E-commerce Notes

E-commerce Notes

Electronic Commerce Providers
Consumer choices
Merchant choices
First Virtual Internet Payment System
Account setup and costs
Opening a first virtual account
Confirming Transactions
Encryption and Cryptography
Cyber Cash
The Cyber Cash Model
Customer protection
Client cash client application
Selling through cyber cash
INDEX
ONLINE COMMERCE ENVIRONMENTS
Server market orientation
Netscape Navigator
Microsoft Internet Explorer
transaction model
Digital currencies
Ecash implementation
Electronic Data Interchange
EDI versus the Internet
EDI over the Internet
Strategies, Techniques and Tools
Internet Techniques
Internet Tools

Alternative Systems of E-cash
Off-line ‘anonymous’
SMART CARDS
DIMENSIONS
DETAILS ABOUT SMART CARD
DETAILS ABOUT SMART CARD
SIGNAL DESCRIPTION
ELECTRONIC DATA INTERCHANGE
EDI STANDARDS
major sets of EDI standards
Advantages of using EDI over paper systems
Examples of Disadvantages of EDI

Electronic Commerce Providers

ELECTRONIC COMMERCE PROVIDERS

By looking at a relatively broad cross-section of the products now available and examining similarities and differences it becomes possible to better understand the context in which they are being developed and offered to the public.

Online commerce options

Consumers should not have to make any choices or any special arrangements to order products electronically. Merchants have a much greater responsibility to implement a specific product or set of products ranging from use of secure web servers to getting set up to accept payment through different payment mechanisms.

Consumer choices

Consumer choices

Consumers can opt to do nothing beyond getting a web browser that supports the secure exchange of transaction information using either SSL or S-HTTP. It lets the consumer pay for goods and services by credit card, and it protects the transaction from being intercepted. However it doesn’t protect the consumer from dishonest merchants who could set up deals in www to hack credit card numbers.

Registering with third party organization that acts as a go between for merchants and consumers can provide an extra level of security for consumers. The third party can act on behalf of both the merchant and consumer taking the payment information from consumer and settling transactions for the merchant. This means the consumer doesn’t have to trust the merchant with payment information because the intermediary company never passes that on to the merchant. For consumers willing to set up special bank accounts electronic checking or digital cash products may be a good option. A consumer can encrypt payment settlement information and send it to the merchant who has to pass it along to consumer’s bank, where it is decrypted and payment is forwarded to merchant.

Merchant choices

Merchant choices

The Internet merchant must take great care in setting up electronic payments. The simplest option is to have someone else manage a secure web server and set up shop there. This is to set up store in electronic mall or paying an Internet service provider to manage our website for us. But there are many choices at this level. There are literally hundreds of electronic malls active on the Internet, on which a merchant can set up shop. On the other hand, large businesses may be willing to spend a lot to get a commercial processes and settles the payment information and can be integrated into a corporate fulfillment system environment that securely accepts orders,.

In addition to secure or commerce servers, which support credit card payment, the merchant can also elect to support less familiar payment methods. Choosing functions and features

· Reliability
· Security
· Simplicity
· Acceptability

Consumers have come to rely on their credit and charge card companies not just to extend credit, but to extend protection against unscrupulous vendors(providing recourse when improper charges are made), thieves(minimizing liability when a card is lost or stolen), and the vicissitudes of daily life (offering protection plans which replace lost or stolen goods).

The security issue is one that will never go away. Even if the strongest possible encryption is used to send payment information, there are still many security holes. A security chain is only as strong as its weakest link, and companies engaging in this business can be exposed through any number of non-Internet attacks:

o The disgruntled employee with access to payment information
o Storage of payment information with insufficient security
o Improper disposal of printed material

Electronic commerce schemes must be simple to achieve widespread appeal. Consumers prefer to use a single, multipurpose credit card such as Visa or MasterCard rather than set up credit accounts with every different retailer they purchase from.

Electronic commerce schemes should offer widespread acceptability. A scheme that is accepted only by a few merchants will not be attractive to consumers who don’t do business with those merchants; a scheme that few consumers have chosen will be one that few merchants seek out.

First Virtual Internet Payment System

FIRST VIRTUAL INTERNET PAYMENT SYSTEM

First virtual has created a payment system, the Internet Payment System, to be used exclusively for the sale of information over the Internet, rather than for products or services. Using an automated telephone system to collect payment information about the participant, first virtual eschews cryptographic methods encryption or digital signatures preferring to rely instead on close monitoring of sales and purchases to reduce fraud.

Assumptions The first virtual Internet payment system is based on three fundamental assumptions. First, electronic information merchants can produce as many or few copies of any information product at no incremental cost per copy because once the information has been developed and offered for sale once, the cost of selling it again is virtually zero.

Second, information buyers like buyers of nay other product need some way to examine products before they buy.Finally, buying and selling should be simple and have as low an entry cost in time, money and effort as possible. These assumptions lead to certain conclusions, which produce a different view of the information marketplace than that taken by most other commerce providers:

1. Because there is no cost or negligible cost associated with sending out a copy of the information being sold, “returns” or “stolen goods” don’t in fact cost the merchant anything.

2. Information products are sold “on approval” with the customer required to explicitly reply either yes or no to a request for payment, but only after having received a copy of the information.

3. Information products can be sold through virtually any Internet application and do not require vendors or buyers to buy special software. More important, first virtual offers facilities to individuals to sell information online for very minimal cost.

The first virtual Internet payment system is more formally defined by Green Commerce Model and the simple Green Commerce Protocol (SGCP) is included.

Account setup and costs

Account setup and costs

There are two ways to setup as a seller on first virtual Internet payment system: Pioneer and Express. The Pioneer sellers’ program is designed for people who want to start selling their information over Internet without establishing themselves as traditional sellers requiring a credit check.

The pioneer application process is simple starting with online application. After application is received and processed, first virtual will e-mail a 12-digit application number and instructions to seller on how to send bank account information to first virtual via postal mail?

The Express seller program is for those sellers who already have a credit card merchant available to accept credit card payments. Each buyer and seller must have an e-mail connection to Internet, but transactions can be completed through first virtual World Wide Web site or through a remote terminal session with their system.

Opening a first virtual account

Opening a first virtual account

Becoming a buyer of information requires nothing more than an electronic mail link to the Internet and a credit card.

Initiating a first virtual account is a two step process for consumers and a three step process for sellers of information. Connecting to first virtual account the applicant first fills out the form on web page displayed.

The ID phrase is selected by the applicant. First virtual modifiers this phrase up to 24 letters or numbers slightly and uses it to create the first virtual account identifier.

First virtual transaction process- The first virtual information merchant offers a product online, making it available through a first virtual compatible server on the Internet, including product pricing and description.

_ A customer attempts to download the offered information from server, at which point the server requests a first virtual account identifier.

_ The merchant has the option of verifying through first virtual that the account identifier is valid. The server sends a query to first virtual which responds by confirming that account ID is valid.

_ The offered information is sent to buyer directly from merchant server.

_ The merchant’s server sends an e-mail message to first virtual detailing transaction: the buyer and seller account ID, the item purchases the item price.

_ First virtual sends an e-mail to customer replies with “yes” the merchant’s account will be credited for that sale; if customer replies “no”, no further action is taken. If no response is received further attempts are made.

_ Third option “fraud” is available to customer and is used to indicate transaction. This will cancel account ID of customer.

Confirming Transactions

Confirming Transactions

Customers are notified by e-mail of any transaction made with their account ID. Part of the agreement between participants and first virtual mandates that the participant supply an e-mail address used frequently. This assures that customers can respond to first virtual with their purchase decisions in a timely fashion, and will be able to notify first virtual of unauthorized use of their account ID.

Infohaus

Selling online can be expensive proposition, maintaining an online presence through an Internet World Wide Web server has always required a significant investment of money and time. First virtual provides the Internet server, offering participants’ information to browsers and buyers on the Internet through world wide web, file transfer(ftp), or e-mail distribution.

Security considerations-Although users are urged to keep their account ID’s private, the ID is readily accessible to merchants and is transmitted in clear across Internet, making it accessible to eavesdroppers. The account ID is basic unit of identification between buyer and seller. So theoretically an unscrupulous merchant could attempt fraud using customer account IPs.

Encryption and Cryptography

Encryption and Cryptography

First virtual eschews encryption and digital signatures. Some of the reasons include the following:

· Encryption and digital signatures are considered cumbersome and difficult, and add extra steps to the process.

· Cryptographic methods such as encryption and digital signatures are complicated, and if not used correctly they can yield a false sense of security.


· Cryptographic methods are subject to patents and export controls, and may also require certification authorities to be used correctly, which increases their cost and limits their distribution,

· Keeping payment information offline reduces the need to encrypt and sign transactions.

Cyber Cash

CYBER CASH

Cyber cash has been described as Federal Express of Internet payment business, since it offers safe, efficient and inexpensive delivery of payments across Internet. Cyber cash makes available the software and services needed to exchange payments securely across the Internet with its Secure Internet Payment Service. Using a procedure that incorporates encryption and digital signatures, cyber cash gives consumers a “digital wallet”, and merchants a conduit to Internet payment processing through their own banks. Customers are able to authorize payments out of their digital wallets. The payments are signed and encrypted, then sent through the merchant bank to cyber cash, which in turn passes the transaction to the merchant’s bank for processing. The digital wallet initially supported only credit cards, but now supports digital cash transfers for small dollar amounts for products and services that are too expensive to justify using a credit card.

The Cyber Cash Model

The Cyber Cash Model

Cyber cash acts as a conduit for transactions among Internet, merchants, consumers and banking networks. Merchants wishing to use cyber cash to securely process credit card transactions must establish a merchant account with a bank offering cyber cash PAY button.

When the customer completes a purchase and begins a cyber cash transaction by clicking on the cyber cash PAY button of a merchant’s World Wide Web site, the merchant receives information about the customer’s order, as well as an encrypted message from the customer’s cyber cash client.

The payments are signed and encrypted then sent through merchant bank to cyber cash, which in turn passes the transaction to merchant’s bank for processing. The digital wallet initially supported only credit cards, but now for small dollar amounts for products and services that are too expensive to justify using a credit card. With cyber cash the wallet is used to manage your credit cards. In a sense cyber cash process electronically presents your credit card payments to the merchant in the process just like the last time we physically pulled the card out of our wallet and presented it to a merchant.


Cyber coin money is placed in to an account at cyber cash and as we make cyber coin transactions money is pulled out from your wallet and sent to the cyber coin merchant’s wallet.


With cyber coin we electronically wallet essentially holds digital money which can be added to your wallet using credit card used for other transactions or our checking which can be linked to our wallet. The cyber cash client software manages all of this for consumer including setting up an identity or cyber cash persona linking credit card to that persona and keeping track of cyber cash transactions through a transaction log. Cyber cash security considerations- Cyber cash uses a combination of RSA public key and DES secret key technologies to protect and guarantee data through encryption and digital signatures. It uses full 768-bit RSA as well as 56-bit DES encryption of messages. All transactions are authenticated with MD5 a message digest procedure and RSA digital signatures.

Customer protection

Customer protection

With use of digital signatures and encryption, cyber cash is able to keep transmissions secure for all practical purposes. It can be asserted that cyber cash is free from any danger of hackers intercepting or modifying transmissions between merchant and customer or between merchant and cyber cash. However, since the customer must provide his or her own password, attacks on individual accounts are possible, just as they are in any systems that use passwords for access. This exposure is limited to the systems on which the customer has installed the cyber cash client software- sensitive customer information is not stored on servers from which the customer has made purchases.

Client cash client application

Client cash client application

Before we use cyber cash you must install and configure cyber cash client application. This program is actually an Internet application capable of communicating with merchants and with cyber cash over TCP/IP connection to Internet. This is the piece of software that manages our “electronic wallet”, keeping track of our credit cards, electronic cash and tracking transactions. This is also the piece of software that applies all the cryptographic tools necessary to encrypt transaction information and transmit it securely.

_ Getting the software
_ Installing the software
_ Running software for first time

Selling through cyber cash

Selling through cyber cash

Cyber cash is supporting the VIP (value-added Integration Provider) program, which brings together prospective merchants with companies that have already developed sites to other cyber cash functionality and are offering related services to other merchants. Another option for merchants is to purchase an integrated package from one of the systems integrators working with cyber cash to include cyber cash functionality in a ready-to-use integrated server. Merchants setting up an accept cyber cash payments have to take care of 3 general tasks:

_ Open an account with bank offering cyber cash services

_ Modify server home pages to include cyber cash PAY button

_ Install the related cyber cash software on server

The merchant code functions in support of both shopping and administration. This code is invoked only when a customer makes a purchase decision. When the customer initiates the purchase payment process, the merchant code responds by sending an encrypted message to the customer’s system to begin. The process, as has been described earlier, moves information between the customer, the merchant and the cyber cash payment server.

The merchant software includes administrative functions, allowing merchants do the following:

1. check on an order data base to review orders
2. process supporting transactions such as voids, credits and authorizations
3. perform merchant-originated transactions, as when the merchant has received a telephone order

Cyber cash offers some real values to the consumer:

_ It keeps payment even from the merchant

_ It offers a convenient electronic wallet to store payment information so the information need not be re entered every time a purchase is made.

_ It maintains a transaction log to handle and document every transaction

Cyber cash is attractive to merchants

_ There is no extra charge for using cyber cash

_ It is a convenience for customer who may prefer not to have to reenter credit card numbers on the Internet

_ It offers merchants useful tools for tracking and transacting business on the Internet.

_ It is soon to be widely supported by banks and credit card companies.

INDEX

UNIT - V

ONLINE COMMERCE ENVIRONMENTS

Server market orientation

Netscape Navigator

Microsoft Internet Explorer

transaction model

Digital currencies

Ecash implementation

Electronic Data Interchange

EDI versus the Internet

EDI over the Internet

Strategies, Techniques and Tools

Internet Techniques

Internet Tools

ONLINE COMMERCE ENVIRONMENTS

Choosing payment methods

Merchants have traditionally allowed their customers to use a variety of payment methods: cash, credit card, personal check, traveler’s check. Limiting customers to one or two payment methods would likely cost a merchant some business.

Many online merchants offer at least a telephone number to call in an order and a fax number or postal address where customers can send a copy of an order form. Those willing to accept orders online may use one or more payment systems as well as a secure server.

The advantage of secure server is that it serves the casual Internet consumer who have a new world wide web browser and a credit card, but has never set up to use any electronic payment or digital money system.

Merchants also offer other payment methods-electronic payment systems or digital money systems generally operate simplest payment method, merchant can enter credit card information directly into a form maintained on a secure server, while still allowing more serious Internet consumer to do business wielding electronic wallet.

Server market orientation

Server market orientation

WWW server software comes in all shapes and sizes. Web browsers that support S-HTTP can be used with servers that support S-HTTP to produce secure channel.

NETSCAPE

Netscape has 3 commerce server strategies around 3 basic components:

1. Netscape client products

2. Netscape commerce platform

3. Netscape commercial applications.

Netscape client products include Netscape navigator client products referred as browsers. To develop commercial web sites, Netscape offers Netscape commerce platform, a set of servers. The two basic applications systems include Netscape publishing system and Netscape merchant system.

Netscape produced SSL, a method of obtaining a secure channel between client and server at a time when others were working on a different solution S-HTTP.

Netscape Navigator

Netscape Navigator

The most basic web browser must be able to handle three protocols:

· URL- This is to format defining syntax for pointing at Internet and www resources.
· HTTP- This is the protocol that defines interaction between web browser and server.
· HTML-This protocol defines the way web documents are expected to be displayed.

Netscape Commerce Server

Netscape Commerce Server is a piece of software that when executed on appropriate platform running Unix or windows NT permits publication of www data to Internet or other TCP/IP based inter networks. This server supports publication of network resources created with HTML using HTTP to respond to requests for resources over Internet.

The Netscape commerce service was first HTTP server implementation that supported use of SSL. Netscape is much faster processing of resource requests from browser. Once a request has been received the server software creates a separate process on computer acting as server to handle request. Netscape’s use of its own browser to perform administrative functions helps to make managing a World Wide Web server more manageable.

Microsoft Internet Explorer

Microsoft Internet Explorer

The Microsoft Internet Explorer is an Internet browser that meets the same requirements for supporting URL, HTTP and HTML protocols.

Microsoft Internet servers- Microsoft outlines their Internet commerce strategy on web.

Open market

With the de facto standards for Internet browser being established by Netscape and Microsoft, a great deal of attention is being focused on creation of very robust Internet servers.

Open market has 3 products:

OM-transact
OM-access
OM-secure link.

transaction model

Open market transaction model

1. Request price and purchase information (consumer – content server)

2. Send price and purchase information (content server – consumer)

3. Begin transaction with the specified transaction server ( consumer-transaction server)

4. Send consumer transaction information to authorization entity and request authorization ( transaction server-financial processing network)

5. Respond with authorization [denied or allowed] (financial processing network-transaction server)

6. Send sales confirmation on confirmed transaction(transaction server-consumer)

7. Request product with confirmation from transaction server(content consumer-server)

8. Deliver product to consumer(content server-consumer)

Digital currencies

Digital currencies

Digital currencies are differentiated from electronic payment systems in two very important ways:

1. Digital currencies can be used to maintain the anonymity of the customer in an online transaction, whereas users of online payment systems are usually identifiable, at least to the service they subscribe to.

2. Digital currencies themselves can support an actual transfer of value by themselves, without linking to some third-party credit provider or financial institution for authorization to complete the transaction.

Using ecash

To get a copy of ecash software, participants filled out a request form with their name, e-mail address, and information about their systems and their intended use for each client and waited for digicash to reply with user-name and password.

The first step when first running ecash is to accept the digicash license agreement followed by entering personal information.
Using ecash once the software is set up Clients click on icons to interact with ecash.

There are 3 options:

· withdraw from ecash bank account
· deposit to ecash bank account
· withdraw from credit card

Ecash implementation

Ecash implementation

According to digicash’s World Wide Web documents, the company wishes to license the banking software to organizations interested in running electronic banks.

Smart Cards

It has a tiny microprocessor or computer chip on face of the card.

A smart card, chip card, or integrated circuit(s) card (ICC), is defined as any pocket-sized card with embedded integrated circuits which can process information. This implies that it can receive input which is processed - by way of the ICC applications - and delivered as an output. There are two broad categories of ICCs. Memory cards contain only non-volatile memory storage components, and perhaps some specific security logic. Microprocessor cards contain volatile memory and microprocessor components.

Electronic Data Interchange

ELECTRONIC DATA INTERCHANGE

It is a method for exchanging business documents between companies. EDI is generally described as transfer of business documents between computers.

EDI Basics

From a high level, the first requirement for using EDI is for a company to sign a trading agreement with the companies they wish to exchange EDI documents with. The second step is to subscribe to a value-added network (VAN) who, acting as an electronic mailbox, manages the flow of your EDI documents. We need a translator or software to interpret the message and integrate into our existing software.

EDI versus the Internet

EDI versus the Internet

EDI has a lot in common with the Internet. EDI relies on standards to make sure that information can be passed between trading partners regardless of computer and software that is used by each trading partner. Like the Internet, the EDI industry also has a non-profit organization, the ANSI Accredited Standards committee, who manages the development and publishing of EDI standards.

The biggest difference between the Internet and EDI is that EDI is more of an application than it is a network. The VANs are the network, although they are traditionally closed systems and are not directly connected to the Internet. EDI costs can range from free to several thousands of dollars per month depending on our needs, volume of transactions and our position in the trading relationship. Most EDI vendors charge an annual maintenance, mailbox fee and transmission/transaction fee.

EDI over the Internet

EDI over the Internet

An absolute requirement of any EDI transaction is absolute security and guaranteed delivery of the EDI message, the Internet was not initially used as a part of the EDI process. However, with the continued development of Internet security protocols and systems capable of confirming e-mail messages, the Internet and EDI will continue to overlap.

This overlap is being fueled by a constant flow of new Internet-based EDI solutions. It is hard to predict what portion of EDI business will migrate over to the Internet, but it will continue to grow.

Strategies, Techniques and Tools

Strategies, Techniques and Tools

Internet Strategies

The Internet is a network of networks, and by its nature is the result of a cooperative effort of all participants. This statement can be applied to at least two different levels of meaning:

· At a very basic technical level, any inter network depends on every connected network cooperating with every other network.

· At a content level, from the start there has been a feeling that people who use the Internet, particularly for gathering information, should also give back something by sharing information when they have something of interest to others.

Internet Techniques

Internet Techniques

Shopping Techniques

· buying commodities online
· buying specialty items online

Online shopping seems to be breaking down into two categories:

commodities and specialty items.

Commodities were mostly raw materials which were available with minimal differentiation from any number of different sources. Specialty items include anything that cannot be bought elsewhere.

Specialties could simply be a piece of information or software not sold anywhere else, or practically anything else sold only in one place.

Online selling techniques

· Make your store easy to reach
· Make your site easy to use
· Make your products easy to buy

Internet Tools

Internet Tools

A good World Wide Web browser, electronic mail client, file transfer software and the underlying networking software necessary to make it all run are requirements to get at the information available online. With these tools, we will be able to locate information about practically any other Internet tool or technique, including HTML tagging and translation software, secure transaction software, consulting services, world wide web server and browser tools and packages, industry organizations, consultants and vendors of services.

Choosing a Browser

If we can choose only one Internet application, a World Wide Web browser is probably the most logical choice. It is easiest Internet interface to use; it can support other Internet applications, including Telnet, FTP, Gopher and e-mail; it is widely implemented on different platforms. Browser market is dominated by Microsoft Internet Explorer and Netscape Navigator.

Other Internet client software

Electronic mail has been an essential application for decades. An electronic mail client should be able to save messages sent and received, should allow file attachments, preferably using the MIME standard, and should be almost completely intuitive to use. Organizations may prefer to continue using their existing e-mail client by implementing an Internet gateway to their existing e-mail server. Individuals may wish to purchase a package like Eudora or others. FTP or File Transfer Protocol, defines procedures for transfer of files between Internet hosts. This protocol is often invoked when transferring files from World Wide Web sites, but can also be used on its own. While FTP-only sites used to be fairly common, they are becoming less common as more sites move their published data to web sites, or at least to web interfaces. FTP may be implemented very much like a windows file manager program, including drag-and-drop file copying. Telnet, a remote terminal session application, is less frequently used. It is included with complete TCP/IP packages.