a summaries the common TCP/IP protocols.
TCP/IP exists as an open standard, anyone can use and develop new applications
on top of TCP/IP. It can manage almost all the network tasks on the Intranet and Internet
and is also the only protocol required to ensure that the computer systems and
communications and networking software are interoperable.
Cross-platform
Immediate delivery
For example, an employee can make a request for taking leave on an Intranet. The
request form can be filled out and submitted electronically and can reach the concerned
parties in seconds.
Employees in Hong Kong can communicate easily through e-mail with their
counterparts in the United States. They can, for example, send project documents
electronically, create online forums on new policies and use videoconference to exchange
ideas.
With the increase in popularity of the Internet and the World Wide Web, training
users to use the Intranet is easy as many people are already familiar with the Web interface
and can translate that experience to Intranet use quickly.
Many companies have designed their Intranet pages to look as similar to the Web
pages as possible.
Involving the customers with a company’s Intranet will help that company’s focus
move from being product driven to being more customer driven. Customers are no longer
required to go through various layers of organizational hierarchies to reach those who build
the products or provide the service. Companies are able to build a long-lasting relationship
with their customers. Employees can learn first hand on how customers feel about the
company’s products and services.
At Sun Microsystems, for example, different departments are setting up their own
servers to serve their customers directly.
Open standards
NOTES
Internet technologies follow a set of open standards, which facilitate software
developers to develop cost effective and easy-to-implement Intranet solutions. Users can
choose from a number of vendors for software products.
Scalability
Since Intranets are based on Internet technologies, size is not a limitation with
Intranets.
The corporate intranet has been hailed as the most important business tool since
the typewriter, but the track record so far has been mixed. Despite many successes,
particularly in cost and time savings, many sponsors of corporate intranets are dissatisfied.
They have spent time and money on development, Net-enabled desktops, even intranet
NOTES training, but still aren’t enjoying significant enough productivity or cost savings. Why? While
critics often point to technological glitches, the real problems may lie in information design.
Thinking of the intranet as a tool means understanding the intranet as more than a
collection of documents. While important, documents are usually a means to an end. People
use documents to complete tasks. Tasks include fulfilling orders, looking up a customer’s
billing history, or collaborating on a research document. To complete these tasks, people
need to have related documents and tools close at hand.
Designed effectively around dynamic tasks rather than static documents, intranets
can contribute to dramatic increases in efficiency (as much as a 40% improvement in time
spent processing documents, according to the GIGA Group). Organizing documents within
the context of tasks also focuses employees on the function of the documents they are
working with. For example, to save employee time while signing up for various retirement
plans, information on various retirement plans (including links to financial Web sites) should
be placed near the forms actually used to register for those plans.
Isolated tasks are usually part of a larger process. Intranets should group together
all the tasks that make up a business process. Processes can be relatively discrete, such as
tracking deliveries, or getting approval for documents. Or, they can be more complex,
such as developing or selling products. The most important processes in a company are
NOTES those that create value for a customer. These are the central processes which every intranet
should help employees accomplish.
Even simple processes can become more efficient when incorporated into an
intranet. For example, when Ford implemented an intranet, the company included an
application to help geographically dispersed engineers to get authorization for new projects.
What would previously be a time-consuming, expensive process, involving the potential
for lost documents and delays, is now centralized in an efficient electronic process.
More complex processes can also be effectively integrated into an intranet. For
example, Cadence Systems created an integrated section of the intranet for its entire sales
process. Each phase of the sales process is represented on the intranet with relevant
information and tools. So, the section covering an initial stage of the sales process includes
links to customer presentations, sample letters, and internal forms. Organizing all steps of
the sales process together also allows for easy tracking of each sales effort.
Intranets can break though departmental walls to help accomplish business processes
more efficiently. For example, a customer complaint might involve people and information
from the accounting, sales and marketing department. Even though the employees necessary
to resolve the complaint work in different departments, they are all involved in the process
of customer service. By creating spaces for cross-departmental collaboration, the intranet
can help employees collaborate to efficiently carry out the central processes of the company,
and cut costs by avoiding in-person conferences and employee reallocations.
Intranets (and private extranets) can also bring together employees and partners
who are geographically dispersed to work on common problems. Travel costs are
eliminated, and employees can increase their productivity by sharing knowledge. For
example, a pharmaceutical company is using its intranet to allow scientists all over the
world to collaborate on research. A major franchise retailer is using bulletin boards on its
intranet to coordinate major marketing projects. Caterpillar is developing an extranet
application so that experts from around the world can collaborate with employees to design
new products. Other applications for intranet collaboration include complex transactions
with lawyers and multiple parties, which rely on access to, and modification of, key
documents.
The Intranet Reflects the Company; the Company Reflects the Intranet
At the same time, using an intranet to shift the way work is done in an organization
requires a cultural change within the organization. Unless there is a clear commitment from
senior management to have employees collaborate across departments to more efficiently
accomplish key business processes, the intranet may have only limited application and
benefit. Even after the intranet is designed to encourage collaboration, marketing the intranet
to employees remains essential. As the intranet creates new forms of collaboration, it will
challenge traditional ways of doing work and obtaining information. For the intranet to be
successful, it must provide ways of empowering all employees, offering concrete incentives
for employees to use, and encourage the use, of the intranet.
The process-oriented intranet, then, is “in sync” with the company it works for.
And this is where graphic design, tone and standards emerge as vital to the intranet’s
success. Like it or not, intranets have personalities, which are amalgams of visual style,
tone and content. An intranet that reflects the culture of its company will make employees
feel more at home, will help dispersed employees feel that they share the same space, and
will encourage collaboration and communication around the processes they support. Turner
Entertainment Group, for example, created a distinctive, casual feel for its intranet with a
home page that uses a refrigerator with magnates to represent the various divisions. The
unique imagery created a friendly, shared, familiar space for all employees.
Any device which has a web browser can potentially utilize an internet/intranet
application. These applications are no longer restricted to the traditional PC user running
Windows, but are also available for PDAs and mobile phones. The introduction of Web
Services has widened the scope of web-based applications by allowing other systems to
interact with them.
Tessella has acquired wide ranging experience of internet and intranet applications,
and the majority of our work has a web-based component. We have worked on a variety
of web-based systems which have fulfilled many different business roles, including systems
such as sophisticated workflow systems that help organizations manage their day to day
business, and web front ends to large corporate and scientific databases. We also have
experience of developing distributed applications deployed over the internet such as
climateprediction.net, the world’s largest climate prediction experiment.
Advantages of intranets
1. Workforce productivity: Intranets can help users to locate and view information
faster and use applications relevant to their roles and responsibilities. With the help
of a web browser interface, users can access data held in any database the
organization wants to make available, anytime and - subject to security provisions -
from anywhere within the company workstations, increasing employees’ ability to
perform their jobs faster, more accurately, and with confidence that they have the
right information. It also helps to improve the services provided to the users.
5. Business operations and management: Intranets are also being used as a platform
for developing and deploying applications to support business operations and
decisions across the internetworked enterprise.
6. Cost-effective: Users can view information and data via web-browser rather than
maintaining physical documents such as procedure manuals, internal phone list and
requisition forms.
7. Promote common corporate culture: Every user is viewing the same information
within the Intranet.
3.3 EXTRANET
NOTES
3.3.1 What is an Extranet?
An argument has been made that “extranet” is just a buzzword for describing what
institutions have been doing for decades, that is, interconnecting to each other to create
private networks for sharing information. One of the differences that characterized an
extranet, however, is that its interconnections are over a shared network rather than through
dedicated physical lines. With respect to Internet Protocol networks, RFC 4364 states “If
all the sites in a VPN are owned by the same enterprise, the VPN is a corporate intranet.
If the various sites in a VPN are owned by different enterprises, the VPN is an extranet.
A site can be in more than one VPN; e.g., in an intranet and several extranets. We regard
both intranets and extranets as VPNs. In general, when we use the term VPN we will not
be distinguishing between intranets and extranets. Even if this argument is valid, the term
“extranet” is still applied and can be used to eliminate the use of the above description.”
It is important to note that in the quote above from RFC 4364, the term “site”
refers to a distinct networked environment. Two “sites” connected to each other across
NOTES
the public Internet backbone comprise a VPN. The term “site” does not mean “website.”
Further, “intranet” also refers to just the web-connected portions of a “site.” Thus, a small
company in a single building can have an “intranet,” but to have a VPN, they would need
to provide tunneled access to that network for geographically distributed employees.
An extranet requires security and privacy. These can include firewalls, server
management, the issuance and use of digital certificates or similar means of user
authentication, encryption of messages, and the use of virtual private networks (VPNs)
that tunnel through the public network.
While these are the broad attributes shared by most Extranets, Extranets vary
dramatically in their design and implementation. They can be employed in a wide variety of
environments and for very different purposes, like:
During the late 1990s and early 2000s, several industries started to use the term
“extranet” to describe central repositories of shared data made accessible via the web
only to authorized members of particular work groups.
For example, in the construction industry, project teams could login to and access
a ‘project extranet’ to share drawings and documents, make comments, issue requests for
information, etc. In 2003 in the United Kingdom, several of the leading vendors formed
the Network of Construction Collaboration Technology Providers, or NCCTP, to promote
the technologies and to establish data exchange standards between the different systems.
The same type of construction-focused technologies have also been developed in the
United States, Australia, Scandinavia, Germany and Belgium, among others. Some
Specially secured extranets are used to provide virtual data room services to
companies in several sectors (including law and accountancy).
There are a variety of commercial extranet applications, some of which are for
pure file management, and others which include broader collaboration and project
management tools. Also exist a variety of Open Source extranet applications and modules,
which can be integrated into other online collaborative applications such as Content
Management Systems. Companies can use an extranet to:
3.3.5 Disadvantages
You can establish your website as your place of business and directly sell to those
entering your “store” to make a purchase. Since delivery is often by mail, this is similar to
customers buying from a mail order catalog. Software products, e-books, music and video
files can be delivered to the customer through the downloading process.
Amazon.com is a good example of a business using the direct sales model to gain
revenue.
Individuals and companies can also be established as affiliates, where they gain a
commission for sales made through a company using the direct online sales model.
Online companies such as eBay and PayPal charge a commission for their services.
Google gains a commission for ads placed on others’ websites.
“There’s no such thing as a free lunch!” While this simple economic aphorism
seems to have been forgotten in the world of cyberspace, it holds true as much today as it
ever has. First lets establish the fact that no site is free - every web site costs money. The
web site is stored on a computer, uses web server software, accesses telecommunication
resources, and must be maintained. Someone must pay for the computers, software,
telecommunication charges, and time. The omnipresent cost either comes from your pocket
or some benevolent benefactor.
The cost and potential revenue constitutes a business model. Therefore, even the
“free” sites have a business model. A public site offered by a library, school, or university
has a business model. Free email service has a business model. Free home pages fit into a
business model. Every site in the entire world wide web has a business model. There are
different business models underlying each website.
In actuality, five distinct eCommerce business models form the basic structure for
the wide variety of websites today. The five categories are called vanity, billboard, advertising,
subscriptions, and storefront sites. [Editor’s Note: Mr. Samuelsen considers affiliate
programs to be a variant on the storefront model.] While not all drive revenue directly, they
NOTES all incur costs. In addition, many sites combine several of the five identified business models.
Each of the five models have unique characteristics which make it different from the other
types. Therefore, it is important to understand their differences.
Vanity: Many web sites are started as vanity sites. These sites are often created
by individuals as an outlet of self expression, to share a hobby, promote a cause, or find
others with similar interests. These sites are created with no intentions of deriving revenue
and no illusions of grandeur. It could be as simple as a one page family site or a complex
forum on a specific topic. The costs are borne either by the individual or by some altruistic
enterprise such as universities, libraries, communities, associations, and even businesses.
Nevertheless, the costs are real of these “free” sites.
Billboard: Billboard sites (also called brochure or information sites) are designed
to derive economic benefit through indirect means from either referred sales, reduced
cost, or both. Revenue comes from creating awareness of its products or services via the
web, with the actual purchase transaction occurring off-line. Just like a billboard on a
highway, success is measured on viewer ship as net citizens “surf” by and are influenced to
purchase product. Most corporate sites today put up these electronic brochures to provide
information about their products, employment information, or public information. Economic
benefit is created through the indirect purchase of goods or services from existing physical
outlets and cost savings through the elimination of infrastructure or inefficiency. Finally,
some businesses feel this is the best way to avoid channel conflict’s potential pricing disparity
between different supply chains.
Advertising: Network television, radio, and many periodicals follow the advertising
model. All programming and content is funded by advertising dollars, with consumer
viewership measuring value. Agencies conduct sophisticated surveys to measure the value
and establish the pricing. For eCommerce, advertising can be in the form of banners,
sponsorships, ezine ads, and other promotion methods.
This is a much-ballyhooed but still largely unproven model on the web. While
there are a few sites that are entirely supported by advertising dollars, the lack of web-
savvy viewership statistics hindering the mass adoption by advertisers? As the knowledge
of consumer behavior is further understood, experts will prepare purchase pattern analyses
providing advertisers with empirical data to support their promotion campaigns.
Although the vast majority of these sites offer tangible products, they can work for
service products too. The primary characteristic of these types of sites is the ability to
make a one time purchase with no future obligations.
While it is impossible to predict the future in this fast moving media, it is obvious
that all five business models will remain viable for the near term. Each model will continue
to mature both in its acceptance and sophistication. Consumers will increasingly look to
the web for physical commerce alternatives because of the limitlessness of the media both
in terms of geography and shopping hours. For net entrepreneurs, each model should be
examined carefully to understand which model provides the maximum benefit. With the
understanding of the business models, financial projections can be easily created and business
plans finalized. With the business plan in hand, you will realize even in cyberspace, there is
no such thing as a free lunch.
Summary
The Internet Tools and their Characteristics: The evolution of the Internet is
punctuated by the introduction and mass acceptance of such key resources and
tools as Unix, Email, Usenet newsgroups, Telnet, Listserv Mailing List Software,
File Transfer Protocol, Internet Relay Chat, WAIS, Gopher, WWW, and more
recently by the Altavista search engine, Java language, and finally, the
• Protocol Layering
• Networks
• Routers
• Addressing Architecture
• Revenue increases
• Ability to generate profits
• Success in creating meaningful alliances
• Success in expanding into new markets
• Differentiating itself from other business models
web browser. Simply put, an Intranet is the application of Internet technologies within an
organization private LAN or WAN network.
NOTES
• Inexpensive to implement
• Easy to use, just point and click
• Saves time and money, better information faster
• Based on open standards
• Scaleable and flexible
• Connects across disparate platforms
• Puts users in control of their data
E-Commerce Business Models: Common eCommerce models are direct online sales,
selling online advertising space, and online commissions.
NOTES
UNIT IV
E-COMMERCE PAYMENTS
AND SECURITY
The desire to reduce costs is one major reason for the increase in electronic
payments. Cash and checks are very expensive to process, and banks are seeking less
costly alternatives. It is estimated that approximately 56 percent of consumer transactions
in the United States are cash and 29 percent are check. Credits, debits, and other electronic
transactions account for about 15 percent of all consumer transactions, and are expected
to increase rapidly. Electronic transactions numbered 33 billion in 1993 and are expected
to climb to 118 billion by the year 2000. For the same period, paper transactions are
forecast to show very modest growth, from 117 billion in 1993 to 135 billion in the year
2000.
Banks and retailers want to wean customers away from paper transactions because
NOTES the processing overhead is both labor intensive and costly. The crucial issue in electronic
commerce revolves around how consumers will pay businesses online for various products
and services. Currently, consumers can view an endless variety of products and services
offered by vendors on the Internet, but a consistent and secure payment capability does
not exist. The solutions proposed to the online payment problem have been ad hoc at best.
For instance, in one method marketed by CyberCash, users install client software packages,
sometimes known as “electronic wallets,” on their browsers. This software then
communicates with “electronic cash registers” that run on merchants’ Web servers. Each
vendor’s client works with only that vendor’s own server software, a rather restrictive
scenario. Currently, merchants face the unappealing option of either picking one standard
and alienating consumers not subscribing to a standard or needing to support multiple
standards, which entails extra time, effort, and money.
The goal of online commerce is to develop a small set of payment methods that are
widely used by consumers and widely accepted by merchants and banks.
Electronic payment systems are proliferating in banking, retail, health care, on-line markets,
and even government-in fact, anywhere money needs to change hands. Organizations are
motivated by the need to deliver products and services more cost effectively and to provide
a higher quality of service to customers.
Research into electronic payment systems for consumers can be traced back to
the 1940s, and the first applications-credit cards appeared soon after. In the early 1970s,
the emerging electronic payment technology was labelled electronic funds transfer (EFT).
EFT is defined as “any transfer of funds initiated through an electronic terminal, telephonic
NOTES
instrument, or computer or magnetic tape so as to order, instruct, or authorize a financial
institution to debit or credit an account.” EFT utilizes computer and telecommunication
components both to supply and to transfer money or financial assets. Transfer is information-
based and intangible. Thus EFT stands in marked contrast to conventional money and
payment modes that rely on physical delivery of cash or checks (or other paper orders to
pay) by truck, train, or airplane. Work on EFT can be segmented into three broad categories:
Retailing payments
Encrypted credit cards (e.g., World Wide Web form based encryption)
Third-party authorization numbers (e.g., First Virtual)
One fundamental issue is how to price payment system service. For example,
should subsidies be used to encourage users to shift from one form of payment to another,
from cash to bank payments, from paper-’based to e-cash. The problem with subsidies is
the potential waste of resources, as money may be invested in systems that will not be
used. Thus investment in systems not only might not be recovered but substantial ongoing
operational subsidies will also be necessary. On the other hand, it must be recognized that
without subsidies, it is difficult to price all services affordably. · Standards. Without standards,
the welding of different payment users into different networks and different systems is
impossible. Standards enable interoperability, giving users the ability to buy and receive
information, regardless of which bank is managing their money. None of these hurdles are
insurmountable. Most will be jumped within the next few years. These technical problems,
experts hope, will be solved as technology is improved and experience is gained. The
biggest question concerns how customers will take to a paperless and (if not cashless)
less-cash world.
Electronic Wallet
To achieve perfect security, the electronic wallet has to be downloaded into the
buyer’s personal computer. Since the interoperability of the cardholder’s digital wallet
with any merchant’s software is essential, a consortium of companies (Visa, MasterCard,
JCB, and American Express) has established a company called SETCo (Secure Electronic
Transaction LLC 1999). This company performs the interoperability test and issues a SET
Mark as a confirmation of interoperability. IBM, Netscape, Microsoft, VeriSign, Tandem,
and MetaLand provide such interoperable digital wallets.
Storage of Certificates
If the private key and corresponding public key in a certificate are physically stored in
the customer’s personal computer, the customer can use the certificate only at the computer.
However, if the certificate is stored in an IC card, the wallet can work if the IC card is
inserted into a card reader attached to a computer. Therefore, storing the certificate in IC
card seems to be the safest method.
NOTES
The International Center for Electronic Commerce (ICEC 1999) has developed a
system named Smart-SET, which integrates SET protocol with an IC card that can store
multiple certificates. Secure socket layer protocol for electronic payment even though
SET is a perfect solution for secure electronic payments, a relatively simple version of SSL
is currently widely adopted. This is because SET protocol is complex and certificates are
not widely distributed in a stable manner. Theoretically, the SSL protocol may use a
certificate but it does not include the concept of a payment gateway. Merchants need to
receive both ordering information and credit card information because the capturing process
initiated by the merchant.
The SET protocol, on the other hand, hides the customer’s credit card information
from merchants and also hides the order information from banks to protect privacy. This
scheme is called dual signature. Until SET becomes popular, a simple version of SSL is a
very viable alternative.
Confidentiality of Information
Integrity of Information
SET ensures that message content is not altered during the transmission between
originator and recipient. Payment information sent from consumers to merchants includes
order information, personal data, and payment instructions. If any component is altered in
transit, the transaction will not be processed accurately. In order to eliminate this potential
source of fraud and/or error, SET provides the means to ensure that the contents of all
order and payment messages received match the contents of messages sent. Information
integrity is ensured by the use of digital signatures.
Merchant Authentication
The SET specifications provide a way for consumers to confirm that a merchant
has a relationship with a financial institution that allows that merchant to accept bank card
payments. Merchant authentication is ensured by the use of digital signatures and merchant
certificates.
Interoperability
NOTES
The SET specifications must be applicable on a variety of hardware and software
platforms, ands must not prefer one over another. Any consumer with compliant software
must be able to communicate with any merchant software that also meets the defined
standard Interoperability by the use of standard protocols and message formats.
The Internet is a huge place that hosts several millions of people. As all the people
are not honest, illegal activity’ is inevitable. Statistics show that only 10% of computer
client is reported and only 2% of the reported client results in with convictions.
• The person who tries to understand and learn the various systems and
capabilities of any private network. In this case the person has no intentions
to do any damage or to steal any resources but tries to observe the system
functionality. For example teenagers who tries to enter into a network out of
curiosity till they are caught or deducted.
• The persons who uses the Internet and the Web to benefit themselves by
doing illegal activities such as, stealing software’s, information and causing
damage to resources. This type of criminal activity raises the concern for
network security.
A large system like Internet has many holes and crevices in which a determined
person can easily find the way to get into any private network. There are many terms used
to signify the computer criminals.
• Hacker-is a person who has good knowledge about computers and tries to
open the data packets and steal the information transmitted through the Internet.
Another major issue in the Internet security is misrepresentation and fraud. One of
the reasons of misrepresentation is that on the net it is easy to appear as anyone or anything
without the actual presence. For example, shops site displaying goods, which the dealer
may not have them physically. But at the same time, creating a scam site is not as easy as
it seems to be, because one must host pages somewhere, which makes the provider
responsible for the content. For this reason, most Web site providers examines sites and
have access to the information that is been provided. With the rapid growth in use of
Internet, in future the number of fraud cases in which perpetrators create their own provider
site will probably increase. This is possible specially, in case of offshore servers where
laws are more favorable to the criminal and enforcement will be very difficult. For this
reason, it is increasingly important for Web users to protect themselves.
4.2.2.1 Encryption
Encryption is a technique for hiding data. The encrypted data can be read only by
those users for whom it is intended. Nowadays various encryption techniques are available.
One of the available techniques commonly used for encryption is Public Key. In Public
Key encryption system, RSA Data Security of Redwood City offers the most popular and
commercially available algorithm.
In a Public Key encryption system each user has two keys-public key and private
key. The encryption and decryption algorithms are designed in a way so that only the
private key can decrypt data that is encrypted by the public key. And the public key can
decrypt data, encrypted by the private key. Therefore, one can broadcast the public key
NOTES to all users.
• Secret-key encryption
• Public-key encryption
I
n
t
e
r
n
e
t
Bob decrypts the cipher text with the decryption key and reads the PO. Note that
in secret-key encryption, the encryption key and decryption key are the same (see Fig.).
The transmitter uses a cryptographic secret “key” to encrypt the message, and the recipient
must use the same key to decipher or decrypt it. A widely adopted implementation of
secret-key encryption is data encryption standard (DES).
protected copy of the key. If the transmitter and receiver are in separate sites, they must
trust not being overheard during face-to-face meetings or over a public messaging system
NOTES
(a phone system, a postal service) when the secret key is being exchanged. Anyone who
over-hears or intercepts the key in transit can later use that key to read all encrypted
messages.
scrambled
Scrambled
I message
message n
t
e
r
n
e
t
Encrypt Decrypt
Buyer with with seller
private key private key
Since shared keys must be securely distributed to each communicating party, secret-
key encryption suffers from the problem of key distribution-generation, transmission, and
storage of keys. Secure key distribution is cumbersome in large networks and does not
scale well to a business environment where a company deals with thousands of online
customers. Further, secret-key encryption is impractical for exchanging messages with a
large group of previously unknown parties over a public network. For in-stance, in order
for a merchant to conduct transactions securely with Internet subscribers, each consumer
would need a distinct secret key as-signed by the merchant and transmitted over a separate
secure channel such as a telephone, adding to the overall cost. Hence, given the difficulty
of providing secure key management, it is hard to see secret-key encryption becoming a
dominant player in electronic commerce. If secret encryption cannot ensure safe electronic
commerce, what can? The solution to widespread open network security is a newer, more
sophisticated form of encryption, first developed in the 1970s, known as public-key
encryption.
Public-Key Encryption
Public-key encryption, also known as asymmetric encryption, uses two keys: one
key to encrypt the message and a different key to decrypt the message. The two keys are
mathematically related so that data encrypted with one key only be decrypted using the
other.
Unlike secret-key encryption, which uses a single key shared by two (or more)
NOTES parties, public-key encryption uses a pair of keys for each party. One of the two keys is
“public” and the other is “private.” The public key can be made known to other parties; the
private key must be kept confidential and must be known only to its owner. Both keys,
however, need to be protected against modification.
The best known public-key encryption algorithm is RSA (named after its inventors
Rivest, Shamir, and Adleman). In the RSA method, each participant creates two unique
keys, a “public key,” which is published in a sort of public directory, and a “private key,”
which is kept secret. The two keys work together; whatever data one of the keys “locks,”
only the other can unlock.
The computer handles the hard work of manipulating the large numbers used in
the math of encrypting and decrypting messages. Table compares secret- and public key
systems. Both types of systems offer advantages and disadvantages. Often, the two are
combined to form a hybrid system to exploit the strengths of each method. To determine
which type of encryption best meets its needs, an organization first has to identify its security
requirements and operating environment. Public-key encryption is particularly useful when
the parties wishing to communicate cannot rely on each other or do not share a common
key. This is often the case in online commerce.
Another prominent public key method being used in online commerce today is
called Digital Signatures
Digital Signature
Digital signatures are used for sending authentication. This also means that the
originator cannot falsely deny having signed the data. In addition, a digital signature enables
the computer to notarize the message, ensuring the recipient that the message has not been
forged transit.
data, called a “hash” or “message digest,” rather than to the entire set of data. The resulting
NOTES digital signature can be stored or transmitted along with the data. The signature can be
verified by any party using the public key of the signer. This feature is very useful, for
example, when distributing signed copies of virus-free .software. Any recipient can verify
that the program re-mains virus-free. If the signature verifies properly, then the verifier has
confidence that the data was not modified after 1:Jeing signed and that the owner of the
public key was the signer.
Digital Certificates
4.2.2.2 Firewall
A firewall is simply a program or hardware device that filters the information coming
through the Internet connection into your private network or computer system. If an incoming
packet of information is flagged by the filters, it is not allowed through. Let’s say that you
work at a company with 500 employees. The company will therefore have hundreds of
computers that all have network cards connecting them together. In addition, the company
will have one or more connections to the Internet through something like T1 or T3 lines.
Without a firewall in place, all of those hundreds of computers are directly accessible to
anyone on the Internet. A person who knows what he or she is doing can probe those
computers, try to make FTP connections to them, try to make telnet connections to them
and so on. If one employee makes a mistake and leaves a security hole, hackers can get to
the machine and exploit the hole.
With a firewall in place, the landscape is much different. A company will place a
firewall at every connection to the Internet (for example, at every T1 line coming into the
company). The firewall can implement security rules. For example, one of the security
NOTES rules inside the company might be:
Out of the 500 computers inside this company, only one of them is permitted to
receive public FTP traffic. Allow FTP connections only to that one computer and prevent
them on all others. A company can set up rules like this for FTP servers, Web servers,
Telnet servers and so on. In addition, the company can control how employees connect to
Web sites, whether files are allowed to leave the company over the network and so on. A
firewall gives a company tremendous control over how people use the network.
Firewalls use one or more of three methods to control traffic flowing in and out of
the network:
• Packet filtering - Packets (small chunks of data) are analyzed against a set
of filters. Packets that make it through the filters are sent to the requesting
system and all others are discarded.
• Proxy service - Information from the Internet is retrieved by the firewall and
then sent to the requesting system and vice versa.
• Stateful inspection - A newer method that doesn’t examine the contents of
each packet but instead compares certain key parts of the packet to a database
of trusted information.
Information travelling from inside the firewall to the outside is monitored for specific
defining characteristics, then incoming information is compared to these characteristics. If
the comparison yields a reasonable match, the information is allowed through. Otherwise
it is discarded
It’s a known saying Prevention is the best medicine and this implies equally well to
compute security. The” first step is to keep the security of your data files such that only the
right people can see them. This is especially crucial for any of the following types of data
and files.
• User passwords
• Billing files
User passwords and usage logs should be kept secure to keep pirate from looking
at those files to figure out how to gain further access to your system. Keeping your password
files shadowed or hidden keeps pirates from remotely acquiring your file and then running
password cracking programs on the file in their own time.
The most insure part of the Internet is not the Net itself but the source and destination
of users and computers on the net. As the user of the system, you should know the place
and the method to store your data. When you are connected to the network your personal
system is vulnerable. Because of the nature slip type connectivity and TCP/IP networks,
someone else could be probing your system while you are working. Decrypted data
residing on your hard disk may be available to outside for snooping. As server and browser
security increases almost pirates will be driven to breaking into the system at the source or
at the destination. This information of-course applies equally to the both the user and the
storeowner. Storeowners must ensure that product information database is secure. Again
store owners should ensure that they encrypt archived transactions, as well as transactions
in the process of being fulfilled. If a business can afford only lesser security then the best
you can do is keep permissions of files hidden from pirates. One of the best security
measures that you can take for physically stored data is to have hardware password
protection. Many commercial products provide this facility and often work well to keep
the data secure. Another security measure is to delete the not required data or information.
Simply deleting the information is not enough. Pirates can easily undelete previously deleted
information. They can even unformatted a formatted disk after securely deleting file
defrayment your drive using any popular disk utility. Such program ensures that the original
structure of the disk is recognized leaving no recoverable data. The best solution is to use
programs like the Defense Departments recommended secure delete program. Such
NOTES programs are available in software archives throughout the Internet. Before marking the
file as deleted, such programs first write repeating sequences of bits to each bit within the
file. This ensures that magnetic particles are mixed several times so that traces of data are
not readable.
Another type of pirating is also done by using, the electromagnetic emissions that
come from the monitors. In the early age of computing, programmers could debug programs
by turning on a radio and placing it near the computer. The internal clock speed of the
computer would oscillate like the radio stations. So they could hear the programming
sequence running on the computer. The programmers soon learn how to interpret the
different sound frequencies to determine what was happening in their program. A type of
technology and research called TEMPEST is available that can reverse this electromagnetic
radiation into a reasonable reproduction of the original information.
The degree of security for computer connected Into Internet, depends upon the
requirements and cost. Every one should take the basic measures of creating secure
passwords, not leaving printouts laying around, and keeping hard” Yare secure. One
should encrypt sensitive data that sent over the Internet. The basic measures should be
enough to cover the average security standards for the company. But monitor the system
in, regular intervals. If security breaches are encounter, more sophisticated security measures
should be implemented. Particularly, the companies are vulnerable those are involved in
national security or those that have such companies as clients.
An electronic funds transfer (also known as EFT) is a system for transferring money
from one bank to another without using paper money. Its use has become widespread with
the arrival of personal computers, cheap networks, improved cryptography and the Internet.
Since it is affected by financial fraud, the electronic funds transfer act was
implemented. This federal law protects the consumer in case a problem arises at the moment
of the transaction.
The history electronic funds transfer originated from the common funds transfer of
the past. Since the 19th century, and with the help of telegraphs, funds transfers were an
usual thing in commercial transactions. Finally, it migrated itself to computers and became
the electronic money transfers of today.
One of the most common EFT’s is Direct Deposit. It is used by employers for
depositing their employees’ salary in a bank account. Other kind of EFT is the automatic
charge to your check or savings account. For example, when you are paying a mortgage,
the bank will discharge the monthly payment from a pre-accorded bank account. The
benefit is that you won’t have to go to the bank to do it. It’s automatic.
ATM’s are also used for EFT’s. Since an automatic teller machine is much cheaper
than a group of bank tellers, it has helped to bring costs down and beneficiate the costumer.
Points of sale (also known as POS) are also part of this group. Those little blue or
dark blue machines in which you pass your card are doing an electronic fund transfer from
your account to the retail account.
The main advantage of an electronic funds transfer is time. Since all the transaction
is done automatically and electronically, the bank doesn’t need to pay a person to do it, a
person to drive the loans to the other bank, the cost of the transport, the cost of the
NOTES maintenance of the transport, insurance and the gas of the transport. EFT’s have
revolutionized modern banking.
Other benefit is immediate payment, which brings an up to date cash flow. You
won’t hear either about lost checks causes by the inefficiency of normal mail (nowadays
known as snail mail for its velocity compared to emails) and up to date bookkeeping.
You may authorize a third party to initiate electronic funds transfers between your
account and the third party’s account. These transfers to make or receive payment may be
one-time occurrences or may recur as directed by you. These transfers may use the
Automated Clearinghouse (ACH) or other payments network. Your authorization to the
third party to make these transfers can occur in a number of ways. In some cases, your
authorization can occur when the merchant posts a sign informing you of their policy. In all
cases, the transaction will require you to provide the third party with your account number
and bank information. This information can be found on your check as well as on a deposit
or withdrawal slip. Thus, you should only provide your bank and account information
(whether over the phone, the Internet, or via some other method) to trusted third parties
whom you have authorized to initiate these electronic funds transfers. Examples of these
transfers include, but are not limited to:
• Preauthorized credits. You may make arrangements for certain direct deposits
to be accepted into your checking or savings account(s).
• Preauthorized payments. You may make arrangements to pay certain
recurring bills from your checking account(s).
• Electronic check conversion. You may provide your check to a merchant
or service provider who will scan the check for the encoded bank and account
information. The merchant or service provider will then use this information to
convert the transaction into an electronic funds transfer. This may occur at the
point of purchase, or when you provide your check by other means such as
by mail or drop box.
• Electronic returned check charge. Some merchants or service providers
will initiate an electronic funds transfer to collect a charge in the event a check
is returned for insufficient funds.
ATM Transfers – types of transfers and dollar limitations – You may access your
account(s) by ATM using your MasterMoney® card and personal identification number
to:
Currency Conversion.
You agree not to use your card(s) for illegal gambling or other illegal purpose.
Display of a payment card logo by, for example an online merchant does not necessarily
meant that transactions are lawful in all jurisdictions in which the cardholder may be located.
Liability for failure to make transfers. If we do not complete a transfer to or from your
account on time or in the correct amount according to our agreement with you, we will be
liable for your losses or damages. However, there are some exceptions. We will not be
liable, for instance:
(1) If, through no fault of ours, you do not have enough money in your account to
make the transfer.
NOTES
(2) If you have an overdraft line and the transfer would go over the credit limit.
(3) If the automated teller machine where you are making the transfer does not have
enough cash.
(4) If the terminal or system was not working properly and you knew about the
breakdown when you started the transfer.
(5) If circumstances beyond our control (such as fire or flood) prevent the transfer,
despite reasonable precautions that we have taken.
(6) There may be other exceptions stated in our agreement with you.
CONFIDENTIALITY
We will disclose information to third parties about your account or the transfers you make:
1. Agency: The degree of autonomous action that can me taken; that is actions performed
without the need for direct human intervention or intervention by other agents. The agents
should have control over the actions performed within its system, i.e., not have actions
performed by other agents. Other agents can request actions, but the agent itself decides
whether to approve and allow the action.
2. Intelligence: The extent to which an agent can understand its own internal state and its
external environment. The level of intelligence is further classified according to its ability to
respond, to adapt and to take initiative.
A credit card is a system of payment named after the small plastic card issued to
users of the system. A credit card is different from a debit card in that it does not remove
money from the user’s account after every transaction. In the case of credit cards, the
issuer lends money to the consumer (or the user) to be paid to the merchant. It is also
different from a charge card (though this name is sometimes used by the public to describe
credit cards), which requires the balance to be paid in full each month.
A secured credit card is a type of credit card secured by a deposit account owned
by the cardholder. Typically, the cardholder must deposit between 100% and 200% of the
total amount of credit desired. Thus if the cardholder puts down Rs. 1000, he or she will
be given credit in the range of Rs. 500–Rs. 1000. In some cases, credit card issuers will
offer incentives even on their secured card portfolios. In these cases, the deposit required
may be significantly less than the required credit limit, and can be as low as 10% of the
desired credit limit. This deposit is held in a special savings account. Credit card issuers
NOTES offer this as they have noticed that delinquencies were notably reduced when the customer
perceives he has something to lose if he doesn’t repay his balance.
The cardholder of a secured credit card is still expected to make regular payments,
as he or she would with a regular credit card, but should he or she default on a payment,
the card issuer has the option of recovering the cost of the purchases paid to the merchants
out of the deposit. The advantage of the secured card for an individual with negative or no
credit history is that most companies report regularly to the major credit bureaus. This
allows for building of positive credit history.
Although the deposit is in the hands of the credit card issuer as security in the event
of default by the consumer, the deposit will not be debited simply for missing one or two
payments. Usually the deposit is only used as an offset when the account is closed, either
at the request of the customer or due to severe delinquency (150 to 180 days). This means
that an account which is less than 150 days delinquent will continue to accrue interest and
fees, and could result in a balance which is much higher than the actual credit limit on the
card. In these cases the total debt may far exceed the original deposit and the cardholder
not only forfeits their deposit but is left with an additional debt.
Secured credit cards are an option to allow a person with a poor credit history or
no credit history to have a credit card which might not otherwise be available. They are
often offered as a means of rebuilding one’s credit. Secured credit cards are available with
both Visa and MasterCard logos on them. Fees and service charges for secured credit
cards often exceed those charged for ordinary non-secured credit cards, however, for
people in certain situations, (for example, after charging off on other credit cards, or people
with a long history of delinquency on various forms of debt), secured cards can often be
less expensive in total cost than unsecured credit cards, even including the security deposit.
Credit card security is based on privacy of the actual credit card number. This
means that whenever a person other than the card owner reads the number, security is
potentially compromised. Since this happens most of the time when a transaction is made,
security is low. However, a user with access to just the number can only make certain
NOTES
types of transactions. Merchants will often accept credit card numbers without extra
verification for mail order, but then the delivery address will be recorded, so the thief must
make sure he can have the goods delivered to an anonymous address (i.e. not his own)
and collect them without being detected. Some merchants will accept a credit card number
for in-store purchases, whereupon access to the number allows easy fraud, but many
require the card itself to be present, and require a signature. Thus, a stolen card can be
cancelled, and if this is done quickly, no fraud can take place in this way. For internet
purchases, there is sometimes the same level of security as for mail order (number only)
hence requiring only that the fraudster take care about collecting the goods, but often there
are additional measures. The main one is to require a security PIN with the card, which
requires that the thief have access to the card.
The numbers found on credit cards have a certain amount of internal structure, and
share a common numbering scheme.
The card number’s prefix, called the Bank Identification Number, is the sequence
of digits at the beginning of the number that determine the bank to which a credit card
number belongs. This is the first six digits for MasterCard and Visa cards. The next nine
digits are the individual account number, and the final digit is a validity check code.
In addition to the main credit card number, credit cards also carry issue and
expiration dates (given to the nearest month), as well as extra codes such as issue numbers
and security codes. Not all credit cards have the same sets of extra codes nor do they use
the same number of digits.
Many credit cards can also be used in an ATM to withdraw money against the
credit limit extended to the card but many card issuers charge interest on cash advances
before they do so on purchases. The interest on cash advances is commonly charged from
the date the withdrawal is made, rather than the monthly billing date. Many card issuers
levy a commission for cash withdrawals, even if the ATM belongs to the same bank as the
card issuer. Merchants do not offer cash back on credit card transactions because they
NOTES would pay a percentage commission of the additional cash amount to their bank or merchant
services provider, thereby making it uneconomical.
Many credit card companies will also, when applying payments to a card, do so at
the end of a billing cycle, and apply those payments to everything before cash advances.
For this reason, many consumers have large cash balances, which have no grace period
and incur interest at a rate that is (usually) higher than the purchase rate, and will carry
those balances for years, even if they pay off their statement balance each month.
We can break credit card payment on on-line networks into three basic categories:
The easiest method of payment is the exchange of unencrypted credit cards over
a public network such as telephone lines or the Internet. The low level of security inherent
in the design of the Internet makes this method problematic (any snooper can read a credit
card number, and programs can be created to scan the Internet traffic for credit card
numbers and send the numbers to its master). Authentication is also a significant problem,
and the vendor is usually responsible to ensure that the person using the credit card is its
owner. Without encryption there is no way to do this.
It would make sense to encrypt your credit card details before sending them out,
but even then there are certain factors to consider. One would be the cost of a credit card
transaction itself. Such cost would prohibit low-value payments (micro payments) by adding
costs to the transactions.
1. A customer presents his or her credit card information (along with an authenticity
signature or other information such as mother’s maiden name) securely to the
merchant.
2. The merchant validates the customer’s identity as the owner of the cred-it card
account.
3. The merchant relays the credit card charge information and signature to its bank or
on-line credit card processors.
4. The bank or processing party relays the information tot the customer’s; bank for
authorization approval.
5. The customer’s bank returns the credit card data, charge authentication, and
authorization to the merchant.
In this scheme, each consumer and each vendor generates a public key and a
secret key. The public key is sent to the credit card company and put on its public key
server. The secret key is re-encrypted with a password, and the unencrypted version is
erased. To steal a credit card, a thief would have to get access to both a consumer’s
encrypted secret key and password. The credit card company sends the consumer a
credit card number and a credit limit. To buy something from vendor X, the consumer
sends vendor X the message, ‘It is now time T. I am paying Y dollars to X for item Z,” then
the consumer uses his or her password to sign the message with the public key. The
vendor will then sign the message with its own secret key and send it to the credit card
company, which will bill the consumer for Y dollars and give the same amount (less a fee)
to X. (See Fig.4.4.5(a) Nobody can cheat this system. The consumer can’t claim that he
didn’t agree to the transaction, because he signed it (as in everyday life). The vendor can’t
invent fake charges, because he doesn’t have access to the consumer’s key. He can’t
submit the same charge twice, because the consumer included the precise time in the
message. To become useful, credit Card systems will have to develop distributed key
servers and card checkers. Otherwise, a con-centrated attack on these sites could bring
NOTES the system to a halt.
Support for Privacy Enhanced Mail (PEM) and Pretty Good Privacy (PGP)
encryption has been built into several browsers. Both of these schemes can be substantially
bolstered with the addition of encryption to defeat snooping attacks. Now any vendor can
create a secure system that accepts credit card numbers in about an hour.
Consumers use credit cards by presenting them for payment and then paying an
aggregate bill once a month. Consumers pay either by flat fee or individual transaction
charges for this service. Merchants get paid for the credit card drafts that they submit to
the credit card company. Businesses get charged a transaction charge ranging from 1
percent to 3 percent for each draft submitted.
• Credit cards have advantages over checks in that the credit card company assumes
a larger share of financial risk for both buyer and seller in a transaction. Buyers can
NOTES
sometimes dispute a charge retroactively and have the credit card company act on
their behalf. Sellers are ensured that they will be paid for all their sales—they
needn’t worry about fraud.
• One disadvantage to credit cards is that their transactions are not anonymous, and
credit card companies do in fact compile valuable data about spending habits.
• Record keeping with credit cards is one of the features consumers value most
because of disputes and mistakes in billing. Disputes may arise because different
services may have different policies. For example, an information provider might
charge for partial delivery of a file (the user may have abandoned the session after
reading part of the file), and a movie distributor might charge depending on how
much of the video had been downloaded. The cause of interrupted delivery needs
to be considered in resolving disputes (e.g., intentional customer action versus a
problem in the network or provider’s equipment). In general, implementing payment
policies will be simpler when payment is made by credit rather than with cash.
• The complexity of credit card processing takes place in the verification phase, a
potential bottleneck. If there is a lapse in time between the charging and the delivery
of goods or services (for example, when an airline ticket is purchased well in
advance of the date of travel), the customer verification process is simple because
it does not have to be done in real time. In fact, all the relaying and authorizations
can occur after the customer-merchant transaction is completed, unless the
authorization request is denied. If the customer wants a report (or even a digital
airline ticket), which would be downloaded into a PC or other information appliance
immediately at the time of purchase, however, many message relays and
authorizations take place in real time while the customer waits. Such exchanges
may require many sequence-specific operations such as staged encryption and
decrying and exchanges of cryptographic keys.
• Encryption and transaction speed must be balanced, however, as research has
show that on-line users get very impatient and typically wait for 20 seconds before
pursuing other actions. Hence, on-line credit card users must find the process to
be accessible, simple, and fast. Speed will have design and cost implications, as it
is a function of network capabilities, computing power, available at every server,
and the specific form of the transaction. The infrastructure supporting the exchange
must be reliable. The user must feel confident that the supporting payment
infrastructure will be available on demand and that the system will operate
NOTES reasonably well regardless of component failures or system load conditions. The
builders and providers of this infrastructure are aware of customer requirements
and are in fierce competition to fulfill those needs.
Competition among these players is based on service quality, price, processing system
speed, customer support, and reliability. Most third-party processors market their services
directly to large regional or national merchants rather than through financial institutions or
independent sales organizations
.
Barriers to entry include
The traditional roles are most definitely being reshuffled, and electronic payment
on the Internet can have a substantial effect on transaction processing in the “real” (non
Virtually all electronic payment systems need some ability to keep automatic records,
for obvious reasons. From a technical standpoint, this is no problem for electronic systems.
Credit and debit cards have them and even the paper-based check creates an automatic
record. Once information has been captured electronically, it is easy and inexpensive to
keep (it might even cost more to throw it away than to keep it). For example, in many
transaction processing systems, old or blocked accounts are never purged and old
transaction histories can be kept forever on magnetic tape. Given the intangible nature of
electronic transactions and dispute resolution relying solely on records, a general law of
payment dynamics and banking technology might be: No data need ever be discarded.
The record feature is an after-the-fact transcription of what happened, created without
any explicit effort by the transaction parties. Features of these automatic records include
The need for record keeping for purposes of risk management conflicts with the
transaction anonymity of cash. One can say that anonymity exists today only because cash
is a very old concept, invented long before the computer and networks gave us the ability
to track everything. Although a segment of the payment-making public will always desire
transaction anonymity, many believe that anonymity runs counter to the public welfare
NOTES because too many tax, smuggling, and/or money laundering possibilities exist. The anonymity
issue raises the question: Can electronic payments hap-pen without an automatic record
feature?
Many recent payment systems seem to be ambivalent on this point. For instance,
the Mondex electronic purse touts equivalence with cash, but its electronic wallets are
designed to hold automatic records of the card’s last twenty transactions with a statement
built in. Obviously, the card-reading terminals, machines, or telephones could all maintain
records of all transactions and they probably ultimately will. With these records, the balance
on any smart card could be reconstructed after the fact, thus allowing for additional
protection against loss or theft. This would certainly add some value versus cash. In sum,
anonymity is an issue that will have to be addressed through regulation covering consumer
protection in electronic transactions. There is considerable debate on this point. An
anonymous payment system without automatic record keeping will be difficult for bankers
and governments to accept. Were the regulation to apply, each transaction would have to
be reported, meaning it would appear on an account statement making mistakes and disputes
easier to resolve. However, customers might feel that all this record keeping is an invasion
of privacy resulting in slower than expected adoption of electronic payment systems. The
next risk involved is the privacy of the customer making a purchase.
The electronic payment system must ensure and maintain privacy. Every time one
purchases goods using a credit card, subscribes to a magazine or accesses a server, that
information goes into, a database somewhere. Furthermore, all these records can be linked
so that they constitute in effect a single dossier. This dossier would reflect what items were
bought and where and when. This violates one the unspoken laws of doing business: that
the privacy of customers should be protected as much as possible. All details of a consumer’s
payments can be easily be aggregated: Where, when, and sometimes what the consumer
buys is stored. This collection of data tells much about the person and as such can conflict
with the individual’s right to privacy. Users must be assured that knowledge of transactions
will be confidential, limited only to the parties involved and their designated agents (if
any).Privacy must be maintained against eavesdroppers on the network and against
unauthorized insiders. The users must be assured that they cannot be easily duped, swindled,
or falsely implicated in a fraudulent transaction. This protection must apply throughout the
whole transaction protocol by which a good or service is purchased and delivered. This
implies that, for many types of transactions, trusted third-party agents will be needed to
NOTES
vouch for the authenticity and good faith of the involved parties..
A debit card (also known as a gift card) is a plastic card which provides an
alternative payment method to cash when making purchases. Physically the card is an ISO
7810 card like a credit card; however, its functionality is more similar to writing a cheque
as the funds are withdrawn directly from either the cardholder’s bank account (often referred
to as a check card), or from the remaining balance on the card.
Depending on the store or merchant, the customer may swipe or insert their card
into the terminal, or they may hand it to the merchant who will do so. The transaction is
authorized and processed and the customer verifies the transaction either by entering a
PIN or, occasionally, by signing a sales receipt.
In some countries the debit card is multipurpose, acting as the ATM card for
withdrawing cash and as a check guarantee card. Merchants can also offer “cashback”/
”cashout” facilities to customers, where a customer can withdraw cash along with their
NOTES purchase.
The use of debit cards has become wide-spread in many countries and has overtaken
the check, and in some instances cash transactions by volume. Like credit cards, debit
cards are used widely for telephone and Internet purchases.
A Finnish smart card. The 3 by 5 mm security chip embedded in the card is shown
enlarged in the inset. The gold contact pads on the card enable electronic access to the
chip.
1. Magnetic stripe
2. Signature strip
3. Card Security Code
Although many debit cards are of the Visa or MasterCard brand, there are many
other types of debit card, each accepted only within a particular country or region, for
example Switch (now: Maestro) and Solo in the United Kingdom, Carte Bleue in France,
Laser in Ireland, “EC electronic cash” (formerly Eurocheck) in Germany and EFTPOS
cards in Australia and New Zealand. The need for cross-border compatibility and the
advent of the euro recently led to many of these card networks (such as Switzerland’s “EC
direkt”, Austria’s “Bankomatkasse” and Switch in the United Kingdom) being rebranded
with the internationally recognised Maestro logo, which is part of the MasterCard brand.
Some debit cards are dual branded with the logo of the (former) national card as well as
NOTES
Maestro (e.g. EC cards in Germany, Laser cards in Ireland, Switch and Solo in the UK,
Pinpas cards in the Netherlands, Bancontact cards in Belgium, etc.). Debit card systems
have become popular in video arcades, bowling centers and theme parks. The use of a
debit card system allows operators to package their product more effectively while
monitoring customer spending. An example of one of these systems is ECS by Embed
International.
There are currently two ways that debit card transactions are processed: online
debit (also known as PIN debit) and offline debit (also known as signature debit). In
some countries including the United States and Australia, they are often referred to at point
of sale as “debit” and “credit” respectively, even though in either case the user’s bank
account is debited and no credit is involved.
Online debit cards require electronic authorization of every transaction and the
debits are reflected in the user’s account immediately. The transaction may be additionally
secured with the personal identification number (PIN) authentication system and some
online cards require such authentication for every transaction, essentially becoming enhanced
automatic teller machine (ATM) cards. One difficulty in using online debit cards is the
necessity of an electronic authorization device at the point of sale (POS) and sometimes
also a separate PINpad to enter the PIN, although this is becoming commonplace for all
card transactions in many countries. Overall, the online debit card is generally viewed as
superior to the offline debit card because of its more secure authentication system and live
status, which alleviates problems with processing lag on transactions that may have been
forgotten or not authorized by the owner of the card. Banks in some countries, such as
Canada and Brazil, only issue online debit cards.
Debit and check cards, as they have become widespread, have revealed numerous
advantages and disadvantages to the consumer and retailer alike. Advantages are as follows:
• A consumer who is not credit worthy and may find it difficult or impossible to
obtain a credit card can more easily obtain a debit card, allowing him/her to make
plastic transactions.
• Use of a debit card is limited to the existing funds in the account to which it is
linked, thereby preventing the consumer from racking up debt as a result of its use,
or being charged interest, late fees, or fees exclusive to credit cards.
• For most transactions, a check card can be used to avoid check writing altogether.
Check cards debit funds from the user’s account on the spot, thereby finalizing the
transaction at the time of purchase, and bypassing the requirement to pay a credit
card bill at a later date, or to write an insecure check containing the account
holder’s personal information.
• Like credit cards, debit cards are accepted by merchants with less identification
and scrutiny than personal checks, thereby making transactions quicker and less
intrusive. Unlike personal checks, merchants generally do not believe that a payment
via a debit card may be later dishonored.
• Unlike a credit card, which charges higher fees and interest rates when a cash
advance is obtained, a debit card may be used to obtain cash from an ATM or a
PIN-based transaction at no extra charge, other than a foreign ATM fee.
Electronic checks are designed to accommodate the many individuals and entities
that might prefer to pay on credit or through some mechanism other than cash. Electronic
checks are modelled on paper checks, except that they are initiated electronically, use
digital signatures for signing and endorsing, and require the use of digital certificates to
authenticate the payer, the payer’s bank, and bank account. The security/authentication
aspects of digital checks are supported via digital signatures using public-key cryptography.
Ideally, electronic checks will facilitate new online services by: allowing new payment flows
(the payee can verify funds availability at the payer’s bank); enhancing security at each
step of the transaction through automatic validation of the electronic signature by each
party (payee and banks); and facilitating payment integration with widely used EDI-based
electronic ordering and billing processes. Electronic checks are delivered either by direct
transmission using telephone lines, or by public networks such as the Internet. Electronic
check payments (deposits) are gathered by banks and cleared through existing banking
channels, such as automated clearing houses (ACH) networks.
E-checks:
• Electronic checks work in the same way as traditional checks, thus simplifying
customer education. By retaining the basic characteristics and flexibility of
paper checks while enhancing the functionality, electronic checks can be easily
understood and readily adopted.
• Electronic checks are well suited for clearing micro payments; the conventional
cryptography of electronic checks makes them easier to process than systems
NOTES
based on public-key cryptography (like digital cash). The payee and the
payee’s and payer’s banks can authenticate checks through the use of public-
key certificates. Digital signatures can also be validated automatically.
Electronic checks can serve corporate markets. Firms can use electronic
checks to complete payments over the networks in a more cost-effective
manner than present alternatives. Further, since the contents of a check can
be attached to the trading partner’s remittance information, the electronic
check will easily integrate with EDI applications, such as ac-counts receivable.
Electronic checks create float, and the availability of float is an important
requirement for commerce. The third-party accounting server can earn revenue
by charging the buyer or seller a transaction fee or a flat rate fee, or it can act
as a bank and provide deposit accounts and make money from the deposit
account pool.
• Electronic check technology links public networks to the financial payments
and bank clearing networks, leveraging the access of public net-works with
the existing financial payments infrastructure.
Electronic checks are another form of electronic tokens. They are designed to
accommodate the many individuals and entities that might prefer to pay on credit or through
some mechanism other than cash. Buyers must register with a third-party account server
before they are able to write electronic checks. The account server also acts as a billing
service. The registration procedure can vary depending on the particular account server
and may require a credit card or a bank account to back the checks. Once registered, a
buyer can then contact sellers of goods and services. To complete a transaction, the buyer
sends a check to the seller for a certain amount of money. These checks may be sent using
e-mail or other transport methods.
When deposited, the check authorizes the transfer of account balances from the
account against which the check was drawn to the account to which the check was
deposited. The e-check method was deliberately created to work in much the same way
as a conventional paper check. An account holder will issue an electronic document that
contains the name of the payer, the name of the financial institution, the payer’s account
number, the name of the payee and amount of the check. Most of the information is in
NOTES uncoded form. Like a paper check, an e-check will bear the digital equivalent of a signature:
a computed number that authenticates the check as coming from the owner of the account.
And, again like a paper check, an e-check will need to be endorsed by the payee, using
another electronic signature, before the check can be paid. Properly signed and endorsed
checks can be electronically exchanged between financial institutions through electronic
clearinghouses, with the institutions using these endorsed checks as tender to settle accounts.
On receiving the check, the seller presents it to the accounting server for verification
and payment. The accounting server verifies the digital signature on the check using any
authentication scheme. A user’s digital “signature” is used to create one ticket-a check-
which the seller’s digital “endorsement” transforms into another-an order to a bank computer
for fund transfer. Subsequent endorsers add successive layers of information onto the
tickets, precisely as a large number of banks may wind up stamping the back of a check
along its journey through the system.
The E-Check:
• can be used by all account holders, large and small, even where other electronic
payment solutions are too risky, or not appropriate
• is the most secure payment instrument available today
• provides rapid and secure settlement of financial obligations
• can be used with existing checking accounts
Debit cards are used by individuals and to a far lesser extent by businesses, to
make payments at the retail point-of-sale, or to obtain cash from ATMs. This white paper
will briefly compare the differences between debit cards and e-checks.
Since electronic checks are debit transactions, this white paper provides a high
level comparison of some of the main differences between the ACH debit system and e-
checks. These differences are reviewed in five main categories: terminology, business
practices, underlying technology, transaction authorization, and risk management.
The SET protocol specifications were defined by the credit card industry to facilitate
credit card purchases over the Internet. This white paper briefly compares the differences
between SET and e-checks.
Home banking bill payments are convenient for consumers, and although they
have some of the characteristics of electronic payments, there are significant differences
between echecks and home banking bill payments. This white paper will briefly explore
the differences between the two payment approaches.
Smart cards, also called stored value cards, use magnetic stripe technology or
integrated circuit chips to store customer-specific information, including electronic money.
The cards can be used to purchase goods or services, store information, control access to
accounts, and perform many other functions. Smart cards offer clear benefits to both
merchants and consumers. They reduce cash-handling expenses and losses caused by
fraud, expedite customer transactions at the checkout counter, and enhance consumer
convenience and safety. In addition, many state and federal governments are considering
stored value cards as an efficient option for dispersing government entitlements. Other
private sector institutions market stored value products to transit riders, university students,
telephone customers, vending customers, and retail customers.
merchants and banks have to be signed up and a means has to be developed to transfer
money. Such a system moreover must be robust and capable of handling a large number of
NOTES
transactions and will require extensive testing and usage to iron out all the bugs.
The smart card technology is widely used in countries such as France, Germany,
Japan, and Singapore to pay for public phone calls, transportation/ and shopper loyalty
programs. The idea has taken longer to catch on in the United States, since a highly reliable
and fairly inexpensive telecommunications system has favored the use of credit and debit
cards. Smart cards are basically of two types:
The chip-based card is but one tool that will help alter mass marketing techniques to
NOTES address each individual’s specific financial and personal requirements. Enhanced credit
cards store cardholder information including name, birth date, personal shopping
preferences, and actual purchase records. This information will enable merchants to
accurately track consumer behavior and develop promotional programs designed to increase
shopper loyalty. Relationship-based products are expected to offer consumers far greater
options, including the following:
Despite their increasing flexibility, relationship-based cards are credit based and
settlement occurs at the end of the billing cycle. There remains a need for a financial
instrument to replace cash. To meet this need, banks, credit card companies, and even
government institutions are racing to introduce “electronic purses,” wallet-sized smart cards
embedded with programmable microchips that store sums of money for people to use
instead of cash for everything from buying food, to making photocopies, to paying subway
fares.
After the purse is loaded with money, at an ATM or through the use of an inexpensive
special telephone, it can be used to pay for, say, candy in a vending machine equipped with
NOTES
a card reader. The vending machine need only verify that a card is authentic and there is
enough money available for a chocolate bar. In one second, the value of the purchase is
deducted from the balance on the card and added to an e-cash box in the vending machine.
The remaining balance on the card is displayed by the vending machine or can be checked
at an ATM or with a balance-reading device. Electronic purses would virtually eliminate
fumbling for change or small bills in a busy store or rush-hour toll booth, and waiting for a
credit card purchase to be approved. This allows customers to pay for rides and calls with
a prepaid card that “remembers” each transaction. And when the balance on an electronic
purse is depleted, the purse can be recharged with more money. As for the vendor, the
receipts can be collected periodically in person—or, more likely, by telephone and
transferred to a bank account. While the technology has been available for a decade, the
cards have been relatively expensive, from $5 to $10. Today the cards cost $1, and
special telephones that consumers could install at home to recharge the cards are projected
to cost as little as $50. A simple card reader would cost a merchant less than $200.
These reasons behind the prevalent use of cash in business transactions indicate
the need to re-engineer purchasing processes. In order to displace cash, electronic payment
systems need to have some cash-like qualities that current credit and debit cards lack. For
example, cash is negotiable, meaning that it can be given or traded to someone else. Cash
is legal tender, meaning that the payee is obligated to take it. Cash is a bearer instrument,
NOTES meaning that possession is proof of ownership. Cash can be held and used by anyone,
even those without a bank account. Finally, cash places no risk on the part of the acceptor;
the medium is always good.
In comparison to cash, debit and credit cards have a number of limitations. First,
credit and debit cards cannot be given away because, technically, they are identification
cards owned by the issuer and restricted to one user. Credit and debit cards are not legal
tender, given that merchants ‘have the right to refuse to accept them. Nor are credit and
debit cards bearer instruments; their usage requires an account relationship and authorization
system. Similarly, checks require either personal knowledge of the payer, or a check
guarantee system. A really novel electronic payment method needs to do more than recreate
the convenience that is offered by credit and debit cards; it needs to create a form of digital
cash that has some of the proper-ties of cash.
o Digital cash must have a monetary value; it must be backed by cash (currency),
bank-authorized credit, or a bank-certified cashier’s check. When digital cash
created by one bank is accepted by others, reconciliation must occur without
any problems. Without proper bank certification, digital cash carries the risk
that when deposited, it might be returned for insufficient funds.
o Digital cash must be storable and retrievable. Remote storage and retrieval
(such as via a telephone or personal communications device) would allow
users to exchange digital cash (withdraw from and deposit into banking
accounts) from home or office or while travelling.
o Digital cash should not be easy to copy or tamper with while it is being
exchanged. It should be possible to prevent or detect duplication and double-
spending of digital cash.
Typically, transactions involving cash are bilateral or two-party (buyer and seller)
transactions, whereby the merchant checks the veracity of the note’s digital signature by
using the bank’s public key. If satisfied with the payment, the merchant stores the digital
currency on his machine and deposits it later in the bank to redeem the face value of the
note. Transactions involving financial instruments other than cash are usually trilateral or
three-party (buyer, seller, and bank) transactions, whereby the “notes” are sent to the
merchant, who immediately sends them directly to the digital bank. The bank verifies the
validity of these “notes” and that they have not been spent before. The account of the
merchant is credited. In this case, every “note” can be used only once. In many business
situations, the bilateral transaction is not feasible because of the potential for double spending,
which is equivalent to bouncing a check. Double spending becomes possible because it is
very easy to make copies of the e-cash, forcing banks and merchants to take extra
precautions. To uncover double spending, banks must compare the note passed to it by
the merchant against a database of spent notes .Just as paper currency is identified with a
unique serial number, digital cash can also be protected. The ability to detect double spending
has to involve some form of registration so that all “notes” issued globally can be uniquely
identified. However, this method of matching notes with a central registry has problems in
the on-line world. For most systems, which handle high volumes of micro payments, this
method would simply be too expensive. In addition, the problem of double spending means
that banks have to carry added overhead because of the constant checking and auditing
logs. (fig 4.7.4(a)) Double spending would not be a major problem if the need for anonymity
were relaxed. In such situations, when the consumer is issued a bank note, it is issued to
that person’s unique license. When he or she gives it to some-body else, it is transferred
specifically to that other person’s license. Each time the money changes hands, the old
owner adds a tiny bit of information to the bank note based on the bank note’s serial
number and his or her license. If somebody attempts to spend money twice, the bank will
now be able to use the two bank notes to determine who the cheater is. Even if the bank
NOTES notes pass through many different people’s hands, whoever cheated will get caught, and
none of the other people will ever have to know. The downside is that the bank can tell
precisely what your buying habits are since it can check the numbers on the e-cash and the
various merchant accounts that are being credited. Many people would feel uncomfortable
letting others know this personal information.
Electronic cash fulfils two main functions: as a medium of exchange and as a store
of value. Digital money is a perfect medium of exchange. By moving monetary claims
quickly and by effecting instant settlement of transactions, e-cash may help simplify the
complex interlocking credit and liabilities that characterize today’s commerce. For instance,
small businesses that spend months waiting for big customers to pay their bills would
benefit hugely from a digital system in which instant settlement is the norm. Instant settlement
of micro payments is also a tantalizing proposition.
The controversial aspects of e-cash are those that relate to the other role, as a
store of value. Human needs tend to require that money take a tangible form and be widely
accepted, or “legal tender”. In most countries, a creditor by law cannot refuse cash as
settlement for a debt. With the acceptability of cash guaranteed by law, most people are
willing to bank their money and settle many of their bills by checks and debits, confident
that, barring a catastrophe, they can obtain legal tender (cash) on demand. If e-cash had to
be convertible into legal tender on demand, then for every unit there would have to be a
unit of cash reserved in the real economy: or, to look at it the other way round, there would
be cash in the real world for which digital proxies were created and made available. This
creates problems, because in an efficient system, if each e-cash unit represents a unit of
real cash, then positive balances of e-cash will earn no interest; for the interest they might
earn would be offset by the interest foregone on the real cash that is backing them.
problem. On the Internet, the buyer could be in Mexico and the seller in the United States.
NOTES How do you check-that the party in Mexico is giving a valid electronic currency that has
suitable backing? Even if it were valid today, what would happen if a sudden devaluation
occurs such as the one in December 1994 where the peso was devalued 30 percent
overnight. Who holds the liability, the buyer or the seller? These are not technological
issues but business issues that must be addressed for large-scale bilateral transactions to
occur. Unless, we have one central bank offering one type of electronic currency, it is very
difficult to see e-cash being very prominent except in narrow application domains.
Next we will see the risks involved while doing the transactions involving the use of
e-cash.
These constraints introduce a whole new set of implementation issues For example,
time limits could be set beyond which the electronic money, would expire and become
NOTES
worthless. The customer would have to redeem or exchange the money prior to the
expiration deadline. For this feature to work; electronic money would have to be time-
stamped, and time would have to be synchronized across the network to some degree of
precision. The objective of imposing constraints is to limit the issuer’s liability. A maximum
upper limit could be imposed on the value that could be assigned to any single transaction
or that could be transferred to the same vendor within a given period of time. Since the
user’s computer could be programmed to execute small transactions continuously at a high
rate over the network, a strategy of reporting transactions over a certain amount would be
ineffective for law enforcement. However, a well-designed system could enforce a policy
involving both transaction size and value with time. For example, an “anonymous coin-
purse” feature might be capable of receiving or spending no more than $500 in any twenty-
four hour period. Alternatively, the “rate ceiling” for the next twenty-four hours could be
made dependent on the rate of use or on the number of exchanges that could be permitted
before any electronic money would have to be redeposit in a bank or financial institution
and reissued. Finally, exchanges could also be restricted to a class of services or goods
(e.g., electronic benefits could be used only for food, clothing, shelter, or educational
purposes). The exchange process should allow payment to be withheld from the seller
upon the buyer’s instructions until the goods, or services are delivered within a specified
time in the future.
Electronic cash will force bankers and regulators to make tough choices that will
shape the form of lawful commercial activity related to electronic commerce. As a result of
the very features that make it so attractive to many, cash occupied an unstable and
uncomfortable place within the existing taxation and law enforcement systems. Anonymous
and virtually untraceable, cash transactions today occupy a place in a kind of underground
economy. This underground economy is generally confined to relatively small scale
transactions because paper money in large quantities is cumbersome to use and manipulate-
organized crime being the obvious exception. As long as the transactions fare small in
monetary value, they are tolerated by the government as an unfortunate but largely
insignificant by product of the modern commercial .state. As transactions get larger the
government becomes more suspicious and enlists the aid of the banks, through the various
currency reporting laws, in reporting large disbursements of cash so that additional oversight
can be ordered.
E-cash on taxation
NOTES
Transaction based taxes (e.g., sales taxes) account for a significant portion of state
and local government revenue. But if e-cash really is made to function the way that paper
money does, payments we would never think of making in cash-to buy a new car, say, or
as the down payment on a house-could be made in this new form of currency because
there would be no problem of bulk and no risk of robbery. The threat to the government’s
revenue flow is a very real one, and officials in government are starting to take cognizance
of this development and to prepare their responses.
However, as the politics and business play out, the technology is forcing legal, as
issues to be reconsidered. The question e-cash poses is not, “Should the law take notice
of this development?” but rather, “How can it not?” By impacting revenue-raising capabilities,
e-cash cannot escape government scrutiny and regulation; but it is going to take some
serious thinking to design a regulatory scheme that balances personal privacy, speed of
execution, and ease of use. Without a functioning system, what the government will do
remains a mystery. Moreover, it is not even clear yet that the market as a whole will adopt
an anonymous e-cash standard. For now, we are mainly watching and trying to educate
ourselves about the likely path of the transition to electronic cash.
1. Cash or real-time. Transactions are settled with the exchange of electronic currency.
An example of on-line currency exchange is electronic cash (e-cash).
2. Debit or prepaid. Users pay in advance for the privilege of getting information.
Examples of prepaid payment mechanisms are stored in smart cards and electronic
purses that store electronic money.
3. Credit or post-paid. The server authenticates the customers and verifies with the
bank that funds are adequate before purchase. Examples of post-paid mechanisms
are credit/ debit cards and electronic checks.
The following sections examine these methods of on-line payment. But we must
first understand the different viewpoints that these payment instruments bring to electronic
commerce.
Here are four dimensions that are useful for analyzing the different initiatives.
1. The nature of the transaction for which the instrument is designed, Some-
tokens are-specifically designed to handle micro payments, that is, payments for
small snippets of information. Others are designed for more traditional products.
Some systems target specific niche transactions; others seek more general
transactions. The key is-to identify the parties involved, the average amounts, and
the purchase interaction.
2. The means of settlement used. Tokens must be backed by cash, credit, electronic
bill payments (prearranged and spontaneous), cashier’s checks, letters and lines of
credit, and wire transfers, to name a few. Each option incurs trade-offs among
transaction speed, risk, and cost. Most transaction settlement methods use Credit
cards, while others use other proxies for value, effectively creating currencies of
dubious liquidity and with interesting tax, risk, and float implications.
4. The question of risk. Who assumes what kind of risk at what time? The tokens
might suddenly become worthless and the customers might have the currency that
nobody will accept. If the system stores value in a smart card, consumers may be
exposed to risk as they hold static assets. Also electronic tokens might be subject to
discounting or arbitrage. Risk also arises if the transaction has long lag times between
product delivery and payments to merchants. This exposes merchants to the risk
that buyers don’t pay-or vice versa that the vendor doesn’t deliver.
Several other electronic payment systems are currently being prototyped and tested.
These include debit cards, electronic benefit transfer cards, and smart cards.
The fastest growing number of electronic transactions today is debit card point-
of-sale transactions. Such a transaction occurs when a customer uses a debit card to make
a purchase from a merchant (supermarket, gas station, convenience store, or some other
store that accepts such cards instead of using cash, check, or credit card).
The transaction works much like a credit card transaction. For example, a customer
gives an ATM card to the merchant for the purchase. The merchant swipes the card through
a transaction terminal, which reads the information; the customer enters his personal
identification number (PIN); and the terminal routes the transaction through the ATM network
back to the customer’s bank for authorization against the customer’s demand deposit
account. The funds, once approved, are transferred from the customer’s bank to the
merchant’s bank. These transactions occur within the banking system, and safety of payment
is assured. The third-party processors who provide services for merchants are also examined
by the federal regulators for system integrity. Both the consumer and the merchant maintain
bank accounts, and the funds are transmitted inter-bank within the payment system.
Authentication is provided by the use of the digital signature or PIN numbers, just as it is at
ATMs. Further, PINs are sent through the system in an encrypted form, and the PIN pads
and terminals are tamper-proof. Dedicated lines are also often used for transmission,
NOTES
particularly by larger merchants.
Debit cards are being used extensively for electronic benefits transfer (EBT).
Electronic benefits transfer uses debit cards for the electronic delivery of benefits to individuals
who otherwise may not have bank accounts. In an EBT system, recipients access their
benefits in the same way that consumers use debit cards to access their bank accounts
electronically: the card is inserted into or swiped through a card reader and the cardholder
must enter a PIN associated with that card. The benefit recipient can then access his or her
benefits to make a purchase or obtain cash. For example, food stamp purchases are
charged against the participant’s allotment, and other purchases or cash distributions are
charged against the participant’s cash assistance program allotment.
Benefits that can be delivered via EBT generally fall into three cate-gories: federally
funded, but state administered benefits (such as food stamps, Aid to Families with Dependent
Children programs); state-funded and state-administered benefits (such as general
assistance, heating assistance, refugee assistance, and supplemental or emergency
payments); and benefits that are both federally funded and federally administered (such as
Social Security and Veterans benefits). Through EBT, existing networks and technologies
can provide benefit recipients with online access to their funds at pas devices and ATMs.
In an EBT process, no paper changes hands, except for the receipt printed for the purchaser
by the pas device or the ATM. Recipients can access cash through any number of
establishments, including grocers, drugstores, and financial institutions, as well as ATMs.
Certain cash payments can also be facilitated by installing pas devices in housing authority
and utility company offices to accept rent and bill payments. Electronic benefits transfer
has several advantages over paper based, benefit distribution systems. First, EBT is less
costly. Currently, many recipients of federal and state benefits must pay significant fees
(three or more dollars) to cash their checks. EBT systems are designed to provide no-
cost or low-cost access methods. - Second, EBT is more convenient than paper methods.
EBT eliminates the need to carry food stamp coupons, stand in long lines to cash checks,
or accept the entire benefit amount at one time. EBT programs also provide recipients with
toll-free customer service lines and multilingual support to handle questions or problems.
EBT is safer than cash or coupons, which can be lost or stolen. In EBT, benefits are stored
electronically, and can be used only when needed and in the amounts required. Recipients
NOTES control all ac-cess to their benefits through their cards and PINs. They can also deactivate
lost or stolen cards immediately and request a replacement card by a toll free phone call.
Finally, EBT is convenient for the government. Its inherent audit and tracking
advantages enhance investigations into suspicious conduct by retailers. EBT improves benefit
program management by creating an audit trail and record of benefit usage, ensuring that
programs are working properly and effectively.
Summary
Secure Electronic Transaction (SET) protocol: SET protocol meets the four security
requirements for EC as SSL (Secure Socket Layer) does: authentication, encryption,
integrity, and non repudiation.
Security issues: Encryption is a technique for hiding data. Most computer encryption
systems belong in one of two categories; there are two types of encryption methods:
Secret-key encryption, Public-key encryption
Digital Signature: Digital signatures are used for sending authentication. This also means
that the originator cannot falsely deny having signed the data. In addition, a digital signature
enables the computer to notarize the message, ensuring the recipient that the message has
not been forged I transit.
Firewall: A firewall is simply a program or hardware device that filters the information
coming through the Internet connection into your private network or computer system
EFT: An electronic funds transfer (also known as EFT) is a system for transferring money
from one bank to another without using paper money. Its use has become widespread with
NOTES
the arrival of personal computers, cheap networks, improved cryptography and the Internet.
Credit card: A credit card is a system of payment named after the small plastic card
issued to users of the system. A credit card is different from a debit card in that it does not
remove money from the user’s account after every transaction.
Debit card: A debit card (also known as a gift card) is a plastic card which provides an
alternative payment method to cash when making purchases. Physically the card is an ISO
7810 card like a credit card; however, its functionality is more similar to writing a cheque
as the funds are withdrawn directly from either the cardholder’s bank account (often referred
to as a check card), or from the remaining balance on the card.
E-checks: Electronic checks are designed to accommodate the many individuals and
entities that might prefer to pay on credit or through some mechanism other than cash.
Electronic checks are modelled on paper checks, except that they are initiated electronically,
use digital signatures for signing and endorsing, and require the use of digital certificates to
authenticate the payer, the payer’s bank, and bank account.
Smart cards: Smart cards, also called stored value cards, use magnetic stripe technology
or integrated circuit chips to store customer-specific information, including electronic money.
The cards can be used to purchase goods or services, store information, control access to
accounts, and perform many other functions.
Smart cards are basically of two types: Relationship-based smart credit cards, Electronic
purses.
E-cash: Electronic or digital cash combines computerized convenience with security and
privacy that improve on paper cash. Digital cash attempts to replace paper cash as the
principal payment vehicle in online payments.
NOTES
UNIT V
The EC world, on the other hand, exposes us to issues, which were hitherto
unknown, since they are directly the outcome of creating documents electronically,
transmitting them over world wide computer communication networks. Trading partners
exchange documents electronically. They need to convince themselves that such documents
are authentic when received over networks, and that their authentication can be established
in case of dispute. Transactions may be electronic, but the key concept of admissibility of
NOTES evidence and evidential value of electronic documents, which are central to the law, remain
the same. There must be a way to prove that a message existed, that it was sent, was
received, was not changed between the sending and receiving, and that it could not be
read and interpreted by any third party intercepting or deliberately receiving it. The security
of an electronic message, legal requirement, thus gets directly linked to the technical methods
for security of computers and networks. From the legal angle, there is a further complication
because the electronic message is independent of the actual medium used for storage
transmission. The message can be stored on a floppy, a magnetic disk, or an optical disk.
Likewise, it may be transmitted over a Local Area Network, a Wide Area Network, a
private Value Added Network or the Internet. The physical medium could be coaxial
cable, radio link, optical fiber or a satellite communication channel.
In the EDI world of electronic documents, this kind of discipline has been created
through a set of rules that have developed in the form of interchange agreements within a
number of user groups, national organization, and regions. At the international level, the
UN has adopted the Model Interchange Agreement for the International Commercial Use
of Electronic Data Interchange, which applies to the interchange of data and not to the
underlying commercial contracts between the parties. It addresses the need for uniformity
of agreement so that there are no barriers to international trade on account of different
solutions for various problems being adopted by countries. The UN has recommended
that the member countries should take into account the terms and provisions of the Model
NOTES
Interchange Agreement when framing their own laws on EC. An interchange agreement
may be made between trading partners. It establishes the rules they will adopt for using
EDII ED transaction. It establishes the rules they will adopt for using EDI/EC transactions.
It details the individual roles and legal responsibilities of trading partners for transmitting,
receiving, and storing electronic messages. The signing of an interchange agreement signifies
that the parties intend to be bound by it, and that they desire to operate within a legal
framework. This can help reduce legal uncertainty in the electronic environment. Many of
the conventions and agreements relating to international trade do not anticipate the use of
EDIIEC. Many national laws, as noted above, also introduce uncertainty regarding the
legal validity of electronic document. There are still very few national and international
judgments ruling” on the validity of electronic documents, messages or signatures. It” is
precisely in this kind of a scenario where clear legal rules and principles are absent, that an
interchange agreement provides trading partners with readily available solutions the EDI/
EC relationship between them. It provides a strong legal framework for ensuring that
electronic documents will have a legal binding effect, subject to national laws and regulations.
The issues, which were addressed by the working party, which prepared this model
Interchange Agreement, are as follows:
The interchange agreement is flexible enough to meet the requirement of all business
NOTES sectors involved in international trade. Trading partners can feel confident that it addresses
the recognised legal issues arising from commercial use of EDI in international trade, and
provides a strong legal and practical framework for considering and recording the necessary
business decisions.
Internet commerce raises legal issues through the provision of the following services:
• Online marketing
• Online retailing ordering of products and services
• Financial services such as banking and trading in securities.
• Exchange of electronic messages and documents
• EDI, electronic filing, remote employee access, electronic transactions.
• Trade and commerce over the Internet give rise to several legal issues .
Original literary, dramatic, musical and artistic works; the typographical arrangement
of published editions of literary, dramatic or musical works; sound recordings; broadcasts;
cable programs These have been broadly classified into two groups as ‘author works’ and
‘media works’ by Hector L. Macqueen. The multimedia capability of websites enables all
types of work to be ‘published’ on the Internet in the sense that copies can be distributed
to users/customers. The problems, however, is that unlike a paper copy, this copy can be
readily duplicated and distributed further by the recipient. If the material is in the public
domain there are no difficulties. But the copyright law applies to the downloaded matter,
much the same way it applies to physical copies.
Many ISPs provide users access to shared websites, Usenet news, E-mail
distribution list etc. These facilities can because by their users to upload unlawful, defamatory,
copyright or trademarks infringing material. Unlawful material includes banned publications,
hate propaganda, pornography and obscene material, without ISP having chance to review
it. Liability for materials distributed in the Internet may be different for the Website operators,
and the ISPs. AN ISP could be held liable for the bulletin boards, and for aiding and
abetting the commission of an offence such as the distribution of photography. Similarly,
third-party liability for defamation,-web sites, etc: “Thus the concerns include libel and
defamation, liability for infringement of third-party rights, liability for hosting of unlawful
materials.
Legal issues are manifold. Whether it is EDI over VANs, or EC over the Internet
NOTES the primary concern of users is the existence, and enforceability of appropriate laws for
EC. In case of dispute, electronic document must be acceptable as legal evidence in courts
of law. While the problems of acceptance of and confidence in electronic transactions are
there, they are not insurmountable. There is sufficient awareness in, and synergy of action
among trade, legal and EC technology communities to make EC happen through appropriate
developments in their respective areas.
Defining the rights of people to express their ideas and the property rights of
copyright owners are just two of many ethical, social, and political issues raised by the
rapid evolution of e-commerce.
The ethical, social, and political issues raised in e-commerce, provide a framework
for organizing the issues, and make recommendations for managers who are given the
responsibility of operating e-commerce companies within commonly accepted standards
of appropriateness. Understanding Ethical, Social, And Political Issues in E-Commerce
Internet and its use in e-commerce have raised pervasive ethical, social and political issues
on a scale unprecedented for computer technology.
Many business firms and individuals are benefiting from the commercial development
of the Internet, but this development also exacts a price from individuals, organizations,
and societies. These costs and benefits must be carefully considered by those seeking to
make ethical and socially responsible decisions in this new environment.
The major ethical, social, and political issues that have developed around e-
commerce over the past seven to eight years can be loosely categorized into four major
NOTES
dimensions: information rights, property rights, governance, and public safety and
welfare as shown in Fig 5.2.1(a). Some of the ethical, social, and political issues raised in
each of these areas include the following:
To illustrate, imagine that at any given moment society and individuals are more or
less in an ethical equilibrium brought about by a delicate balancing of individuals, social
organizations, and political institutions. Individuals know what is expected of them, social
organizations such as business firms know their limits, capabilities, and roles and political
institutions provide a supportive framework of market regulation, banking and commercial
law that provides sanctions against violators. Now, imagine we drop into the middle of this
calm setting a powerful new technology such as the Internet and e-commerce.
“belong” as a legal matter to the owners of the copyright - musicians and record label
NOTES companies.
The introduction of the Internet and e-commerce impacts individuals, societies,
and political institutions. These impacts can be classified into four moral dimensions: property
rights, information rights, governance, and public safety and welfare Then business firms
discover that they can make a business out of aggregating these musical tracks - or creating
a mechanism for sharing musical tracks- even though they do not “own” them in the traditional
sense. The record companies, courts, and Congress were not prepared at first to cope
with the onslaught of online digital copying. Courts and legislative bodies will have to make
new laws and reach new judgments about who owns digital copies of copyrighted works
and under what conditions such works can be “shared.” It may take years to develop new
understandings, laws, and acceptable behavior in just this one area of social impact. In the
meantime, as an individual and a manager, you will have to decide what you and your firm
should do in legal “grey”- areas, where there is conflict between ethical principles, but no
c1ear-cutural guidelines. How can you make good decisions in this type of situation?
Before reviewing the four moral dimensions of e-commerce in greater depth, we
will briefly review some basic concepts of ethical reasoning that you can use as a guide to
ethical decision making, and provide general reasoning principles about social political
issues of the Internet that you will face in the future.
Fig 5.2.1(a)
Extending ethics from individuals to business firms and even entire societies can be
difficult, but it is not impossible. As long as there is a decision-making body or individual
(such as a Board of Directors or CEO in a business firm or a governmental body in a
society), their decisions can be judged against a variety of ethical principles. If you understand
some basic ethical principles, your ability to reason about larger social and political debates
will be improved. In western culture, there are ability and liability principles that all ethical
schools of thought share: responsibility, account- liability.
• Identify and describe clearly the facts. Find out who did what to whom,
and where, when, and how. In many instances, you will be surprised at the
errors in the initially reported facts, and often you will find that simply getting
the facts straight helps define the solution. It also helps to get the opposing
NOTES parties involved in an ethical dilemma to agree on the facts.
• Define the conflict or dilemma and identify the higher order value
involved. Ethical, social, and political issues always reference higher values.
Otherwise, there would be no debate. The parties to a dispute all claim to be
pursuing higher values (e.g., freedom, privacy, protection of property, and the
-enterprise system). For example, Double Click and its supporters argue that
their tracking of consumer movements on the Web increases market efficiency
and the wealth of the entire society. Opponents argue this claimed efficiency
comes at the expense of individual privacy, and Double Click should cease its
or offer Web users the option of not participating in such tracking.
• Identify the stakeholders. Every ethical, social, and political issue has
stakeholders: players in the game who have an interest in the outcome, who
have its vested in the situation, and usually who have vocal opinions. Find out
the identity of these groups and what they want. This will be useful later when
designing a solution.
• Identity the options that you can reasonably take. You may find that
none of the options satisfies all the interests involved, but that some options
do a better job than others. Sometimes, arriving at a “good” or ethical solution
may not, always be a balancing of consequences to stakeholders.
• Identify the potential consequences of your options. Some options may
be ethically correct, but disastrous from other points of view. Other options
may work in this one instance, but not in other similar instances. Always ask
yourself, “what if I choose this option consistently over time?” Once your
analysis is complete, you can refer to the following well established ethical
principle to help decide the matter.
The Internet and the Web provide an ideal environment for invading the personal
privacy of millions of users on a scale unprecedented in history. Perhaps no other recent
issue has raised as much widespread social and political concern as protecting the privacy
of over 160 million Web users in the United States alone.
The major ethical issues related to ecommerce and privacy includes the following:
Under what conditions should we invade the privacy of others?
What legitimates intruding into others lives through unobtrusive surveillance, market
research, or other means?
NOTES
The major social issues related to e-commerce and privacy concern the development
of “exception of privacy” or privacy norms, as well as public attitudes. In what areas of
should we as a society encourage people to think they are in “private territory” as opposed
to public view? The major political issues related to ecommerce and privacy concern the
development of statutes that govern the relations between record keepers and individuals.
Privacy is the moral right of individuals to be left alone, free from surveillance or
interference from other individuals or organizations, including the state. Privacy is a girder
supporting freedom: Without the privacy required to think, write, plan, and associate
independently and without fear, social and political freedom is weakened, and perhaps
destroyed. Information privacy is a subset of privacy. The right to information privacy
includes both the claim that certain information should not be collected at all by governments
or business firms, and the claim of individuals to control over personal of whatever
information that is collected about them. Individual control over personal information is at
the core of the privacy concept. Due process also plays an important role in defining
privacy. The best statement of due process in record keeping is given by the Fair Information
Practices doctrine developed in the early 1970s and extended to the online privacy debate
in the late 1990s (described below).
Legal Protections
In the United States, Canada, and Germany, rights to privacy are explicitly granted
in or can be derived from, founding documents such as constitutions, as well as in specific
statutes. In England and the United States, there is also protection of privacy in the common
law, a body of court decisions involving torts or personal injuries. For instance, in the
United States, four privacy-related torts have been defined in court decisions involving
claims of injury to individuals caused by other private parties intrusion on solitude, public
disclosure of private facts, publicity placing a person in a false light, and appropriation of a
person’s name or likeness (mostly concerning celebrities) for a commercial purpose. In the
United States, the claim to privacy against government intrusion is protected primarily by
the First Amendment guarantees of freedom of speech and association and the Fourth:
Fair Credit Reporting Act of 1970 Regulates the credit investigating and reporting
industry. Gives people the right to inspect credit
records if they have been denied credit and provides
procedures for correcting information
Family Educational Rights and Privacy Requires schools and colleges to give students and
their parents access to student records and to allow
Act of 1974
them to challenge and correct information limits
disclosure of such records to third parties
Right to Financial Privacy Act of 1978 Regulates the financial industry’s use of personal
financial records establishes procedures that federal
agencies mist follow to gain access to such records
Privacy Protection Act of 1980 Prohibits government agents from conducting
unannounced searches of press offices and files if no
one in the office is suspected of committing a crime.
Cable Communications Policy Act of Regulates the cable industry’s collection and
disclosure of information concerning subscribers
1984
Video Privacy Protection Act of 1988 Prevents disclosure of a person’s video rental records
without court order or consent
Next to privacy, the most controversial ethical, social, and political issue related to
e-commerce is the fate of intellectual property rights. For instance, if you personally create
an ecommerce site, it belongs entirely to you, and you have exclusive rights to use this
“property” in any lawful way you see fit. But the Internet potentially changes things. Once
intellectual works become digital, it becomes difficult to control access, use, distribution,
and copying. These are precisely the areas that intellectual property seeks to control.
Digital media differ from books, periodicals, and other media in terms of ease of
replication, transmission, and alteration; difficulty in classifying a software work as a program,
book, or even music; compactness - making theft easy; and difficulty in establishing
uniqueness. Before widespread use of the Internet, copies of software, books, magazine
articles, or films had to be stored on physical media, such as paper, computer disks, or
video tape, creating some hurdles to distribution. The Internet technically permits millions
of people to make perfect digital copies of various works - from music to plays, poems,
and journal articles - and then to distribute them nearly cost-free to hundreds of millions of
Web users.
The proliferation of innovation has occurred so rapidly that few entrepreneurs have
stopped to consider who owns the patent on a business technique or method their site is
using. The spirit of the Web has been so free-wheeling that many entrepreneurs ignored
trademark law and registered domain names that could easily be confused with another
company’s registered trademarks. In short, the Internet has demonstrated the potential for
destroying traditional conceptions and implementations of intellectual property law developed
over the last two centuries.
The major ethical issue related to e-commerce and intellectual property concerns
how we (both as individuals and as business professionals) should treat property that
belongs to others. From a social point of view, the main questions are: Is there continued
value in protecting intellectual property in the Internet age? In what ways is society better
NOTES off, or worse off, for having the concept of property apply to intangible ideas? From a
political perspective we need to ask how the Internet and ecommerce can be regulated or
governed to protect the institution of intellectual property while at the same time encouraging
the growth of e-commerce and the Internet.
The goal of intellectual property law is to balance two competing interests - the
public and the private. The public interest is served by the creation and distribution of
inventions, works of art, music, literature, and other forms of intellectual expression. The
private interest is served by rewarding people for creating these works through the creation
of a time-limited monopoly granting exclusive use to the creator. Maintaining this balance
of interests is always challenged by the invention of new technologies. In general, the
information technologies of the last century - from radio and television to CD-ROMs and
the Internet - have at first tended to weaken the protections afforded by intellectual property
law. . Owners of intellectual property have usually been successful in pressuring Congress
and the courts to strengthen the intellectual property laws to compensate for any
technological threat, and even to extend protection for longer periods of time and to entirely
new areas of expression. In the case of the Internet and ecommerce technologies, once
again, intellectual property rights are severely challenged.
In the United States, copyright law protects original forms of expression such as
writings (books, periodicals, and lecture notes), art, drawings, photographs, music, motion
pictures, performances, and computer programs from being copied by others for a minimum
of 50 years. Copyright does not protect ideas -just their expression in a tangible medium
such as paper, cassette tape, or handwritten notes.
Since the first federal Copyright Act of 1790, the congressional intent behind
copyright laws has been to encourage creativity and authorship by ensuring that creative
NOTES
people receive the financial and other benefits of their work. Most industrial nations have
their own copyright laws, and there are several international conventions and bilateral
agreements through which nations coordinate and enforce their laws. In the mid-1960s,
the Copyright Office began registering software programs, and in 1980, Congress passed
the Computer Software Copyright Act, which clearly provides protection for source and
object code and for copies of the original sold in commerce, and sets forth the rights of the
purchaser to use the software while the creator retains legal title. For instance, the HTML
code for a Web page - even though easily available to every browser - cannot be lawfully
copied and used for a commercial purpose, say, to create a new Web site that looks
identical. Copyright protection is clear-cut: It protects against copying of entire programs
or their parts. Damages and relief are readily obtained for infringement. The drawback to
copyright protection is that the underlying ideas behind a work are not protected, only
their expression in a work. A competitor can view the source code on your Web site to see
how various effects were created and then reuse those techniques to create a different
Web site without infringing on your copyright.
“Look and feel” copyright infringement lawsuits are precisely about the distinction
between an idea and its expression. For instance, in 1988, Apple Computer sued Microsoft
Corporation and Hewlett-Packard Inc. for infringing Apple’s copyright on the Macintosh
interface. Among other claims, Apple claimed that the defendants copied the expression of
overlapping windows. Apple failed to patent the idea of over-lapping windows when it
invented this method of presenting information on a computer screen in the late 1960s. The
defendants counter claimed that the idea of overlapping windows could only be expressed
in a single way and, therefore, was not protect able under the “merger” doctrine of copyright
law. When ideas and their expression merge (Le., if there is only one way to express an
idea), the expression can-not be copyrighted, although the method of producing the
expression might be patentable.
Copyrights, like all rights, are not absolute. There are situations where strict
copyright observance could be harmful to society, potentially inhibiting other rights such as
the right to freedom of expression and thought. As a result the doctrine of fair use has been
NOTES created. The doctrine of fair use permits teachers and writers. to use copyrighted materials
without permission under certain circumstances. The fair use doctrine draws upon the
First Amendment’s protection of freedom of speech (and writing). Journalists, writers, and
academics must be able to refer to, and cite from, copyrighted works in order to criticize
or even discuss copyrighted works. Professors are allowed to clip a contemporary article
just before class, copy it, and hand it out to students as an example of a topic under
discussion.
A patent grants the owner an exclusive monopoly to the ideas behind an invention
for 20 years. The congressional intent behind patent law was to ensure that inventors of
new machines, devices, or industrial methods would receive the full financial and other
rewards of their labor and yet still makes widespread use of the invention possible by
providing detailed diagrams for those wishing to use the idea under license from the patent’s
owner. Patents are obtained from the United States Patent and trademark Office (USPTO),
created in 1812. Obtaining a patent is much more difficult and time-consuming than obtaining
copyright protection (which is automatic with the creation of the work). Patents must be
formally applied for, and the granting of a patent is’ determined by ‘Patent Office examiners
who follow a set of rigorous rules. Ultimately, federal courts decide when patents are valid
and when infringement occurs.
Patents are very different from copyrights because patents protect the ideas
themselves and not merely the expression of ideas.
There are four types of inventions for which patents are granted under patent law:
machines, man-made products, compositions of matter, and processing methods.
The Supreme Court has determined that patents extend to “anything under the sun that is
made by man” as long as the other requirements of the Patent Act are met. There are three
things that cannot be patented: laws of nature, natural phenomena, and abstract ideas. For
instance, a mathematical algorithm cannot be patented unless it is realized in a tangible
machine or process that has a “useful” result (the mathematical algorithm exception).
In order to be granted a patent, the applicant must show that the invention is new,
original, novel, non obvious, and not evident in prior arts and practice. As with copyrights,
the granting of patents has moved far beyond the original intent of Congress’s first patent
statute that sought to protect industrial designs and machines. Patent protection has been
NOTES
extended to articles of manufacture (1842), plants (1930), surgical and medical procedures
(1950), and software (1981). The Patent Office did not accept applications for software
patents until a 1981 Supreme Court decision that held that computer programs could be a
part of a patentable process. Since that time, thousands of software patents have been
granted. Virtually any software program can be patented as long as it is novel and not
obvious.
Essentially, as technology and industrial arts progress, patents have been extended
to both encourage entrepreneurs to invent useful devices and promote widespread
dissemination of the new techniques through licensing and artful imitation of the published
patents (the creation of devices that provide the same functionality as the invention but use
different methods) (Winston, 1998). Patents encourage inventors to come up with unique
ways of achieving the same functionality as existing patents. For instance, Amazon’s patent
on one-click purchasing caused Barnesandnoble.com to invent a simplified two-click
method of purchasing.
The danger of patents is that they stifle competition by raising barriers to entry into
an industry. Patents force new entrants to pay licensing fees to incumbents, and thus slow
down the development of technical applications of new ideas by creating lengthy licensing
applications and delays.
E-commerce Patents
Much of the Internet’s infrastructure and software was developed under the
auspices of publicly funded scientific and military programs in the United States and Europe.
Unlike Samuel F. B. Morse, who patented the idea of Morse Code, and made the telegraph
useful, most of the inventions that make the Internet and e-commerce possible were not
patented by their inventors. The early Internet was characterized by a spirit of worldwide
community development and sharing of ideas without consideration of personal wealth.
This early Internet spirit changed in the mid-1990s with the commercial development of
the World Wide Web. Business firms began applying for “business methods” and software
patents.
‘Trademarks have been extended from single words to pictures, shapes, packaging,
and colors”. Some things may not be trademarked: common words that are merely
descriptive (“clock”), flags of states and nations, immoral or deceptive marks, or marks
belonging to others. Federal trademarks are obtained, first, by use in interstate commerce,
and second, by registration with the U.S. Patent and ‘Trademark Office (USPTO).
‘Trademarks are granted for a period of ten years, and can be renewed indefinitely.
Disputes over federal trademarks involve establishing infringement. The test for
infringement is twofold: market confusion and bad faith. Use of a trademark that creates
NOTES
confusion with existing trademarks, causes consumers to make market mistakes, or
misrepresents the origins of goods is an infringement.
In 1995, Congress passed the Federal ‘Trademark Dilution Act, which created a
federal cause of action for dilution of famous marks. This new legislation dispenses with
the test of market confusion (although that is still required to claim infringement), and extends
protection to owners of famous trademarks against dilution, which is defined as any behavior
that would weaken the connection between the trademark and the product. Dilution occurs
through blurring (weakening the connection between the trademark and the goods) and
tarnishment (using the trademark in a way that makes the underlying products appear
unsavoury or unwholesome).
Cyber law is a term used to describe the legal issues related to use of
communications technology, particularly “cyberspace”, i.e. the Internet. It is less a distinct
field of law in the way that property or contract are, as it is an intersection of many legal
fields, including intellectual property, privacy, freedom of expression, and jurisdiction. In
essence, cyber law is an attempt to apply laws designed for the physical world to human
activity on the Internet.
Issues of jurisdiction and sovereignty have quickly come to the fore in the era of
the Internet. The Internet does not tend to make geographical and jurisdictional boundaries
clear, but Internet users remain in physical jurisdictions and are subject to laws independent
of their presence on the Internet. As such, a single transaction may involve the laws of at
least three jurisdictions: 1) the laws of the state/nation in which the user resides, 2) the laws
of the state/nation that apply where the server hosting the transaction is located, and 3) the
laws of the state/nation which apply to the person or business with whom the transaction
NOTES takes place. So a user in one of the United States conducting a transaction with another
user in Britain through a server in Canada could theoretically be subject to the laws of all
three countries as they relate to the transaction at hand.
Another major problem of cyber law lies in whether to treat the Internet as if it
were physical space (and thus subject to a given jurisdiction’s laws) or to act as if the
Internet is a world unto itself (and therefore free of such restraints). Those who favor the
latter view often feel that government should leave the Internet community to self-regulate.
John Perry Barlow, for example, has addressed the governments of the world and stated,
“Where there are real conflicts, where there are wrongs, we will identify them and address
them by our means. We are forming our own Social Contract. This governance will arise
according to the conditions of our world, not yours. Our world is different” (Barlow, A
Declaration of the Independence of Cyberspace). A more balanced alternative is the
Declaration of Cyber secession: “Human beings possess a mind, which they are absolutely
free to inhabit with no legal constraints. Human civilization is developing its own (collective)
mind. All we want is to be free to inhabit it with no legal constraints. Since you make sure
we cannot harm you, you have no ethical right to intrude our lives. So stop intruding!”.
Other scholars argue for more of a compromise between the two notions, such as Lawrence
Lessig’s argument that “The problem for law is to work out how the norms of the two
communities are to apply given that the subject to whom they apply may be in both places
at once” (Lessig, Code 190).
Contracts are a key element of traditional business practice, and they are equally
important on the Internet. Offers and acceptances can occur when parties exchange e-
mail messages, engage in electronic data interchange (EDI) or fill out forms on web pages.
When enforcing contracts, courts tend to view offers and acceptances as actions
that occur within a particular context. If the actions are reasonable under the circumstances,
courts tend to interpret those actions as offers and acceptances. For example, courts have
held the various actions—including mailing a check, shipping goods, shaking hands, nodding
one’s head, taking an item off a shelf, or opening a wrapped package—are all, in some
circumstances, legally binding acceptances of offers.
An early decision in the 1800’s held that a telegraph transmission was writing.
Later courts have held that tape recordings of spoken words, computer files on disks and
faxes are writings. Thus the parties to an electronic commerce contract should find it relatively
easy to satisfy the writing requirement. Courts have been similarly generous in determining
what constitutes a signature. A signature is any symbol executed or adopted for the
purpose of authenticating writing. It is reasonable to assume that a symbol or code included
in an electronic file would constitute a signature. Firms concluding international electronic
commerce do not need to worry about the signed writing requirement in most cases. The
main treaty that governs international sales of goods, Article 11 of the United Nations
Convention on Contracts for the International Sales of Goods (CISG), requires neither a
writing nor a signature to create a legally binding acceptance.
Any contract for the sale of goods includes implied warranties. A seller implicitly
warrants that the goods it offers for sale are fit for the purposes for which they are normally
used. If the seller knows specific information about the buyer’s requirements, acceptance
of an offer from the buyer may result in an additional implied warranty of fitness, which
suggests that the goods are suitable for the specific uses of the buyer. Sellers could create
explicit warranties, often unintentionally, by making general statements in brochures or
other advertising materials about product performance or suitability for particular tasks.
Although states and local jurisdictions have wrestled with the issue of collecting
taxes from out-of-state mail order sellers and telephone solicitors for decades, the internet
allows almost any small business to sell to customers in different states and countries.
The concept of taxation involves jurisdiction. From the Boston Tea Party Rebellion
in which tea was taxed as it physically landed on American shores, to sophisticated concepts
in international taxation, a government’s authority to tax has always been based on territory
and jurisdiction. For instance, the U.S. government taxes its residents on their world-wide
income because they are connected with the U.S. through citizenship and residency. Also,
the U.S. taxes foreign individuals and businesses who are receiving income from U.S.
sources. But the U.S. cannot tax a foreign citizen who is not a U.S. resident on earnings
from a foreign source.
With the internet, a business can move to so-called tax haven jurisdictions and
conduct business outside the taxing jurisdiction of any country. Also, because of the speed
in which transactions occur and the absence of a traditional paper trail, especially with
intangible property transmitted by computer such as software, digital music or books and
services, it will be very difficult, if not impossible to apply traditional notions of jurisdiction
to tax these transactions.
While governments who rely on an income tax to fund themselves will have great
difficulty taxing Ecommerce, states and local jurisdictions that rely on sales and property
taxes to fund their operations are in steep trouble. As discussed below, the U.S. constitution
requires a sufficient physical connection with the state or local jurisdiction by a company to
burden the business with a tax obligation, and merely selling property, services or goods to
a customer who resides in a state is not sufficient nexus.
NOTES
Currently, under the Internet Taxation Freedom Act (“ITFA”), passed in 1988
there is a 3-year moratorium on federal and state taxation imposed on internet transactions.
The moratorium began on October 21, 1998 and remains in effect until October 21,
2001. ITFA’s purpose is to halt the rush by states to tax transactions occurring on the
internet until Congress has had the opportunity to study the issue and make
recommendations.
Congress realized that the internet needed time to grow as a viable medium for
commerce, without being subjected to taxing regimes imposed by the states. Congress
noted that the internet was inherently susceptible to multiply and discriminatory taxation in
ways that traditional commerce was not. Congress was concerned that because internet
Discriminatory Taxes
A discriminatory tax traditionally involved a tax that favored local commerce over
interstate commerce, but the definition under ITFA has been broadened to include the
coverage of the tax, its application or a differential tax rate. In other words, if an ecommerce
transaction is subject to a tax that is any different from a tax imposed on similar property,
goods or services through other means, then the tax is discriminatory.
Example: If the purchase of a book over the internet is subject to a tax that is
different from purchasing a book in a bookstore, the tax is discriminatory. The same
would be true if the taxing authority charged a higher rate of tax for ecommerce purchases
of books. However, it is permissible to charge a lower rate on an ecommerce transaction.
It other works, a taxing jurisdiction may discriminate in favor of ecommerce.
In addition, if a remote seller in one state, uses a computer in another state for
internet access or online services, there is no agency relationship between the remote seller
and the company providing the access or online services.
Example: A New Hampshire company, with no physical presence in California, hosts its
website with a California ISP, California cannot impose a sales tax on transactions because
NOTES
a California ISP was involved.
Multiple Taxes
Multiple taxes on the same transaction or service either in the same taxing jurisdiction
or tow or more taxing jurisdictions are prohibited. There is an exception if the tax is
imposed by a state and a local subdivision, such as California’s sales tax and San Francisco
County’s add-on sales tax for it Bay Area Rapid Transit. This could occur if a state taxed
internet access services as telecommunications services and then taxed located telephone
services as well. Unless a credit is given to eliminate any double-taxation, such a tax
would violate the prohibition against multiple taxation.
The Interstate Commerce Clause of the U.S. Constitution prevents the states and
their political subdivisions from imposing taxes that unduly burden interstate commerce.
The key issue is whether the company that is being taxed as sufficient connection (nexus)
with the taxing authority.
Example: A company that operates in Nevada and does not sell products in California or
to California residents cannot be taxed by California. Converse, both California and San
Francisco have the right to tax a company physically located in San Francisco, such as a
hotel, even though the guests might reside in another state.
The problem comes when a business is not physically located in California, but
sells to California residents. Under what circumstances may California levy a tax on sales
to California residents?
In Quill v North Dakota, 504 U.S. 298, 1992, the U.S. Supreme Court held that
a remote seller could be required to collect sales taxes only if the seller had the requisite
nexus with the buyer’s state. Quill corporation sold office furniture products through a
catalogue. Although it was not physically present in North Dakota and did not have a sales
agents in the state, the North Dakota Supreme Court held that by selling its product to
North Dakota customers, Quill established an economic presence in North Dakota which
created nexus for sales tax purposes.
The U.S. Supreme Court held otherwise and ruled that a state could impose a
requirement that a company collect and remit sales taxes, the company had to have substantial
connections (a physical presence) with the state. Under the commerce clause, a mail-
order company without a physical location, employees or sales agents in North Dakota
could not be compelled to collect sales tax on its sales to North Dakota customers.
1. Retail sales by venders to in-state consumers are subject to sales tax on the purchase,
but the vendor has the obligation of collect and remit the tax to the tax agency.
2. Out-of-state vendors making consumer sales are not required to collect and remit
sales taxes, unless the vendor has sufficient nexus under the commerce clause with
NOTES
the purchaser’s state to require collection.
3. If the out-of-state vendor cannot be required to collect the tax, then the consumer is
legally obligated to pay a self-assessed tax directly to the taxing agencies on the
purchase. This is usually referred to as a “use” tax, instead of a sales tax, since the
consumer is paying a tax for the use of the property. As a practical matter, this is
virtually impossible to enforce, hence the emphasis on requiring out-of-state vendors
to collect and remit the tax.
The absence of nexus in the mail order cases is profoundly greater in the Ecommerce
context. Not only do internet companies not have physical presence in the taxing jurisdiction,
often then can be located outside the jurisdiction of the U.S. altogether. Even if a transaction
can be theoretically taxed, in reality, Ecommerce transactions occur instantaneously and
without identity of the seller’s or buyer’s location. Because the sales tax is destination
based, unless a state or locality can pinpoint the physical location of the seller and buyer, it
is impossible to determine jurisdiction for sales tax purposes.
Example: California wants to apply a sales tax to the sale of software to its residents. In
order to California to levy the tax, it must determine that the purchase is a California
resident and that the seller has sufficient nexus with California to be required to collect and
remit the sales tax. Without ascertaining the location of the seller or buyer, California
cannot determine whether the purchaser was a California resident and whether the seller
had sufficient physical presence in California.
Note: If the goods or property purchased are tangible, such as an actual book, CD or a
shirt, then the traditional notions applicable to mail order taxation could be applied since it
could be ascertained where the goods were shipped and where they were delivered.
Will Ecommerce Really Erode the Tax Base for States and Localities?
Although state and local tax officials express grave concern that the Ecommerce
will decimate the ability for states and localities to levy taxes on these transactions, this
response might be overblown. Currently, states and localities cannot tax remote sellers
anyway, unless they have sufficient nexus with the state. This means that mail order and
telephone solicitation commerce by remote sellers is not subject to tax. Unless the Supreme
NOTES Court drastically alters its reading of the Constitutions’s commerce clause, or there is a
constitutional amendment allowing taxation of remote sellers, Ecommerce merely continues
the trend to avoid taxes by engaging in remote selling without a physical presence.
Most services and intangible products are not currently subject to sales taxes
anyway. In California, services, such as legal, accounting, and medical costs, are not
subject to sales taxes. Neither are food or medicine. Therefore, Ecommerce involving
intangible goods or services will not cause an erosion of the tax base.
Even if a remote seller is not subject to sales tax rules, a state’s citizen is supposed
to self-assess a use tax which is equal to the sales tax, but the states have been lax in
enforcing this requirement. The answer to Ecommerce taxation in particular and remote
selling in general, is to require a state or locality’s resident to self-assess the tax that should
have been collected by the remote seller. There is no prohibition against the use tax; the
problem lies in enforcement. Therefore, although Ecommerce prevents states from forcing
remote sellers from collecting and remitting sales tax, the ultimate tax liability is not affected
since in-state consumers have the legal tax liability to self-assess and pay the tax anyway.
To the extent Ecommerce is merely a substitute for other remote seller transactions,
Ecommerce does not affect the tax base since remote sales involving mail order or telephone
solicitation are exempt from sales tax under the commerce clause.
There is evidence that even if all Ecommerce was subject to sales taxes, the revenue
generated to the states and localities would represent about one-tenth of one percent of all
sales and use taxes collected. Also, sales and use taxes continue to grow, despite
Ecommerce.
Unfortunately, the current state and local tax systems, which number close to 7,500
throughout the U.S., are notoriously parochial minded when it comes to defending their
jurisdiction. In Texas alone, there are more than 1,300 separate sales tax jurisdictions.
These numbers could be significantly increased if states and local jurisdictions were allowed
to tax Ecommerce.
Encryption is a technique for hiding data. The encrypted data can be read only by
those users for whom it is intended. Nowadays various encryption techniques are available.
One of the available techniques commonly used for encryption is Public Key. In Public
Key encryption system, RSA Data Security of Redwood City offers the most popular and
commercially available algorithm.
In a Public Key encryption system each user has two keys-public key and private
key. The encryption and decryption algorithms are designed in a way so that only the
private key can decrypt data that is encrypted by the public key. And the public key can
decrypt data, encrypted by the private key. Therefore, one can broadcast the public key
to all users.
Secret-key cryptography
Public-key cryptography
DES operates on 64-bit blocks with a 56-bit secret key. Designed for hardware
implementation, it operation is relatively fast and works well for large bulk documents or
encryption. Instead of defining just one encryption algorithm, DES defines a whole family
of them. With a few exceptions, a different algorithm is generated for each secret key. This
means that everybody can be told about the algorithm and your message will still be secure.
You just need to tell others your secret key a number less than 256. The number 256 is
also large enough to make it difficult to break the code using a brute force attack (trying to
break the cipher by using all possible keys). DES has withstood the test of time. Despite
the fact that its algorithm is well known, it is impossible to break the cipher without using
tremendous amounts of computing power. A new technique for improving the security of
DES is triple encryption (Triple DES), that is, encrypting each message block using three
different keys in succession. Triple DES, thought to be equivalent to doubling the key size
of DES, to 112 bits, should prevent decryption by a third party capable of single-key
exhaustive search. Of course, using triple-encryption takes three times as long as single-
encryption DES. If you use DES three times on the same message with different secret
keys, it is virtually impossible to break it using existing algorithms.. Over the past few years
several new, faster symmetric algorithms have been developed, but DES remains the most
NOTES
frequently used.
1. Presentation
The look of a site conveys a sense of personality and influences the degree to
which visitors are prepared to trust the site owner. If an organisation already has a corporate
identity then the site should be consistent with this. On-screen design and copy styles
should reflect existing printed literature. A company’s colours may need re-working online,
to a new palette that is fast to download to the computer screen. Developing a brand to
work online is a new task. The internet is tactile - web pages should look, sound and move
in ways that reinforce the company’s existing image.
2. Navigation
If customers walk into a new high street shop they can usually find their way
around. There are conventions for laying out a shop and customers unconsciously understand
and follow them. Online conventions are still being developed.
3. Fulfilment
Goods have now been selected and your customer has made it to the checkout.
At this point most shopping carts are abandoned. Websites can keep customers’ trust by
taking them through a transparent transaction process. At all times customers should know
where they are in the checkout process and they should be able to find out what happens
later. It must be easy to see: How orders are to be processed The company’s returns
policy. Online and offline customer support services The company’s security policy for
personal information. If you have shops on the high street, give customers the option to
NOTES return goods there. And remember to train your staff to handle returned online orders.
Names that we know and trust are familiar and friendly. If we see them on a
website we trust the website more. Customers trust sites where they can see the familiar
logos of credit card brands, major software companies and web security organizations. If
your company is trusted by these organizations, don’t hide it. Should your company have
a familiar name, use it to build customer expectation of the site’s content, the quality of
products and the level of service support. Web customers will have higher service
expectations than offline customers. They may expect service delivered in real time, with
transparency and, above all, with consistency.
5. Technology
Younger visitors and technically aware customers may be more tolerant of higher
technical demands. Make sure that technology supports your sales process and does not
obscure it: Automatically recognise returning customers Help to complete forms correctly
Design forms to work with software programs that automatically add user details to the
form
Respond Fast
If the plan is to respond to customer wishes, then the most successful plan will be
the one that responds fastest. This means that every component of the plan should be built
with the intention of proving a principle. Ask yourself if your customers want this? If they
do, then a more robust version can be built. If they don’t, then you can redirect your time
NOTES
and resources and use the knowledge gained to good effect elsewhere.
In the online marketplace everything is a test until it’s proven by the customer.
Successful testing follows a simple rule:
Only test changes that can be measured directly. If a test includes more than one
change, it’s almost always impossible to measure the effect of each one. Test to learn from
the customer and to improve one step at a time.
What’s in it for customers, suppliers and distributors? Have you asked what they’d
like? The web’s very good at research. Are you offering them a new way to use an existing
service or a completely new service? Is it faster, cheaper, more convenient or just new and
online? What new information do they get? Decide what you can reliably offer each group
now and plan a phased introduction of more complex services. Complexity often arises
from integrating tried and tested stand-alone services.
If you prefer customers to use an online channel, find ways to: Inform them that it
is there (they may not know this) Tell them how to change over Incentivise the swap to
make it worthwhile Introduce the new service as a special privilege beta test programme
Very few organisations have all the resources in-house to start offering online
services. There are three sets of costs that should be calculated:
An online service will affect your staff and the work that they do. If your organisation
is typical, there will be a progressive transfer from processing tasks towards customer
service. Some may find this work more fulfilling; others will not enjoy the increased
interaction with customers. Unless a company’s online services are entirely online, staff
who is to fulfil new service roles will require assistance to develop new skills. They will
almost certainly require some training in how to make the most of the new technology for
the benefit of their customers.
Summary
NOTES
• Internet commerce raises legal issues through the provision of the following
services:
Online marketing
• There are three main types of intellectual property protection: Copyright, Patent
NOTES and Trademark law.
• Cyber law is a term used to describe the legal issues related to use of
communications technology, particularly “cyberspace”, i.e. the Internet. It is
less a distinct field of law in the way that property or contract are, as it is an
intersection of many legal fields, including intellectual property, privacy,
freedom of expression, and jurisdiction. In essence, cyber law is an attempt
to apply laws designed for the physical world to human activity on the Internet.