E-commerce Notes

E-commerce Notes

Electronic Commerce Providers
Consumer choices
Merchant choices
First Virtual Internet Payment System
Account setup and costs
Opening a first virtual account
Confirming Transactions
Encryption and Cryptography
Cyber Cash
The Cyber Cash Model
Customer protection
Client cash client application
Selling through cyber cash
INDEX
ONLINE COMMERCE ENVIRONMENTS
Server market orientation
Netscape Navigator
Microsoft Internet Explorer
transaction model
Digital currencies
Ecash implementation
Electronic Data Interchange
EDI versus the Internet
EDI over the Internet
Strategies, Techniques and Tools
Internet Techniques
Internet Tools

Alternative Systems of E-cash
Off-line ‘anonymous’
SMART CARDS
DIMENSIONS
DETAILS ABOUT SMART CARD
DETAILS ABOUT SMART CARD
SIGNAL DESCRIPTION
ELECTRONIC DATA INTERCHANGE
EDI STANDARDS
major sets of EDI standards
Advantages of using EDI over paper systems
Examples of Disadvantages of EDI

Electronic Commerce Providers

ELECTRONIC COMMERCE PROVIDERS

By looking at a relatively broad cross-section of the products now available and examining similarities and differences it becomes possible to better understand the context in which they are being developed and offered to the public.

Online commerce options

Consumers should not have to make any choices or any special arrangements to order products electronically. Merchants have a much greater responsibility to implement a specific product or set of products ranging from use of secure web servers to getting set up to accept payment through different payment mechanisms.

Consumer choices

Consumer choices

Consumers can opt to do nothing beyond getting a web browser that supports the secure exchange of transaction information using either SSL or S-HTTP. It lets the consumer pay for goods and services by credit card, and it protects the transaction from being intercepted. However it doesn’t protect the consumer from dishonest merchants who could set up deals in www to hack credit card numbers.

Registering with third party organization that acts as a go between for merchants and consumers can provide an extra level of security for consumers. The third party can act on behalf of both the merchant and consumer taking the payment information from consumer and settling transactions for the merchant. This means the consumer doesn’t have to trust the merchant with payment information because the intermediary company never passes that on to the merchant. For consumers willing to set up special bank accounts electronic checking or digital cash products may be a good option. A consumer can encrypt payment settlement information and send it to the merchant who has to pass it along to consumer’s bank, where it is decrypted and payment is forwarded to merchant.

Merchant choices

Merchant choices

The Internet merchant must take great care in setting up electronic payments. The simplest option is to have someone else manage a secure web server and set up shop there. This is to set up store in electronic mall or paying an Internet service provider to manage our website for us. But there are many choices at this level. There are literally hundreds of electronic malls active on the Internet, on which a merchant can set up shop. On the other hand, large businesses may be willing to spend a lot to get a commercial processes and settles the payment information and can be integrated into a corporate fulfillment system environment that securely accepts orders,.

In addition to secure or commerce servers, which support credit card payment, the merchant can also elect to support less familiar payment methods. Choosing functions and features

· Reliability
· Security
· Simplicity
· Acceptability

Consumers have come to rely on their credit and charge card companies not just to extend credit, but to extend protection against unscrupulous vendors(providing recourse when improper charges are made), thieves(minimizing liability when a card is lost or stolen), and the vicissitudes of daily life (offering protection plans which replace lost or stolen goods).

The security issue is one that will never go away. Even if the strongest possible encryption is used to send payment information, there are still many security holes. A security chain is only as strong as its weakest link, and companies engaging in this business can be exposed through any number of non-Internet attacks:

o The disgruntled employee with access to payment information
o Storage of payment information with insufficient security
o Improper disposal of printed material

Electronic commerce schemes must be simple to achieve widespread appeal. Consumers prefer to use a single, multipurpose credit card such as Visa or MasterCard rather than set up credit accounts with every different retailer they purchase from.

Electronic commerce schemes should offer widespread acceptability. A scheme that is accepted only by a few merchants will not be attractive to consumers who don’t do business with those merchants; a scheme that few consumers have chosen will be one that few merchants seek out.

First Virtual Internet Payment System

FIRST VIRTUAL INTERNET PAYMENT SYSTEM

First virtual has created a payment system, the Internet Payment System, to be used exclusively for the sale of information over the Internet, rather than for products or services. Using an automated telephone system to collect payment information about the participant, first virtual eschews cryptographic methods encryption or digital signatures preferring to rely instead on close monitoring of sales and purchases to reduce fraud.

Assumptions The first virtual Internet payment system is based on three fundamental assumptions. First, electronic information merchants can produce as many or few copies of any information product at no incremental cost per copy because once the information has been developed and offered for sale once, the cost of selling it again is virtually zero.

Second, information buyers like buyers of nay other product need some way to examine products before they buy.Finally, buying and selling should be simple and have as low an entry cost in time, money and effort as possible. These assumptions lead to certain conclusions, which produce a different view of the information marketplace than that taken by most other commerce providers:

1. Because there is no cost or negligible cost associated with sending out a copy of the information being sold, “returns” or “stolen goods” don’t in fact cost the merchant anything.

2. Information products are sold “on approval” with the customer required to explicitly reply either yes or no to a request for payment, but only after having received a copy of the information.

3. Information products can be sold through virtually any Internet application and do not require vendors or buyers to buy special software. More important, first virtual offers facilities to individuals to sell information online for very minimal cost.

The first virtual Internet payment system is more formally defined by Green Commerce Model and the simple Green Commerce Protocol (SGCP) is included.

Account setup and costs

Account setup and costs

There are two ways to setup as a seller on first virtual Internet payment system: Pioneer and Express. The Pioneer sellers’ program is designed for people who want to start selling their information over Internet without establishing themselves as traditional sellers requiring a credit check.

The pioneer application process is simple starting with online application. After application is received and processed, first virtual will e-mail a 12-digit application number and instructions to seller on how to send bank account information to first virtual via postal mail?

The Express seller program is for those sellers who already have a credit card merchant available to accept credit card payments. Each buyer and seller must have an e-mail connection to Internet, but transactions can be completed through first virtual World Wide Web site or through a remote terminal session with their system.

Opening a first virtual account

Opening a first virtual account

Becoming a buyer of information requires nothing more than an electronic mail link to the Internet and a credit card.

Initiating a first virtual account is a two step process for consumers and a three step process for sellers of information. Connecting to first virtual account the applicant first fills out the form on web page displayed.

The ID phrase is selected by the applicant. First virtual modifiers this phrase up to 24 letters or numbers slightly and uses it to create the first virtual account identifier.

First virtual transaction process- The first virtual information merchant offers a product online, making it available through a first virtual compatible server on the Internet, including product pricing and description.

_ A customer attempts to download the offered information from server, at which point the server requests a first virtual account identifier.

_ The merchant has the option of verifying through first virtual that the account identifier is valid. The server sends a query to first virtual which responds by confirming that account ID is valid.

_ The offered information is sent to buyer directly from merchant server.

_ The merchant’s server sends an e-mail message to first virtual detailing transaction: the buyer and seller account ID, the item purchases the item price.

_ First virtual sends an e-mail to customer replies with “yes” the merchant’s account will be credited for that sale; if customer replies “no”, no further action is taken. If no response is received further attempts are made.

_ Third option “fraud” is available to customer and is used to indicate transaction. This will cancel account ID of customer.

Confirming Transactions

Confirming Transactions

Customers are notified by e-mail of any transaction made with their account ID. Part of the agreement between participants and first virtual mandates that the participant supply an e-mail address used frequently. This assures that customers can respond to first virtual with their purchase decisions in a timely fashion, and will be able to notify first virtual of unauthorized use of their account ID.

Infohaus

Selling online can be expensive proposition, maintaining an online presence through an Internet World Wide Web server has always required a significant investment of money and time. First virtual provides the Internet server, offering participants’ information to browsers and buyers on the Internet through world wide web, file transfer(ftp), or e-mail distribution.

Security considerations-Although users are urged to keep their account ID’s private, the ID is readily accessible to merchants and is transmitted in clear across Internet, making it accessible to eavesdroppers. The account ID is basic unit of identification between buyer and seller. So theoretically an unscrupulous merchant could attempt fraud using customer account IPs.

Encryption and Cryptography

Encryption and Cryptography

First virtual eschews encryption and digital signatures. Some of the reasons include the following:

· Encryption and digital signatures are considered cumbersome and difficult, and add extra steps to the process.

· Cryptographic methods such as encryption and digital signatures are complicated, and if not used correctly they can yield a false sense of security.


· Cryptographic methods are subject to patents and export controls, and may also require certification authorities to be used correctly, which increases their cost and limits their distribution,

· Keeping payment information offline reduces the need to encrypt and sign transactions.

Cyber Cash

CYBER CASH

Cyber cash has been described as Federal Express of Internet payment business, since it offers safe, efficient and inexpensive delivery of payments across Internet. Cyber cash makes available the software and services needed to exchange payments securely across the Internet with its Secure Internet Payment Service. Using a procedure that incorporates encryption and digital signatures, cyber cash gives consumers a “digital wallet”, and merchants a conduit to Internet payment processing through their own banks. Customers are able to authorize payments out of their digital wallets. The payments are signed and encrypted, then sent through the merchant bank to cyber cash, which in turn passes the transaction to the merchant’s bank for processing. The digital wallet initially supported only credit cards, but now supports digital cash transfers for small dollar amounts for products and services that are too expensive to justify using a credit card.

The Cyber Cash Model

The Cyber Cash Model

Cyber cash acts as a conduit for transactions among Internet, merchants, consumers and banking networks. Merchants wishing to use cyber cash to securely process credit card transactions must establish a merchant account with a bank offering cyber cash PAY button.

When the customer completes a purchase and begins a cyber cash transaction by clicking on the cyber cash PAY button of a merchant’s World Wide Web site, the merchant receives information about the customer’s order, as well as an encrypted message from the customer’s cyber cash client.

The payments are signed and encrypted then sent through merchant bank to cyber cash, which in turn passes the transaction to merchant’s bank for processing. The digital wallet initially supported only credit cards, but now for small dollar amounts for products and services that are too expensive to justify using a credit card. With cyber cash the wallet is used to manage your credit cards. In a sense cyber cash process electronically presents your credit card payments to the merchant in the process just like the last time we physically pulled the card out of our wallet and presented it to a merchant.


Cyber coin money is placed in to an account at cyber cash and as we make cyber coin transactions money is pulled out from your wallet and sent to the cyber coin merchant’s wallet.


With cyber coin we electronically wallet essentially holds digital money which can be added to your wallet using credit card used for other transactions or our checking which can be linked to our wallet. The cyber cash client software manages all of this for consumer including setting up an identity or cyber cash persona linking credit card to that persona and keeping track of cyber cash transactions through a transaction log. Cyber cash security considerations- Cyber cash uses a combination of RSA public key and DES secret key technologies to protect and guarantee data through encryption and digital signatures. It uses full 768-bit RSA as well as 56-bit DES encryption of messages. All transactions are authenticated with MD5 a message digest procedure and RSA digital signatures.

Customer protection

Customer protection

With use of digital signatures and encryption, cyber cash is able to keep transmissions secure for all practical purposes. It can be asserted that cyber cash is free from any danger of hackers intercepting or modifying transmissions between merchant and customer or between merchant and cyber cash. However, since the customer must provide his or her own password, attacks on individual accounts are possible, just as they are in any systems that use passwords for access. This exposure is limited to the systems on which the customer has installed the cyber cash client software- sensitive customer information is not stored on servers from which the customer has made purchases.

Client cash client application

Client cash client application

Before we use cyber cash you must install and configure cyber cash client application. This program is actually an Internet application capable of communicating with merchants and with cyber cash over TCP/IP connection to Internet. This is the piece of software that manages our “electronic wallet”, keeping track of our credit cards, electronic cash and tracking transactions. This is also the piece of software that applies all the cryptographic tools necessary to encrypt transaction information and transmit it securely.

_ Getting the software
_ Installing the software
_ Running software for first time

Selling through cyber cash

Selling through cyber cash

Cyber cash is supporting the VIP (value-added Integration Provider) program, which brings together prospective merchants with companies that have already developed sites to other cyber cash functionality and are offering related services to other merchants. Another option for merchants is to purchase an integrated package from one of the systems integrators working with cyber cash to include cyber cash functionality in a ready-to-use integrated server. Merchants setting up an accept cyber cash payments have to take care of 3 general tasks:

_ Open an account with bank offering cyber cash services

_ Modify server home pages to include cyber cash PAY button

_ Install the related cyber cash software on server

The merchant code functions in support of both shopping and administration. This code is invoked only when a customer makes a purchase decision. When the customer initiates the purchase payment process, the merchant code responds by sending an encrypted message to the customer’s system to begin. The process, as has been described earlier, moves information between the customer, the merchant and the cyber cash payment server.

The merchant software includes administrative functions, allowing merchants do the following:

1. check on an order data base to review orders
2. process supporting transactions such as voids, credits and authorizations
3. perform merchant-originated transactions, as when the merchant has received a telephone order

Cyber cash offers some real values to the consumer:

_ It keeps payment even from the merchant

_ It offers a convenient electronic wallet to store payment information so the information need not be re entered every time a purchase is made.

_ It maintains a transaction log to handle and document every transaction

Cyber cash is attractive to merchants

_ There is no extra charge for using cyber cash

_ It is a convenience for customer who may prefer not to have to reenter credit card numbers on the Internet

_ It offers merchants useful tools for tracking and transacting business on the Internet.

_ It is soon to be widely supported by banks and credit card companies.

INDEX

UNIT - V

ONLINE COMMERCE ENVIRONMENTS

Server market orientation

Netscape Navigator

Microsoft Internet Explorer

transaction model

Digital currencies

Ecash implementation

Electronic Data Interchange

EDI versus the Internet

EDI over the Internet

Strategies, Techniques and Tools

Internet Techniques

Internet Tools

ONLINE COMMERCE ENVIRONMENTS

Choosing payment methods

Merchants have traditionally allowed their customers to use a variety of payment methods: cash, credit card, personal check, traveler’s check. Limiting customers to one or two payment methods would likely cost a merchant some business.

Many online merchants offer at least a telephone number to call in an order and a fax number or postal address where customers can send a copy of an order form. Those willing to accept orders online may use one or more payment systems as well as a secure server.

The advantage of secure server is that it serves the casual Internet consumer who have a new world wide web browser and a credit card, but has never set up to use any electronic payment or digital money system.

Merchants also offer other payment methods-electronic payment systems or digital money systems generally operate simplest payment method, merchant can enter credit card information directly into a form maintained on a secure server, while still allowing more serious Internet consumer to do business wielding electronic wallet.

Server market orientation

Server market orientation

WWW server software comes in all shapes and sizes. Web browsers that support S-HTTP can be used with servers that support S-HTTP to produce secure channel.

NETSCAPE

Netscape has 3 commerce server strategies around 3 basic components:

1. Netscape client products

2. Netscape commerce platform

3. Netscape commercial applications.

Netscape client products include Netscape navigator client products referred as browsers. To develop commercial web sites, Netscape offers Netscape commerce platform, a set of servers. The two basic applications systems include Netscape publishing system and Netscape merchant system.

Netscape produced SSL, a method of obtaining a secure channel between client and server at a time when others were working on a different solution S-HTTP.

Netscape Navigator

Netscape Navigator

The most basic web browser must be able to handle three protocols:

· URL- This is to format defining syntax for pointing at Internet and www resources.
· HTTP- This is the protocol that defines interaction between web browser and server.
· HTML-This protocol defines the way web documents are expected to be displayed.

Netscape Commerce Server

Netscape Commerce Server is a piece of software that when executed on appropriate platform running Unix or windows NT permits publication of www data to Internet or other TCP/IP based inter networks. This server supports publication of network resources created with HTML using HTTP to respond to requests for resources over Internet.

The Netscape commerce service was first HTTP server implementation that supported use of SSL. Netscape is much faster processing of resource requests from browser. Once a request has been received the server software creates a separate process on computer acting as server to handle request. Netscape’s use of its own browser to perform administrative functions helps to make managing a World Wide Web server more manageable.

Microsoft Internet Explorer

Microsoft Internet Explorer

The Microsoft Internet Explorer is an Internet browser that meets the same requirements for supporting URL, HTTP and HTML protocols.

Microsoft Internet servers- Microsoft outlines their Internet commerce strategy on web.

Open market

With the de facto standards for Internet browser being established by Netscape and Microsoft, a great deal of attention is being focused on creation of very robust Internet servers.

Open market has 3 products:

OM-transact
OM-access
OM-secure link.

transaction model

Open market transaction model

1. Request price and purchase information (consumer – content server)

2. Send price and purchase information (content server – consumer)

3. Begin transaction with the specified transaction server ( consumer-transaction server)

4. Send consumer transaction information to authorization entity and request authorization ( transaction server-financial processing network)

5. Respond with authorization [denied or allowed] (financial processing network-transaction server)

6. Send sales confirmation on confirmed transaction(transaction server-consumer)

7. Request product with confirmation from transaction server(content consumer-server)

8. Deliver product to consumer(content server-consumer)

Digital currencies

Digital currencies

Digital currencies are differentiated from electronic payment systems in two very important ways:

1. Digital currencies can be used to maintain the anonymity of the customer in an online transaction, whereas users of online payment systems are usually identifiable, at least to the service they subscribe to.

2. Digital currencies themselves can support an actual transfer of value by themselves, without linking to some third-party credit provider or financial institution for authorization to complete the transaction.

Using ecash

To get a copy of ecash software, participants filled out a request form with their name, e-mail address, and information about their systems and their intended use for each client and waited for digicash to reply with user-name and password.

The first step when first running ecash is to accept the digicash license agreement followed by entering personal information.
Using ecash once the software is set up Clients click on icons to interact with ecash.

There are 3 options:

· withdraw from ecash bank account
· deposit to ecash bank account
· withdraw from credit card

Ecash implementation

Ecash implementation

According to digicash’s World Wide Web documents, the company wishes to license the banking software to organizations interested in running electronic banks.

Smart Cards

It has a tiny microprocessor or computer chip on face of the card.

A smart card, chip card, or integrated circuit(s) card (ICC), is defined as any pocket-sized card with embedded integrated circuits which can process information. This implies that it can receive input which is processed - by way of the ICC applications - and delivered as an output. There are two broad categories of ICCs. Memory cards contain only non-volatile memory storage components, and perhaps some specific security logic. Microprocessor cards contain volatile memory and microprocessor components.

Electronic Data Interchange

ELECTRONIC DATA INTERCHANGE

It is a method for exchanging business documents between companies. EDI is generally described as transfer of business documents between computers.

EDI Basics

From a high level, the first requirement for using EDI is for a company to sign a trading agreement with the companies they wish to exchange EDI documents with. The second step is to subscribe to a value-added network (VAN) who, acting as an electronic mailbox, manages the flow of your EDI documents. We need a translator or software to interpret the message and integrate into our existing software.

EDI versus the Internet

EDI versus the Internet

EDI has a lot in common with the Internet. EDI relies on standards to make sure that information can be passed between trading partners regardless of computer and software that is used by each trading partner. Like the Internet, the EDI industry also has a non-profit organization, the ANSI Accredited Standards committee, who manages the development and publishing of EDI standards.

The biggest difference between the Internet and EDI is that EDI is more of an application than it is a network. The VANs are the network, although they are traditionally closed systems and are not directly connected to the Internet. EDI costs can range from free to several thousands of dollars per month depending on our needs, volume of transactions and our position in the trading relationship. Most EDI vendors charge an annual maintenance, mailbox fee and transmission/transaction fee.

EDI over the Internet

EDI over the Internet

An absolute requirement of any EDI transaction is absolute security and guaranteed delivery of the EDI message, the Internet was not initially used as a part of the EDI process. However, with the continued development of Internet security protocols and systems capable of confirming e-mail messages, the Internet and EDI will continue to overlap.

This overlap is being fueled by a constant flow of new Internet-based EDI solutions. It is hard to predict what portion of EDI business will migrate over to the Internet, but it will continue to grow.

Strategies, Techniques and Tools

Strategies, Techniques and Tools

Internet Strategies

The Internet is a network of networks, and by its nature is the result of a cooperative effort of all participants. This statement can be applied to at least two different levels of meaning:

· At a very basic technical level, any inter network depends on every connected network cooperating with every other network.

· At a content level, from the start there has been a feeling that people who use the Internet, particularly for gathering information, should also give back something by sharing information when they have something of interest to others.

Internet Techniques

Internet Techniques

Shopping Techniques

· buying commodities online
· buying specialty items online

Online shopping seems to be breaking down into two categories:

commodities and specialty items.

Commodities were mostly raw materials which were available with minimal differentiation from any number of different sources. Specialty items include anything that cannot be bought elsewhere.

Specialties could simply be a piece of information or software not sold anywhere else, or practically anything else sold only in one place.

Online selling techniques

· Make your store easy to reach
· Make your site easy to use
· Make your products easy to buy

Internet Tools

Internet Tools

A good World Wide Web browser, electronic mail client, file transfer software and the underlying networking software necessary to make it all run are requirements to get at the information available online. With these tools, we will be able to locate information about practically any other Internet tool or technique, including HTML tagging and translation software, secure transaction software, consulting services, world wide web server and browser tools and packages, industry organizations, consultants and vendors of services.

Choosing a Browser

If we can choose only one Internet application, a World Wide Web browser is probably the most logical choice. It is easiest Internet interface to use; it can support other Internet applications, including Telnet, FTP, Gopher and e-mail; it is widely implemented on different platforms. Browser market is dominated by Microsoft Internet Explorer and Netscape Navigator.

Other Internet client software

Electronic mail has been an essential application for decades. An electronic mail client should be able to save messages sent and received, should allow file attachments, preferably using the MIME standard, and should be almost completely intuitive to use. Organizations may prefer to continue using their existing e-mail client by implementing an Internet gateway to their existing e-mail server. Individuals may wish to purchase a package like Eudora or others. FTP or File Transfer Protocol, defines procedures for transfer of files between Internet hosts. This protocol is often invoked when transferring files from World Wide Web sites, but can also be used on its own. While FTP-only sites used to be fairly common, they are becoming less common as more sites move their published data to web sites, or at least to web interfaces. FTP may be implemented very much like a windows file manager program, including drag-and-drop file copying. Telnet, a remote terminal session application, is less frequently used. It is included with complete TCP/IP packages.

Alternative Systems of E-cash

Systems of E-cash

Technically electronic or digital money is a representation, or a system of debits and credits, used to exchange value, within another system, or itself as a stand alone system, online or offline. Also sometimes the term electronic money is used to refer to the provider itself.

A private currency may use gold to provide extra security, such as digital gold currency. Also, some private organizations, such as the US military use private currencies such as Eagle Cash.

Many systems will sell their electronic currency directly to the end user, such as Paypal and WebMoney, but other systems, such as Liberty Reserve, sell only through third party digital currency exchangers. In the case of Octopus Card in Hong Kong, deposits work similarly to banks’. After Octopus Card Limited receives money for deposit from users, the money is deposited into banks, which is similar to debit-card-issuing banks redepositing money at central banks.

Some community currencies, like some LETS systems, work with electronic transactions. Cyclos Software allows creation of electronic community currencies.

Ripple monetary system is a project to develop a distributed system of electronic money independent of local currency.

Off-line ‘anonymous’

Off-line ‘anonymous’ electronic money

In the use of off-line electronic money, the merchant does not need to interact with the bank before accepting a coin from the user. Instead he can collect multiple coins Spent by users and Deposit them later with the bank. In principle this could be done off-line, i.e. the merchant could go to the bank with his storage media to exchange e-cash for cash.

Nevertheless the merchant is guaranteed that the user’s e-coin will either be accepted by the bank, or the bank will be able to identify and punish the cheating user. In this way a user is prevented from spending the same coin twice (double-spending). Off-line e-cash schemes also need to protect against cheating merchants, i.e. merchants that want to deposit a coin twice (and then blame the user).

Using cryptography, anonymous ecash was introduced by David Chaum. He used blind signatures to achieve unlinkability between withdrawal and spend transactions. In ryptography, e-cash usually refers to anonymous e-cash. Depending on the properties of the payment transactions, one distinguishes between on-line and off-line e-cash. The first off-line e-cash system was proposed by Chaum and Naor. Like the first on-line scheme, it is based on RSA blind signatures.

SMART CARDS

SMART CARDS

A smart card, chip card, or integrated circuit card (ICC), is in any pocket-sized card with embedded integrated circuits which can process data. This implies that it can receive input which is processed — by way of the ICC applications — and delivered as an output.

There are two broad categories of ICCs. Memory cards contain only non-volatile memory storage components, and perhaps some specific security logic. Microprocessor cards contain volatile memory and microprocessor components. The card is made of plastic, generally PVC, but sometimes ABS. The card may embed a hologram to avoid counterfeiting. Using smartcards also is a form of strong security authentication for single sign-on within large companies and organizations.

DIMENSIONS

DIMENSIONS

A “smart card” is also characterized as follows

• Dimensions are normally credit card size. The ID-1 of ISO/IEC 7810 standard defines them as 85.60 × 53.98 mm. Another popular size is ID-000 which is 25 × 15 mm (commonly used in SIM cards). Both are 0.76 mm thick.

• Contains a security system with tamper-resistant properties (e.g. a secure cryptoprocessor, secure file system, human-readable features) and is capable of providing security services (e.g. confidentiality of information in the memory).

• Asset managed by way of a central administration system which interchanges information and configuration settings with the card through the security system. The latter includes card hotlisting, updates for application data.

• Card data is transferred to the central administration system through card reading devices, such as ticket readers, ATMs etc.

Benefits

Smart cards can be used for identification, authentication, and data storage.

Smart cards provide a means of effecting business transactions in a flexible, secure, standard way with minimal human intervention.

Smart card can provide strong authentication for single sign-on or enterprise single sign-on to computers, laptops, data with encryption, enterprise resource planning platforms such as SAP, etc.

DETAILS ABOUT SMART CARD

DETAILS ABOUT SMART CARD

The automated chip card was invented by German rocket scientist Helmut Gröttrup and his colleague Jürgen Dethloff in 1968; the patent was finally approved in 1982. The first mass use of the cards was for payment in French pay phones, starting in 1983 (Télécarte). Roland Moreno actually patented his first concept of the memory card in 1974.

In 1977, Michel Ugon from Honeywell Bull invented the first microprocessor smart card. In 1978, Bull patented the SPOM (Self Programmable One-chip Microcomputer) that defines the necessary architecture to auto-program the chip. Three years later, the very first “CP8” based on this patent was produced by Motorola. At that time, Bull had 1200 patents related to smart cards. In 2001, Bull sold its CP8 Division together with all its patents to Schlumberger. Subsequently, Schlumberger combined its smart card department and CP8 and created Axalto. In 2006, Axalto and Gemplus, at the time the world’s no.2 and no.1 smart card manufacturers, merged and became Gemalto.

A smart card, combining credit card and debit card properties. The 3 by 5 mm security chip embedded in the card is shown enlarged in the inset. The contact pads on the card enables electronic access to the chip.

The second use was with the integration of microchips into all French debit cards (Carte Bleue) completed in 1992. When paying in France with a Carte Bleue, one inserts the card into the merchant’s terminal, then types the PIN, before the transaction is accepted. Only very limited transactions (such as paying small autoroute tolls) are accepted without PIN.

Smart-card-based electronic purse systems (in which value is stored on the card chip, not in an externally recorded account, so that machines accepting the card need no network connectivity) were tried throughout Europe from the mid-1990s, most notably in Germany (Geldkarte), Austria (Quick), Belgium (Proton), France (Moneo), the Netherlands (Chipknip and Chipper), Switzerland (“Cash”), Norway (“Mondex”), Sweden (“Cash”), Finland (“Avant”), UK Mondex”), Denmark (“Danmønt”) and Portugal (“Porta-moedas Multibanco”).

The major boom in smart card use came in the 1990s, with the introduction of the smart-card-based SIM used in GSM mobile phone equipment in Europe. With the ubiquity of mobile phones in Europe, smart cards have become very common.

DETAILS ABOUT SMART CARD

DETAILS ABOUT SMART CARD

The international payment brands MasterCard, Visa, and Europay agreed in 1993 to work together to develop the specifications for the use of smart cards in payment cards used as either a debit or a credit card. The first version of the EMV system was released in 1994. In 1998 a stable release of the specifications was available. EMVco, the company responsible for the long-term maintenance of the system, upgraded the specification in 2000 and most recently in 2004. The goal of EMVco is to assure the various financial institutions and retailers that the specifications retain backward compatibility with the 1998 version.

With the exception of countries such as the United States of America there has been significant progress in the deployment of EMV-compliant point of sale equipment and the issuance of debit and or credit cards adhering the EMV specifications. Typically, a country’s national payment association, in coordination with MasterCard International, Visa International, American Express and JCB, develop detailed implementation plans assuring a coordinated effort by the various stakeholders involved.

The backers of EMV claim it is a paradigm shift in the way one looks at payment systems. In countries where banks do not currently offer a single card capable of supporting multiple account types, there may be merit to this statement. Though some banks in these countries are considering issuing one card that will serve as both a debit card and as a credit card, the business justification for this is still quite elusive. Within EMV a concept called Application Selection defines how the consumer selects which means of payment to employ for that purchase at the point of sale.

For the banks interested in introducing smart cards the only quantifiable benefit is the ability to forecast a significant reduction in fraud, in particular counterfeit, lost and stolen.

The current level of fraud a country is experiencing, coupled with whether that country’s laws assign the risk of fraud to the consumer or the bank, determines if there is a business case for the financial institutions. Some critics claim that the savings are far less than the cost of implementing EMV, and thus many believe that the USA payments industry will opt to wait out the current EMV life cycle in order to implement new, contactless technology.

Smart cards with contactless interfaces are becoming increasingly popular for payment and ticketing applications such as mass transit. Visa and MasterCard have agreed to an easy-to-implement version currently being deployed (2004-2006) in the USA. Across the globe, contactless fare collection systems are being implemented to drive efficiencies in public transit. The various standards emerging are local in focus and are not compatible, though the MIFARE Standard card from Philips has a considerable market share in the US and Europe.

Smart cards are also being introduced in personal identification and entitlement schemes at regional, national, and international levels. Citizen cards, drivers’ licenses, and patient card schemes are becoming more prevalent; For example in Malaysia, the compulsory national ID scheme MyKad includes 8 different applications and is rolled out for 18 million users. Contactless smart cards are being integrated into ICAO biometric passports to enhance security for international travel.

SIGNAL DESCRIPTION

SIGNAL DESCRIPTION

VCC : Power supply input

RST : Either used itself (reset signal supplied from the interface device) or in combination with an internal reset control circuit (optional use by the card). If internal reset is implemented,
the voltage supply on Vcc is mandatory.

CLK : Clocking or timing signal (optional use by the card).

GND : Ground (reference voltage).

VPP : Programming voltage input (deprecated / optional use by the card).

I/O : Input or Output for serial data to the integrated circuit inside the card.

NOTE - The use of the two remaining contacts will be defined in the appropriate application standards.

ELECTRONIC DATA INTERCHANGE

ELECTRONIC DATA INTERCHANGE

Electronic Data Interchange (EDI) refers to the structured transmission of data between organizations by electronic means. It is used to transfer electronic documents from one computer system to another (ie) from one trading partner to another trading partner. It is more than mere E-mail; for instance, organizations might replace bills of lading and even checks with appropriate EDI messages. It also refers specifically to a family of standards, including the X12 series. However, EDI also exhibits its pre-Internet roots, and the standards tend to focus on ASCII(American Standard Code for Information Interchange)-formatted single messages rather than the whole sequence of conditions and exchanges that make up an inter-organization siness process.

In 1992, a survey of Canadian businesses found at least 140 that had adopted some form of EDI, but that many (in the sample) “[had] not benefited from implementing EDI, and that they [had] in fact been disadvantaged by it.”

The National Institute of Standards and Technology in a 1996 publication defines Electronic Data Interchange as “the computer-to-computer interchange of strictly formatted messages that represent documents other than monetary instruments. EDI implies a sequence of messages between two parties, either of whom may serve as originator or recipient. The formatted data representing the documents may be transmitted from originator to recipient via elecommunications or physically transported on electronic storage media.”. It goes on further to say that “In EDI, the usual processing of received messages is by computer only.

Human intervention in the processing of a received message is typically intended only for error conditions, for quality review, and for special situations. For example, the transmission of binary or textual data is not EDI as defined here unless the data are treated as one or more data elements of an EDI message and are not normally intended for human interpretation as part of online data processing.”

EDI can be formally defined as ‘The transfer of structured data, by agreed message standards, from one computer system to another without human intervention’. Most other definitions used are variations on this theme. Even in this era of technologies such as XML web services, the Internet and the World Wide Web, EDI is still the data format used by the vast majority of electronic commerce transactions in the world.

EDI STANDARDS

EDI STANDARDS

Generally speaking, EDI is considered to be a technical representation of a business conversation between two entities, either internal or external. Note, there is a perception that EDI" constitutes the entire electronic data interchange paradigm, including the transmission, message flow, document format, and software used to interpret the documents. EDI is considered to describe the rigorously standardized format of electronic documents.

The EDI standards were designed to be independent of communication and software technologies. EDI can be transmitted using any methodology agreed to by the sender and recipient. This includes a variety of technologies, including modem (asynchronous, and bisynchronous), FTP, Email, HTTP, AS1, AS2, etc. It is important to differentiate between the EDI documents and the methods for transmitting them. When they compared the bisynchronous protocol 2400 bit/s modems, CLEO devices, and value-added networks used to transmit EDI documents to transmitting via the Internet, some people equated the non-Internet technologies with EDI and predicted erroneously that EDI itself would be replaced along with the non-Internet technologies. These non-internet transmission methods are being replaced by Internet Protocols such as FTP, telnet, and E-mail, but the EDI documents themselves still remain.

As more trading partners use the Internet for transmission, standards have emerged. In 2002, the IETF published RFC 3335, offering a standardized, secure method of transferring EDI data via e-mail. On July 12th, 2005, an IETF working group ratified RFC4130 for MIME-based HTTP EDIINT (aka. AS2) transfers, and is preparing similar documents for FTP transfers (aka. AS3). While some EDI transmission has moved to these newer protocols the providers of the value-added networks remain active.

EDI documents generally contain the same information that would normally be found in a paper document used for the same organizational function. For example an EDI 940 ship-from-warehouse order is used by a manufacturer to tell a warehouse to ship product to a retailer. It typically has a ship to address, bill to address, a list of product numbers and quantities. It may have other information if the parties agree to include it. However, EDI is not confined to just business data related to trade but encompasses all fields such as medicine (e.g., patient records and laboratory results), transport (e.g., container and modal information), engineering and construction, etc. In some cases, EDI will be used to create a new business information flow (that was not a paper flow before). This is the case in the Advanced Shipment Notification (856) whichwas designed to inform the receiver of a shipment, the goods to be received and how the goods are packaged.

major sets of EDI standards

Major sets of EDI standards

There are four major sets of EDI standards

1. The UN-recommended UN/EDIFACT is the only international standard and is predominant outside of North America.

2. The US standard ANSI ASC X12 (X12) is predominant in North America.

3. The TRADACOMS standard developed by the ANA (Article Numbering Association) is predominant in the UK retail industry.

4. The ODETTE standard used within the European automotive industry

All of these standards first appeared in the early to mid 1980s. The standards prescribe the formats, character sets, and data elements used in the exchange of business documents and forms. The complete X12 Document List includes all major business documents, including purchase orders (called "ORDERS" in UN/EDIFACT and an "850" in X12) and invoices (called "INVOIC" in UN/EDIFACT and an "810" in X12).

The EDI standard says which pieces of information are mandatory for a particular document, which pieces are optional and give the rules for the structure of the document. The standards are like building codes. Just as two kitchens can be built "to code" but look completely different, two EDI documents can follow the same standard and contain different sets of information. For example a food company may indicate a product’s expiration date while a clothing manufacturer would choose to send color and size information.

Advantages of using EDI over paper systems

Standards are generally updated each year

Advantages of using EDI over paper systems

EDI and other similar technologies save a company money by providing an alternative to, or replacing information flows that require a great deal of human interaction and materials such as paper documents, meetings, faxes, etc. Even when paper documents are maintained in parallel with EDI exchange, e.g. printed shipping manifests, electronic exchange and the use of data from that exchange reduces the handling costs of sorting, distributing, organizing, and searching paper documents. EDI and similar technologies allow a company to take advantage of the benefits of storing and manipulating data electronically without the cost of manual entry. Another advantage of EDI is reduced errors, such as shipping and billing errors, because EDI eliminates the need to rekey documents on the destination side. One very important advantage of EDI over paper documents is the speed in which the trading partner receives and incorporates the information into their system thus greatly reducing cycle times. For this reason, EDI can be an important component of just-in-time production systems.

According to the 2008 Aberdeen report "A Comparison of Suppler Enablement around the Word", only 34% of purchase orders are transmitted electronically in North America. In EMEA, 36% of orders are transmitted electronically and in APAC, 41% of orders are transmitted electronically. They also report that the average paper requisition to order costs a company $37.45 in North America, $42.90 in EMEA and $23.90 in APAC. With an EDI requisition to order costs are reduced to $23.83 in North America, $34.05 in EMEA and 14.78 in APAC.

Examples of Disadvantages of EDI

Examples of Disadvantages of EDI

United States Health Care Systems

The United States health care system consists of thousands of different companies and other entities. In 1996, the Health Insurance Portability and Accountability Act (HIPAA) was enacted. In short, it set down standard transaction sets for specific EDI transactions and mandated electronic support for every insurance company in the United States for these transactions. While the benefits of EDI are numerous and only increase with increased volume, the drawbacks, though not directly related to EDI itself, include managerial problems in the support, maintenance and implementation of EDI transactions.

1. Though an EDI standard exists for health care transactions, the standard allows for variation between implementation, which gives way to the existence of Companion Guides, detailing each company’s variation.

2. Each entity may have a different method of delivery, ranging from dial-up BBS systems; mailing hard media such as a CD-ROM or tape backup; or FTP. Some entities may elect not to support different methods of elivery depending on a trading partner’s expected volume.

3. Due to varying implementation on nearly all points of EDI including contact, egistration, submission and testing of transactions between different entities n US health care, the existence of EDI clearinghouses has sprung up. An DI clearinghouse is one entity agreeing to act as a middle-man between ultiple entities and their end-clients, such as between medical providers and insurance companies they accept coverage from. They may act as a value-added network and attempt to conform their different supported entities to one submission standard. One such example is Emdeon. An EDI clearinghouse will not cover all health care entities, though they may cover a large portion, and they may not cover all HIPAA-mandated transactions for all of their supported entities.

4. Because of the above points, one single computer application cannot handle all health care entities. Though this may not be necessary, it can lead to an obvious management headache as a company attempts to register itself with vario

us EDI partners

This all comes at a massive cost in time and management as a company may attempt to support a broad range of transactions with a broad range of entities. This example is an extension of the lack of strict standards across implementations, transactions and methods.