E Business

UNIT I
INTRODUCTION
Meaning of E-Commerce
The term "electronic commerce" has evolved from its meagre notion of electronic
shopping to mean all aspects of business and market processes enabled by the Int
ernet
and the World Wide Web technologies.
Electronic Commerce as Online Selling
Narrowly defined electronic commerce means doing business online or selling and
buying products and services through Web storefronts. Products being traded may
be
physical products such as used cars or services (e.g. arranging trips, online me
dical
consultation, and remote education). Increasingly, they include digital products
such as
news, audio and video database, software and all types of knowledge-based produc
ts. It
appears then electronic commerce is similar to catalogue shopping or home shoppi
ng on
cable TV.
Electronic Commerce as a Market
Electronic commerce is not limited to buying and selling products online. For ex
ample,
a neighbourhood store can open a Web store and find the world in its doorstep. B
ut,
along with customers, it will also find its suppliers, accountants, payment serv
ices,
government agencies and competitors online. This online or digital partner's dem
and
changes in the way doing business from production to consumption, and they will
affect
companies who might think they are not part of electronic commerce. Along with o
nline
selling, electronic commerce will lead to significant changes in the way product
s are
customised, distributed and exchanged and the way consumer's search and bargain
for
products and services and consume them.
In short, the electronic commerce revolution is in its effects on processes. Pro
cessoriented definition of electronic commerce offers a broader view of what electro
nic
commerce is. Within-business processes (e.g. manufacturing, inventory, corporate
financial management, operation), and business-to-business processes (e.g. suppl
ychain management, bidding) are affected by the same technology and network. Even
government functions, education, social and political processes undergo changes.
Internet and other computer network technologies
Computers and networks are nothing new. They have existed and business applicati
ons
such as LAN and EDI are well established long before the World Wide Web took ove
r.
Then, why is there the sudden talk of the Digital Age and the advance of electro
nic
commerce? Two things make the Internet quite different from any other existing
communications media. Unlike broadcasting media, the Internet (1) allows two-way
communications and (2) is built around open standards. A two-way communication
means targeting audience and the possibility of feedback. Broadcasting sends out
messages to "no one in particular" and without knowing quite who has got the mes
sage.
(What do Nielson and a horde of market research firms do for their living?) An o
pen
standard (e.g. TCP/IP) means interoperability and the advantage of a large marke
t and
the possibility of integrating one product or process with another.
Both of these characteristics are being challenged. (1) To the WebTV generation,
the
digital future looks like another version of the passive one-way broadcasting. T
he "new
media" sums up how publishers and media companies view the digital medium. Peopl
es
are so accustomed to "receiving random messages" that they often forget the fact
that
broadcasting was a 20th century phenomenon. Even "interactive television" envisi
oned
by todays media is a way of providing a more lively entertainment, offering more
information "related to existing contents" (e.g. detailed information about char
acters,
plots, and commercials shown on TV). Multi-channel, digital TV broadcasting may
very
well be a model for future entertainment, but it needs to be remembered that it
is only
one application of the digital communications network. (2) The commercialisation
of
the Internet is forcing businesses to differentiate their products from others b
y making
products incompatible. Unlike the public Internet where standards were open, fir
ms
attempt to capture and dominate the market with their proprietary products. In s
uch an
environment, TCP/IP would have had a very slim chance of becoming a standard and
opening up the digital, networked economy. Whether markets driven by private
interests can bring about a better result (e.g., more efficient, technologically
superior,
etc.) is still a concern left for arguments.
Perhaps telephone networks are quite similar to the Internet (and indeed most In
ternet
traffic goes through telephone networks). But unlike telephones, the Internet s
user
interface (computer) is much more sophisticated and flexible. Because of its beg
inning
as a public research network, the Internet has no pricing regime of telephone
companies. The world-wide connection, then, may be considered to have been an
accent. When usage-based, long-distance charges are implemented, the Internet ma
y
look quite similar to the telephone network.
Intranet and Extranet
Intranets and extranets have become a vogue. Intranets arid extranets share the
common protocol (TCP/IP) and Web technologies with the Internet. Intranet is a c
losed,
business-wide network, but it uses open standards such as TCP/IP instead of
proprietary protocols traditionally used for LANs (local area networks, usually
hardwired) and WANs (wide area networks, usually LANs connected by cable, telephone
and
wireless networks). Extranet is a private WAN running on public protocols. That
is, an
extranet is a virtual private network among private parties based on open networ
k and
protocols. To assure security and privacy, an extranet relies on secured channel

using
tunnelling protocols and digital ID. In a way, extranet is a private street buil
t on public
land (although costs may be borne by private parties).
Electronic marketplace
Electronic markets ordinarily refer to online trading and auction, for example,
online
stock trading markets, online auction for computers and other goods. The electro
nic
marketplace refers to the emerging market economy where producers, intermediarie
s
and consumers interact electronically or digitally in some way. The electronic
marketplace is a virtual representative of physical markets. The economic activi
ties
undertaken by this electronic marketplace collectively represent the digital eco
nomy.
Electronic commerce, broadly defined, is concerned with the electronic marketpla
ce.
The electronic marketplace resembles physical markets in many aspects. As in phy
sical
markets, components of the digital economy include:
players (market agents such as firms, suppliers, brokers, shops and consumers)
products (goods and services) and
processes (supply, production, marketing, competition, distribution,
consumption, etc.)
The difference is that, in the electronic marketplace, at least some of these co
mponents
are electronic, digital, virtual or online (whichever term may prefer). For exam
ple, a
digital player is someone with an e-mail or a Web page. Purely "physical" seller
s may be
selling a digital product, e.g. digital CD-ROM. One that sells physical products
at a
physical store may offer product information online (thereby allowing consumers
to
"search online), while production, ordering, payment and delivery are done
conventionally. Currently, the emphasis is on the core of the electronic market
place
where everything (i.e. all value chains or business activities) is online. But,
if any aspect
of the business or consumption dwells upon the digital process, Businessmen are
already part of the electronic marketplace. That is, almost all of them are alre
ady players
in the electronic marketplace.
E-Commerce Concepts
Every now and then, a technology or idea comes along that is so profound, so pow
erful,
so universal that its impact changes everything.... Network computing (read e-bu
siness)
will transform every institution in the world. It will create winners and losers
. It will
change the way we do business, the way we teach our children, communicate and
interact as individuals. Says Lou Gerstner, Chairman, IBM - At the heart of this
revolution is the explosion of the Internet connecting millions of computers and
people
all over the world together in one giant, virtual handshake. The Internet is
fundamentally a new economy that will displace and rebuild the existing economy.
The
Web allows businesses to save time on product design order and delivery, trackin
g sales
and getting customer feedback. As companies adopt this technique some jobs such
as
travel agents, stockbrokers and retails could become scarce.
Electronic Business or e-business, simply put, is the integration of the Web wit
h
Information Technology (IT). Apart from more prevalent applications such as e-ma
il,
news, entertainment etc., the Internet is revolutionising the business world, ebusiness
is more than e-commerce, just as commerce is a subset of business.
E-commerce is the final act, so to say, of the goods of services being fulfilled
for the
agreed consideration. This cycle is dominated by transactions between a company
and
consumers at large. Most companies in India today have static Web sites, which a
re
meant to offer information but not for online shopping. India s best known and p
erhaps
the first electronic shopping mall is the Rediff.com site where we can place ord
ers for
books, music etc. Culturally, this is a very big first step as people start feel
ing
comfortable with shopping online and actually start enjoying the convenience. Cy
ber
laws bills are to be approved soon. There are also plans to build a high-speed n
etwork
backbone capable of servicing millions of users expected to go to the Net in Ind
ia.
Every company in India, large or small, must give this revolution a hard look an
d decide
how to proactively act... This is not a straitjacket approach and every company
must
choose its priorities and move with rapidity. Not only is the world shrinking, b
ut time as
well. A web year is just 3 months sufficient to provide significant changes and
progress.
One typical approach companies take is to begin several activities (on the e-bus
iness
journey) in parallel and integrate them as they go along. For instance, while th
ey are
busy setting up a Website and upgrading it from static one to one that allows. N
et
transactions, an Intranet is set up in parallel and gradually more and more auto
mated
processes are brought on to it. The next step would be to link the two so that a
n ecommerce transaction is treated like any other physical transaction and sets of
signals in
corresponding processes such as sales order processing, billing, production plan
ning,
shipping etc. as the case may be. This is a sort of culmination of the big journ
ey and a
company reaching this stage would enjoy tremendous operational efficiency as wel
l as
competitive advantage e-business is not a fad. It is not in the distant future.
It is right
here and becoming bigger every day and starting us right in the face.
Trade among nations is one the threshold of a fundamental transformation as a re
sult of
advances in information and telecommunications technology. The ability of the In

ternet
to bring together distant parts of the world in a global electronic market place
and
information exchange offers far reaching benefits to developing and industrialis
ed
economies alike.
Today, there are an estimated 148 million Internet users, with double-digit grow
th rates
in many emerging economies. There are some 37-million Internet hosts world-wide,
facilitating a dramatic increase in the volume of trade and economic information
available online. Connectivity has significantly improved in many parts of the
developing world, for example, nearly every capital city of Africa enjoys some l
evel of
Internet penetration across, regions, which can have profound implications on an
individual country ability to participate in the global electronic market place.
The overall level of electronic commerce, or business transaction conducted via
the
Internet and private commercial networks, was estimated at US$ 8 to 9 billion in
1997.
Researchers have forecasted that this figure could rise to as much as US$ 400 bi
llion by
2002, as businesses and consumers throughout the world expand their online
commercial activities. The dramatic growth in electronic commerce is being drive
n by
the marketing and cost reduction benefit that many businesses are realizing thro
ugh
this new medium.
What is E-Commerce?
The major buzzword in business today is E-commerce. Till recently the Internet w
as
primarily used as a means of accessing and disseminating information. As busines
ses
became more complex and global, a need was felt for a bigger faster and convenie
nt
access to consumers (and other businesses) spread across the world. That is how
and
when, the tech-gurus leveraging the power and reach of the Internet brought fort
h the
concept of E-commerce. It is the use of electronic information technologies to c
onduct
business transactions among buyers, sellers and other trading partners.
E-commerce combines business and electronic infrastructures, allowing traditiona
l
business transactions to be conducted electronically. It enables the online buyi
ng and
selling of goods and services via the communication capabilities of private and
public
computer networks including the Internet. The whole electronic commerce business
is
predicated on the fact that people will find it convenient and there will be a f
ast, flexible
and secure transaction. E-commerce considered having the following attributes:
1. Direct electronic interaction between two computer applications (applicationtoapplication) or between a person using a computer (typically a web browser) and
another application (typically a web server)
2. The interaction involves the completion of a specific transaction or part of
a
transaction.
3. The transaction crosses enterprise boundaries, either between two businesses

(B2B) or between a business and a consumer (B2C).
We can look at electronic commerce in two ways: as a buyer/seller transaction an
d a
producer/consumer type transaction.
Buyer/Seller Transaction
Transactions are exchanges that occur when one economic entity sells a product o
r
service to another entity. When buyer/seller transactions occur in the electroni
c market
place information is accessed, absorbed, arranged and sold in different ways. To
manage
these transactions E-commerce incorporates transaction management, which organis
es,
routes, processes, and tracks transactions. Ecommerce also involves payment
mechanisms for customers to make electronic payments and funds transfers.
Producer/Consumer Transaction
We can also view E-commerce as a production process that converts digital inputs
into a
value-added output through a set of intermediaries. For example in Online tradin
g,
value can be added by providing meaningful information like trend analysis; sect
or wise
company information etc., instead of giving the raw data (stock quotes). This wi
ll give
more refined information, which can lead to a better decision making for the cus
tomer.
There has been a paradigm shift in the way technology is viewed in business worl
d
today. The traditional view of Information Technology as an operational tool is
changing. Today, technology is seen as a major driver of corporate strategy and
business
re-engineering. This is aiding the growth of E-commerce. Companies are seeing Ecommerce as a technology supported strategic action.
Forces Aiding E-Commerce
Various forces are fuelling the growth and interest in E-commerce. They are as f
ollows:
1. Economic Forces
Companies the world over, are under relentless pressure to cut costs and stay
competitive. They are looking for economic efficiencies and hence are attracted
towards
E-commerce which offers many efficiencies such as low cost technological
infrastructure, low cost of global information sharing, low cost of customer ser
vice, low
cost and accurate electronic relationship with suppliers, time compressions etc.
The economic forces motivating the shift to E-commerce are both internal as well
as
external. External integration connects the vast network of suppliers, customers
and
other entities into a single large community with the ability to communicate acr
oss any
platform. The classic example in the automobile industry where just In Time (JIT
)
manufacturing methods which forced companies like Ford, General motors to rely o
n
Electronic Data Interchange (EDI) to interact with their suppliers underlines th
e
importance of external integration.
Internal integration is equally important as external integration. It connects a
ll internal
functions in the organisation and helps the flow of information in a seamless ma

nner. It
also ensures that critical data is stored digitally, that permits instantaneous
retrieval and
electronic transmission.
2. Marketing and Customer Interaction Forces
Companies want to employ E-commerce to provide marketing channels, to target mic
rosegments or target audiences and to improve post-sales customer satisfaction by
creating new channels of customer service and support. In an era where products
clutter, companies want to supply their target customers with product and servic
e
information in greater detail than that provided in a television or print advert
isement.
The purchasing climate and the products are also changing quickly. In order to b
e
competitive, companies will have to rely on technology to develop low cost custo
mer
prospecting methods, establish close relationships with customers and develop
customer loyalty. Traditional concepts of differentiation will not hold in this
new
business environment. It is also an era where brand equity (the premium attached
to a
brand) is evaporating. So companies are realizing the need for investing in E-co
mmerce,
which promises to provide them the above-mentioned business methods.
3. Technology and Digital Convergence
The advent of Digital technology has made it possible to convert characters, sou
nd,
pictures and video into a single bit of stream that can be manipulated, stored,
and
transmitted quickly, efficiently in large volume with out any loss in quality. T
his has
forced the previously disparate industries like publishing, entertainment,
communication and computing to work in close cooperation. The emergence of digit
al
technology and multimedia has resulted in "digital convergence". Convergence has
two
dimensions - convergence of content and convergence of transmission technology.
4. Convergence of Content
Regardless of its original form, convergence of content ensures that digitized
information can be processed, searched, enhanced, converted, encrypted, compress
ed,
replicated and transmitted at a very low cost. This has profound implications fo
r
content-based industries like newspapers, magazines and books, (the meteoric ris
e of
AMAZON.COM, a virtual bookstore has forced many traditional brick and mortar
bookstores like BARNES and NOBLE to set up digital bookshops).
Convergence of content has also given rise to a new set of information publishin
g and
browsing tools. This is the main idea behind the emergence of the browser indust
ry and
explains the sudden rise of Netscape Communications. Content convergence also he
lps
companies to use networked databases and electronic publishing to improve indivi
dual
and corporate decision-making and information processing.
5. Convergence of Transmission
Convergence transmission compresses and stores digitized information so that it
can be
transmitted over the existing transmission systems (telephone lines, wireless, c
able
system etc). Convergence of transmission is the convergence of communication
equipment that provides the pipeline to transmit voice, data, image, and video o
ver the
same line, which was still a few years ago, an elusive dream! However the emerge
nce of
new technologies like Asynchronous Transfer Mode (ATM) has made this possible.
Convergence of transmission is also facilitated partly by the blurring of lines
among
information access devices-telephones, television, computers etc.
Transmission convergence makes it easier to connect computers, high-speed periph
erals
and consumer electronic devices. This has paved the way for a huge multimedia
applications market. It also gives an easier access to networks and helps in the
creation
of a new low cost delivery channels and also new customer segments.
Why E-Commerce
Business scenarios have engaged phenomenally in this decade where traditional
business practices and procedures have been incredibly transformed by virtue of
the
invasion of electronic commerce.
The Internet is being applied very creatively for almost any type of business an
d comes
with many an in-built service and thus enables your products and services to rea
ch out
to the remotest of places on account of sheer reach. But while the best amongst
us are
still growing and re-learning the fundamentals, e-business still remains a quant
um leap
and seems only Utopian till it really starts giving to those dividends that we h
ad in mind
when we embraced it.
Corporate, both Indian and international, have unleashed an imposing range of ebusiness products and services to the end user and which guarantee state-of-theart
technologies and solutions that would ultimately catapult business ideas to dizz
y heights
within an amazingly low turnaround item. And this is just the beginning...
Notwithstanding the "initial thrust cost" to institutionalize an e-business, the
long-term
benefits which accrue to the business is recouped many times over. Also worth yo
ur
while is the thought, that there, is room for a number of players. Only the most
creative
and ingenious of the lot will surge ahead in the era of electronic commerce. It
is in this
very context that soon, we should be witnessing a mixed blitz of threats and
opportunities for corporate India.
The trillions of dollars of revenue estimates thrown up business analysts may no
t be
totally unfounded. Manufacturing, sales, distribution, receivables, vendor manag
ement,
purchase and every other aspect of the operating cycle is being taken care of
electronically. Quantum achievements have been recorded by companies who do
customer relationship management on the Net. All these and the rest are indicato
rs in
the direction that e-business is culturally and technologically transforming you
r
business and is making the latter ship-shape to face the new millennium.
Traditional ways of doing business may not however change dramatically in some c
ases
as some edifices may show signs of resistance to change. India is a good referen
ce in
question. On a very candid note, Internet and e-business being at its nascent st
age here
would take time to register into our minds and should remain like a square peg i
n round
hole until the revolution sweeps the ground off our feet.
World-wide customers have evolved and are more demanding, they are more informed
,
and they review their loyalties every time they go online.
Web-enabled applications are automating business processes and shifting the prio
rities
of companies large and small. Now business owners can focus on customer service
and
use Web technology to serve the customers - and make business more competitive.
This
can be made more efficient and more convenient by shifting customer service proc
esses
to the Web, which makes it easier for people to do business.
Web-based customer service not only makes customers happier, it makes business
partners also happier. When customers have an alternative to the phone, they bec
ome
more self-reliant, saving them time and company money.
To server your customers better using the web, one will need a foundation built
on
scalable, reliable and secure products along with the expertise it put it all to
gether.
There are 10 compelling reasons for an immediate switchover to e-commerce:
1. Easy I nitiation
The starting point for most business is to develop a website that contains basic
information about the company including a description about the nature of busine
ss,
the product line and how to reach the sales staff. The first step in the develop
ment of a
website is designing the page, which on the low-end can be done completely in-ho
use in
no time. There are any numbers of free web-publishing programs available on the
Internet through which creating a webpage is as easy as using a word-processing
program. If there is a necessity, one can outsource for designing the page at a
moderate
cost with high options. The second step is to post the page, which can be done b
y many
online services and Internet service providers.
2. Fast and cheap
The globalization of trade has created the necessity to introduce a product in t
he worldwide market. Introducing a product through Internet or e-mail not only saves tim
es and
shopping cost but allows a customer to preview the product in full colour and in
multiple formats before ordering for the product online. There are no headaches.
If a
business organisation sends out printed materials such as brochures, sales packe
ts,
price quotations, catalogues, product updates, technical specifications, new pro
duct
information, etc to its prospective customers, dealers or distributors, it has t
he onerous
responsibility of updating them. This is costly and time consuming.

3. Quick feedback
Product information can be placed online through tracking software to determine
what
new products customers seek. Also, a feedback on these products can be obtained
from
the customers through e-mail sent via Internet. Because of the two-way communica
tion,
businesses can get vital product information for suitable alternations in their
marketing
strategies for the web.
4. Refi ned customer ser vi ce
In a competitive economy it is a Herculean task to have sales representatives av
ailable
round the clock at a moderate cost. A business with a strong presence on the Web
can
use the site as a customer-service kiosk and cut down its sales workforce to a
considerable extent. Customers can access information whenever they want. The fi
rst
promise of Web-based customer service is self-service. With the entire range of
products
displayed online, the customer has a chance to review not only the product that
was the
source of his initial interest but other products as well.
5. Global audience
There are approximately 119 million web users as of today. According to a foreca
st, the
number of Web browsers is likely to double or triple in the next millennium. Thi
s makes
it important to large and niche businesses to begin establishing their presence
on the
web.
6. Matching the competiti on
According to a survey of small businesses that have gone online, one in three ha
ve owing
to exports. Because of the natural equilibrium that exits on the Internet, the i
mpact of a
large company and a small one on the market can be similar the difference will b
e in the
commitment of each organisation. An exporter may be small, but owing to this nat
ural
equilibrium on the Net, he can create a virtual brand office in the target - mar
ket.
7. I nter net as a str ategi c tool
Internet facilitated e-commerce will bring opportunities for businesses like nev
er before.
The moment the webpage is up, one can target potential buyers in a specific mark
et,
either region-wise or customer-wise. This is equivalent to taking out banner
advertisements in local publications. Through the Internet is always changing an
d
evolving there are sites in the local content that can given a hyperlink to dome
stic
websites.
8. I nter net cheaper than a phone call
Sending a mail or making a phone call may be difficult from some parts of the wo
rld.
But a webpage can be accessed no matter where one is located. Though the Interne
t
access is not universal, service providers are cropping up all over the world. T
he cost of
making a long distance phones call in some places for extended duration can be
prohibitively high. Since the Net is becoming highly competitive, access charges
are
bound to come down. Email has already become the cheapest way to communication,
costing less than even a phone call.
9. Business to busi ness li nk
By using Electronic Data Interchange (EDI) suppliers can be linked to producers
and
producers to sellers. This makes it possible for a company to obtain a complete
picture
of supply and demand and save time and money by shortening the ordering cycle. I
n
fact a growing number of medium and large size organisations want their supplier
s and
distributors want to be EDI capable including government agencies.
10. Global competiti on
With more and more businesses entering the Web exports market every day, exporte
rs
are facing the problem of making their product fit enough for global competition
. A
buyer can get the details of various suppliers through the Web and choose the on
e that
can supply a quality product at a lesser price.
E-Commerce Characteristics
Business environment no longer an extension of the past, but a whole new set of
situations we must learn to live with and master. Some of these situations come
from
rapid changes in technology: rapid market situation rapid competition, rapid
segmentation of the market and rapid changes in the external environment that cr
eates
deeper global repercussions.
To have a profitable firm today and in the future, "rapid" must be an operative
word:
rapid innovation, rapid turnarounds, rapid other fulfillment, rapid adoption of
technology. It is going to go on being an unpredictable market, where the busine
ss
executives will have harder time than the consumers. Business executives must
formulate strategies and take action on changes that no one yet fully understand
s in all
their ramifications.
Rapid action is not that difficult to take with the right tools. That is what el
ectronic
commerce is the critical action tool for competitive business strategies in inte
rnational
trade.
Electronic commerce electronically links businesses with their trading partners
to help
realise business objectives, improve customer satisfaction, and increase product
ivity. It
is broader and more descriptive term for EDI.
It is now well recognised that cross border business must be done electronically
if
people and goods were to move freely across borders.
Electronic commerce can be defined more broadly as inter-organisational electron
ic
systems that facilitate many kinds of communications involved in commercial
transaction including customers, suppliers, business partners, government
organisations and financial institutions.
It is clear that:
Electronic commerce primarily addresses inter organisational and trading

community activities
Electronic commerce supports internal operations, processes and systems within
the enterprise
Electronic commerce creates value by productively, "closing the loop"
electronically with a growing and changing population of participants in the
commercial.
Hence it is realistic to conclude that Electronic Commerce:
is a business strategy
uses technology to achieve business goals
improves external business relationships
is an evolution in the way companies interact
provides information to facilitate delivery of goods and services
supports change initiatives and reinforces business process re-engineering.
A pro-active approach to implementing electronic commerce would mean improved
bottom line (due to increased volume of business and sales as well as reduction
in costs
due to more efficient use of personnel); drastic reduction in transaction time a
nd costs
and improved quality of information on goods in the logistic chain; strategic ad
vantage
(through time savings, reduction in errors and consequent litigation, more time
for
quality support) links with suppliers contributing to the creating of strategic
alliances;
and most important of all, strengthened customer relations through quality and
quantity of timely information.
Indian firms are sometimes disadvantaged in comparison with multinational firms,
in
international trade. They face barriers that the larger multinational firms can
easily
cross.
A list of some important barriers would include;
1. language and culture
2. large physical distance
3. access to business information
4. differing business and administrative practices.
The smaller Indian firms can now hope to surmount these barriers and be an integ
ral
part of the global linkages through the harnessing the full potential of electro
nic
commerce to facilitate international trade.
If introduced in a planned manner, electronic commerce technologies can signific
antly
reduce many of the barriers to trade identified earlier for the businesses. Sinc
e traders
will be using transactions that are internationally accepted and in a transparen
t manner,
the possibilities for misinterpretation that arise through culture and language
is
diminished. Similarly, as business and administrative processes get harmonized,
the
need to keep track of hundreds of practices is no longer a consideration. Finall
y, with
EDI, data gets transferred at near the speed of light. Therefore, physical dista
nce do not
matter much, business facilitation based on electronic commerce offers the best
hope for
the Indian firms into the next century.
Preparedness for E-Business
An enterprise should consider and take care of following before plunging into ebusiness.
Manufacturing: Are manufacturing processes agile and capable enough to respond
to
demands and allow for mass customization?
Capacity: Do you have the equipment and facilities necessary to be available to
your
customers and business partners via the Internet? In particular, if you become
successful will you have the techniques and equipment to handle a potential over
load?
Distribution: Do you have distribution channels and partners in place to service
customers anywhere?
Organisation: Do you have the people, organisation, and skills in place to opera
te the
system effectively?
Supply-chain: Is your supply-chain strong and competent enough to delivery in qu
ickmanufacturing environment?
Manageability: Do you have strong and integrated IT back-end to provide informat
ion
and forecast future needs?
Marketing: How will you bring customers to your site? A failure to plan and budg
et for a
means to attract customers - even existing customers - to an internet business s
ite is one
of the key reasons that may e-business efforts fail.
Privacy and security: Do you have a privacy policy? Is your internal data secure
d, and
can you ensure secure transaction to your customers?
Legal compliance: Can you comply with national and international laws governing
ecommerce? Are you liable for collecting taxes on merchandise sold online?
No repudiation: Are you capturing enough information over your Web site in a for
m
that you can take to court to enforce an agreement.
Emerging Role of E-commerce
Today, India has the world s second largest pool of English speaking scientific
manpower. Aided by the Internet, this pool has become the source of exports wort
h as
much as $4 billion annually. Starting with simple data entry services, we now su
pply
sophisticated back office services including electronic publishing, website desi
gn and
management, medical records management, hotel and airline reservations, mailing
list,
management, technical online support, indexing and abstracting services, and tec
hnical
transcription.
Given the large difference in the wages of skilled workers between developed and
developing countries, the potential gain from increased movement of natural pers
ons
between them is large. To take advantage of this fact India has long sought a re
laxation
of restrictions on the entry of temporary workers in developed countries. The be
auty of
the Internet is that, for many services, it opens up developed country markets f
or skilled
labour without requiring the movement of natural persons.
The most significant development in Information technology in recent times has b
een
the explosive growth of the Internet. Starting as a project promoted by the US
Department of defense for maintaining reliable communication in the event of a n
uclear
attack on the United States, the Internet today has evolved into a new medium fo
r
commerce.
It has led to an era of electronic commerce or e-commerce. This has two dimensio
ns.
One is that of the Internet emerging as a medium for promoting commerce involvin
g
goods and services by bringing the business ad the consumers
1
together, or for that
matter all the stake-holders in commerce closer to each other. We can talk about
the
Internet establishing linkages between business and business, business and
government, business and customer and customers and government.
In fact the three Cs are seen as increasingly important for promoting electronic
commerce. These are computer, connectivity and cost. The time has come for an
aggressively promotional attitude to make computers, connectivity and the e-comm
erce,
affordable. This is imperative if India wants to take full benefit of the emergi
ng era of
electronic commerce.
Cyberspace is an economic area where the market can function untrammelled. Howev
er,
there is need for a regulatory framework that reduces individual risk and encour
ages
entrepreneurship in e-commerce. The first requirement is a legal framework, whic
h
recognizes electronic signatures, protects consumers from hackers, acknowledges
electronic cash and tackles various forms of the panoply of electronic crime. Th
e second
is for the government to touch e-commerce only lightly for taxes and revenue. It
needs
to treat e-commerce differently, in part to encourage companies to get into the
new
medium of exchange and in part to break its tradition of oppressive taxation of
Indian
business. The flip side of this is to give free trade status to e-commerce acros
s borders.
The United Nations has proposed making electronic trade tariff free and there ar
e plans
to put this on the agenda of coming WTO millennium round.
Nearly 20 years ago a technology evolved in the information technology area call
ed the
Electronic Data Interchange (EDI). The basic principle of EDI was to help speed
up
transactions involving processing of forms especially between business enterpris
es and
the regulating agencies of the government. The port of Singapore, for instance,
was able
to bring down the time taken in the port transaction form three days to 15 minut
es by
using Electronic Data Interchange.
In future, EDI will become inevitable and crucial instrument for exporters. Sing
apore
charges extra money for non-EDI transactions, i.e. transactions by paper documen
ts, as
it involves more human involvement and hence more cost. Even USA, India s larges
t
export destination, is going paperless. In the future there is a possibility tha
t some
shipping lines will not touch non-EDI ports. Moreover, EC members are planning t
o
levy up to a 50% processing charge for non-EDI documentation and Singapore may s
top
trading with non-EDI countries. Giant multinationals such as General Motors do n
ot
allow non-EDI companies to become their suppliers.
Electronic Data Interchange mechanism is a sure step towards curtailing the proc
essing
times for documents and the number itself. The mechanism replaces traditional
methods of data transmission such as mail, phone, or in person delivery with ele
ctronic
transmission. EDI is an inter-organisational exchange of business, and it is a p
air of
standards that define a method for conducting business transactions between
computerized companies, corporations, governments and institutions. EDI has
developed out of the need of business enterprises to communicate efficiently wit
h each
other, taking advantage of modern information technology. Traditional business
communication occurs in two forms: unstructured (e.g., messages, memos, and lett
ers)
and structured (e.g. purchase orders, dispatch advice, invoice payments) EDI cov
ers the
exchange of structured messages, while email deals with unstructured types of
communication.
The use of EDI eliminates problems like delays associated with the handling, fil
ing and
transfer of paper documents, time consumed for re-entering data, etc. Quite seem
ingly,
all these benefits result in faster and more cost-effective operations.
Indian Scenario
One of the prerequisites to be able to do e-business is a sound strategy for all
eging IT
with business goals. IT Infrastructure, manufacturing processes and distribution
capabilities are some of the basic needs to become an e-business. And herein lie
s the
problem. Concepts such as zero-defect products, agile manufacturing, cost-based
competition, on-demand delivery and customer focus have largely been alien to In
dia
Inc. From the start, Indian companies have not been IT savvy, and rarely were
computers employed beyond the confines of the accounts departments.
IT applications have entered almost all the companies but mostly in an uncoordin
ated
way without long-term integration plans or automation strategies. Individual
departments introduced computers and purchased or developed software to support
their own department operations. This fragmented approach divided a company into
small and almost autonomous enterprises... the net result of which was that the
enterprise consisted of many islands of automation.
The departments that are computerized to the greatest extent are finance and acc
ounts,
stores, and purchasing / vendor development reflecting a "transaction processing
"
mentality. Design / engineering, production planning and control (PPC) , product
ion,
quality assurance and quality control (AQ / QC), are in the second tier while ma
rketing,
distribution, human resource management (HEM) and projects brought up the rear.
Impact of E-Commerce
One, internet and e-commerce is the latest buzz in today s world of business. Bu
sinesses
that do not re-engineer themselves to exploit the emerging Internet computing
technology will be wiped out or simply left behind. Internet is the most democra
tic of all
technologies ever developed. With relatively little expenditure companies can ri
de the
Internet bandwagon and enjoy the advantages, which their more resourceful
competitors can boast of. Neither is internet technology zealously guarded nor d
ifficult
to access.
Two, the spread of Internet and e-commerce will dismantle the physical boundarie
s of
the market. With virtually zero advertisement and promotion cost, a company can
now
reach any market it wishes, as long as its target market is linked to the Intern
et world. In
respect of any industries, like media and entertainment, you could now reach a m
arket,
which you could not dream of a year ago. The increase in reach its becoming evid
ent
even for the manufacturing sector.
Three, e-commerce will make most existing infrastructure of existing companies
redundant. What is counted as one s strength today could well be its liability t
omorrow
if adequate reinvention and re-engineering do not take place with the help of In
ternet.
Singapore boasts of huge shopping complexes, which are thronged by shoppers from
all
over the world. With the Internet revolution likely to change the way people sho
p in
future, won t all these shopping complexes become redundant? Businesses all over
the
world, surely, have to think their future expansion plans afresh.
Four, Internet is developing too fast for governments all over the world. So the
government cannot hope to get into the Internet business and stall its smooth
expansion. Globally, there is consensus that there should be no government regul
ation
over the Internet. Users and Internet service providers can themselves introduce
a
mutually acceptable certification system to provide security and accountability
to the
system.
The emergence of Internet and e-commerce is like discovering oil. Just as econom
ic
activity took a new turn after the discovery of oil, Internet and e-commerce wil
l open up
a new world of opportunities for businesses across the world.
A visit to a public sector bank, insurance company or even a book shop should te
ll you
how unprepared Indian industry is as far as Internet and e-commerce is concerned
.
Today, Harley Davidson of the US (it was known for manufacturing high-powered
motorcycles) sells more accessories of its various motorcycle models through the
Internet, than the number of motorcycles through its various showrooms. There ar
e
many entertainment companies, which actually offer their musical shows live thro
ugh
the Internet. There are many theatre companies, which will allow you to buy a ti
cket
after taking you round the theatre and letting you choose a seat of your liking
- through
the Internet.
And in India, many banks do not even have facility of updating their account hol
der s
passbooks through computerized printing, let alone Internet banking. There are
insurance companies that are not even present on the world-wide web. The industr
ial
revolution passed India by. Today, the world is on the verge of the Internet rev
olution.
Electronic Commerce between Businesses
Internet commerce is growing fastest among businesses. It is used for coordinati
on
between the purchasing operations of a company and its suppliers; the logistics
planners
in a company and the transportation companies that warehouse and move its produc
ts;
the sales organisation and the wholesalers or retailers that sell its products;
and the
customer service and maintenance operations and the company s final customers.
In the 1970s and 1980s businesses extended there computing power beyond the
company s walls, sending and receiving purchase orders, invoices and shipping
notifications electronically via EDI (Electronic Data Interchange). EDI is a sta
ndard for
compiling and transmitting information between computers, often over private
communications networks called value added networks (VANs). The cost of installa
tion
and maintenance of VANs put electronic communication out of the reach of many sm
all
and medium-sized businesses. For the most part, these businesses relied on the f
ax and
telephone for their business communications. Even larger companies that used EDI
often did not realise the full potential savings because many of their business
partners
did not use it. The Internet makes electronic commerce affordable to even the sm
allest
home office. Companies of all sizes can now communicate with each other electron
ically,
through the public Internet, networks for company-use only (intranets) or for us
e by a
company and its business partners (Extranets), and private value-added networks.
Companies are quickly moving to utilize the expanded opportunities created by th
e
Internet. For instance, Cisco systems, Dell computers and Boeing s spare parts b
usiness
report almost immediate benefits after putting their ordering and customer servi
ce
operations on the Internet. They are so convinced of its benefit to their own co
mpanies
and their customers that they believe most of their business will involve the In
ternet in
the next three to five years.
Although still in an embryonic stage, analysts predict businesses will trade as
much as
$300 billion annually over the Internet in the next five years. Some believe the
volume
of Internet commerce will be much higher. Growth of business-to-business electro
nic
commerce is being driven by lower purchasing costs, reductions in inventories, l

ower
cycle times, more efficient and effective customer services, lower sales and mar
keting
costs and new sales opportunities.
1. Lower Purchasing Costs
Buying materials or services for a corporation can be a complex, multi-step proc
ess.
First, purchasers have to find suppliers who make the product and determine whet
her
they meet volume, delivery, and quality and price requirements. Once a potential
supplier has been chosen, detailed drawings and information are transmitted to t
he
supplier so that the product is built to exact customer specifications. Assuming
the
product sample has been approved and the supplier s manufacturing lines are read
y for
production, the buyer, then transmits a purchase order (PO) for a specific quant
ity of
goods. The buyer, meanwhile, receives notification from the supplier that the PO
was
received and confirmation that the order can be met. When the product ships from
the
supplier, the buyer again receives notification, along with an invoice for goods
delivered.
The buyer s accounting department matches the invoice with the PO and pays the
invoice. When changes to the normal order happen - a frequent occurrence in most
companies - the process can be much more complicated. Companies lower procuremen
t
costs by consolidating purchases and developing relationships with key suppliers
to
benefit from volume discounts and tighter integration in the manufacturing proce
ss.
They also cast a wide net for lower-cost sources of supply. Large companies have
been
using EDI over private networks to reduce labour, printing and mailing costs in
the
procurement process. Automating routine procurement means the procurement staff
has more time to focus on negotiating better prices and building supplier relati
onships.
Analysts estimate that businesses already trade over $ 150 billion in goods and
services
using EDI over VANS. Companies using EDI commonly save 5-10 per cent in
procurement costs. The Internet has the potential to further reduce procurement
casts.
Large companies benefit from lower transmission costs versus private networks. T
he
Internet also opens the door to doing business electronically with new suppliers
and
with small and medium-sized suppliers who formerly communicated only via fax or
hone. Small companies also benefit. The Internet reduces processing costs and op
ens up
new sales opportunities from potential buyers that post requests for bids on the
Internet. Procurement via the Internet is new enough that projecting economy-wid
e
savings or other benefits is difficult. Specific company examples suggest that i
ts
potential is large and growing.
For instance, General Electric s lighting division reports significant gains in
responsiveness, improved service, and reduced labour and material costs as a res
ult of
shifting purchasing company has to hold to account for delays and errors, and th
e less
quickly it can react to changes in demand. Having huge inventory does not ensure
better
customer services, either. Shelves weighed down with size -10 running shoes do n
o help
the customer who wears a size 8. When a customer enters a furniture showroom loo
king
for an armchair with green and white stripes and is told it s on back-order for
12 weeks,
he may drive across town to a competitor rather than wait. Managing inventory pr
operly
results in better service for the customer and lower operating costs for the com
pany.
Increasing the frequency of inventory "turns" (the number of times inventory in
existing
warehouse or store space is sold or used for production each year) reduces inven
toryrelated interest, handling and storage costs. Reducing inventory levels also mea
ns that
existing manufacturing capacity is more efficiently utilised. More efficient pro
duction
can reduce or eliminate the need for additional investments in plant equipment.
IBM s
personal systems group provides an illustration of how the Internet and private
networks are helping companies keep stocks of inventory smaller, yet more target
ed on
likely consumer needs.
Each month, the group marketing departments report information on how many PCs
they think will be sold. The production planning departments identify manufactur
ing
and materials capacity in each factory. Armed with inputs from across the compan
y on
demand and supply, production schedules are assigned to each factory. The
procurement staff uses the same information to negotiate with suppliers. As new
information comes in each week, the process is repeated and the production sched
ule
fine-tuned. Electronic communication between factories, marketing and purchasing
departments have made this quick response possible. Problems are communicated as
they arise and the appropriate adjustments are made. If demand suddenly rises or
it one
factory cannot meet its production schedule, IBM aware of it in time to increase
production at another factory. The Personal System Group has been phasing in thi
s
Advanced Planning System (APS) since 1996 and already reports significant result
s.
During the first year of APS, inventory turns increased 40 per cent over the pre
vious
year, and sales volumes increased by 30 per cent. The group anticipates another
50
percent increase in turns and a 20 percent increase in sales volume in 1997. By
better
utilizing its existing manufacturing capacity, IBM has avoided having to make ad
ditional
investments to meet the increased volume requirements. The lower investment and
operating costs due to improved inventory turns have resulted in savings of $500
million. IBM is not alone in its efforts to use networks to improve communicatio
n
between the marketing and sales arm of a business and its production units.
Manufacturers, wholesalers and retailers are working together to form standards

and
guidelines for setter forecasting and restocking called Collaborative Planning f
orecasting
Replenishment (CPFR). These standards will allow companies to collaborate in
determining future demand for products and to share information about the availa
bility
of products in stock. With CPFR, a retailer and its supplier electronically post
their
latest sets of forecasts for a list of products and to share information about t
he
availability of products in stock. With CPFR, a retailer and its supplier electr
onically
post their latest sets of forecasts for a list of products. A server tied to the
Internet
compares the forecasts and flags differences in those that exceed a normal safet
y margin
- say 5 per cent. Differences are then reconciled by planners at both the retail
er and the
supplier. To keep that process from becoming too cumbersome, software companies
are
working to develop programs that automatically handle exception messages based o
n
rules that apply to that business. The accounting and consulting firm Ernest and
Young
believes that CPFR could yield an inventory reduction of $250 billion to $350 bi
llion
across the economy. By reducing inventory levels, businesses will realise substa
ntial
savings in materials handling, warehousing, and general administrative costs.
2. Lower Cycle Times
Cycle time is the total time it takes to build a product. There are certain fixe
d costs
associated with building any product that do not vary with the amount of product
ion,
but rather are time dependent. These "fixed" costs include depreciation of equip
ment,
most utility and building costs, and most managerial and supervisory time. If th
e time to
build a product can be reduced to seven days instead of ten, then the fixed cost
s per
product are lower since less time was needed. Electronic commerce allows "cycle
times"
to be shortened, allowing more to be produced for the same or lower costs. In th
e 1980s,
the lower cycle s times realized by Japanese companies presented American compan
ies
with a serious competitive challenge. The responded by breaking down organisatio
nal
barriers that had grown up between design, manufacturing and sales division and
improving communications with external manufacturing and sales division and
improving communications with external partners. Establishing electronic links w
ith
their large suppliers and customers enabled companies to transmit and receive pu
rchase
orders, invoices and shipping notifications with much shorter lead times than pr
evious.
Some also began to share product specifications and drawings over value-added
networks to speed product design and development.
The Internet will permit even further reductions by broadening the network of
businesses connected electronically and by facilitating collaboration on project

s across
work teams and geographical locations. Few industries faced a greater challenge
to
reduce cycle times than the automotive industry in the early 1980s. While Japane
se auto
makers could take a car from concept to mass production in approximately three y
ears,
American companies typically took four to six years.
First, a full-scale clay model was built to see how the vehicle would look in re
al life.
Incorporating changes to the model could take months. Once approved, single or
multiple-prototype vehicles were built by hand to see whether parts fit together
correctly
and whether car could be build economically. Engineers worked with the prototype
builders to refine the engineering specifications. Once the prototype was ready,
the
engineers would design the individual components and the tooling needed to make
the
components. Then, purchasing agents would work with suppliers to produce prototy
pe
tooling and parts for assembly of pilot or pre-production vehicles. If everythin
g went
smoothly, the manufacturing - engineering team would then assemble the vehicle t
o
discover any assembly problems. Finally, after additional modifications, the veh
icles
were mass-produced.
Today, all parties involved in designing a new platform or vehicle - designers,
engineers,
suppliers, and manufacturing and assembly personnel - work as part of a team,
contributing to the process from beginning to end. As a result of computerizatio
n, steps
that used to take weeks or months can now be done in a matter of days. Sharing
information electronically allows the different members of the group to work on
projects
together, rather than having to wait for each member to finish his step before t
he next
one can be taken. Through the use of computer aided design (CAD), computer aided
manufacturing (CAM) and computer aided engineering (CAE), the whole team can sha
re
computer files and use 3-D modelling techniques to design the vehicle and see ho
w parts
fit without building prototypes by hand. Changes to the components can be made
without building sample tooling and parts.
When the final design is agreed on CAM data is loaded into machines that build t
he
tooling and prototype parts. The same techniques are being used to reconfigure a
nd
retool assembly plants. Working as a team and sharing information electronically
has
cut the time it takes to develop and build a new vehicle to about 30 months.
Automotive companies now want to shorten the design cycle to less than 24 months
by
setting up platform teams in different parts of the world and linking them elect
ronically.
By using global communication links, engineers in Detroit can assign a problem t
o
engineers on their team in India. With the time zone difference, the engineers i
n the Far
East can work on the problem and get an answer back to the Detroit counterparts
by the
next business day, Cycle times are also being shortened for production. Before t
he use of
EDI, automotive companies communicated production requirements and schedules to
their suppliers by phone, fax or mail. This meant time-consuming manual data ent
ry,
photocopying and information hand-offs from one supplier to another. It could ta
ke
several weeks to get the manufacturing schedule and requirement to all component
factories and vendors. To minimize the impact of delays and errors caused by
miscommunication, the plant kept a large inventory of part on-hand.
Today, automobile manufacturers and their large suppliers communicated productio
n
and scheduling requirements via EDI. The assembly plant electronically sends the
supplier an 8 to 12 week forecast or builds plan. Daily production requirements
detailing
the number of parts needed at each plant at specific scheduled times are also
communicated electronically. When the parts are ready and loaded in the trailer,
the
supplier notifies the assembly plant that the parts are on their way. The plant
schedules
its lines to coincide with the arrival of the trailers. By changing its assembly
process to
take advantage of the more accurate and timely information they receive electron
ically,
most North American assembly locations turn inventory 130 times per year, up fro
m 7
to 10 times per year in the past.
In January 1994, Chrysler, Ford, GM, Johnson Controls and 12 of their suppliers
began
working together as part of the Manufacturer Assembly Pilot (MAP) to further imp
rove
material flow within a pilot four-tier seat assembly supply chain. At the projec
t outset, it
took four to six weeks for material release information to reach the bottom of t
he supply
chain. Along the way, information was distorted and truncated. The resulting lat
e,
inaccurate and entrusted information cost millions of dollars in the form of "ju
st-incase" inventories, premium freight, unplanned set-ups and changeovers and their
inefficiencies.
By electronically connecting the MAP participants, production schedules reached
the
bottom of the supply chain in less that two weeks. On-time shipments improved 6
percent. Error rates were reduced by 72 percent. Up to eight hours we week per
customer was saved in labour costs. Connecting all levels of suppliers through t
he entire
industry via EDI could save nearly $1.1 billion annually - a cost savings of $71
or more
per car - and decrease information lead-time to just one day between each tier o
f the
supply chain.
The automotive industry is now investing in a new venture, the Automotive Networ
k
Exchange (ANX), a managed virtual private network" that runs over the Internet
and
links manufacturers and suppliers world-wide. ANX will electronically link those
suppliers who still communicate to the automotive manufacturers by fax, phone an
d
mail. And, it will replace the thousands of direct dial connections with a singl
e network,
considerably lowering the transmission costs borne by the manufacturers and the
supplies. Scheduled to be fully implemented by 2000, the network will electronic
ally
route product shipment schedules, CAD files for product designs, purchase orders
,
payments and other business information. Participating automobile manufacturers
believe that ANX has the potential to reduce the product development and
manufacturing cycles even further, as well as improve many other key business
processes. The results achieved by the auto industry through EDI can be, and are
being,
replicated in many other industries. Because of its low cost and ease of use, th
e Internet
will help accelerate the pace at which businesses communicate with each other
electronically and the benefits they can realise.
3. More efficient and effective customer service
Companies are beginning to use the Internet for customer service. Having product
descriptions, technical support and order status information online not only sav
es
money by freeing up a company s won customer service staff to handle more
complicated questions and manage customer relations, it can also lead to more sa
tisfied
customers. Companies have long gathered and stored information about customers a
nd
products in databases that only certain authorized employees can access. Innovat
ive
businesses are finding ways to tap the potential of that information, making it
available
to those who need it most whether it s a customer service representative answeri
ng a
phone call or a customer looking for account information or technical support on
line.
Few things are more frustrating to a customer than uncertainty about when an
important purchase will arrive. Too often, phone calls to a supplier result in a
series of
transfers from one department to another and an eventual promise to check on the
status of the order and to call the customer back. This pattern consumes time an
d
money for the customer and the seller. Delivery companies are helping their busi
ness
partners solve this problem via the Internet. A customer can go to the company s
Web
site, enter his order number, and find out that the product is already on a truc
k and is
expected to arrive the next morning. This information can be retrieved from the
company s Web site in less than a minute. In addition to improved customer
satisfaction, companies using the Internet for customer service report savings f
rom
putting order tracking, software downloads and technical support information onl
ine.
For instance, Cisco reports that its customer service productivity has increased
by 200
to 300 per cent, resulting in savings of $125 million in customer service costs.
Dell
estimates that it saves several million dollars a year by having basic customer
service
and technical support functions available on the Internet.
4. Lower sales and marketing costs
An individual sales person can support as many customer accounts as he can physi
cally
visit or contact by telephone. Therefore, as the number of accounts increases, s
o does
the size of the sales force. Even direct marketing companies increase staffing a
s
telephone order volume increases. By contrast, a web business can add new custom
ers
with little or no additional cost. Because its sales function is housed in a com
puter
server rather than store locations or sales people, its reach is bounded only by
the
capacity of the servers to respond to inquiries and orders. The Internet can als
o make
traditional sales organisations, layered distribution channels, catalogue sales
and
advertising more efficient. With automated ordering capabilities, sales represen
tatives
no longer have to prepare time-consuming manual orders. Instead, they can spend
time
building and maintaining customer relationships. Electronic catalogues present f
ar
more information and options that their paper counterparts. Direct marketing onl
ine
can shorten repurchase cycles and increase and ability to sell additional items.
Some recent business examples suggest the potential of the Internet as an effici
ent sales
tool. Boeing s spare parts business debuted its PART page on the Internet in Nov
ember
1996, allowing its airline customers around the world to check parts availabilit
y and
pricing, order parts, and track the status of their orders. Less than a year lat
er, about 50
percent of Boeing s customers use the Internet for 9 percent of all parts orders
, and a
much larger percentage of customer-service enquiries. The Boeing spare parts bus
iness
processes about 20 per cent more shipments per month in 1997 than it did in 1996
with
the same number of data entry people. And, because customers can satisfy many se
rvice
requests online, as many as 600 phone calls to customer service representatives
are
avoided each day.
Cisco builds virtually all its products (routers, switches and other n
etwork
interconnect devices) to order, so there are very few off-the -shelf products. B
efore the
company establishment Internet sales capability, ordering a product could be
complicated. Generally, an engineer at the customer site knew what type of produ
ct was
needed and what should be configured. The engineer communicated this information
this procurement department who then created the purchase order and sent it to C
isco
via fax, phone or email. A Cisco customer service administrator entered the orde
r into
Cisco s system. If the order went through clean", its booked and its production
scheduled within 24 hours. Nearly one out of four orders didn t get a "clean" bi
ll of
health, however. Instead, when Cisco s system tried to validate the order, it di
scovers an
error in how the product was configured. The "dirty" order would be rejected, th
e
customer contacted and the procurement cycle would begin again. In July 1996, Ci
sco
ruled out its Web-based ordering and configuring system. Today, that same engine
er
can sit down at a PC, configure the product on-line, know immediately if there a
re any
errors, and route the order to the procurement department. Because the customer
s
pricing structure is already programmed into the Cisco site, the authorized purc
haser
can complete the order with
few keystrokes. And, rather than calling Cisco to
find out
the status of the order, invoice or account information, a customer with the pap
er
authorization can access the information directly on the Web site. With the onli
ne
pricing and configuration tools, about 98 percent of the orders go through the s
ystem
the first time, saving time both at Cisco and the customer s site. Lead times ha
ve
dropped two to three days, and customer s productivity has increased an average
of 20
percent per order.
5. New sales opportunities
The Internet operates around the clock and around the world As a result business
es on
the Web can reach new markets they could not reach effectively with an m-person
sales
force or advertising campaigns.
For instance, a plastic commodity specialist at a large manufacturer can site do
wn at his
PC, click on a Web browser and search for suppliers spelling industrial plastics
online. A
small supplier with a limited sales force can now reach that buyer getting its f
irst
introduction online. Similarly, a vendor s sales force may not be able to reach
millions of
home offices and small offices around the country. By having an online presence
and
creating customised services for the small business market that vendor may devel
ops a
new, lucrative market, both within the US and globally Companies using the Inte
rnet to
sell products find that they attract new customers For example, eighty percent o
f the
consumers and half of the small businesses that purchased from Dell s Web site h
ad
never purchased form Dell before. One out of four say that if not for the Web si
te, they
would not have made the purchase. And their average purchase value is higher tha
n
Dell s typical customer. WW Grainger the leading distributor of MRO supplies in
North
America, describes similar results. The company launched its Web business in the
spring of 1995. Today, more than 30 per cent of the company s online sales are t
o new
customers of incremental sales to existing customers. Because the virtual store
is open
seven days a week, 24 hours a day, customers who wouldn t otherwise be able to o
rder
from a Grainger store are now able to do so. In fact, more than 50 percent of al
l orders
are placed 5 PM and before 7 AM when the local store is closed.
The future
Businesses that use the Internet to buy, sell, distribute and maintain products
and
services are realizing significant cost savings and increased sales opportunitie
s. And, the
benefits only increase as the network of businesses conducting electronic commer
ce
grows. Investments are already taking place to realise the $300 billion in busin
ess-tobusiness Internet commerce analyses predict by 2002. Three of the companies
discussed - Cisco, Dell and General Electric - were responsible for about $3 bil
lion in
Internet commerce in 1997. If their current projections provide accurate, these
three
companies alone with conduct more than $17 billion in Internet commerce within t
hree
to five years. The experiences of these and other companies are quickly spreadin
g
through the rest of World industry through conferences and consulting firms who
assist
companies to design and implement Internet based business solutions.
Even at $300 billion, Internet commerce will only represent 3 percent of total G
DP of
US. This means that the greater efficiencies companies are experiencing from ele
ctronic
commerce are likely to continue to diffuse through the U.S. economy for decades
to
come.
Traditional vs. Electronic Business
The impact of E-commerce on traditional retailing systems based on the business
models discussed in this section. A key impact is dis-intermediation of traditio
nal
distribution channels and electronic re-intermediation.
- Dis-intermediation and Re-intermediation
By using the Internet, manufacturers can sell directly to customers and provide
customer support online. In this sense, the traditional intermediaries are elimi
nated. Let
us call this phenomenon dis-intermediation. However, new electronic intermediari
es emails and product selection agents - are emerging instead. Occurrence of a new
breed
of electronic intermediaries is called re-intermediation.
In response to this change, traditional intermediaries like department stores ar
e joining
the bandwagon of the new opportunity but still keeping their traditional way of
doing
business. However, the traditional distribution business can never be the same a
gain,
because it has to provide something that the electronic intermediaries cannot pr
ovide.
On the other hand, some manufacturers like auto makes still need to cooperate wi
th
dealers in a different way. These phenomena are another evolution toward reintermediation and re-intermediation.
Now let us elaborate the notion of dis-intermediation and re-intermediation furt

her.
Dis-intermediation is new term that refers to the removal of organisations or bu
siness
process layers responsible for certain intermediary steps in given value chain.
In the
traditional distribution channel, there are intermediating layers, such as whole
saler,
distributor, and retailer, between the manufacturer and consumer as depicted in
the
following figure. In Japan, there sometimes exist 10 layers, which add a 500 per
cent
mark up. Owing to the presence of the Internet as a marketing and product select
ion
vehicle, customers are beginning to question the value offered by the distributi
on
channel, when they can theoretically obtain the same products directly from the
manufacturer. If manufacturers are able to connect directly with consumers and s
horten
the traditional distribution chain they used to depend on, it is theoretically p
ossible to
get rid of the inefficiencies of the current structure.
A logical alternative to dis-intermediation is re-intermediation, which actually
points to
the shifting or transfer of the intermediary function, rather than the complete
elimination of it. In the EC era, the intermediaries such as e-mails, directory
and search
engine services, and comparison-shopping agents can create the role of reintermediation. These new intermediaries replace the role of traditional interme
diary
layers. Another re-intermediation can emerge by differentiating the service of
traditional intermediaries from on-line intermediation. This can be realized, fo
r
instance by offering entertainment during shopping and by upgrading the shopping
as
pleasant as hobby. In summary, customers have more choices of alternative
intermediaries.
- Impact on Manufacturer s Distribution Strategy
In addition to dis-intermediation and re-intermediation, an interesting emergenc
e of
manufacturer s distribution strategies is the following:
a. Manufacturer s monopolistic Internet-based distribution: Levi s does not allo
w
anyone else to sell Levi s product on the Internet. This is possible because Lev
i s has
such a name value and customers like to have a single contact point in cyberspac
e. (In
late 1999, Levi s changed its policy).
b. Coexistence with the dealers: This is the case in car distribution. Automaker
s need to
keep the traditional dealers as test-drive servers even though they sell on the
Internet.
c. Regionally mixed strategy: In a certain region a particular company may sell
on the
Internet, while in another region it sells through the traditional retailer. For
instance,
Nike sells on the Internet but only in the United States. Nike provides physical
retailing
stores abroad. The policy depends upon the maturity of Internet-based customer
groups.
d. Mass customization for make-to-order: Manufacturers have to be adaptive to th

e
customised orders of ultimate consumers. This means the manufacturer should be r
eady
for mass customization.
e. Powerful suppliers: According to Fortune, August 16, 1999, Home Depot sent a
letter
to its major suppliers (e.g.www.whirlpool.com), reminding them that Home Depot h
as
the right not to carry their products they will sell online, directly to custome
rs.
- Managerial Issues
a. The combination of the criteria of business models of electronic marketing ca
n
construct various business models depending upon the initial position of each in
dividual
company.
b. A new opportunity is available to pure direct marketing manufacturers and pur
e
cyber-retailers. New business models have diminished the role of traditional
intermediaries. From an electronic intermediary s point of view, its management
should
decide whether to commit to being a generalized directory service or retail spec
ialised
items.
c. However, the emergence of pure cyber-marketing companies has irritated tradit
ional
distributors. Traditional manufacturers have had to decide whether they want to
transform to a full commitment to direct marketing, restructuring the current
manufacturing and distribution system; or regard the electronic storefront merel
y as an
additional channel of distribution. A similar strategic question applies to trad
itional
retailers.
d. A critical question to traditional manufacturers and retailers is how to tran
sform their
business posture incorporating the benefits of electronic marketing with existin
g
distribution channels to satisfy customers most effectively at the minimum opera
ting
cost. Management also has to investigate starting a completely new business to c
ultivate
the future opportunity of E-commerce.
E-Commerce Industry Framework
Traditionally market ties were created through the exchange of goods, services l
and
money. But E-commerce is changing all that. It is influencing the way the market
is
structured by adding another element - information. It has enabled the creation
of new
market opportunities, which enables new players to step in, thereby creating a n
ew set
of market dynamics. A general framework of the E-commerce market will be helpful
in
better understanding this emerging market.
1. E-Commerce Applications
2. Supply chain management
3. Online shopping
4. Procurement and purchasing
5. Online publishing
6. Online banking
7. Information products and services
Consumer Internet e-Commerce uses a single set of technologies. The infrastructu
re for
an e-shop selling books is essentially the same as is used for the online sale o
f airline
tickets. The important differences between e-commerce applications are how they
fit
into the consumers market, how they are supported by the supply chain and their
potential to alter the role of players in that supply chain. These essential com
ponents of
the business structure are shown in figure 1.5.
Figure 1.5: e-Vendor Business Links
Consumer Internet e-Commerce facilities, an e-shop, may be set up by:
A new entrant to an existing market
An existing player in the market using the Internet to develop a new sales
channel
New entrants to the market have the potential to threaten the market position of
existing players but they have to build up expertise to support their operations
. Existing
players in a market may respond to the new entrant by sharpening up their conven
tional
retail act or by setting up a competing online channel, the latter course of act
ion adds to
the threat to their investment in the conventional distribution channel.
The e-commerce applications also need an effective supply infrastructure; the on
line
purchaser is not going to be impressed by lines that are out-of-stock or goods t
hat take
forever to arrive. An existing retailer has supply chain arrangements that have
been built
up and tuned over time. The new entrant to the market has to match this efficien
cy by
quickly setting up similar arrangements or developing an alternative infrastruct
ure that
better meets the needs of its way of conducting business.
A number of contrasting sectors are examined in this section. These sectors exem
plify
the range of consumer e-Commerce services that are available. The chosen sectors
are:
1. Bookshops;
2. Grocery Suppliers;
3. Software Suppliers and Support;
4. Electronic Newspapers;
5. Banking;
6. Share Dealing;
1. Internet Bookshops
One of the first applications of e-Commerce on the net was the Internet Books sh
op. The
story is that Jeff Bezos, when he decided to set up an online business, san down
to work
out what he could sell online and decided it was books - the result was amazon.c
om.
Books, as an item of merchandise, have four significant advantages for the onlin
e
retailer:
1. They can, in most cases, be adequately described online. They are not like cl
oths
that the customer might wish to try on or bananas where the customer could
want to check the size-and ripeness.
2. They are moderately priced - expensive enough to make the transaction

worthwhile but not so expensive that the transaction exacerbates customer fears
about online payments.
3. Many customers are prepared to wait for the goods to arrive (and there is oft
en a
similar wait for books ordered through a conventional bookshop).
4. Delivery is manageable. Postal / small packet services can be used at reasona
ble
prices and the customer does not have to be at home to receive the goods; they
can be posted through the customer s letter box.
The start-up and subsequent success (in terms of growth and sales volume) of Ama
zon
came as something of a shock to convention booksellers. The shock was in terms o
f loss
of sales but also the discount pricing of Amazon that threatened existing pricin
g
structures within the book trade. The reaction of other players in the book trad
e has
been threefold:
Defensive reaction by large traditional players that setup their own e-Bookstore
s; Barns
and Noble in the US is one such example (and in setting up an online alternative
, the
existing player adds to the threat to their investment in conventional trade out
lets).
Competitive reaction by new operators in the field who have copied Amazon s init
iative;
bol.com is one such example in Europe and the UK. Some new entrants have been
aggressive in their advertising and pricing, displacing Amazon adverts on some p
ortals
and pushing them to increasing their discounts.
Enhancements of conventional bookshop offerings; many multiple book retailers ha
ve
made considerable investments in their conventional bookshops converting them in
to,
what could be termed, book emporiums. Apparently the conventional book retailers
don t intend to let the online vendors have it all their own way.
The advent of retail e-Commerce customer interfaces has not altered the supply c
hain
arrangements of the book trade. Bookshops have two main sources of supply:
1. Book wholesalers (and it is Amazon s relationship with^ a large wholesaler in
Seattle that, arguably, made their operation possible). Wholesalers tend to deal
more with popular books than with specialist or academic requirements.
2. Direct supply from the publisher, either from a sales representative or using
direct ordering (direct ordering is typically via EDI, e.g. TeleOrdering in the
UK).
The book trade supply chain is summarized in figure 1.6.
In competitive terms the Internet bookshop has the advantage that it does not ha
ve to
maintain expensive retail premises and the staff that go with such an operation.
A
warehouse operation where the customer does the data entry is cheaper to operate
although the IT infrastructure is an additional expense. The major disadvantage
for the
online bookshop is that the customer does not collect the product and delivery h
as to be
paid for. The exact balance of the equation is not clear. The online retailers d
o discount
but the high headline discounts are concentrated on a few best-sellers and many
books
are sold at the publishers recommended price. Also the online retailer, seemingl
y, need
to pay for promotion to a greater degree than their conventional competitors. Th
e online
only retailers, at the time writing, are all making substantial losses.
The large online bookstores need a sophisticated web site, both to attract and r
etain the
attention of their customers and to ensure the efficiency of their backroom oper
ations.
The facilities of the online bookshop may include:
A large database of books: The details available for display include a picture o
f
the cover, description of the book, price and possibly customer reviews;
A search engine for author, title, subject, etc;
Details of stock and hence an accurate picture of delivery times (this is, for
example, provided by Blackwells which also has a wholesale function and thus
has access to this data);
Software to record the readers interest and to suggest other titles that might al
so
appeal;
Integration into the supply chain, e.g. facilities to send EDI orders to the
publisher (again this is a feature of the design on the Blackwell s online
bookstore).
The system has to be up-to-date, robust and comprehensive.
Noteworthy Sites
Large online bookshops include:
Amazon - www.amazon.com, www.amazon.co.uk
Barnes and Noble - www.barnsandnoble.com
Bertelsmann AG - www.bol.com
Blackwell - www.bookshop.blackwell.co.uk
Chapters - www.chapters.ca
There are also a large number of sites for bookshops dealing with specialist int
erests;
these sites are much smaller and tend to have fewer features than the major onli
ne
bookstores.
2. Grocery Supplies
Going to the supermarket for many people is just a chore, often the time they ca
n go is
the time everyone else can go. The car park is crowded, the aisles are jammed, t
he
queues at the checkout, reloaded into bags, loaded into the car, taken into the
house and
loaded yet again into the refrigerator and the cupboards. How much easier if one
could
call up the home page of the friendly local supermarket, a few clicks of the mou
se and
the weekly shop is done. The online supermarket works much like any other shop.
The
customer logs and selects the groceries that are required. The staffs pick the g
oods, pack
and dispatch them. That said, the logistics are a bit different from other onlin
e stores:
Selecting Goods: The typical food supermarket carries a product range of several
thousand items and a customer may well select (say) 60 of them on a weekly shopp
ing
trip. This is a task that can take some time and the online supermarket tries to
help with
facilities such as an online shopping list.
Deli ver ing Goods: Groceries are both bulky and perishable, and leaving them ou
tside
the back door is not necessarily appropriate. Common practice for home delivery
is to
arrange a delivery slot with the customer, delivery within a specified two hour
period
and to make a small charge for delivery.
In the UK most of the large supermarkets have started online shopping services.
There
is strong competition between UK supermarkets and possibly the rollout of online
shopping is more do with a need not to be seen to be falling behind than a great
enthusiasm for the new channel. In the UK, the first food retailer with a (moder
n) home
delivery service was Iceland, a frozen food chain that also does general groceri
es. The
Iceland home delivery service docs have a web connection but the main method of
access is telephone ordering and a sizeable number of the customers are senior c
itizens
who have a problem getting to the shop but are readily available at home to rece
ive
deliveries.
In the US, one of the pioneers of online groceries has been Peapod, a software c
ompany;
they have set-up the online facility and have found other organisations to stock
and
deliver the groceries. Amazon has also recently joined in with their Homestore b
rand
offering its services in selected locations.
The logistics of the online grocery business are very different from the e-books
tore. A
warehouse in Seattle can do nation-wide (or even world-wide) delivery of books b
ut
would not be appropriate for general grocery supplies. The home delivery grocery
business requires local depots and it needs the same supply chain infrastructure
,
coordinated by EDI, which the supermarkets have in place. The organisations that
have
the infrastructure to enter this business are the existing food supermarkets; th
e only
part of their facility that is not entirely appropriate is the retail store whic
h is a much
more lavish facility than would be required in a purpose built, home delivery de
pot.
The supply chain of the home delivery grocery operation is diagrammatically very
similar to the bookshops; a vital difference is that supply has to be from a loc
al depot
rather than a central warehouse. The supply chain is shown in Figure 1.7.
It is noted that there are a number of online suppliers of specialist food produ
cts. These
operators work with a limited product range of specialist products at premium pr
ices.
These operators can work from a central warehouse and use the postal / packet de
livery
system. Selling chocolates or wine online is a very different operation from gen
eral
groceries.
Noteworthy Sites
Peapod - www.peapod.com
Homestore - www.homestore.com
Sainsbury - www.sainsbury.co.uk
Tesco - www.tesco.net
13. Software Supplies and Support

Software supplies are both a business to business market and a business to consu
mer
market. It is also a consumer market and as it contrasts with the other trade se
ctors
discussed in this section. The Internet as a channel for software sales, includi
ng
computer games, has two distinct advantages:
1. The customers are presumably computer literate and will be able to operate th
e
medium.
2. The product is electronic and can be delivered via the net.
The supply chain for software delivered over the net is therefore very simple. I
t is a
straight transaction between the customer and the supplier without the need for
any
agent or retailer. The supply chain is shown at figure 1.8.
4. Electronic Newspapers
The web, it is suggested, provides a new channel for news distribution that over
comes
the shortcomings of both the printed newspaper and of broadcast news on radio an
d
television. The web can give news coverage that is as up-to-date as broadcast ne
ws but
has the in-depth coverage available from a serious newspaper. Further than that,
the
browser could be set to select the news of interest to the reader and to leave o
ut the rest.
That is the potential but it has not yet happened, possibly it never will. The s
implistic
assessment given above perhaps misses out on a more complex way that news is
consumed . Radio and television news is often consumed while people are doing o
ther
things, eating their breakfast or driving a car; they happen in the background.
Newspapers are read on the train or in the park and then may be shared with some
one
else. The newspaper gives the reader the chance to be selective (and that select
ion
process is to do with moods and time in a way it would be difficult for any soft
ware to
emulate). There are a number of online newspapers available and most of them are
web
versions of existing newspapers. The Washington Post is the one that has, to dat
e,
received the most favourable coverage. Currently access, with a couple of except
ions, is
free.
The online newspapers, it seems, are often used to look up something that has be
en
missed in a previous issue or to look at the job advertisements, rather than bei
ng read as
a newspaper. Online magazines attract some readership but they have had a hard t
ime
attracting subscriptions - there is the ethos that the net should be free and th
ere is also a
concern that the magazine might not be as good as it pretends to be or that it m
ay not
last the period of the subscription. There is, however, a threat to the conventi
onal
newspaper from the web. A large part of the revenue that pays for newspapers com
es
not from the cover price that the reader pays but from the money received from
advertisers. The web has the potential to advertise jobs, houses and used cars a
t a
fraction of the price of a newspaper -should the advertising of these items shif
t to the
web then it might not be possible to buy or daily or local newspaper, at least n
ot at a
price that the public is prepared to pay.
The supply chain of the online newspaper is also much simpler than that of the p
aper
version. No need for a midnight deadline before the papers are loaded on to lorr
ies,
delivered to wholesalers in each major town, re-packed for delivery to news agen
ts and
then possibly to the door by a paper boy. The supply chain of online newspaper i
s direct
from the company to the readers screen.
5. Internet Banking
There are times when the bank customers want to know their bank balance or make
an
urgent payment and a visit to a branch is not convenient; Internet banking (and
telephone banking) can solve these problems. The use of the telephone or the Int
ernet
also have advantage for the bank; it reduces the cost of processing each transac
tion (by a
factor of between 10 and 100 depending on which report you read) and has the pot
ential
to enable the bank to reduce the overhead of the branch network. Online banking
allows
the customer to check their balance or pay a bill at any time of the day or nigh
t. The
services offered by online banks typically include:
Online balances and statements giving up-to-the -minute information. The
statement can be used to check that any specific debit or credit has gone throug
h;
Credit transfers so that bills can be paid online. Included, is the facility to
set up a
transaction now for the bill to be paid at a later date;
Maintenance of standing orders and direct debits.
The major service that is not provided is cash in and cash out; for this service
the
account holder has to leave home and visit an automatic teller machine (ATM) or
a bank
branch (assuming it has not been closed down). A problem is that doing your own
banking allows you to make your mistakes and there are reports of customers send
ing
money to the wrong account or just out into cyberspace. Banks also make mistake
but
when they do it is comforting to have someone other than oneself to blame. For o
nline
banking, security is obviously an issue. At the Bank of Scotland logging on repo
rtedly
involves a customer number, three passwords and eight different pages before the
balance could be accessed; and the service needs special software downloaded ont
o the
PC. It is, of course, right that security is taken seriously but it does not nec
essarily make
for an easy to use, or a fun, service. The supply chain of the bank, using e-ban
king,
reduces usage of the branch network (although a branch or ATM machine will still
be
required). The supply chain of the online bank is shown at Figure 1.10.
6. Online Share Dealing
The use of the Internet is taking off among private investors in stocks and shar
es. The
Internet can make available to the private investor the up-to-the-minute informa
tion
that, until recently, had only been available to those working in financial inst
itutions.
The use of online brokerage services automates the process of buying and selling
and
hence allows a reduction of commission charges. Also the commodity being traded
is
intangible; the ownership of stocks and shares can be recorded electronically so
there is
no requirement for physical delivery. Internet share trading sites are been setu
p by stock
broking organisations and by new entrants to the market (the latter need clearan
ce from
the regulatory authorities before they can operate). The Internet is also being
used for
information sites and chat lines, some provide information free and some require
a
subscription.
Current developments are, essentially, converting off-line practices to an onlin
e
equivalent. The private investor who may have received a stockbroker s report th
rough
the post and looked up share prices in the morning paper can access the informat
ion
online (with the current market price being available). The investor who might h
ave
made calculations about trends and valuations by hand can download the informati
on
from the web into a spreadsheet or a personal finance program that runs on their
PC.
That same private investor who used to ring up a stockbroker to buy or sell (a p
rocess
that might take some time when the market was busy) can issue that same instruct
ion
online for immediate execution. The investor is able to deal at a price viewed
immediately, whereas using more traditional dealing services an investor will of
ten have
to wait in a telephone queuing system to get through to the dealing desk and whe
n
trading may have to wait for the price of the trade to be confirmed. The number
of sites
and the usage of them is mushrooming. Figures for 1999 show 7 million online tra
ders
in the US and a rapid growth in the UK since the first traditional British stock
broking
firms, a number of the banks and few large US companies that have set up in the
UK.
In the US the availability of online shares dealing services has created the phe
nomena of
day trading. The day trader s aim is to make a profit from volatile shares that
are bought
in the morning and sold in the afternoon. Day traders are often just ordinary me
mbers
of the public who have given up their jobs to spend the day glued to a screen wa
tching
the price movements of a few selected stocks. Some day traders make money but ma
ny
do not; the unsuccessful day trader losses all their savings and often a great d
eal more as
many take out loans or trade on credit.
The supply chain for share dealing is unchanged; the use of the net just speeds
up the
whole process (and that can be vital in some share dealing). The supply chain fr
om the
broker to investor is shown in Fig 1.11.
Internet share dealing seems like a sector set to grow and grow. Why trade throu
gh a
broker when you can get better information and a better service by trading onlin
e. For
many years the people in the trade have had up-to-the-minute information on shar
e
prices that has not been available to the general public. Now members of the-gen
eral
public can compete on equal terms. The problem with online trading is that it in
creases
the temptation to indulge in short-term speculation rather than long-term invest
ment.
It is a risky business for the individual and of doubtful benefit to the overall
economy
that the financial markets are supposedly-designed to service. That said, if the
financial
institutions can and do speculate, often in a thoroughly irresponsible manner, w
hy
should the ordinary punter not have a chance to join in if they wish to?
Digital Goods and Services
Electronic commerce can support most of the processes involved in the purchasing
of
physical goods and services. Digital goods and services are those that can be de
livered
using the information infrastructure. Hence, for digital goods and services, the
market
space provides a context sufficient for the entire procurement process.
Digital goods and services include:
documents, including articles and books;
data, including statistics;
reference information, including dictionaries and encyclopaedias;
news;
weather forecasts;
projected sound, such as speeches and musical performances;
projected
video
and
video-with-sound,
including
television, video
conferencing and video-clips; and
interactive voice, such as telephone conversations and teleconferencing;
interactive video and video-with-sound, such as video-conferencing;
images, including structured graphics such as diagrams and musical scores, and
photographs;
entertainment, infotainment, edutainment and education via multi-media;
bookings and tickets for live events;
software, quite generally;
commerce in insurance;
commerce in money, including foreign currencies;
commerce in securities, and financial derivatives such as stock-based, interestrate-based and index-based options; and
commerce in commodities, and commodities derivatives such as futures.

QUESTIONS
1. Describe the advantages of E-commerce?
2. Explain various E-Commerce Concepts.
3. Narrate Electronic Commerce as Online Selling.
4. Explain applications of Intranet and Extranet in businesses.
5. Explain the differences between traditional and E-Business models.
6. Why do companies adopt EC models?
7. Explain various forces aiding E-Commerce.
8. Discuss in detail emerging role of E-commerce in business growth.
9. Describe E-Commerce Applications.
10. Explain the importance of E-Commerce Applications.
11. Write a detailed note on the status of electronic commerce in India.
12. Distinguish Electronic Commerce from traditional Business.
13. Explain the nature and characteristics of digital goods and services.
- End of Chapter Unit II
NETWORK INFRASTRUCTURE
The information superhighway has many transport systems and does not function as
a
single monolithic entity. The architecture is a mixture of several high speed ne
twork
transport systems like land based telephones, air based wireless, modern based P
Cs and
satellite based communications etc. For example an e-mail sent from Bangalore to
California may travel across different interconnected transport networks before
it
reaches California.
The players in this industry segments can be called as "information transport
providers". These include telecommunication companies that provide telephone lin
es
(DOT), cable companies that provide coaxial cables, satellite networks, wireless
networks, private networks like Compuserve, and public networks like the Interne
t.
The industry segment also includes hardware and software tools that provide inte
rface
between the various network options and the customer premises equipment (CPE). T
he
category of CPE includes TV set top boxes, computer based communication and
networking hardware (hubs, routers etc). Routers are devices that connect the Lo
cal
Area Networks (LAN) inside various organisations with the Wide Area Networks (WA
N)
of various network providers. The last 5 years has seen a tremendous growth in t
he
router business. Today this is a multi billion dollar industry dominated by Bay
networks,
3COM, Cisco etc.
Multimedia Content and Network Publishing Infrastructure
The development of World Wide Web (WWW) has thrown open the gates of Internet to
the common user, which was previously used in universities and defense labs. The
web
allows network publishing. It provides a mean to create product information (con
tent)
and to publish it in a network server. A whole new set of software for the web l
ike
HTML, Java has been created. The web has also triggered the growth of a new indu
stry
that creates tools called browsers to access and publish information. Major play
ers in
the browser industry are Netscape communications (Netscape communicator) and

Microsoft (Internet Explorer). The web has also created a new industry that deve
lops
multimedia applications in which most entertainment providers are jumping.
Messaging and Information Distribution Infrastructure
Once content has been created and stored on a server, messaging distribution met
hods
carry that content across the network. The messaging vehicle is called "middlewa
re
software" that sits between the web servers and the end user applications and ma
kes the
peculiarities of the environment. It also includes translators that interprets a
nd
transforms data formats.
Messaging vehicles provide ways for communicating unstructured as well as struct
ured
data. Unstructured messaging vehicles are Fax, E-mail etc. The success story of
Hotmail
stems from the fact that offering free messaging services will be | attractive a
nd helps to
develop a loyal customer base. But the free message market is cluttered today wi
th every
one offering such services. Providing value addition will be the only differenti
ator.
Structured documents messaging consist of the automated interchange of standardi
sed
and approved messages between computer applications via telephone lines (ex-EDI)
.
Purchase orders, shipping notices and invoices are example of structured documen
t
messaging.
For the purpose of E-commerce the existing messaging mechanisms must be extended
to incorporate reliable, unalterable message delivery that is not subject to rep
udiation,
to be able to acknowledge and give proof of delivery when required. The challeng
e in the
development of messaging software is to make it work across a variety of
communication devices (PCs, set-top boxes etc), interfaces (characters, graphics
) and
networks (satellite, cable, fibre optics, wireless and twisted pair).
Business Services Infrastructure
Doing business online had received attention for its potential as well as for su
ch
shortcomings as inadequate directories, inadequate online payment instruments an
d
inadequate security. The business services infrastructure attempts to address th
ese
shortcomings. The infrastructure includes the different methods for facilitating
online
buying and selling processes.
In order to enable online payment and ensure its safe delivery, the payment serv
ices
infrastructure needs to develop strong encryption and authentication methods. Th
e
development of catalogs, financial services and shopping mechanisms over the las
t two
years has greatly simplified online business. But the development of secure tran
sactions
and secure online payment instruments (such as digital cash, electronic checks)
will still
be a concern and this provides a market opportunity for many players.

Other Key Issues
Public Policy
Public policy related to E-commerce encompasses such issues as universal access,
privacy and information pricing. Information traffic policy issues deal with the
cost of
accessing information, regulation to protect consumers from fraud and to protect
their
right to privacy and the policing of global information traffic to detect inform
ation
piracy. But the issues themselves, let alone solutions are just now evolving and
will
become increasingly important as more people enter the electronic market place.
Techni cal Standards
Technical standards dictate the specifics of information publishing tools, user
interfaces,
and transport. Standards are essential to ensure compatibility across the networ
k. Many
organisations like the W3 consortium are working to establish the relevant techn
ical
standards.
Case Study: Microsoft
Microsoft is an excellent case study of a company that understands the importanc
e of
the various aspects of the E-commerce framework. All the acquisitions and partne
rships
undertaken by Microsoft are keeping in this view. Microsoft began the efforts by
establishing a key link to the Internet. When Microsoft decided to build the Mic
rosoft
Network (MSN), it bought at 20% stake in UUNET technologies, an Internet access
provider. This gave Microsoft access to a telecommunication infrastructure that
reaches
several million consumers. It also made Microsoft independent of any access prov
ider.
Microsoft then launched an intensive effort to build an attractive content base.
Microsoft decided to attract content away from other providers like America onli
ne
(AOL), CompuServe instead of building its own content. It developed a business m
odel
that allows each content provider (magazines, newspapers, TV networks) to set fe
es and
to retain 70% of the revenues and a 5% commission on goods sold on MSN. With thi
s
business model, it was able to garner support from content providers seeking mor
e
lucrative contracts. In terms of network servers, Microsoft has developed a web
server
called Internet Information System (IIS) that comes with Windows NT 4.0 operatin
g
systems.
Microsoft is active in messaging and information distribution, and is involved w
ith
various consortia and standards organisations that are developing standards for
such
distribution. It has also undertaken the route of M&A. It recently acquired Hotm
ail, a
popular free e-mail provider and is considering many more.
In the area of business service, Microsoft made a pre-emptive strike by trying t
o acquire
Intuit, the maker of the popular personal finance software, Quicken. Even though
its
attempt failed, Microsoft has built its own software called Microsoft is working
with
various application vendors, because it believes that applications will prolifer
ate, when
the E-commerce market expands. For instance Wall-Mart and Microsoft have made a
deal to provide online shopping services. Microsoft also realizes that in the ne
ar future,
the challenge lies not in technology but using it sell ideas and services to the
customer.
Intermediaries and E-Commerce
Intermediaries are economic agents that stand between the parties of a transacti
on
namely buyers and sellers and perform functions to the fulfillment of the transa
ction. As
an example we can consider firms in the financial service sector like banks, ins
urance
companies, brokers, agents, mediators etc. The following table lists a variety o
f online
intermediaries in E-commerce.
Many opportunities exist for online intermediaries who process and add value to
information along the transactional chain. Information based products range from
the
simple order taking to the highly sophisticated customised manufacturing. In a s
imple
case, customers can order flowers through the online intermediaries that divert
the
order to the regular boutique shops, (www.flowers.com). In more complex cases,
intermediaries create software that allows customers to view and choose cars by
computer, (www.autotown.com). This will then provide valuable data to the
manufacturers and inventory systems that control the production and distribution
of the
car.
In online retailing, intermediaries are doing well by packaging and selling info
rmation.
The online catalogue business is one of the most efficient and successful interm
ediationbased industries, for example, CUC International. Since such catalogue companies
carry
no physical stores, inventories and labour they are able to offer customer lower
prices
than those provided by the traditional retailers. Other online intermediaries li
ke brokers
(priceline), auctioneers (ebay), stock traders (e*trade) etc are also doing well
.
Types of E-Commerce
There are three distinct types of E-commerce applications:
Inter-organisational (Business-to-Business (B2B))
Intra-organisational (Within Business)
Business-to-Consumer (B2C)
Business-to-Business E-commerce
From the inter-organisational perspective E-commerce facilities the following bu
siness
applications:
1. Suppli er Management
Electronic applications help companies to tightly integrate with the suppliers a
nd
facilitate business partnerships by reducing the Purchase Ordering costs (Pos) a
nd cycle
times.
2. I nventory Management
Electronic applications shorten the order-ship-bill cycle. If all the business p
artners are
electronically linked, then information can be instantaneously transmitted. Busi
ness can
also track their documents to ensure they are received there by improving auditi
ng
capabilities. Electronic applications will also help in reducing inventory costs
, reducing
out-of-stock occurrences.
3. Distribution Management
Electronic applications facilitate the transmission of shipping documents such a
s bills of
lading, purchase orders, advanced shipment notices etc. and also can enable bett
er
resources management by ensuring the documents themselves to contain more data.
4. Channel Management
Electronic applications quickly disseminate information about changing operation
al
conditions to trading partners. Technical, product, and pricing information that
once
required repeated phone calls and labour hour could now be posted in electronic
bulletin boards. By electronically linking production related information with
distributor and reseller networks, companies can eliminate countless labour hour
s and
ensure accurate information sharing.
5. Payment Management
Electronic applications link companies with suppliers and distributors so that p
ayments
can be sent and received electronically. Electronic payment reduces clerical err
or,
increases the speed at which the companies compute their invoices and lower
transaction costs.
Intra-Organisational E-commerce
The purpose of intra-organisational applications is to help a company maintain t
he
relationships that are critical to delivering superior customer value by paying
close
attention to integrating various functions in the organisation. In this perspect
ive some
of the applications offered by E-commerce are,
1. Wor kgr oup Communications
These applications enable managers to communicate with their employees using e-m
ail,
video conferencing and bulletin boards. The goal is to use technology for knowle
dge
sharing, which will result in better-informed employees.
2. Electr onic Publishi ng
These applications improve the flow of information between the production and sa
les
force, and between the companies and the customers. By better integrating the sa
les
forces with other parts of the organisation, companies can have greater access t
o market
intelligence and competitor information, which can be funnelled into a better st
rategy.
Within intra-organisational commerce the largest area of growth has been in the
area of
"corporate Intranets". Intranets are primarily set up to publish and access corp
orate
information.
Business-to-Consumer (B2C) E-commerce
In electronically facilitated business-to-consumer transactions, customers learn
about
products through electronic publishing, buy products through electronic payments
and
have information related products delivered to them directly over the network. S
ome of
the B2C electronic applications are:
1. Soci al I nter action
Electronic applications enable consumers to communicate with each other through
email, news groups and video conferencing.
2. Per sonal Finance Management
Electronic applications help consumers manage their finance and investment decis
ions
through the use of online banking tools (ICCI bank s INFINITY a online banking t
ool
was created for the purpose of NRIs to conduct financial transactions with the b
ank
from their home).
3. Pur chasi ng products and I nfor mati on
Electronic applications help consumers to order products (both physical and
information related) and services from their home and pay through electronic
payments. It also helps them in finding information about existing and new produ
cts /
services. It provides the consumers with convenient shopping methods from online
catalogue ordering to phone banking. It also officers lower prices to the consum
ers
since many intermediaries are eliminated.
4. Global I nfor mation Di str i bution Networ ks
The Global Information Infrastructure (GII), still in the early stages of its de
velopment,
is already transforming our world. Over the next decade, advances on the GII wil
l affect
almost every aspect of daily life -- education, health care, and work and leisur
e activities.
Disparate populations, once separated by distance and time, will experience thes
e
changes as part of a global community.
No single force embodies our electronic transformation more than the evolving me
dium
known as the Internet. Once a tool reserved for scientific and academic exchange
, the
Internet has emerged as an appliance of every day life, accessible from almost e
very
point on the planet. Students across the world are discovering vast treasure tro
ves of
data via the World Wide Web. Doctors are utilizing tele-medicine to administer o
ff-site
diagnoses to patients in need. Citizens of many nations are finding additional o
utlets for
personal and political expression. The Internet is being used to reinvent govern
ment
and reshape our lives and our communities in the process. As the Internet empowe
rs
citizens and democratizes societies, it is also changing classic business and ec
onomic
paradigms. New models of commercial interaction are developing as businesses and
consumers participate in the electronic market place and reap the resultant bene
fits.
Entrepreneurs are able to start new businesses more easily, with smaller up-fron
t
investment requirements, by accessing the Internet s worldwide network of custom
ers.
Internet technology is having a profound effect on the global trade in services.
World
trade involving computer software, entertainment products (motion pictures, vide
os,
games, sound recordings), information services (databases, online newspapers),
technical information, product licenses, Financial services, and professional se
rvices
(businesses and technical consulting, accounting, architectural design, legal ad
vice,
travel services, etc.) has grown rapidly in the past decade, now accounting for
well over
$40 billion of U.S. exports alone.
An increasing share of these transactions occurs online. The GII has the potenti
al to
revolutionize commerce in these and other areas by dramatically lowering transac
tion
costs and facilitating new types of commercial transactions.
The Internet will also revolutionize retail and direct marketing. Consumers will
be able
to shop in their homes for a wide variety of products from manufacturers and ret
ailers
all over the world. They will be able to view these products on their computers
or
televisions, access information about the products, visualize the way the produc
ts may
fit together (constructing a room of furniture on their screen, for example), an
d order
and pay for their choice, all from their living rooms.
Commerce on the Internet could total tens of billions of dollars by the turn of
the
century. For this potential to be realized fully, governments must adopt a nonregulatory, market-oriented approach to electronic commerce, one that facilitate
s the
emergence of a transparent and predictable legal environment to support global
business and commerce. Official decision makers must respect the unique nature o
f the
medium and recognise that widespread competition and increased consumer choice
should be the defining features of the new digital marketplace.
Many businesses and consumers are still wary of conducting extensive business ov
er the
Internet because of the lack of a predictable legal environment governing transa
ctions.
This is particularly true for international commercial activity where concerns a
bout
enforcement of contracts, liability, intellectual property protection, privacy,
security and
other matters have caused businesses and consumers to be cautious.
As use of the Internet expands, many companies and Internet users are concerned
that
seme governments will impose extensive regulations on the Internet and electroni
c
commerce. Potential areas of problematic regulation include taxes and duties,
restrictions on the type of information transmitted, control over standards deve
lopment,
licensing requirements and rate regulation of service providers. Indeed, signs o
f these
types of commerce-inhibiting actions already are appearing in many nations. Preempting these harmful actions before they take root is a strong motivation for t
he
strategy outlined in this section.
Governments can have a profound effect on the growth of commerce on the Internet
. By
their actions, they can facilitate electronic trade or inhibit it. Knowing when
to act and
at least as important when not to act, will be crucial to the development of ele
ctronic
commerce. This report articulates the Administration s vision for the emergence
of the
GII as a vibrant global marketplace by suggesting a set of principles, presentin
g a series
of policies, and establishing a road map for international discussions and agree
ments to
facilitate the growth of commerce on the Internet.
The Government Policy Regarding Global E-commerce
The government policy on global EC includes the following five principles:
1. The pr i vate sector should lead
Though government played a role in financing the initial development of the Inte
rnet,
its expansion has been driven primarily by the private sector. For electronic co
mmerce
to flourish, the private sector must continue to lead. Innovation, expanded serv
ices,
broader participation, and lower prices will arise in a-market-driven area, not
in an
environment that operates as a regulated industry.
Accordingly, governments should encourage industry self-regulation wherever
appropriate and support the efforts of private sector organizations to develop
mechanisms to facilitate the successful operation of the Internet. Even where co
llective
agreements or standards are necessary, private entities should, where possible,
take the
lead in organizing them. Where government action or intergovernmental agreements
are necessary, on taxation for example, private sector participation should be a
formal
part of the policy making process.
2. Gover nments should avoi d undue r estr i cti ons on electr oni c commer ce
Parties should be able to enter into legitimate agreements to buy and sell produ
cts and
services across the Internet with minimal government involvement or intervention
.
Unnecessary regulation of commercial activities will distort development of the
electronic marketplace by decreasing the supply and raising the cost of products
and
services for consumers the world over. Business models must evolve rapidly to ke
ep
place with the break-neck speed of change in the technology; government attempts
to
regulate are likely to be outmoded by the time they are finally enacted, especia
lly to the
extent such regulations are technology-specific.
Accordingly, governments should refrain from imposing new and unnecessary
regulations, bureaucratic procedures, or taxes and tariffs on commercial activit
ies that
take place via the Internet.
3. Wher e governmental i nvolvement i s needed, i ts ai m should be to
suppor t and enforce a pr edictable, mi ni mali st, consistent and si mple legal
envi r onment for commer ce
In some areas, government agreements may prove necessary to facilitate electroni
c
commerce and protect consumers. In these cases, governments should establish a
predictable and simple legal environment based on a decentralized, contractual m
odel
of law rather than one based on top-down regulation. This may involve states as
well as
national governments. Where government intervention is necessary to facilitate
electronic commerce, its goal should be to ensure competition, protect intellect
ual
property and privacy, prevent fraud, faster transparency, support commercial
transactions, and facilitate dispute resolution.
4. Gover nments should r ecognize the uni que quali ties of the I nter net.
The genius and explosive success of the Internet can be attributed in part to it
s
decentralized nature and to its tradition of bottom-up governance. These same
characteristics pose significant logistical and technological challenges to exis
ting
regulatory models, and governments should tailor their policies accordingly.
Electronic commerce faces significant challenges where it intersects with existi
ng
regulatory schemes. We should not assume, for example, that the regulatory frame
works
established over the past sixty years for telecommunications, radio and televisi
on fit the
Internet. Regulation should be imposed only as a necessary means to achieve an
important goal on which there is a broad consensus. Existing laws and regulation
s that
may hinder electronic commerce should be reviewed and revised or eliminated to r
eflect
the needs of the new electronic age.
5. Electr oni c Commer ce over the I nternet should be faci litated on a global
basis.
The Internet is emerging as a global marketplace. The legal framework
;
supporting
commercial transactions on the Internet should be governed by consistent p
rinciples
across state, national, and international borders that lead to predictable resul
ts
regardless of the jurisdiction in which a particular buyer or seller resides.
E-Commerce Infrastructure
The requirement of E-Commerce Infrastructure is Performance. It should be fast a
nd
reliable. The bandwidth server capacity should be as per the company s requireme
nt. It
should be Scalable. It should have Redundant Connection to the internet; it shou
ld
contain Farm of web-servers with mirrored content for load-balancing. It should
also
have Farm of databases Load balancing for firewalls and web/database servers for
flexible management. The infrastructure services, resources and protocols should
be
monitored. There must be a centralized security management for Maintainability.
It
should have Self repairing procedures and Emergency procedures. Intrusion detect
ion
must be done. The website must have Global presence so that users can be redirec
ted
based on site load and network proximity of clients. There must be few centers i
n
various countries. Cashing techniques should be adopted to improve performance a
nd
response time.
Virtual LAN
Virtual LAN (VLAN) is a collection of workstations grouped by logic instead of
geography. VLAN technology solves the problem of broadcast floods m switching
network by segmenting it into smaller domains. Routers interconnect VLANs and fi
lter
out unnecessary broadcasts between them. Inter V-LAN communication can be
controlled by access lists and traffic filters. There are 3 types of VLANs
1. Segment or port-based (Layer 1 VLAN). It consists of group of LAN segments
2. Medium Access Control (MAC) - based (Layer 2 VLAN). It consists of group of
MAC addresses.
3. Protocol and subnet-based (layer 3 VLAN). It consists of protocol and sub
networks.
Firewalls
A firewall is a system designed to prevent unauthorized access to, or from, an s
ecure
network. It is a hardware and software connecting 2 networks. It mediates all tr
affic
between the internal and external nets. Firewall should be at the entry point of
the
networked system it protects. Firewall is simple, reliable, configurable, manage
able and
self healing system. Firewall must be positioned to control all incoming and out
going
traffic. Firewall types are Packet Filtering, Circuit Level Gateway, Application
Level,
Gateway, Stateful Inspection Gateways.
Firewall components are Proxies, VPN, NAT. Firewall also allows to enforce compa
ny s
written security policy, to Log events and act as a locked door between internal
and
external network. Firewall consists of choke and gate. Choke - forces all commun
ication
between the inside and outside network to take place through the gate. Gate enfo
rces
security, authentication and sanitizing of data. Firewall Policy must support wi
thout
internal client modifications: telnet, FTP, e-mail (SMTP out POP3 in), HTTP, HTT
PS,
NNTP, IRC, RealAudio, Firewall should prevent ping and trace-route from outside.
VPN
tunneling should not be allowed through a firewall. Secure remote administration
should be allowed. Firewall must prevent IP spoofing attempts. The firewall need
s
logging and reporting mechanisms
Security Policy
Security Policy is a set of rules that collectively determines an organization s
security
posture. Example of a Simple Security Policy is like allowing anyone to get to W
eb server
and FTP server or allowing internal hosts to go anywhere and deny everything els
e.
Security Policy is translated into a collection of individual rules. The inspect
ion engine
inspects packets by accessing its rule base. If packets do not pass inspection,
they are
rejected or dropped, according to the base rule. Security Policy Workflow is to
decide on
what kind of services / sessions are allowed and what type of user s permissions
and
authentication methods. And also define the Objects used in the security policy.
List of
rules representing the security policy must be crested. Individual rules should
be
defined. Rules for firewall should be installed and monitored. Security Rules sh
ould look
into where the communication is coming from, where the communication is going to
,
what kind of communication it is, what to do with the communication and during w
hat
time can this action take place and should log the alert.
Disk Storage
The different types of storage are DAS (Direct Attached Storage), BAS (Bus Attac
hed
Storage), NAS (Network Attached Storage) and SAN (Storage Area Network). DAS is
typically less expensive than other servers. The File System data transfer proto
cols are
NFS, CIFS. It is good for small and mid-size networks. Storage is connected dire
ctly to
the LAN via a LAN interface. SAN shares large amount of data. It is used in data
intensive applications with High bandwidth, low latency. It has guaranteed relia
bility
and availability. It connects storage devices into a storage pool. It is based o
f Fibre
Channel Technology (ANSI X3T11) it can connect up to 126 devices; up to 10 km. I
t
needs FC host bus adapters, hubs, switches and SCSI to FC bridges.
Infrastructure cost
Estimating the cost of e-business infrastructure is a key step toward a quantita
tive
analysis of ROI (Return of Investment) and SLAs (Service Level Agreements). The
Cost
model includes Development cost like software, modifications and Capital equipme
nt
like servers, disks, LANs, routers, switches, firewalls Network cost: which incl
udes
Internet connection and Operational costs like 24x7 personnel, facilities, netwo
rk
operations and maintenance, heating, air conditioning, building rent.
ONLINE BANKING
Online banking is one of the fastest growing online service industries, either a
s an
extension of services from traditional bank or as a purely online entity. Banks
such as
Wells Fargo and Bank of America offer online banking and services such as e-wall
ets.
Internet only banks offer convenience and lower rates to their customers. Howeve
r
customers still like to know where physical branch is located. The hybrid bank m
odel is
most successful.
Electronic Checks
E-checks enable consumers to pay on credit over public networks. E-checks are ve
ry
similar to traditional checks. It has the Name of payer, Name of payer s financi
al
institution, Payer s account number, Name of the payee, Amount to be paid. E-che
ck is
treated as the request to the sender s bank to transfer money. E-check is digita
lly signed
and endorsed by the payer and payee. Signature cannot be forged. To use e-check
you
must register with a third - party account server, which enables you to purchase
goods
and services. To purchase an item you send a check (digitally signed) with appro
priate
amount to the merchant (via email, Web, etc). The merchant digitally signs the c
heck to
endorse it. The merchant deposits the check; the check is cleared, the amount is
transferred from your account to the merchant s account. The standard used in ECheck
is IOTP - Internet Open Trading Protocol. The Internet Open Trading Protocol pro
vides
a data exchange format for trading purposes while integrating existing pure paym
ent
protocols seamlessly. This motivates the multiple layered system architecture wh
ich
consists of at least some generic IOTP application core and multiple specific pa
yment
modules. It might be improper to refer to IOTP as a payment protocol, since it a
ttempts
to capture the entire online shopping cycle.
Financial EDI
Financial Electronic Data Interchange (FEDI) is defined for the purpose of payme
nt and
refers to the co-existence Electronic Data Interchange (EDI) and Electronic Fund
s
Transfer (EFT). EDI is a universal data format of business documents to facilita
te the
exchange of digital documents between applications, usually residing in differen
t
enterprises. Two standards in EDI are United Nations EDIFACT (elsewhere outside
of
North America). American National Standards Institute ANSI X.12 (US & Canada).
These standards define the structure of hundreds of business document and their
associated business rules. In Financial EDI Development of standards is coordina
ted by
ANSI. A group of standards, called X.12, covers invoicing, order placing, paymen
t,
shipping. X.12 is implemented as one system. X.12 is not design to support inter
national
trade. It is focused on activities in the USA. Global (international) cross indu
stry trade is
using UN/ EDIFACT: EDI for Administration, Commerce and Transport. Both X. 12 an
d
EDIFACT are hierarchical in structure. There are 2 major systems for conducting
fund
transfers. The first is Wire transfers (SWIFT), designed for moving large dollar
amounts
in single payment. The next is Automated Clearing House (ACH), designed as an
alternative to checks; checks replaced by electronic notification.
Electronic Funds Transfer
Electronic Funds Transfer (EFT) refers to ACH which is a data format used betwee
n
financial institutions and the Federal Reserve to initiate debits and credits. F
inancial
Institutions use the ACH standard to digitally transfer funds between each other
.
Electronic Bill Presentment and Payment
EBPP consists of bill creation and presentment, bill distribution, delivery, pay
ment and
tracking. The procedures involved are, Bill consolidation where many billers sen
d bills
to one consolidator and consumer connects with one place to pay all bills. The n
ext is
B2C billing most EBPP systems are focused on B2C market. Here email notification
is
made for new bills. Clients can setup their default payment profiles. In B2B bil
ling
payments typically involve significant amount of money. Electronic Invoice Prese
ntment
and Payment is also done. This is a Process by which companies present invoices
and
make payments to one another through the Internet.
QUESTIONS
1) Explain Network Infrastructure.
2) Comment on the Business Services Infrastructure available in India?
3) Explain Intermediaries in E-Commerce.
4) Explain the various types of E-Commerce.
5) Briefly explain the terms multimedia content and network publishing
infrastructure .
6) Discuss in detail the Global Information Distribution Networks.
7) Discuss the government policy regarding Global E-commerce.
- End of Chapter UNIT III
PUBLIC POLICY ISSUES
This section covers Legal, Ethical, and Other Public Policy Issues to EC. The op
ening
vignettes illustrate two legal issues related to EC. The first one deals with th
e validity of
contracts related to software purchase and distribution. This issue is especiall
y
important since software is a digitized product and its sales online are growing
rapidly.
In addition to contract validity, this vignette is related to the issue of intel
lectual
property and software piracy. The second vignette deals with the issue of unethi
cal
distribution of software, which is related to intellectual property and software
piracy.
Electronic commerce is so new that the legal, ethical, and other public policy i
ssues that
are necessary for EC s existence are still evolving. The second vignette illustr
ates a legal
loophole that was fixed only after the incident occurred. Yet, such issues are e
xtremely
important to the success of EC as they encompass one of the major pillars that s
upport
EC applications. As a matter of fact, most of the surveys that attempt to find t
he
inhibitors of EC consistently place legal and related public policy issues at th
e top of the
list.
Legal and Ethical Issues: An Overview
The implementation of EC involves many legal issues. These can be classified in
several
ways. We have segregated the EC-related legal issues in this chapter to include:
1. Privacy
This issue is becoming the most important issue for consumers. And indeed, priva
cy
statements can be found today in most large EC-related Web sites. Compliance wit
h the
Privacy Act of 1974 and its extensions are not simple, since the line between le
gal
definitions and ethics is not always clear.
2. Intellectual property
Protecting intellectual property on the Web is very difficult since it is easy a
nd
inexpensive to copy and disseminate digitized information. Furthermore, it is ve
ry
difficult to monitor who is using intellectual property and how. Copyright, trad
emarks,
and other intellectual property issues are defined by federal legislation.
3. Free speech
The Internet provides the largest opportunity for free speech that has ever exis
ted. Yet,
this freedom may offend some people and may collide with the Indecency Act. Agai
n,
the line is not always clear between what is illegal and what is unethical.
4. Taxation
At the present time, it is illegal to impose new sales taxes on Internet busines
s. A
possible collision between federal and state legislation is possible, as well as
between tax
laws of different countries.
5. Consumer protection
Many legal issues that deal with consumer protection, ranging from misrepresenta
tion
to different kinds of fraud, are related to electronic trade.
6. Other legal issues
Several other EC legal issues exist, including topics such as validity of contra
cts,
jurisdiction over trades, encryption policies, and Internet gambling.
Legal issues versus ethics
In theory, one can distinguish between legal issues and ethical issues. If you d
o
something that is not legal, you are breaking the law. If you do something uneth
ical, you
may not be breaking the law. Obviously, many illegal acts are unethical as well.
The
problem is that, in information technology (IT), it is not always clear with sev
eral topics
that under most circumstances are both illegal and unethical. Before we explore
these
issues, let us examine the meaning of ethics.
ETHICAL ISSUES
Ethics is a branch of philosophy that deals with what is considered to be right
and
wrong. Over the years, philosophers have proposed many ethical guidelines, yet w
hat is
unethical is not necessarily illegal. Thus, in many instances, an individual fac
ed with an
ethical decision is not considering whether or not to break the law. In today s
complex
environment, the definitions of right and wrong are not always clear. Consider t
he
following scenarios:
- A company developed profiles of potential customers from information collected
with
cookies and questionnaires and sold the list to advertisers. Some of the profile
s were
inaccurate; consequently, people received numerous pieces of inappropriate e-mai
l.
- Management allowed employees to use the Web for limited personal uses then
monitored usage without employee s knowledge.
- The president of a software development company marketed online a tax advice
program, knowing it had bugs. As a result, some users filed incorrect tax return
s and
were penalised by the IRS.
Whether these actions are considered unethical depends on the organisation, coun
try,
and the specific circumstances surrounding the scenarios.
The spread of EC has created many new ethical situations. For example, the issue
of a
company monitoring e-mail is very controversial (47 percent of the readers of
information week believe companies have the right to do so, 53 percent disagree)
.
Obviously, there are major differences among companies and individuals with resp
ect to
what is right and wrong.
There are also differences regarding ethics among different countries. What is u
nethical
in one culture may be perfectly acceptable in another. Many Western countries, f
or
example, have a much higher concern for individuals and their rights to privacy
than
some Asian countries. In Asia, more emphasis is, in general, placed on the benef
its to
society rather than on the rights of individuals. Some countries, like Sweden an
d
Canada, have very strict privacy laws; others have none. For example, in 1997, I
taly,
Belgium, Spain, Portugal, and Greece had minimal legislation protecting and indi
viduals
right to control personal data in governmental or commercial databases. This obs
tructs
the flow of information among countries in the European community. To overcome t
his
problem, in 1998, the European Community Commission issued guidelines to all its
member countries regarding the rights of individuals to access information about
them
and to correct errors. Many companies and professional organisations develop the
ir own
codes of ethics, a collection of principles intended as a guide for its members.
The diversity of EC applications and the increased use of technology have create
d new
ethical issues, as illustrated thought this text. An attempt to organise IT ethi
cal issues
into a framework was undertaken by Mason (1986) and Mason et al. (1995), who
categorised ethical issues into privacy, accuracy, property, and accessibility.
Privacy - collection, storage, and dissemination of information about individual
s.
Accuracy - authenticity, fidelity, and accuracy of information collected and pro
cessed.
Property - ownership and value of information and intellectual property.
Accessibility - right to access information and payment of fees to access it.

Mason et al. (1995) also developed a model for ethical reasoning that shows the
process
that leads to ethical judgement when an individual is faced with an ethical issu
e.
Legal and ethical issues are important for the success of EC, Two organisations
that are
active in this area are the Organisation for Economic Cooperative and Developmen
t
(www.oecd.org) and CommerceNet (www.commerce.net).
Issues in EC
This section covers nine areas where international agreements are needed to pres
erve
the Internet as a non-regulatory medium, one in which competition and consumer
choice will shape the marketplace. Although there are significant areas of overl
ap, these
items can be divided into three main subgroups: financial issues, legal issues,
and
market access issues.
Financial Issues
Customs and taxation
Electronic payments
Legal Issues
Uniform Commercial Code for electronic commerce
Intellectual property protection
Privacy
Security
Market Access Issues
Telecommunications infrastructure and information technology
Content
Technical standards
I. FINANCIAL ISSUES
1. Customs and Taxation
For over 50 years, nations have negotiated tariff reductions because they have
recognized that the economies and citizens of all nations benefit from free trad
e. Given
this recognition, and because the Internet is truly a global medium, it makes li
ttle sense
to introduce tariffs on goods and services delivered over the Internet.
Further, the Internet lacks the clear and fixed geographic lines of transit that
historically
have characterized the physical trade of goods. Thus, while it remains possible
to
administer tariffs for products ordered over the Internet but ultimately deliver
ed via
surface or air transport, the structure of the Internet makes it difficult to do
so when the
product or service is delivered electronically.
Nevertheless, many nations are looking for new sources of revenue, and may seek
to levy
tariffs on global electronic commerce.
Therefore, the United States will advocate in the World Trade Organization (WTO)
and
other appropriate international forums that the Internet be declared a tariff-fr
ee
environment whenever it is used to deliver products or services. This principle
should be
established quickly before nations impose tariffs and before vested interests fo
rm to
protect those tariffs.
In addition, the government believes that no new taxes should be imposed on Inte
rnet
commerce. The taxation of commerce conducted over the Internet should be consist
ent
with the established principles of international taxation, should avoid inconsis
tent
national tax jurisdictions and double taxation, and should be simple to administ
er and
easy to understand.
Any taxation of Internet sales should follow these principles:
It should neither distort nor hinder commerce. No tax system should discriminate
among types of commerce, nor should it create incentives that will change the na
ture or
location of transactions.
The system should be simple and transparent. It should be capable of capturing t
he
overwhelming majority of appropriate revenues, be easy to implement, and minimiz
e
burdensome record keeping and costs for all parties.
The system should be able to accommodate tax systems used by the United States a
nd
our international partners today.
Wherever feasible, we should look to existing taxation concepts and principles t
o
achieve these goals. Any such taxation system will have to accomplish these goal
s in the
context of the Internet s special characteristics -- the potential anonymity of
buyer and
seller, the capacity for multiple small transactions, and the difficulty of asso
ciating
online activities with physically defined locations.
To achieve global consensus on this approach, the United States, through the Tre
asury
Department, is participating in discussions on the taxation of electronic commer
ce
through the Organization for Economic Cooperation and Development (OECD), the
primary forum for cooperation in international taxation.
The Administration is also concerned about possible moves by state and local tax
authorities to target electronic commerce and Internet access. The uncertainties
associated with such taxes and the inconsistencies among them could stifle the
development of Internet commerce.
The Administration believes that the same broad principles applicable to interna
tional
taxation, such as not hindering the growth of electronic commerce and neutrality
between conventional and electronic commerce, should be applied to sub federal
taxation. No new taxes should be applied to electronic commerce, and states shou
ld
coordinate their allocation of income derived from electronic commerce. Of cours
e,
implementation of these principles may differ at the sub federal level where ind
irect
taxation plays a larger role.
Before any further action is taken, states and local governments should cooperat
e to
develop a uniform, simple approach to the taxation of electronic commerce, based
on
existing principles of taxation where feasible.
2. Electr oni c Payment Systems
New technology has made it possible to pay for goods and services over the Inter
net.
Some of the methods would link existing electronic banking and payment systems,
including credit and debit card networks, with new retail interfaces via the Int
ernet.
Electronic money, based on stored-value, smart card, or other technologies, is a
lso
under development. Substantial private sector investment and competition is spur
ring
an intense period of innovation that should benefit consumers and businesses wis
hing
to engage in global electronic commerce.
At this early stage in the development of electronic payment systems, the commer
cial
and technological environment is changing rapidly. It would be hard to develop p
olicy
that is both timely and appropriate. For these reasons, inflexible and highly pr
escriptive
regulations and rules are inappropriate and potentially harmful. Rather, in the
near
term, case-by-case monitoring of electronic payment experiments is preferred.
From a longer term perspective, however, the marketplace and industry self-regul
ation
alone may not fully address all issues. For example, government action may be
necessary to ensure the safety and soundness of electronic payment systems, to p
rotect
consumers, or to respond to important law enforcement objectives.
The United States, through the Department of the Treasury, is working with other
governments in international forums to study the global implications of emerging
electronic payment systems. A number of organizations are already working on
important aspects of -electronic banking and payments. Their analyses will contr
ibute to
a better understanding of how electronic payment systems will affect global comm
erce
and banking.
The Economic Communiqu issued at the Lyon Summit by the G-7 Heads of State called
for a cooperative study of the implications of new, sophisticated retail electro
nic
payment systems. In response, the G-10 deputies formed a Working Party, with
representation from finance ministries and central banks (in consultation with l
aw
enforcement authorities). The Working Party is chaired by a representative from
the
U.S. Treasury Department, and tasked to produce a report that identifies common
policy objectives among the G-10 countries and analyzes the national approaches
to
electronic commerce taken to date.
As electronic payment systems develop, governments should work closely with the
private sector to inform policy development, and ensure that governmental activi
ties
flexibly accommodate the needs of the emerging marketplace.
II. LEGAL ISSUES
1. Unifor m Commer ci al Code for Electr oni c Commer ce
In general, parties should be able to do business with each other on the Interne
t under
whatever terms and conditions they agree upon.
Private enterprise and free markets have typically flourished, however, where th
ere are
predictable and widely accepted legal environments supporting commercial
transactions. To encourage electronic commerce, the U.S. government should suppo
rt
the development of both a domestic and global uniform commercial legal framework
that recognizes, facilitates, and enforces electronic transactions worldwide. Fu

lly
informed buyers and sellers could voluntarily agree to form a contract subject t
o this
uniform legal framework, just as parties currently choose the body of law that w
ill be
used to interpret their contract.
Participants in the marketplace should define and articulate most of the rules t
hat will
govern electronic commerce. To enable private entities to perform this task and
to fulfill
their roles adequately, governments should encourage the development of simple a
nd
predictable domestic and international rules and norms that will serve as the le
gal
foundation for commercial activities in cyberspace.
In the United States, every state government has adopted the Uniform Commercial
Code
(UCC), a codification of substantial portions of commercial law. The National
Conference of Commissioners of Uniform State Law (NCCUSL) and the American Law
Institute, domestic sponsors of the UCC, already are working to adapt the UCC to
cyberspace. Private sector organizations, including the American Bar Association
(ABA)
along with other interest groups, are participants in this process. Work is also
ongoing
on a proposed electronic contracting and records act for transactions not covere
d by the
UCC. The Administration supports the prompt consideration of these proposals, an
d the
adoption of uniform legislation by all states. Of course, any such legislation w
ill be
designed to accommodate ongoing and possible future global initiatives.
Internationally, the United Nations Commission on International Trade Law
(UNCITRAL) has completed work on a model law that supports the commercial use of
international contracts in electronic commerce. This model law establishes rules
and
norms that validate and recognize contracts formed through electronic means, set
s
default rules for contract formation and governance of electronic contract perfo
rmance,
defines the characteristics of a valid electronic writing and an original docume
nt,
provides for the acceptability of electronic signatures for legal and commercial
purposes,
and supports the admission of computer evidence in courts and arbitration procee
dings.
The United States Government supports the adoption of principles along these lin
es by
all nations as a start to defining an international set of uniform commercial pr
inciples
for electronic commerce. We urge UNCITRAL, other appropriate international bodie
s,
bar associations, and other private sector groups to continue their work in this
area.
The following principles should, to the extent possible, guide the drafting of r
ules
governing global electronic commerce:
Parties should be free to order the contractual relationship between them as the
y see
fit;
Rules should be technology-neutral (i.e., the rules should neither require nor a
ssume a
particular technology) and forward looking (i.e., the rules should not hinder th
e use or
development of technologies in the future);
Existing rules should be modified and new rules should be adopted only as necess
ary
or substantially desirable to support the use of electronic technologies; and
The process should involve the high-tech commercial sector as well as businesses
that
have not yet moved online.
With these principles in mind, UNCITRAL, UNIDROIT, and the International Chamber
of Commerce (ICC), and others should develop additional model provisions and
uniform fundamental principles designed to eliminate administrative and regulato
ry
barriers and to facilitate electronic commerce by:
encouraging governmental recognition, acceptance and facilitation of electronic
communications (i.e., contracts, notarized documents, etc.
encouraging consistent international rules to support the acceptance of electron
ic
signatures and other authentication procedures; and
promoting the development of adequate, efficient, and effective alternate disput
e
resolution mechanisms for global commercial transactions.
The expansion of global electronic commerce also depends upon the participants,
ability
to achieve a reasonable degree of certainty regarding their exposure to liabilit
y for any
damage or injury that might result from their actions. Inconsistent local tort l
aws,
coupled with uncertainties regarding jurisdiction, could substantially increase
litigation
and create unnecessary costs that ultimately will be borne by consumers. The U.S
.
should work closely with other nations to clarify applicable jurisdictional rule
s and to
generally favor and enforce contract provisions that allow parties to select sub
stantive
rules governing liability.
Finally, the development of global electronic commerce provides an opportunity t
o
create legal rules that allow business and consumers to take advantage of new
technology to streamline and automate functions now accomplished manually. For
example, consideration should be given to establishing electronic registries.
The Departments of Commerce and State will continue to organize U.S. participati
on in
these areas with a goal of achieving substantive international agreement on mode
l law
within the next two years. NCCUSL and the American Law Institute, working with t
he
American Bar Association and other interested groups, are urged to continue thei
r work
to develop complementary domestic and international efforts.
2. I ntellectual Proper ty Pr otecti on
Commerce on the Internet often will involve the sale and licensing of intellectu
al
property. To promote this commerce, sellers must know that their intellectual pr
operty
will not be stolen and buyers must know that they are obtaining authentic produc
ts.
International agreements that establish clear and effective copyright, patent, a

nd
trademark protection are therefore necessary to prevent piracy and fraud. While
technology, such as encryption, can help combat piracy, an adequate and effectiv
e legal
framework also is necessary to deter fraud and the theft of intellectual propert
y, and to
provide effective legal recourse when these crimes occur. Increased public educa
tion
about intellectual property in the information age will also contribute to the s
uccessful
implementation and growth of the GII
Copyrights
There are several treaties that establish international norms for the protection
of
copyrights, most notably the Berne Convention for the Protection of Literary and
Artistic Works. These treaties link nearly all major trading nations and provide
them
with a means of protecting, under their own laws, each other s copyrighted works
and
sound recordings.
In December 1996, the World Intellectual Property Organization (WIPO) updated th
e
Berne Convention and provided new protection for performers and producers of sou
nd
recordings by adopting two new treaties. The two treaties -- the WIPO Copyright
Treaty
and the WIPO Performances and Phonograms Treaty -- will greatly facilitate the
commercial applications of online digital communications over the GII.
Both treaties include provisions relating to technological protection, copyright
management information, and the right of communication to the public, all of whi
ch are
indispensable for an efficient exercise of rights in the digital environment. Th
e U.S.
Government recognizes private sector efforts to develop international and domest
ic
standards in these areas. The Administration understands the sensitivities assoc
iated
with copyright management information and technological protection measures, and
is
working to tailor implementing legislation accordingly.
Both treaties also contain provisions that permit nations to provide for excepti
ons to
rights in certain cases that do not conflict with a normal exploitation of the w
ork and do
not unreasonably prejudice the legitimate interests of the author (e.g., "fair u
se"). These
provisions permit members to carry forward and appropriately extend into the dig
ital
environment limitations and exceptions in their national laws which have been
considered acceptable under the Berne Convention. These provisions permit member
s
to devise new exceptions and limitations that are appropriate in the digital net
work
environment, but neither reduce nor extend the scope of applicability of the lim
itations
and exceptions permitted by the Berne Convention.
The Administration is drafting legislation to implement the new WIPO treaties, a
nd
looks forward to working with the Senate on their ratification.
The two new WIPO treaties do not address issues of online service provider liabi
lity,
leaving them to be determined by domestic legislation. The Administration looks
forward to working with Congress as these issues are addressed and supports effo
rts to
achieve an equitable and balanced solution that is agreeable to interested parti
es and
consistent with international copyright obligations.
The adoption of the two new WIPO treaties represents the attainment of one of th
e
Administration s significant intellectual property objectives. The U.S. Governme
nt will
continue to work for appropriate copyright protection for works disseminated
electronically. The Administrations copyright-related objectives will include:
encouraging countries to fully and immediately implement the obligations contain
ed
in the Agreement on Trade-Related Aspects of Intellectual Property (TRIPS);
seeking immediate U.S. ratification and deposit of the instruments of accession
to the
two new WIPO treaties and implementation of the obligations in these treaties in
a
balanced and appropriate way as soon as possible;
encouraging other countries to join the two new WIPO treaties and to implement f
ully
the treaty obligations as soon as possible; and
ensuring that U.S. trading partners establish laws and regulations that provide
adequate and effective protection for copyrighted works, including motion pictur
es,
computer software, and sound recordings, disseminated via the GII, and that thes
e laws
and regulations are fully implemented and actively enforced.
The United States will pursue these international objectives through bilateral
discussions and multilateral discussions at WIPO and other appropriate forums an
d will
encourage private sector participation in these discussions.
Sui Generis Protection of Databases
The December 1996 WIPO Conference in Geneva did not take up a proposed treaty to
protect the non-original elements of databases. Instead, the Conference called f
or a
meeting, subsequently held, to discuss preliminary steps to study proposals to e
stablish
sui generis database protection.
Based on the brief discussion of sui generis database protection that took place
before
and during the Diplomatic Conference, it is clear that more discussion of the ne
ed for
and the nature of such protection is necessary domestically and internationally.
The Administration will seek additional input from, among others, the scientific
, library,
and academic communities and the commercial sector, in order to develop U.S. pol
icy
with respect to sui generis database protection.
Patents
Development of the GII will both depend upon and stimulate innovation in many fi
elds
of technology, including computer software, computer hardware, and
telecommunications. An effectively functioning patent system that encourages and
protects patentable innovations in these fields is important for the overall suc
cess of
commerce over the Internet. Consistent with this objective, the U.S. Patent and
Trademark Office (PTO) will (1) significantly enhance its collaboration with the
private
sector to assemble a larger, more complete collection of prior art (both patent
and nonpatent publications), and provide its patent examiners better access to prior ar
t in Gilrelated technologies; (2) train its patent examiners in GII related technologies
to raise
and maintain their level of technical expertise; and (3) support legislative pro
posals for
early publication of pending patent applications, particularly in areas involvin
g fast
moving technology.
To create a reliable environment for electronic commerce, patent agreements shou
ld:
prohibit member countries from authorizing parties to exploit patented invention
s
related to the Gil without the patent owner s authority (i.e., disapproval of co
mpulsory
licensing of Gil-related technology except to remedy a practice determined after
judicial
or administrative process to be anti-competitive);
require member countries to provide adequate and effective protection for patent
able
subject matter important to the development and success of the GII; and
establish international standards for determining the validity of a patent claim
.
The United States will pursue these objectives internationally. Officials of the
European,
Japanese, and United States Patent Officers meet, for example, each year to foste
r
cooperation on patent-related issues. The United States will recommend at the ne
xt
meeting that a special committee be established within the next year to make
recommendations on Gil-related patent issues.
In a separate venue, one hundred countries and international intergovernmental
organizations participate as members of WIPO s permanent committee on industrial
property information (PCIPI). The United States will attempt to establish a work
ing
group of this organization to address GH-related patent issues.
Trademark and Domain Names
Trademark rights are national in scope and conflicts may arise where the same or
similar trademarks for similar goods or services are owned by different parties
in
different countries. Countries may also apply different standards for determinin
g
infringement.
Conflicts have arisen on the Gil where third parties have registered Internet do
main
names that are the same as, or similar to, registered or common law trademarks.
An
Internet domain name functions as a source identifier on the Internet. Ordinaril
y,
source identifiers, like addresses, are not protected intellectual property (i.e
., a
trademark) per se. The use of domain names as source identifiers has burgeoned,
however, and courts have begun to attribute intellectual property rights to them
, while
recognizing that misuse of a domain name could significantly infringe, dilute, a
nd
weaken valuable trademark rights.

To date, conflicts between trademark rights and domain names have been resolved
through negotiations and/or litigation. It may be possible to create a contractu
ally based
self-regulatory regime that deals with potential conflicts between domain name u
sage
and trademark laws on a global basis without the need to litigate. This could cr
eate a
more stable business environment on the Internet. Accordingly, the United States
will
support efforts already underway to create domestic and international forums for
discussion of Internet-related trademark issues. The Administration also plans t
o seek
public input on the resolution of trademark disputes in the context of domain na
mes.
Governance of the domain name system (DNS) raises other important issues unrelat
ed
to intellectual property. The Administration supports private efforts to address
Internet
governance issues including those related to domain names and has formed an
interagency working group under the leadership of the Department of Commerce to
study DNS issues. The working group will review various DNS proposals, consultin
g
with interested private sector, consumer, professional, congressional and state
government and international groups. The group will consider, in light of public
input,
(1) what contribution government might make, if any, to the development of a glo
bal
competitive, market-based system to register Internet domain names, and (2) how
best
to foster bottom-up governance of the Internet.
3. Pr i vacy
Americans treasure privacy, linking it to our concept of personal freedom and we
llbeing. Unfortunately, the GIIs great promise - that it facilitates the collection
, re-use,
and instantaneous transmission of information - can, if not managed carefully, d
iminish
personal privacy. It is essential, therefore, to assure personal privacy in the
networked
environment if people are to feel comfortable doing business.
At the same time, fundamental and cherished principles like the First Amendment,
which is an important hallmark of American democracy, protect the free flow of
information. Commerce on the GII will thrive only if the privacy rights of indiv
iduals are
balanced with the benefits associated with the free flow of information.
In June of 1995, the Privacy Working Group of the United States government
Information Infrastructure Task Force (IITF) issued a report entitled, PRIVACY A
ND
THE NATIONAL INFORMATION INFRASTRUCTURE: Principles for Providing and
Using Personal Information. The report recommends a set of principles (the "Priv
acy
Principles") to govern the collection, processing, storage, and re-use of person
al data in
the information age.
These Privacy Principles, which build on the Organization for Economic Cooperati
on
and Development s GUIDELINES GOVERNING THE PROTECTION OF PRIVACY AND
TRANSBORDER DATA FLOW OF PERSONAL DATA and incorporate principles of fair
information practices, rest on the fundamental precepts of awareness and choice:
Data-gatherers should inform consumers what information they are collecting, and
how they intend to use such data; and
Data-gatherers should provide consumers with a meaningful way to limit use and r
euse of personal information.
Disclosure by data-gatherers is designed to stimulate market resolution of priva
cy
concerns by empowering individuals to obtain relevant knowledge about why
information is being collected, what the information will be used for, what step
s will be
taken to protect that information, the consequences of providing or withholding
information, and any rights of redress that they may have. Such disclosure will
enable
consumers to make better judgments about the levels of privacy available and the
ir
willingness to participate.
In addition, the Privacy Principles identify three values to govern the way in w
hich
personal information is acquired, disclosed and used online -- information priva
cy,
information integrity, and information quality. First, an individual s reasonabl
e
expectation of privacy regarding access to and use of, his or her personal infor
mation
should be assured. Second, personal information should not be improperly altered
or
destroyed. And, third, personal information should be accurate, timely, complete
, and
relevant for the purposes for which it is provided and used.
Under these principles, consumers are entitled to redress if they are harmed by
improper use or disclosure of personal information or if decisions are based on
inaccurate, outdated, incomplete, or irrelevant personal information.
In April, 1997, the Information Policy Committee of the IITF issued a draft pape
r
entitled Options for Promoting Privacy on the National Information Infrastructur
e. The
paper surveys information practices in the United States and solicits public com
ment on
the best way to implement the Privacy Principles. The IITF goal is to find a way
to
balance the competing values of personal privacy and the free flow of informatio
n in a
digital democratic society.
Meanwhile, other federal agencies have studied privacy issues in the context of
specific
industry sectors. In October 1995, for example, the National Telecommunications
and
Information Administration (NTIA) issued a report entitled Privacy and the Nil:
Safeguarding Telecommunications-Related Personal Information. It explores the
application of the Privacy Principles in the context of telecommunications and o
nline
services and advocates a voluntary framework based on notice and consent. On Jan
uary
6, 1997, the FTC issued a staff report entitled Public Workshop on Consumer Priv
acy on
the Global Information Infrastructure. The report, which focuses on the direct
marketing and advertising industries, concludes that notice, choice, security, a
nd access
are recognized as necessary elements of fair information practices online. In Ju
ne of
1997, the FTC held four days of hearings on technology tools and industry selfregulation regimes designed to enhance personal privacy on the Internet.
The Administration supports private sector efforts now underway to implement
meaningful, consumer-friendly, self-regulatory privacy regimes. These include
mechanisms for facilitating awareness and the exercise of choice online, evaluat
ing
private sector adoption of and adherence to fair information practices, and disp
ute
resolution.
The Administration also anticipates that technology will offer solutions to many
privacy
concerns in the online environment, including the appropriate use of anonymity.
If
privacy concerns are not addressed by industry through self-regulation and techn
ology,
the Administration will face increasing pressure to play a more direct role in
safeguarding consumer choice regarding privacy online.
The Administration is particularly concerned about the use of information gather
ed
from children, who may lack the cognitive ability to recognize and appreciate pr
ivacy
concerns. Parents should be able to choose whether or not personally identifiabl
e
information is collected from or about their children. We urge industry, consume
r, and
child-advocacy groups working together to use a mix of technology, self-regulati
on, and
education to provide solutions to the particular dangers arising in this area an
d to
facilitate parental choice. This problem warrants prompt attention. Otherwise,
government action may be required.
Privacy concerns are being raised in many countries around the world, and some
countries have enacted laws, implemented industry self-regulation, or instituted
administrative solutions designed to safeguard their citizens privacy. Disparat
e policies
could emerge that might disrupt trans-border data flows. For example, the Europe
an
Union (EU) has adopted a Directive that prohibits the transfer of personal data
to
countries that, in its view, do not extend adequate privacy protection to EU cit
izens.
To ensure that differing privacy policies around the world do not impede the flo
w of
data on the Internet, the United States will engage its key trading partners in
discussions to build support for industry-developed solutions to privacy problem
s and
for market driven mechanisms to assure customer satisfaction about how private d
ata is
handled.
The United States will continue policy discussions with the EU nations and the
European Commission to increase understanding about the U.S. approach to privac
y
and to assure that the criteria they use for evaluating adequacy are sufficientl
y flexible to
accommodate our approach. These discussions are led by the Department of Commerc
e,
through NTIA, and the State Department, and include the Executive Office of the
President, the Treasury Department, the Federal Trade Commission (FTC) and other
relevant federal agencies. NTIA is also working with the private sector to asses
s the
impact that the implementation of the EU Directive could have on the United Stat
es.
The United States also will enter into a dialogue with trading partners on these
issues
through existing bilateral forums as well as through regional forums such as the
Asia
Pacific Economic Cooperation (APEC) forum, the Summit of the Americas, the North
American Free Trade Agreement (NAFTA), and the Inter-American
Telecommunications Commission (CITEL) of the Organization of American States, an
d
broader multilateral organizations.
The Administration considers data protection critically important. We believe th
at
private efforts of industry working in cooperation with consumer groups are pref
erable
to government regulation, but if effective privacy protection cannot be provided
in this
way, we will re-evaluate this policy.
4. Secur ity
The GII must be secure and reliable. If Internet users do not have confidence th
at their
communications and data are safe from unauthorized access or modification, they
will
be unlikely to use the Internet on a routine basis for commerce. A secure GII re
quires:
1) Secure and reliable telecommunications networks;
2) Effective means for protecting the information systems attached to those netw
orks;
3) Effective means for authenticating and ensuring confidentiality of electronic
information to protect data from unauthorized use; and
4) Well trained GH users who understand how to protect their systems and their d
ata.
There is no single "magic" technology or technique that can ensure that the Gil
will be
secure and reliable. Accomplishing that goal requires a range of technologies
(encryption, authentication, password controls, firewalls, etc.) and effective,
consistent
use of those technologies; all supported globally by trustworthy key and securit
y
management infrastructures.
On particular importance is the development of trusted certification services th
at
support the digital signatures that will permit users to know whom they are
communicating with on the Internet. Both signatures and confidentiality rely on
the use
of cryptographic keys. To promote the growth of a trusted electronic commerce
environment, the Administration is encouraging the development of a voluntary,
market-driven key management infrastructure that will support authentication,
integrity, and confidentiality.
Encryption products protect the confidentiality of stored data and electronic
communications by making them unreadable without a decryption key. But strong
encryption is a double-edged sword. Law abiding citizens can use strong encrypti
on to
protect their trade secrets and personal records. But those trade secrets and pe
rsonal
records could be lost forever if the decrypt key is lost. Depending upon the val
ue of the
information, the loss could be quite substantial. Encryption can also be used by
criminals and terrorists to reduce law enforcement capabilities to read their
communications. Key recovery based encryption can help address some of these iss
ues.
In promoting robust security needed for electronic commerce, the Administration
has
already taken steps that will enable trust in encryption and provide the safegua
rds that
users and society will need. The Administration, in partnership with industry, i
s taking
steps to promote the development of market-driven standards, public-key manageme
nt
infrastructure services and key recoverable encryption products. Additionally, t
he
Administration has liberalized export controls for commercial encryption product
s
while protecting public safety and national security interests.
The Administration is also working with Congress to ensure legislation is enacte
d that
would facilitate development of voluntary key management infrastructures and wou
ld
govern the release of recovery information to law enforcement officials pursuant
to
lawful authority.
The U.S. government will work internationally to promote development of marketdriven key management infrastructure with key recovery. Specifically, the U.S. h
as
worked closely within the OECD to develop international guidelines for encryptio
n
policies and will continue to promote the development of policies to provide a
predictable and secure environment for global electronic commerce.
III. MARKET ACCESS ISSUES
1. Telecommuni cati ons I nfr astr ucture and I nfor mati on Technology
Global electronic commerce depends upon a modern, seamless, global
telecommunications network and upon the computers and information appliances tha
t
connect to it. Unfortunately, in too many countries, telecommunications policies
are
hindering the development of advanced digital networks. Customers find that
telecommunications services often are too expensive, bandwidth is too limited, a
nd
services are unavailable or unreliable. Likewise, many countries maintain trade
barriers
to imported information technology, making it hard for both merchants and custom
ers
to purchase the computers and information systems they need to participate in
electronic commerce.
In order to spur the removal of barriers, in March 1994, Vice President Gore spo
ke to
the World Telecommunications Development Conference in Buenos Aires. He
articulated several principles that the U.S. believes should be the foundation f
or
government policy, including:
1) encouraging private sector investment by privatizing government-controlled
telecommunications companies;
2) promoting and preserving competition by introducing competition to monopoly
phone markets, ensuring interconnection at fair prices, opening markets to forei
gn
investment, and enforcing anti-trust safeguards;
3) guaranteeing open access to networks on a non-discriminatory basis, so that G
II
users have access to the broadest range of information and services; and
4) implementing, by an independent regulator, pro-competitive and flexible regul
ation
that keeps pace with technological development.
Domestically, the Administration recognizes that there are various constraints i
n the
present network that may impede the evolution of services requiring higher bandw
idth.
Administration initiatives include Internet II, or Next Generation Internet. In
addition,
the FCC has undertaken several initiatives designed to stimulate bandwidth expan
sion,
especially to residential and small/home office customers.
The goal of the United States will be to ensure that online service providers ca
n reach
end-users on reasonable and non-discriminatory terms and conditions. Genuine mar
ket
opening will lead to increased competition, improved telecommunications
infrastructures, more customer choice, lower prices and increased and improved
services.
Areas of concern include:
Leased lines: Data networks of most online service providers are constructed wit
h leased
lines that must be obtained from national telephone companies, often monopolies
or
governmental entities. In the absence of effective competition, telephone compan
ies
may impose artificially inflated leased line prices and usage restrictions that
impede the
provision of service by online service providers.
Local loops pricing: To reach their subscribers, online service providers often
have no
choice but to purchase local exchange services from monopoly or government-owned
telephone companies. These services also are often priced at excessive rates, in
flating
the cost of data services to customers.
Interconnection and unbundling: Online service providers must be able to interco
nnect
with the networks of incumbent telecommunication companies so that information c
an
pass seamlessly between all users of the network. Monopolies or dominant telepho
ne
companies often price interconnection well above cost, and refuse to interconnec
t
because of alleged concerns about network compatibility or absence of need for o
ther
providers.
Attaching equipment to the network: Over the years, some telecommunication provi
ders
have used their monopoly power to restrict the connection of communication or
technology devices to the network. Even when the monopoly has been broken, a hos
t of
unnecessary burden some "type acceptance" practices have been used to retard
competition and make it difficult for consumers to connect.
Internet voice and multimedia: Officials of some nations claim that "real time"
services
provided over the Internet are "like services" to traditionally regulated voice
telephony
and broadcasting, and therefore should be subject to the same regulatory restric
tions
that apply to those traditional services. In some countries, these providers mus
t be
licensed, as a way to control both the carriage and content offered. Such an app
roach
could hinder the development of new technologies and new services.
In addition, countries have different levels of telecommunications infrastructur
e
development, which may hinder the global provision and use of some Internet-base
d
services. The Administration believes that the introduction of policies promotin
g foreign
investment, competition, regulatory flexibility and open access will support
infrastructure development and the creation of more data-friendly networks.
To address these issues, the Administration successfully concluded the WTO Basic
Telecommunications negotiations, which will ensure global competition in the pro
vision
of basic telecommunication services and will address the many underlying issues
affecting online service providers. During those negotiations, the U.S. succeede
d in
ensuring that new regulatory burdens would not be imposed upon online service
providers that would stifle the deployment of new technologies and services.
As the WTO Agreement is implemented, the Administration will seek to ensure that
new
rules of competition in the global communications marketplace will be technology
neutral and will not hinder the development of electronic commerce. In particula
r, rules
for licensing new technologies and new services must be sufficiently flexible to
accommodate the changing needs of consumers while allowing governments to protec
t
important public interest objectives like universal service. In this context, ru
les to
promote such public interest objectives should not fall disproportionately on an
y one
segment of the telecommunications industry or on new entrants.
The Administration will also seek effective implementation of the Information
Technology Agreement concluded by the members of the WTO in March 1997, which is
designed to remove tariffs on almost all types of information technology. Buildi
ng on
this success, and with the encouragement of U.S. companies, the administration i
s
developing plans for ITA II, in which it will to seek to remove remaining tariff
s on, and
existing non-tariff barriers to, information technology goods and services. In a
ddition
the Administration is committed to finding other ways to streamline requirements
to
demonstrate product conformity, including through Mutual Recognition Agreements
(MRAS) that can eliminate the need for a single product to be certified by diffe
rent
standards laboratories across national borders.
Bilateral exchanges with individual foreign governments, regional forums such as
APEC
and CITEL, and multilateral forums such as the OECD and ITU, and various other
forums (i.e. international alliances of private businesses, the International Or
ganization
of Standardization [ISO], the International Electro-technical Commission [IEC]),
also
will be used for international discussions on telecommunication-related Internet
issues
and removing trade barriers that inhibit the export of information technology. T
hese
issues include the terms and conditions governing the exchange of online traffic
,
addressing, and reliability. In all forums, U.S. Government positions that might
influence Internet pricing, service delivery options or technical standards will
reflect the
principles established in this paper and U.S. Government representatives will su
rvey the
work of their study groups to ensure that this is the case.
In addition, many Internet governance issues will best be dealt with by means of
private
open standards processes and contracts involving participants from both governme
nt
and the private sector. The U.S. government will support industry initiatives ai
med at
achieving the important goals outlined in this paper.
2. Content
The U.S. government supports the broadcast possible free flow of information acr
oss
international borders. This includes most informational material now accessible
and
transmitted through the Internet, including through World Wide Web pages news an
d
other information services, virtual shopping malls, and entertainment features,
such as
audio and video products, and the arts. This principle extends to information cr
eated by
commercial enterprises as well as by schools, libraries, governments and other n
onprofit
entities.
In contrast to traditional broadcast media, the Internet promises users greater
opportunity to shield themselves and their children from content they deem offen
sive or
inappropriate. New technology, for example, may enable parents to block their
children s access to sensitive information or confine their children to pre-appr
oved
websites.
To the extent, then, that effective filtering technology becomes available, cont
ent
regulations traditionally imposed on radio and television would not need to be a
pplied
to the Internet. In fact, unnecessary regulation could cripple the growth and di
versity of
the Internet.
The Administration therefore supports industry self-regulation, adoption of comp
eting
ratings systems, and development of easy-to-use technical solutions (e.g., filte
ring
technologies and age verification systems) to assist in screening information on
line.
There are four priority areas of concern:
a. Regulation of content: Companies wishing to do business over the Internet, an
d
to provide access to the Internet (including U.S. online service providers with
foreign
affiliates or joint ventures) are concerned about liability based on the differe
nt policies
of every country through which their information may travel.
Countries that are considering or have adopted laws to restrict access to certai
n types of
content through the Internet emphasize different concerns as a result of cultura
l, social,
and political difference. These different laws can impede electronic commerce in
the
global environment.
The Administration is concerned about Internet regulation of this sort, and will
develop
an informal dialogue with key trading partners on public policy issues such as h
ate
speech, violence, sedition, pornography and other content to ensure that differe
nces in
national regulation, especially those undertaken to foster cultural identity, do
not serve
as disguised trade barriers.
b. Foreign content quotas: Some countries currently require that a specific
proportion of traditional broadcast transmission time be devoted to "domesticall
y
produced" content. Problems could arise on the Internet if the definition of
"broadcasting" is changed to extend these current regulations to "new services."
Countries also might decide to regulate Internet content and establish restricti
ons under
administrative authority, rather than under broadcast regulatory structures.
The Administration will pursue a dialogue with other nations on how to promote
content diversity, including cultural and linguistic diversity, without limiting
content.
These discussions could consider promotion of cultural identity through subsidy
programs that rely solely on general tax revenues and that are implemented in a
nondiscriminatory manner.
c. Regulation of advertising: Advertising will allow the new interactive media t
o
offer more affordable products and services to a wider, global audience. Some co
untries
stringently restrict the language, amount, frequency, duration, and type of tele
shopping
and advertising spots used by advertisers. In principle, the United States does
not favor
such regulations. While recognizing legitimate cultural and social concerns, the
se
concerns should not be invoked to justify unnecessarily burdensome regulation of
the
Internet.
There are laws in many countries around the world that require support for adver
tising
claims. Advertising industry self-regulation also exists in many countries aroun
d the
globe. Truthful and accurate advertising should be the cornerstone of advertisin
g on all
media, including the Internet.
A strong body of cognitive and behavioural research demonstrates that children a
re
particularly vulnerable to advertising. As a result, the U.S. has well establish
ed rules
(self-regulatory and otherwise) for protecting children from certain harmful adv
ertising
practices. The Administration will work with industry and children s advocates t
o ensure
that these protections are translated to and implemented appropriately in the on
line
media environment.
The rules of the "country-of-origin" should serve as the basis for controlling I
nternet
advertising to alleviate national legislative road blocks and trade barriers.

d. Regulation to prevent fraud: Recently, there have been a number of cases wher
e
fraudulent information on companies and their stocks, and phony investment schem
es
have been broadcast on the Internet. The appropriate federal agencies (i.e., Fed
eral
Trade Commission and the Securities and Exchange Commission) are determining
whether new regulations are needed to prevent fraud over the Internet.
In order to realize the commercial and cultural potential of the Internet, consu
mers
must have confidence that the goods and services offered are fairly represented,
that
they will get what they pay for, and that recourse or redress will be available
if they do
not. This is an area where government action is appropriate.
The Administration will explore opportunities for international cooperation to p
rotect
consumers and to prosecute false, deceptive, and fraudulent commercial practices
in
cyberspace.
Federal agencies such as the Department of State, U.S. Trade Representative (UST
R),
the Commerce Department (NTIA), the FTC, the Office of Consumer Affairs and othe
rs
have already engaged in efforts to promote such positions, through both bilatera
l and
multilateral channels, including through the OECD, the G-7 Information Society a
nd
Development Conference, the Latin American Telecommunications Summits, and the
Summit of the Americas process, as well as APEC Telecommunications Ministerial.
All
agencies participating in such forums will focus on pragmatic solutions based up
on the
principles in this paper to issues related to content control.
3. Techni cal Standar ds
Standards are critical to the long term commercial success of the Internet as th
ey can
allow products and services from different vendors to work together. They also
encourage competition and reduce uncertainty in the global marketplace. Prematur
e
standardization, however, can "lock in" outdated technology. Standards also can
be
employed as de facto non-tariff trade barriers, to "lock out" non-indigenous bus
inesses
from a particular national market.
The United States believes that the marketplace, not governments, should determi
ne
technical standards and other mechanisms for interoperability. Technology is mov
ing
rapidly and government attempts to establish technical standards to govern the I
nternet
would only risk inhibiting technological innovation. The United States considers
it
unwise and unnecessary for governments to mandate standards for electronic
commerce. Rather, we urge industry driven multilateral fora to consider technica
l
standards in this area.
To ensure the growth of global electronic commerce over the Internet, standards
will be
needed to assure reliability, interoperability, ease of use and scalability in a

reas such as:
electronic payments;
security (confidentiality, authentication, data integrity, access control, nonrepudiation);
security services infrastructure (e.g., public key certificate authorities);
electronic copyright management systems;
video and data-conferencing;
high-speed network technologies (e.g., Asynchronous Transfer Mode, Synchronous
Digital Hierarchy); and
digital object and data interchange.
There need not be one standard for every product or service associated with the
Gil, and
technical standards need not be mandated. In some cases, multiple standards will
compete for marketplace acceptance. In other cases, different standards will be
used in
different circumstances.
The prevalence of voluntary standards oh the Internet, and the medium s consensu
sbased process of standards development and acceptance are stimulating its rapid
growth. These standards flourish because of a non-bureaucratic system of develop
ment
managed by technical practitioners working through various organizations. These
organizations require demonstrated deployment of systems incorporating a given
standard prior to formal acceptance, but the process facilitates rapid deploymen
t of
standards and can accommodate evolving standards as well. Only a handful of coun
tries
allow private sector standards development; most rely on government-mandated
solutions, causing these nations to fall behind the technological cutting edge a
nd
creating non-tariff trade barriers.
Numerous private sector bodies have contributed to the process of developing vol
untary
standards that promote interoperability. The United States has encouraged the
development of voluntary standards through private standards organizations, cons
ortia,
test beds and R&D activities. The U.S. government also has adopted a set of prin
ciples to
promote acceptance of domestic and international voluntary standards.
While no formal government-sponsored negotiations are called for at this time, t
he
United States will use various forums (i.e., international alliances of private
businesses,
the International Organization for Standardization [ISO], the International Elec
tro
technical Commission [IEC], International Telecommunications Union [ITU], etc.)
to
discourage the use of standards to erect barriers to free trade on the developin
g GII. The
private sector should assert global leadership to address standards setting need
s. The
United States will work through intergovernmental organizations as needed to mon
itor
and support private sector leadership.
A Coordinated Strategy
The success of electronic commerce will require an effective partnership between
the
private and public sectors, with the private sector in the lead. Government part
icipation
must be coherent and cautious, avoiding the contradictions and confusions that c
an
sometimes arise when different governmental agencies individually assert authori
ty too
vigorously and operate without coordination.
The variety of issues being raised, the interaction among them, and the disparat
e forums
in which they are being addressed will necessitate a coordinated, targeted gover
nmental
approach to avoid inefficiencies and duplication in developing and reviewing pol
icy.
An interagency team will continue to meet in order to monitor progress and updat
e this
strategy as events unfold. Sufficient resources will be committed to allow rapid
and
effective policy implementation.
The process of further developing and implementing the strategy set forth in thi
s paper
is as important as the content of the paper itself. The U.S. Government will con
sult
openly and often, with groups representing industry, consumers and Internet user
s,
Congress, state and local governments, foreign governments, and international
organizations as we seek to update and implement this paper in the coming years.
Private sector leadership accounts for the explosive growth of the Internet toda
y, and
the success of electronic commerce will depend on continued private sector leade
rship.
Accordingly, the Administration also will encourage the creation of private fora
to take
the lead in areas requiring self-regulation such as privacy, content ratings, an
d
consumer protection and in areas such as standards development, commercial code,
and
fostering interoperability.
The strategy outlined in this paper will be updated and new releases will be iss
ued as
changes in technology and the marketplace teach us more about how to set the opt
imal
environment in which electronic commerce and community can flourish.
There is a great opportunity for commercial activity on the Internet. If the pri
vate sector
and governments act appropriately, this opportunity can be realized for the bene
fit of all
people.
The Internet as a Network Infrastructure
This section outlines the nature of the Internet, its history and the facilities
that can be
used for e-Commerce. The Internet was born as a US military project and develope
d as
an academic and research network. The use of the Internet by members of the gene
ral
public and the commercial use of the Internet is a relatively recent phenomenon.
The
commercial use of the Internet involves service providers, content providers and
software facilities; the chapter introduces the various categories of players an
d the range
of services and facilities they offer.
The web is a big place, and tens of thousands of people have put hundreds of tho
usands
of hours into making it enjoyable. The vast majority of them haven t made any mo
ney
from their work yet, and many did it for the joy of starting something new. (Hof
fman,
1995)
The Internet is a strange phenomenon. It had its origins as a military project b
ack in
1969. It was adopted by the research and academic community; became the tool (or
toy)
of computer nerds around the world and then, in the space of a couple of years,
it
became the engine that, it is claimed, is to people the world into the informati
on age and
the twenty-first century.
The Internet is also an interesting phenomenon because nobody owns it. It is unl
ike the
railway, telegraph or telephone companies of the past that were owned by large p
rivate
corporations or state monopolies. It is a pattern of usage of information and
communications technologies that transcends any and all telecommunications
infrastructure providers.
The Internet is, at a technical level, defined not by the equipment but by its
communication protocol, Transmission Control Protocol / Internet Protocol (TCP/I
P).
The Internet is, at another level, defined by the people who use it. The individ
uals,
institutions and companies that make information available, send messages, acces
s web
sites and, in the case of e-Commerce, buy and sell.
The Internet is not the only, or the first, national and international data netw
ork. Other
data networks have been put together by multinational organisations, EDI VADS
providers and public access network companies such as CompuServe. The Internet h
as,
however, despite its simple planning and lack of formal control, evolved into th
e global
network; possibly its success is because of that absence of formal controls.
The Development of the Internet
The origins of the Internet are commonly traced back to a US military project, t
he
ARPAnet, commissioned by the US Department of Defense in 1969. The aim of the
project was to explore packet switching technology in order to establish a netwo
rk with
distributed control that could still function if some of its nodes and links wer
e knocked
out in a nuclear war. The ARPAnet was demonstrated in late 1972 at an internatio
nal
conference in Washington DC: the first public demonstration of packet switching
.
In the late 1970 s and early 1980 s further experimental networks were created t
hat were
mainly used for e-Mail and between university departments. CSNet (Computer Scien
ce
Network) was established in 1981 and the military aspects were split from ARPAne
t in
1983. Further academic networks were put in place to provide access to supercomp
uter
centres, notably JANET, Joint Academic Network in the UK (1984) and NSFNet,
National Science Foundation in the US (1986).
The TCP/IP protocol was established in 1982 and introduced for use on the ARPAne
t on
the first of January 1983. Application protocols developed for and used in TCP/I
P
include the file transfer system (FTP), e-mail protocol (SMTP) and the remote lo
gin
facility Telnet. The TCP/IP protocol also introduces the IP Address, a multipart
numeric
code used to identify all nodes in the network; TCP/IP addresses are also repres
ented by
an alphabetic equivalent in e-Mail and web site addresses.
In 1989 a group of scientists at the European Laboratory for Particle Physics (C
ERN) in
Geneva, Switzerland developed an Internet Tool that would link information produ
ced
by various CERN researchers. The tool provided a way to link textual information
on
different computers and created by different scientists. The object was to overc
ome
issues of computer incompatibility and utilize a new way of linking called hype
rtext .
Rather than presenting information in a linear or hierarchical fashion, hypertex
t
permits information to be linked in a web-like structure. Nodes of information c
an be
linked to other nodes of information in multiple ways. As a result, users can dy
namically
crisscross the information web using pieces in an order most convenient to them.
In 1993 the National Centre for Supercomputing Applications (NCSA) at the Univer
sity
of Illinois pushed the CERN idea further by creating a software tool called Mosa
ic.
Mosaic is an easy-to-use, graphical user interface that permits text, graphics,
sound and
video to be hyper linked. Mosaic was the first of the Internet tools that are no
w referred
to as web browsers .
An alternative information access facility, developed at about the same time as
the web,
was Gopher was, for a time widely used in the US but has largely succumbed to th
e now
near universal application of the web.
The first commercial web browser was Netscape. The Netscape Company was started
in
1994 and included some of the programmers involved in the Mosaic Project. Some t
ime
after, some might argue rather late in the day, Bill Gates caught onto the Inter
net and
Microsoft issued its Internet Explorer. With Netscape being the dominant web bro
wser
and Microsoft having a habit of wishing to dominate everything there ensued a pe
riod
known as the browser wars . Microsoft used their dominance of the PC operating
system market to get Explorer pre-loaded onto most new PCs - Netscape protested
that
this was anticompetitive - Microsoft insisted that an Internet interface was cen
tral to the
design of their operating systems and a court case ensued. Netscape and Internet
Explorer vied with each other to add features to their browser. The added featur
es were
not always compatible with other browsers or HTML standards and in the process
making the job of designing a web page more difficult (the provider of a web pag
e
cannot guarantee which browser the customer will be using). On the plus side, fr
om the
user point of view, the browser is now free. Internet service providers, on CDs
through
the post, distribute Netscape and Explorer to thousands of potential users, and
both
packages are downloadable via the web.
On the other side from the browser and the client computer, there is the softwar
e on the
server system. As with the client, the server can be any one of several boxes; U
NIX and
(large) PCs being the most common choices. Internet server software is available
from a
number of suppliers with Netscape and Microsoft both prominent and Apache, a pub
lic
domain product is also widely used on UNIX boxes and with the Linux operating
system.
Aside from browser wars is the need to add logic and system interfaces to web
applications. The commonly used approach has been a Common Gateway Interface
(CGI) program using Perl (or another programming language offering similar facil
ities).
More recently JAVA from Sun Microsystems and ActiveX products from Microsoft hav
e
been issued with the capability to perform the same functions.
In 1994 there were approximately 500 web sites. One year later this had increase
d to
nearly 10,000 and any further statistics that could be included in this course m
aterial
would be out of date by the time it is read.
"Internet: A Network of Networks"
A facility to connect two or more computers together to exchange information is
called a
network. When computers are connected within a building or a campus it is referr
ed to
as a Local Area Network (LAN). When the systems around the world are connected t
o
one another it is Wide Area Network (WAN). While networks connect individual
computers, the Internet connects individual networks. Now each of these networks
may
be running on different network software like Windows NT or DecNet etc. Therefor
e a
protocol is needed to communicate between networks. Several departments working
together interconnect their networks so that the information may be shared more
easily
among the departments. This type of arrangement is called a regional network. Th
ese
regional networks are interconnections based on geography or function. Any colle
ction
of such networks is called a backbone. The gateways are needed to provide physic
al
meeting point.
A gateway is a communication device or program that passes data between networks
having similar functions but dissimilar implementations. The gateways are the ph
ysical
meeting points of the backbone. Both the client and server need to be connected
to the
Internet via an Internet gateway.
TCP/IP
The network protocol used on the Internet is Transmission Control Protocol/Inter

net
Protocol - TCP/IP. As has already been indicated this was introduced on the ARPA
net at
the beginning of January 1983.
TCP/IP is a packet switching protocol. In pocket switching, messages are split u
p into
segments (packets) and dispatched into the network with their source and destina
tion
addresses plus other header information including a package sequence number. The
route a packet takes through the network is determined within the network and th
e lines
used are shared with other packets that are travelling through the network (this
contrasts with a circuit switched network where the line is used for just one
transmission at any time). The packets are reassembled into the message in the
destination system. TCP provides the transport protocol and ensures that the dat
a that
is sent is complete and error free when it is received at the destination. IP pr
ovides the
routing mechanism. IP addresses consist of four sets of decimal numbers separate
d by
full stops, e.g. 192.9.1.20. The IP address specifies both the sending network (
netid) and
the destination computer (hosted) - vital given the Internet. The IP address is
used in
conjunction with the port number, a logical number that specifies the applicatio
n, e.g.
80 for the World Wide Web.
The TCP/IP protocol stack has five layers. The reference model for network proto
cols is
the OSI seven layers of TCP/IP are commonly explained with reference to the OSI
model. The five layers of TCP/IP are:
a. Application Layer
Equivalent to the OSI Model layers 7, 6 and (part of) 5.
The application is the program that initiates the transfer. This may be the user
s own
program / application package or one of the TCP / IP defined applications:
FTP (File Transfer Protocol) used to copy files across the network
SMTP (Simple Mail Transfer Protocol) used for all Internet e-Mail
Telnet (remote login facility)
The message generated at the .application layer, together with the IP address an
d port
number, are passed to the transport layer for further processing. If the applica
tion does
not have the full Address then the DNS (Domain Name System) / WINS (Windows
Internet System) can be invoked to provide it.
b. Transport Layer
Equivalent to the OSI Model layer 4 and (part of) 5.
At this level, TCP establishes a logical connection with the receiving computer
and
determines the size of the segments to be sent. TCP then divides up the message
into
segments and attaches a header to each; the header specifies the source and dest
ination
ports and the sequence number of the segment within the message.
UDP is an alternative to TCP that is used for real-time audio or video. UDP prov
ides no
error detection; there is little virtue in re-transmission of errored segments i
n such realtime applications.
For both protocols the segments are passed to the network layer, together with t
he IP
address.
c. Network Layer
Equivalent to the OSI Model layer 3.
The Network Layer is responsible for routing the packet from source station to i
ts final
destination station, specified by the MAC address. If the MAC address is not alr
eady
available then an ARP (Address Resolution Protocol) request is broadcast to the
network
and the machine with that IP address responds with its MAC address.
The Network Layer may fragment the segments from the Transport Layer into smalle
r
packets if this is necessary, to fit the frame size.
The output packets from this layer (referred to as datagrams) are passed to the
datalink
layer.
d. Data Link Layer
At the datalink layer, IP interfaces with the network to be used, e.g. Ethernet,
or X25.
The network protocol will typically add its own header (Nh) and trailer (Nt) tha
t
incorporate the MAC address.
The packet is then passed onto the medium, the physical network layer.
e. Physical Layer
The cables used for transmission, at the time its introduction, TCP/IP was seen
as an
interim measure with the OSI (Open System Interconnection) standard intended as
an
eventual replacement. In the event the use of TCP/IP has continued and interest
in the
OSI standard has wanted. The OSI standards are still used in a number of commerc
ial
networks but the omnipresence of the Internet is tending to make TCP/IP the defa
cto
standard for wide-area networking.
Internet Components
The TCP/IP is the unifying factor of the Internet - the software, hardware and
connecting cables can be very diverse. Some of these components and the people w
ho
run them are:
- Users of the Internet access its facilities from a client machine;
- A PC, Apple Mac or Workstation that is joined to a network.
The two most used facilities of the Internet are:
1. World Wide Web
The web is accessed from the client machine using a web browser; at the time of
writing
the two most popular browsers are Microsoft Internet Explorer and Netscape Navig
ator.
The web page to be viewed is specified by its web address, the uniform resource
locator
(url), e.g. www.aimalu.edu; the url contains the addressing information needed t
o derive
the IP address of the server that holds the web page.
2. e-Mail
Accessing e-Mail requires a mail client program; this may be a facility of the w
eb
browser or a separate software package. Incoming e-Mails are downloaded from a p

ostbox (file) on the server and outgoing e-Mails are sent to the server for onwards
transmission. Each e-Mail has to include the address of the recipient, e.g.
ramdurai@yahoo.com (the name is fictitious); the second part of the e-Mail addre
ss
(following the @) is the domain name and is used on the mail server to derive the
IP
address.
Internet Service Provider
Access to the Internet, for members of the public and small organisations, is vi
a an
Internet Service Provider (ISP). The user provides the client computer and uses
a
modem to connect to the ISP s server. Telecom providers and cable companies are
increasingly providing digital services and open-all-the-time connections which
give
increased speed and convenience of access.
The ISP provides access to the web, an e-Mail address and very possibly user spa
ce for
the client to set up their own home page. Some ISPs specialise in hosting busine
ss sites
with services designed to meet the need of that market. The provision of Interne
t
services has become very competitive and users have taken to shopping around for
the
best package. Users of the service get the ISP s home page displayed when they l
og on
which gives the service provider the opportunity to create revenue from advertis
ing and
hosting links to commercial sites; many ISPs use the advertising revenue to supp
ort a
free access service to the users. For many large organisations the ISP is the co
mpany,
the university or whatever. The organisation is wired with its own LAN and WAN a
nd
access to the Internet-is via the company s own server.
Server
The server is a computer system linked into the Internet and that can be accesse
d by the
clients. The server may run a number of applications; Internet server applicatio
ns
include:
Web Server
Software that takes requests from client browsers searches the web and passes ba
ck the
resultant pages to the browser. The server software will support TCP/IP. The ser
ver will,
very probably, store a number of home pages that are available to local users an
d other
Internet users.
Mail Server
Software that acts as a post office for the e-Mail system. Mail created on the
client sites
is passed to the appropriate post-box within the system or sent out over the Int
ernet to
its intended destination. Mail from outside is stored in post-box files and uplo
aded to
the users machine when requested by the mail client. As with the web server, the
mail
server uses TCP/IP for its Internet transmissions.

Intranets
A web site designed for use by the employees of an organisation - a private Inte
rnet. The
Intranet can be used to replace documents such as staff manuals, Internet teleph
one
directories and office notices. Their advantage is that they are (hopefully) alw
ays readily
available and that they can be easily updated. Intranet systems can include appl
ication
systems where scripting languages give access to databases and the use of a brow
ser
gives easy access throughout the organisation.
Extranets
Some organisations have web sites available on the Internet but with access limi
ted to
account holders by a password system; such a facility is called an Extranet. Ext
ranets are
used in business-to-business trading where customers are required to have an acc
ount.
Another use of Extranets is by consultancies and business information services w
here
business reports are made available online but only to clients and subscribers.
Webmaster
The Webmaster is responsible for the provision of web services for the organisat
ion.
Responsibilities include setting up and maintaining the server software and the
home
page for the organisation. Where staff within the organisation can provide their
own
web content the Webmaster will probably set the standards so that the organisati
on can
ensure a professional appearance and consistent look and feel for its users.
Governance of the Internet
The Internet, as already described, is a network of networks - its co-ordination
and
development is provided by a number of voluntary committees. These include:
Internet Society
Internet Engineering Task Force
Internet Research Task Force
The whole arrangement works well. It contrasts with the incompatibilities produc
ed by
competing commercial organisations such as the provider of web browsers. Whether
cooperation or competition is a better model for innovation and societal progress
is
debatable.
Uses of the Internet
i . E-Commer ce: One use of the Internet is e-Commerce, an application, is, as
indicated above, a relatively recent feature of the Internet. Other uses of the
Internet
are:
i i. Per sonal Messagi ng (e-Mail): e-Mail was one of the first applications on
the
Internet. The use of e-Mail is having a profound effect on the way people commun
icate
and the way that organisations operate. An e-Mail message can be quickly typed a
nd
sent. Unlike the use of the telephone, it does not need the recipient to be avai
lable to
take a call. The e-Mail can be sent to many recipients to be available to take a
call. The eMail can be sent to many recipients; it is a matter of record and its electronic
content
can be saved, edited and / or used in other documents. The e-Mail does not facil
itate a
conversation in the way that a telephone calls within organisations and between
individuals and organisations.
E-mail is not an invention of the Internet. E-Mail was a service available on th
e internal
networks of many organisations and has been provided by other public access netw
ork
services. The Internet, however, is an ideal tool for e-Mail as it is the one ne
twork that
can connect all users - the Internet is the default option for an e-Mail service
unless
privacy requirements dictate a more secure provision.
i ii . Data I nter change (EDI ): EDI has been traditionally transmitted over
proprietary VADS. EDI started before the Internet was widely or commercially ava
ilable
and made use of either VADS or point-to-point connections. Users of EDI have bee
n
reluctant to transfer their communication needs to the Internet because of conce
rns
with security and reliability. Some EDI requirements are, however, being transfe
rred to
the Internet, as its usage is generally cheaper than a VADS. There are also hybr
id
systems where EDI messages are taken in by a clearing house operation, decoded a
nd
forwarded, via the Internet, to small businesses users with limited EDI requirem
ents
and no EDI provision.
iv. Tel e-working: Tele-working is another practice that predated the general
availability of the Internet. Tele-work has a number of definitions but it gener
ally
involves doing work that has an IT component at home (or at least at a location
that is
away from the office) and using telecommunications to communicate with that offi
ce.
Full-time tele-working has not materialized as the radical shift in working prac
tices that
was predicted by many pundits. Informal tele-working has, however, become a comm
on
practice with employees spending the odd day working from home (or spending time
in
the evening doing a bit extra); the general availability of Internet access* has
been an
important facilitator of this change in working practices.
v. Di stance Educati on: The Internet is being utilised by colleges as a facilit
y for the
delivery of distance education. The traditional vehicle of distance education ha
s been
print through the post , supplemented in recent years by radio, television, vid
eo and
computer aided learning packages. The Internet has the facility to replace all o
f this as a
multimedia offering through a single delivery system. The Internet is been utili
sed by
traditional distance learning institutions such as the UK Open University and is
being
leapt on by other institutions keen to get in on the act. The Internet can be a
great
facilitator of distance education; to be worthwhile it still requires quality ma
terials and
thorough support of the students (and it seems likely that many of the newer pro
viders
will fall short of these standards).
vi. Enter tai nment: In addition to specific uses of the Internet there is a rec
reational
use of the Internet, the surfer. On the Internet people can play games, find sni
ppets of
information, join a chat room or just admire the intricacies of other web sites.
The
Internet can even be place to find a partner - hopefully that does not classify
as an eCommerce transaction.
vi i . I nter net Age Systems:
Networks in general and the Internet in particular do not just exist in isolatio
n; they
affect and effect the businesses and individuals that use them. Networks are an
essential
technological component in many, or most, business information systems. Seddon
(1997) suggested that the evolution of information systems could be divided into
periods
of 20 years as follows:
1955 - 1974 The Electronic Data Processing (EDP) era.
1975 - 1994 The Management Information Systems (MIS) era.
1995 - The Internet era.
A sequence that is represented diagrammatically in Figure 3.1
These systems types and their evolution have been enabled by a number of technol
ogical
developments, which have been required by various business imperatives. One of t
he
facilitators has been the availability of networks. The essence of each era is:
EDP was essentially batch. It was controlled by the DP professionals and used at
the
organisational level within the company. MIS would normally utilize transactio
n
processing (TP) and databases. The MIS system subsumed the data processing funct
ions
of the - EDP and enabled access to business data throughout the organisation and
at all
levels of the organisation. The internal network of the company was an essential
enabling technology.
The Internet era systems include the Inter-organisational System (IOS) enabled b
y EDI
and the company and consumer, organisation to public systems enabled by the use
of
the web. The Internet epitomizes these developments and is at the heart of many
of
these systems.
Seddon derives his definition of e-Commerce from this evolution:
Electronic Commerce is commerce enabled by internet-era technologies
Interestingly, Seddon puts a twenty-year life span on each of this era. For Sedd
on the
Internet era ends (or evolves into a new era) at 2014. It requires a brave perso
n to
predict the next stage!
vi i i. Busi ness-To-Busi ness (B2B): Here business is sale to other business. F
or
example Intel sells its chips to the other business - OEMs who make computers. M
any
companies like Tata, IBM, Telco, ABB India, TCS, Citibank, Bank of Madura, BHEL,
JN
Port Trust, HLL, Essar, TVS, Maruti Udyog, DuPont, Bajaj Auto, Samsung Electroni
cs
and TVS electronics are using e-commerce in some way or other. They have started
B2B
transactions with their suppliers. Samsung has redefined its business paradigm,
and
deployed electronic commerce to redefine its critical business process linking i
t directly
to its suppliers and distributors. Though B2B e-commerce is in use, however, com
panies
do not perceive B2B opportunities with suppliers and trade partners (mainly EDI
based)
as very important so far development of EC is concerned. Most of these activitie
s are
covered under EDI.
i x. Business-To-Consumer (B2C): Here business is directly sale to the end
customer. Some enterprising players have already started offering on line shoppi
ng with
books, flowers and other gift items. There are more than 80 sites including expo
rt
houses, departmental stores, book stores and even grocery stores (Babazar.com) t
hat are
using e-commerce for selling goods and services in India, such as: books, CDs, c
loths,
tickets, etc. Naukri.com, discount.com, Pitara.com, etc. are some of the well-kn
own
Indian e-commerce sites.
Under this level, e-commerce is going to have significant impact on information
intensive and service oriented industries, such as financial services and ICE
(Information, Communication and Entertainment}. Here the product and services is
amendable to online distribution. The products, which are basically of impulsive
buying
nature, are the first one to mover over Internet. "Rediff On The Net" became the
first
Indian web site to enable Indian credit card transactions online when they open
shop in
August 1998. It offers books, music, chocolates, flowers, etc. and makes hotel
reservations online with the assurance of secured technology. Indishop has more
to offer
from toothbrushes to computers. All of us are aware of the amazon.com, etc. thus
it has
been demonstrated that B2C is a very booming category.
A new concept of consumer to business transaction may also be put in this catego
ry
under this concept, give the customer what he wants at the price he want, withou
t the
merchant having to suffer public embarrassment, www.priceline.com is providing
airline tickets at the demanded price by the customer.
QUESTIONS
1) Discuss in detail various issues involved in EC.
2) Explain the term Public Policy Issues in EC.
3) Describe the legal issues in EC.
4) Explain the ethical issues in EC.
5) What is Uniform Commercial Code for EC.
6) Explain the problems of EC in relation to privacy.
7) What are privacy issues in EC?

8) What is meant by security? Explain the security of transactions carried throu
gh EC.
9) Explain the Business-To-Consumer (B2C) model.
10) Explain the Business-To-Business (B2B) model.
- End of Chapter UNIT IV
INTERNET SECURITY
Introduction
Corporate networks are built assuming certain levels of trust in how the informa
tion
passing through them is accessed and used. When they are hooked into public netw
orks,
like the Internet, a safer and more intelligent route leads security administrat
ors to trust
no one on the outside.
In this page, we will examine firewall that protects network and system vulnerab
ilities
on systems attached to the Internet, as well as for private networks. To help an
swer any
questions you may have about where firewall is needed and used, this section wil
l
explain security technologies used to defend against attacks initiated from both
within
and without an organization.
The section will examine the pieces of the security puzzle to see how to best fi
t them
together for effective defenses and coverage. In the page, we ll explore several
security
methods that are used wherever the Internet and corporate networks intersect. Th
ese
include the uses of:
Routers
Firewalls
Intrusion Detection Systems (IDSs)
Vulnerability Assessment Tools (Scanners, etc.)
Basic Security Infrastructures
Figure 4.1 illustrates the basic design for a secure network infrastructure. As
you see, the
infrastructure relies upon layers of devices that serve specific purposes, and p
rovide
multiple barriers of security that protect, detect, and respond to network attac
ks, often
in real time.
Figure 4.1: A Basic Network Security Model
Routers
A router is a network traffic managing device that sits in between sub-networks
and
routes traffic intended for, or emanating from, the segments to which it is atta
ched.
Naturally, this makes them sensible places to implement packet filtering rules,
based on
your security policies that you ve already developed for the routing of network
traffic.
Packet Filtering
Straight Packet Filtering mechanisms allow communication originating from one si
de or
the other. To enable two-way traffic, you must specify a rule for each direction
. Packet
filtering firewalls identify and control traffic by examining the source, destin
ation and
port.
What is a Firewall?
A firewall insulates a private network from a public network using carefully est
ablished
controls on the types of requests they will route through to the private network
for
processing and fulfillment. For example, an HTTP request for a public Web page w
ill be
honoured, whereas an FTP request to a host behind the firewall may be dishonoure
d.
Firewalls typically run monitoring software to detect and thwart external attack
s on the
site, and are needed to protect internal corporate networks. Firewalls appear pr
imarily
in two flavours: appli cation level gateways and pr oxy ser ver s. Other uses of
firewalls include technologies such as Virtual Private Networks that use the Int
ernet to
tunnel private traffic without the fear of exposure.
Defining Firewalls
A slightly more specific definition of a firewall comes from William Cheswick an
d Steven
Bellovin, two engineers with AT&T who wrote the classic Firewalls and Internet
Security (Addison Wesley, 1994). They based the book on their experience developi
ng a
firewall to protect AT&T connections to the Internet. Cheswick and Bellovin defi
ne a
firewall as a collection of components or a system placed between two networks a
nd
possessing the following properties:
All traffic from inside to outside, and vice-versa, must pass through it;
Only authorized traffic, as defined by the local security policy, is allowed to
pass
through it; and
The system itself is highly resistant to penetration.
Put simply, a firewall is a mechanism used to protect a trusted network from an
untrusted network, usually while still allowing traffic between the two. Typically
, the two
networks in question are an organization s (trusted) internal network and the (u
ntrusted) Internet. However, nothing in the definition of a firewall ties the con
cept to the
Internet. We traditionally define the Internet as the worldwide network of netwo
rks that
uses TCP/IP for communications. We define an Internet as any connected set of
networks. Although many firewalls are currently deployed between the Internet an
d
internal networks, there are good reasons for using firewalls in any Internet, o
r intranet,
such as a company s WAN. There will be more about this use of firewalls later in
this
chapter.
Another approach to firewalls views them as both policy and the implementation o
f that
policy in terms of network configuration. Physically, a firewall comprises one o
r more
host systems and routers, plus other security measures such as advanced authenti
cation
in place of static passwords. As shown in Figure 4.2, a firewall may consist of
several
different components, including filters, or screens, that block transmission of
certain
classes of traffic, and a gateway, which is a machine or set of machines relayin
g services
between the internal and external networks by means of proxy applications. The
intermediate area occupied by the gateway we often refer to as the De-Militarise
d Zone
(DMZ). These terms will be explained in more detail.
Fig 4.2: Basic Firewall Schematic (filters, gateway, and DMZ)
Internet work Traffic
When we say that all traffic from inside to outside and vice versa, must pass th
rough a
firewall, we refer to data transported by the TCP/IP protocol suite. Figure 4.3
illustrates
a diagram of TCP/IP, showing the way the protocol is layered and the manner in w
hich
addresses are used. To control TCP/IP traffic, one must gain a solid understandi
ng of
how it is structured.
Figure 4.3: Diagram of TCP/IP, showing protocol layers and addressing
A protocol is a formal description of messages to be exchanged and rules to be f
ollowed
in order for two or more systems to exchange information in a manner that both p
arties
will understand. The TCP/IP protocol suite, officially referred to as the Intern
et Protocol
Suite in Internet standards documents, gets its name from its two most important
protocols, TCP and IP. Network applications present data to TCP, the Transmissio
n
Control Protocol. TCP divides the data into chunks, called packets, and gives ea
ch one a
number. These packets could represent text, graphics, sound or videoanything digi
tal
that the network can transmit. The sequence numbers help to ensure that the pack
ets
can be reassembled correctly at the receiving end. Thus, each packet consists of
content,
or data, and the information that the protocol needs to do its work, called the
protocol
header.
TCP then presents the data to the Internet Protocol, or IP, the purpose of which
is to
provide basic host-to-host communication. IP attaches to the packet, in a protoc
ol
header, the address from which the data comes and the address of the system to w
hich it
is going. IP is technically referred to as an unreliable datagram service. In th
is context,
the rather alarming term "unreliable" simply means that upper-level protocols sh
ould
not depend upon IP to deliver the packet every time. IP always does its best to
make the
delivery to the requested destination host, but if it fails for any reason, it j
ust drops the
packet. This is where the higher-level protocol, TCP, comes in. TCP uses the seq
uence
numbers to reassemble the packets in the right order and request re-transmission
of any
packets that got lost along the way. It can do this even if some of the packets
take
different routes to reach their destination, which makes the combination of TCP/
IP a
very reliable protocol.
TCP uses another piece of information to make ensure that the data reaches the r
ight
application when it arrives at a system. This is the port number, lying within t
he range 1
to 65535. The number does not represent a physical port, like the serial port to
which a
modem or mouse might be attached, but is more like a regional memory address. Po
rts 1
to 1,023 are reserved for server applications, although servers can use higher p
ort
numbers as well. Higher port numbers are dynamically assigned to client applicat
ions as
needed. Some applications use standard port numbers; for example, an FTP program
will connect to port 21 on the FTP server. Thus, data to be transmitted by TCP/I
P has a
port from which it is coming and a port to which it is going, plus an IP source
and
destination address. Firewalls can use these addresses to control the flow of
information.
For more about TCP/IP basics, I recommend Intranet and Internet Firewall Strateg
ies
by Edward Amoroso and Ronald Sharp, (Ziff Davis Press, 1996). Like Cheswick and
Bellovin, Amoroso and Sharp were engineers at AT&T Labs, but whereas Cheswick an
d
Bellovin developed a firewall to protect AT&T from the outside, Amoroso and Shar
p
developed a trademarked internal firewall, called CWTG or Computer Watch Trusted
Gateway. For more advanced reading on TCP/IP we recommend TCP/IP Tutorial and
Technical Overview, (5th Edition, Prentice Hall, 1995) by Eamon Murphy, Steve Ha
yes
and Matthias Enders, a trio of IBM engineers.
Need of firewall
The Internet, like any other society, is plagued with the kind of jerks who enjo
y the
electronic equivalent of writing on other people s walls with spray paint, teari
ng their
mailboxes off, or just sitting in the street blowing their car horns. Some peopl
e try to get
real work done over the Internet, and others have sensitive or proprietary data
they
must protect. Usually, a firewall s purpose is to keep the jerks out of your net
work while
still letting you get your job done.
Many traditional style corporations and data centres have computing security pol
icies
and practices that must be adhered to. In a case where a company s policies dict
ate how
data must be protected, a firewall is very important, since it is the embodiment
of the
corporate policy. Frequently, the hardest part of hooking to the Internet, if yo
u re a large
company, is not justifying the expense or effort, but convincing management that
it s
safe to do so. A firewall provides not only real security--it often plays an imp
ortant role
as a security blanket for management.
Lastly, a firewall can act as your corporate "ambassador" to the Internet. Many
corporations use their firewall systems as a place to store public information a
bout
corporate products and services, files to download, bug fixes, and so forth. Sev
eral of
these systems have become important parts of the Internet service structure (e.g
.,
UUnet.uu.net, whitehouse.gov, gatekeeper.dec.com) and have reflected well on the
ir
organizational sponsors.
Firewalls as Filters
When TCP/IP sends data packets on their merry way, the packets seldom go straigh
t
from the host system that generated them to the client that requested them. Alon
g the
way they normally pass through one or more routers. In this, TCP/IP transmission
s
differ from LAN communications, which broadcast over a shared wire.
To look at how TCP/IP routes packets, and how this allows sites to filter for se
curity, let
us first examine old-fashioned LAN communications. Suppose five PCs reside on a
LAN.
If PC #2 wants to send some data to PC #4, it shouts out over the network and ho
pes
that PC #4 hears it. The other three systems on the same wire will also hear the
same
data. This is true of both Ethernet and Token Ring, the two most widely used LAN
protocols. This method of communication, in which a number of computers share th
e
same wiring, increases efficiency, limits distance and scope. It also limits the
number of
computers that can talk on the same wire.
Early efforts to enable computers to communicate with each other over long dista
nces
used telephone lines and switches to connect calls from one specific computer to
another in a remote location (the X.25 protocol was developed for this). A conne
ction
between two computers might pass through several switches until it reached its f
inal
destination. When LANs emerged it made sense for all the computers on one LAN to
have access to the machine that had access to the remote connection, thus creati
ng a
WAN. LAN protocols, however, were incompatible with X.25, and the machine hostin
g
the connection to the WAN tended to get overworked.
Next came a special type of switch called a router, which could take over the wo
rk of
making external connections, and could also convert LAN protocols, specifically
IP, into
WAN protocols. Routers have since evolved into specialized computers. The typica
l
router is about the same size as a VCR, although smaller models and rack-mounted
units for major interconnections have entered the market.
Basically, routers look at the address information in TCP/IP packets and direct
them
accordingly. Data packets transmitted over the Internet from the Web browser on
a PC
in Florida to a Web server in Pennsylvania will pass through numerous routers al
ong the
way, each of which makes decisions about where to direct the traffic. Figure 4.4
shows
the trace route program in action, listing the path the data takes.
Fig 4.4: The trace route program shows the path Internet data takes
Suppose the Web browser is on a PC on a LAN with a PPP connection to an Internet
Service Provider (ISP). A router, or a computer acting as a router, will likely
direct the
packets out from the LAN to the ISP. Routers at the ISP will send the data to a
backbone
provider, which will route it, often in several hops, to the ISP that serves the
machine
that hosts the Web site.
Routers make their routing decisions based on tables of data and rules. It is po
ssible to
manipulate these rules by means of filters so that, for example, only data from
certain
addresses may pass through the router. In effect, this turns a router that can f
ilter
packets into an access-control device, or firewall. If the router can generate a
ctivity logs,
this further enhances its value as a security device. We will discuss how this w
orks in
more detail in the next chapter.
Proxy servers
A proxy server (sometimes referred to as an application gateway or forwarder) is
an
application that mediates traffic between a protected network and the Internet.
Proxies
are often used instead of router-based traffic controls, to prevent traffic from
passing
directly between networks. Many proxies contain extra logging or support for use
r
authentication. Since proxies must "understand" the application protocol being u
sed,
they can also implement protocol specific security (e.g., an FTP proxy might be
configurable to permit incoming FTP and block outgoing FTP).
Proxy servers are application specific. In order to support a new protocol via a
proxy, a
proxy must be developed for it. One popular set of proxy servers is the TIS Inte
rnet
Firewall Toolkit (FWTK"), which includes proxies for Telnet, rlogin, FTP, X-Windo
w,
HTTP/Web, and NNTP/Usenet news. SOCKS is a generic proxy system that can be
compiled into a client-side application to make it work through a firewall. Its
advantage
is that it s easy to use, but it doesn t support the addition of authentication
hooks or
protocol specific logging.
Firewalls as Gateways
Internet firewalls are often referred to as secure Internet gateways. Like the g
ates in a
medieval walled city, they control access to and from the network. In firewall p
arlance, a
gateway is a computer that provides relay services between two networks. A firew
all may
consist of little more than a filtering router as the controlled gateway. Traffi
c goes to the
gateway instead of directly entering the connected network. The gateway machine
then
passes the data, in accordance with access-control policy, through a filter, to
the other
network or to another gateway machine connected to the other network.

In some configurations, called dual-homed gateways, one computer containing two
network connectors acts as the gateway. Alternatively, a pair of machines can cr
eate a
miniature network referred to as the DMZ (see Figure 4.5). Typically, the two ga
teways
will have more open communication through the inside filter than the outside gat
eway
has to other internal hosts. The outside filter can be used to protect the gatew
ay from
attack, while the inside gateway is used to guard against the consequences of a
compromised gateway [Ches94].
Figure 4.5: The use of gateways
Firewalls as Control Points
By concentrating access control, firewalls become a focal point for the enforcem
ent of
security policy. Some firewalls take advantage of this to provide additional sec
urity
services, including traffic encryption and decryption. In order to communicate i
n
encryption mode, the sending and receiving firewalls must use compatible encrypt
ing
systems. Current standards efforts in encryption and key management have begun t
o
allow different manufacturers firewalls to communicate securely, but these effo
rts have
a ways to go before the customer can assume compatibility. Firewall-to-firewall
encryption is thus used for secure communication over the public Internet betwee
n
known entities with prior arrangement, rather than for any-to-any connections.
Nevertheless it is a powerful feature, enabling the creation of virtual private
networks
(VPN) as a lower-cost alternative to a leased line or a value-added network (VAN
).
Verifying the authenticity of system users is another important part of network
security,
and firewalls can perform sophisticated authentication, using smart cards, token
s and
other methods. Firewalls can also protect other external network connections, su
ch as
remote dial-in. A company can apply the same traffic-restricting protections, en
hanced
by authentication.
Internal Firewalls
While the phenomenal growth of Internet connections has understandably focused
attention on Internet firewalls, modern business practices continue to underscor
e the
importance of internal firewalls. Mergers, acquisitions, reorganizations, joint
ventures
and strategic partnerships all place additional strains on security as the scope
of the
network s reach expands. Someone outside the organization may suddenly need acce
ss
to some, but not all, internal information. Multiple networks designed by differ
ent
people, according to different rules, must somehow trust each other. In these
circumstances, firewalls play an important role in enforcing access-control poli
cies
between networks and protecting trusted networks from those that are un-trusted.
Consider a manufacturing company that has, over time, developed separate network
s
within the sales, marketing, payroll, accounting, and production departments. Al
though
users in one department may wish to access certain other networks, it is probabl
y
unnecessary and undesirable for all users to have access to all networks. Conseq
uently,
when connecting the networks, the organization may choose to limit the connectio
n,
either with packet-filtering routers or with a more complex firewall.
In a WAN that must offer any-to-any connectivity, other forms of application-lev
el
security can protect sensitive data. However, segregating the networks by means
of
firewalls greatly reduces many of the risks involved; in particular, firewalls c
an reduce
the threat of internal hacking-that is, unauthorized access by authorized users,
a
problem that consistently outranks external hacking in information-security surv
eys. By
adding encryption to the services performed by the firewall, a site can create v
ery secure
firewall-to-firewall connections. This even enables wide-area networking between
remote locations over the Internet. By using authentication mechanisms on the fi
rewall,
it is possible to gain a higher level of confidence that persons outside the fir
ewall who
request data from inside the firewallfor example, salespersons on the road needin
g
access to an inventory databaseare indeed who they claim to be.
Firewalls and Policy
Diagrams of the various configurations of filters and gateways help when plannin
g a
firewall defense, but the system administrator must not lose sight of the broade
r
definition of a firewall as an implementation of security policy. A firewall is
an approach
to security; it helps implement a larger security policy that defines the servic
es and
access to be permitted. In other words, a firewall is both policy and the implem
entation
of that policy in terms of network configuration, host systems and routers, as w
ell as
other security measures such as advanced authentication in place of static passw
ords.
Types of Network Policy
Two levels of network policy directly influence the design, installation and use
of a
firewall system. Network service access policy is a higher-level, issue-specific
policy that
defines those services to be allowed or explicitly denied from the restricted ne
twork.
This policy also proscribes the way in which these services will be used, and th
e
conditions for exceptions to this policy. Firewall design policy is a lower-leve
l policy that
describes how the firewall will actually go about restricting the access and fil
tering the
services as defined in the network service access policy. We will examine both l
evels of
policy in the following sections.

Network Service Access Policy
While focusing on the restriction and use of internet work services, the network
service
access policy should also include all other outside network access, including di
al-in and
SLIP/PPP connections. After all, restrictions upon one type of network service a
ccess
can often lead users to try others, so those other points of entry must also con
tain equal
protections. For example, if restricting access to the Internet via a firewall p
revents
users from browsing the Web, some will likely create dial-up PPP connections in
order
to obtain this service. These non-sanctioned, ad hoc connections are likely to b
e
improperly secured, opening the network to attack.
Network service access policy should stand as an extension of a strong site-secu
rity
policy and an overall policy regarding the protection of information resources i
n the
organization. This includes everything from document shredders to virus scanners
,
remote access to removable media tracking.
Typically, a firewall implements one of two general network service access polic
ies:
either allowing access to the Internet from the site but allowing no access to t
he site
from the Internet; or allowing some access from the Internet, but only to select
ed
systems such as information servers and e-mail servers. Some firewalls also impl
ement
network service access policies that allow certain users access from the Interne
t to
selected internal hosts, but only if necessary and only when combined with advan
ced
authentication. At the highest level, the overall organizational policy might st
ate the
following pri nci pl es:
1) Information is vital to the economic well being of the organization
2) Every cost-effective effort will be made to ensure the confidentiality, integ
rity,
authenticity, availability and utility of the organization s information.
3) Protecting the confidentiality, integrity and availability of these informati
on
resources is a priority and a job responsibility for all employees at all levels
of the
company.
4) All information-processing facilities belonging to the organization will be u
sed only
for authorized purposes.
Below this statement of principles come site-specific policies covering physical
access to
the property, general access to information systems and specific access to servi
ces on
those systems. The firewall s network service access policy is formulated at thi
s level.
For a firewall to function as the company desires, the network service access po
licy
should exist prior to the implementation of the firewall. The policy must be rea
listic and
sound. A realistic policy provides a balance between protecting the network from
known
risks on the one hand and providing users reasonable access to network resources
on the
other. If a firewall system denies or restricts services, only a strong network
service
access policy will prevent the firewall s access controls from being modified or
circumvented on an ad hoc basis. A sound, management-backed-policy can provide t
his
defense against user resistance.
Firewall Design Policy
The firewall design policy is specific to the firewall and defines the rules use
d to
implement the network service access policy. The company must design the policy
in
relation to, and with full awareness of, issues such as the firewall s capabilit
ies and
limitations, and the threats and vulnerabilities associated with TCP/IP. As ment
ioned
earlier, firewalls generally implement one of two basi c design poli cies:
1) Permit any service unless it is expressly denied; or
2) Deny any service unless it is expressly permitted.
Firewalls that implement the first policy (the permissive approach) allow all se
rvices to
pass into the site by default, with the exception of those services that the ser
vice-access
policy has identified as disallowed. Firewalls that implement the second policy
(the
restrictive approach) deny all services by default, but then pass those services
that have
been identified as allowed. This restrictive second policy follows the classic a
ccess model
used in all areas of information security.
The permissive first policy is less desirable, since it offers more avenues for
circumventing the firewall. With this approach, users could access new services
not
currently addressed by the policy. For example, they could run denied services a
t nonstandard TCP/UDP ports that are not specifically mentioned by the policy.
This is where firewall design comes in. Certain firewalls can implement either a
permissive or a restrictive design policy. A company can also choose to locate t
hose
systems requiring services that should not be passed through the firewall on scr
eened
subnets, separated from other site systems. Some use this approach for Web serve
rs,
which are partially shielded by packet filtering but are not sheltered behind th
e firewall.
(If the Web server calls information from, or feeds data to internal database sy
stems,
then that connection between the Web server and the internal machines should be
well
protected)
Figure 4.7: A screened sub-net
All the types of firewalls are functionally equivalent. The type of mechanism us
ed
determines the granularity of the firewall: how much security work it can accomp
lish.
Packet filters are least granular. Application gateway firewalls are the most gr
anular. A
Packet Inspection firewall can be made almost as granular as an application gate
way
firewall.
IP Security (IPSEC)
Some have argued that this is the case. Before pronouncing such a sweeping predi
ction,
however, it s worthwhile to consider what IPSEC is and what it does. Once we kno
w this,
we can consider whether IPSEC will solve the problems that we re trying to solve
with
firewalls.
IPSEC (IP Security) refers to a set of standards developed by the Internet Engin
eering
Task Force (IETF). There are many documents that collectively define what is kno
wn as
"IPSEC". IPSEC solves two problems, which have plagued the IP protocol suite for
years: host-to-host authentication (which will let hosts know that they re talki
ng to the
hosts they think they are) and encryption (which will prevent attackers from bei
ng able
to watch the traffic going between machines).
Note that neither of these problems is what firewalls were created to solve. Alt
hough
firewalls can help to mitigate some of the risks present on an Internet without
authentication or encryption, there are really two classes of problems here: int
egrity
and privacy of the information flowing between hosts and the limits placed on wh
at
kinds of connectivity is allowed between different networks. IPSEC addresses the
former
class, and firewall the latter.
What this means is that one will not eliminate the need for the other, but it do
es create
some interesting possibilities when we look at combining firewalls with IPSEC-en
abled
hosts. Namely, such things as vendor-independent virtual private networks (VPNs)
,
better packet filtering (by filtering on whether packets have the IPSEC authenti
cation
header), and application-layer firewalls will be able to have better means of ho
st
verification by actually using the IPSEC authentication header instead of "just
trusting"
the IP address presented. However, just because a particular product is characte
rized as
a particular type of firewall does not mean that it does all of the security pro
cessing
possible with that kind of firewall.
Types of firewalls
Conceptually, there are two types of firewalls:
1) Network layer
2) Application layer
They are not as different as you might think, and latest technologies are blurri
ng the
distinction to the point where it s no longer clear if either one is better or "
worse." As
always, you need to be careful to pick the type that meets your needs.
Which is which, depends on what mechanisms the firewall uses to pass traffic fro
m one
security zone to another. The International Standards Organization (ISO) Open Sy

stems
Interconnect (OSI) model for networking defines seven layers, where each layer
provides services that "higher-level" layers depend on. In order from the bottom
, these
layers are physical, data link, network, transport, session, presentation, and a
pplication.
The important thing to recognize is that the lower-level the forwarding mechanis
m, the
less examination the firewall can perform. Generally speaking, lower-level firew
alls are
faster, but are easier to fool into doing the wrong thing.
Network layer firewalls
These generally make their decisions based on the source, destination addresses
and
ports in individual IP packets. A simple router is the traditional network layer
firewall,
since it is not able to make particularly sophisticated decisions about what a p
acket is
actually talking to or where it actually came from. Modern network layer firewal
ls have
become increasingly sophisticated, and now maintain internal information about t
he
state of connections passing through them, the contents of some of the data stre
ams,
and so on. One thing that s an important distinction about many network layer fi
rewalls
is that they route traffic directly though them, so to use one you either need t
o have a
validly assigned IP address block or to use a "private internet" address block.
Network
layer firewalls tend to be very fast and tend to be very transparent to users.
Screened Host Firewall
In Figure 4.8, a network layer firewall called a "screened host firewall" is rep
resented. In
a screened host firewall, access to and from a single host is controlled by mean
s of a
router operating at a network layer. The single host is a bastion host; a highly
defended
and secured strong point that (hopefully) can resist attack.
Example Network layer firewall: In figure 4.9, a network layer firewall called a
"screened subnet firewall" is represented. In a screened subnet firewall, access
to and
from a whole network is controlled by means of a router operating at a network l
ayer. It
is similar to a screened host, except that it is, effectively, a network of scre
ened hosts.
Application layer firewalls
These generally are hosts running proxy servers, which permit no traffic directl
y
between networks, and which perform elaborate logging and auditing of traffic pa
ssing
through them. Since the proxy applications are software components running on th
e
firewall, it is a good place to do lots of logging and access control. Applicati
on layer
firewalls can be used as network address translators, since traffic goes in one
"side" and
out the other, after having passed through an application that effectively masks
the
origin of the initiating connection. Having an application in the way in some ca

ses may
impact performance and may make the firewall less transparent. Early application
layer
firewalls such as those built using the TIS firewall toolkit, are not particular
ly
transparent to end users and may require some training. Modern application layer
firewalls are often fully transparent. Application layer firewalls tend to provi
de more
detailed audit reports and tend to enforce more conservative security models tha
n
network layer firewalls.
Dual - Homed Gateway
Example Application layer firewall: In figure 4.10, an application layer firewal
l called a
"dual homed gateway" is represented. A dual homed gateway is a highly secured ho
st
that runs proxy software. It has two network interfaces, one on each network, an
d blocks
all traffic passing through it.
The future of firewalls lies someplace between network layer firewalls and appli
cation
layer firewalls. It is likely that network layer firewalls will become increasin
gly "aware"
of the information going through them, and application layer firewalls will beco
me
increasingly "low level" and transparent. The end result will be a fast packet-s
creening
system that logs and audits data as it passes through. Increasingly, firewalls (
network
and application layer) incorporate encryption so that they may protect traffic p
assing
between them over the Internet. Firewalls with end-to-end encryption can be used
by
organizations with multiple points of Internet connectivity to use the Internet
as a
"private backbone" without worrying about their data or passwords being sniffed.
Application Layer Firewalls vs. Network Layer Firewalls
The purpose of this section is to explain the classical definitions of both a ne
twork
firewall and an application firewall, and compare/contrast the two. In the proce
ss of
doing so, some assumptions have to be made. Many of the benefits arid drawbacks
that
are stated do not really come into play, as an administrator should not set up t
heir
network in this manner. The pros, cons and some of the vulnerabilities will be d
iscussed
about each firewall type. To conclude the paper, an explanation of modern firewa
ll
technology will be examined, and how the various technologies differ from the cl
assic
definitions.
Network layer firewalls run at layer 3 (Network) and sometimes 4 (Transport) of
the OSI
Model and are only able to make "decisions" that fall under these two layers. "O
ne thing
that is an important distinction about many network level firewalls is that they
route
traffic directly through them."
1
Meaning they scan for source and destination
information and allow or disallow packets based on this information. Network lay
er
firewalls typically fall under one of the following two categories: packet filte
rs and circuit
layer gateways.
"A packet filter examines IP packets and makes a decision to accept or deny traf
fic based
upon criteria such as source and destination IP addresses and source and destina
tion
TCP/UDP port numbers."
2
Circuit layer gateways take this a step further and operate in
layer 4. "As such, they can make basic authorization decisions based on source a
nd
destination IP address as well as protocol type and port."
3
This provides a higher level of
flexibility in that they can make decisions on whether inbound requests to ports
are
valid. VLSI (very large scale integration) devices, such as routers and switches
have the
ability to function as network firewalls.
Network firewalls are typically used when speed is essential. Since packets are
not
passed to the application layer and the contents of the packet are not being ana
lysed,
packets can be processed quicker. This can be advantageous for firewalls that sc
an for
connections to web and email servers, especially ones that have high amounts of
traffic.
This is due to the fact that latency is your enemy when it comes to people acces
sing your
site. This offers a layer of protection to your network and does not impede conn
ectivity.
Generally speaking, network firewalls are a cheaper alternative. Most logical ne
twork
devices offer at least some level of packet filtering. This would allow use of p
re-existing
equipment to perform firewall duties. Some network operating systems also come w
ith
the ability to do packet filtering. This may prove to be an inexpensive solution
, but can
often produce problems. The most evident is that the firewall would be susceptib
le to
any attacks or vulnerabilities that the operating system possesses.
Network level firewalls run on an access control list and do not provide the sam
e high
level of protection that application firewalls do, since they cannot monitor the
contents
of packets. The list simply verifies if the source and destination data are vali
d. This can
present a problem if you are actively trying to scan for vulnerabilities in the
data itself.
Typically network level firewalls do not provide a high level of auditing or log
ging. Based
on how closely the traffic needs to be scanned, this may present a problem.
Network firewalls are susceptible to different exploits. Three common ones are b
uffer
overruns, IP spoofing and ICMP tunnelling. Buffer overruns typically occur when
data
sizes inside, a buffer exceed what was allotted. "A buffer overflow condition wo
uld
normally cause a segmentation violation to occur."
4
If we were to assume that a buffer
was created with a fixed length of 500 bytes, we could send the process data exc
eeding
that size. If carefully crafted, executable code could be inserted and ran. For
example, if
one were running sendmail behind the firewall, "an attacker could send specific co
de
that will overflow the buffer of a command like VRFY and execute /bin/sh. If send
mail
is running at root, /bin/sh will have root access."
5
Since these exploits take advantage of
the application layer, a network firewall could not scan them and disallow them.
IP
spoofing is simply sending your data to a source, in this case a firewall and fa
king a
source address that the firewall will trust. In this particular scenario, the ha
cker would
be able to access internal machines since he compromised the firewall. ICMP tunn
elling
allows a hacker to insert his data into a legitimate ICMP packet. Since the netw
ork
firewall cannot probe the packet past the IP headers, it cannot deny the connect
ion. In
order for an exploit like this to work properly, a process must be in place on t
he other
side of the firewall to strip the data out of this packet. The system has alread
y been
compromised if it has reached this point. In real life, an intelligent administr
ator would
drop all ICMP traffic at the firewall. However, for purposes of this discussion,
we see
how the firewall would not be able to stop this exploit in the long term.
Application level firewalls, as the name implies, operate in the Application Lay
er of the
OSI model. They view information as a data stream and not as a series of packets
. In this
way, they are able to scan information being passed over them and to ensure that
the
information is acceptable, based on its own set of rules. "They generally are ho
sts
running proxy servers, which permit no traffic directly between networks, and wh
ich
perform elaborate logging and auditing of traffic passing through them."
6
As stated earlier, these firewalls work at the application level, so they tend t
o be
equipped with a certain level of logic. This allows the firewall to make some in
telligent
decisions about what to do with packets that are passing through it. An example
of this
ability follows: "In an early incarnation of sendmail, the original implementati
on of an
SMTP mail server, a backdoor command was inserted to assist in debugging the
application. SMTP is based on a simple, human-readable, text-based dialog betwee

n the
client and server, using commands such as HELO,) QUIT , and DATA . The backdo
or
command was WIZ , which allowed the client machine to gain root shell access on t
he
remote sendmail server. Since neither Packet Filters nor Circuit Layer Gateways
examine application data, they were vulnerable to this backdoor exploit."
7
In this
example, an application firewall can be configured to check for a "known" vulner
ability.
This may prove to be cumbersome, as an administrator would have to stay on top o
f all
possible vulnerabilities, but the option is available. Another benefit of applic
ation level
firewalls is that they typically do a large amount of logging, which makes it ea
sier to
track when a potential vulnerability happens. Another major benefit of applicati
on
firewalls is that they typically support the ability to report to intrusion dete
ction
software. This allows third party software to take control of an intrusive situa
tion and
perform tasks above the capabilities of the firewall itself. This is useful if y
ou want to
monitor a hacker once they get inside instead of just blocking them or have the
system
send a page when an intrusion is detected.
The price you pay for the ability to scan packets for rogue data comes in perfor
mance.
Since the firewall operates at the application layer, the datagram has to be pas
sed
through all the subordinate layers. The difference may not appear substantial, b
ut when
the system is scanning thousands of packets, it becomes more evident. Many peopl
e
insist that the "bit stripping" or the removing of headers and passing the data
up to the
next level, that occurs while passing packets up and down the layers, is not at
all
significant. However, with the speed of machines today, the task of moving throu
gh the
OSI model is typically negligible. The application firewalls will suffer a highe
r rate of
diminishing utility. As more connections are being made to the firewall, its rat
e of
degradation will decrease faster than the available bandwidth. By today s standa
rds, if
an application layer firewall were to suffer a solid performance hit, it is more
likely that
it is related to I/O cycles required for logging and auditing than "bit strippin
g".
Due to the amount of work the firewalls must do, application firewalls are less
susceptible to attacks that hide data in legitimate traffic and more susceptible
to
distributed denial of service (DDOS) attacks. If enough data is forced on the fi
rewall it
can cease to operate. The high number of service level vulnerabilities that curr
ently exist
can also compromise application firewalls. For example, sendmail and DNS have
numerous well-known exploits. If the firewall is allowing SMTP traffic or DNS tr
affic to
pass through and a hacker has access to one of the many exploits, typically the
firewall
will allow the data to pass, unless elaborate rules are established. Setting suc
h elaborate
rules usually proves to be burdensome to most administrators, so this type of ex
ploit is
usually left unchecked.
In print, it would appear that what one firewall has as a benefit, the other has
as a
drawback. In reality, the delineation between network layer firewalls and applic
ation
layer firewalls is quickly diminishing. Modern firewalls perform some tasks in b
oth the
network and application layer. Many network IOS s have the ability to scan traff
ic for
vulnerabilities beyond layer 3, even though it may be a layer 3 device. "When vi
ewed as
a whole, Circuit Layer Gateways do not operate purely at layer 4. They have beco
me
hybrid software implementations to address the need for stringent Internet secur
ity. It
is generally marketed as Stateful Multi-Layer Inspection , which means the soft
ware
operates at many layers. Conversely, Application Layer firewalls do not solely f
unction
at the application layer. For example, in the Axent Raptor Firewall, it is possi
ble to pass
traffic through local-tunnels, a stateless layer 3 mechanism, or layer 4 Generic
Service
Proxies with no application data scanning."
8
Firewalls that fully function in the network
and application layer are not developed fully as of yet, but the advances in the
technology should be considered. It is also important to note that many applicat
ion level
firewalls offer some level of clustering that allows the firewall to overcome it
s speed
issue. This allows one to add more machines as needed.
No one firewall will meet one hundred percent of everyone s needs. Before purcha
sing a
secure firewall solution, make sure to fully analyse the pros and cons. As a gen
eral rule,
if speed is the most important feature, look into the network layer firewall. If
security is
a top concern, then look into an application layer firewall. In a perfect world
, you would
have an application proxy securing your corporate network, but a network layer f
irewall
to protect your web presence, without impeding performance."
9
Ultimately a firewall
serves more for peace of mind than a security device. In the end, a hacker is mo
re likely
to look for another way in, such as social engineering passwords from the staff
of a
company, using a war dialer to locate modems on a network to dial in and bypass
the
firewall entirely or look for exploits on a mail or web server that would allow
them to
pass through the firewall legitimately. This is due in part, to the high level o
f security
that firewalls provide. Hackers will always look for the easiest route into the
system first.
It s very similar to locking the car doors even though a thief can still get int
o your car by
breaking the windows. The locked doors have forced the thief to go in a differen
t route.
This does not mean that a firewall should not be put into place. Make sure that
policies
are set up to cover all security related aspects of the LAN. Also remember that
no matter
how powerful the firewall is it is only as strong as the policy enforcement. Ens
ure that
the firewall is up to date on security vulnerabilities and all access lists are
accurate. If
this is not done, it will quickly become another doorstop in the organization.
Security in E-Commerce Transactions
The paper based society makes a contract legally binding in accordance to the pr
ovisions
of the contracts Act, 1872. Similar is the process of corporate where the common
seal of
the company affixes the documents to contracts.
The presumption under the Indian Evidence Act of signing the document is that th
e
person has understood and agrees to the contents of the document and is legally
liable.
The signatory is however free to prove that his signature was forged in cases of
signatures purported. In the latter, it is to the courts to conclude on the basi
s of
circumstantial evidence.
Therefore some of the cyber challenges that need to be addressed are:
Authentication (identify to contracting parties)
Data Integrity (the facts and figures are true and genuine)
Confidentiality in storage and transmission of data
Bridging real and virtual transactions.
Security and Authentication Issues
Lack of user confidence in E-commerce transactions has been a major hindrance to
the
growth of E-commerce. Companies that do business on the web face many security
issues that need to be addressed in order to protect information and minimize ri
sk. The
growth of B2C E-commerce depends on allaying the fears of consumers about
transaction security. Only developing sound security can do this and authenticat
ion
systems. The paying customer s concerns are not unfounded. There are several cas
es of
security frauds being committed on the net. Such a Security threat occurs when a
hacker, has the potential to disrupt data or network resources and incur economi
c loss.
This loss could be m the form of destruction, disclosure, modification of data,
denial of
service, fraud, waste or abuse.
Security concerns in E-commerce can be broadly divided into concerns about user
authorisation, and concerns about data and transaction security. Authorisation s
chemes
such as password protection etc, and firewalls ensure that only valid users and
programs
have access to information resources such as user accounts, files and database.
Data and
security schemes such as secret key encryption, public/private key encryption et
c, are
used to ensure the privacy integrity, and confidentiality of business transactio
ns and
messages. (These are the basis on which several online payment systems such as
electronic cash and checks are constructed.)
Transaction Security
As more companies are beginning to conduct commerce online transact on security
becomes important. They are realising that consumers belief in the reliability an
d
protection of their business transactions against third party threats need to be
improved. Unsure of security consumers are not willing to provide credit card nu
mbers
over the net. The threat of "sniffer programs" that collect credit card numbers
is still
there. So companies are paying more attention to transaction security and
authentication.
Types of Online Transactions
The type of transaction depends on the type of content (data) that is sent acros
s the
network. The different categories data are,
Public Data - This type of data has no security restrictions, and may be accesse
d by
any one. Such data however should be protected from unauthorised tampering or
modification.
Copyr i ght Data - This type of data is copyrighted but not secret. The owner of
the
data will provide the data if he is paid for it. So in order to maximise revenue
security
must be tight.
Confi denti al Data - This type of data contains content that is secret, but the
existence
of the data is not a secret. Such data include bank account statements and perso
nal files.
Secr et Data - The very existence of this type of data is secret and must be kep
t
confidential at all times. It is necessary to monitor and long all access and at
tempted
access to the secret data.
The fact that there many different types of Internet transactions makes security
difficult.
Because of the sensitivity of information being transferred and in order to prot
ect the
consumer from various forms of fraud and misconduct, security and verification i
s
necessary for all type of data.
Transmission of Electronic Documents
The transmission of electronic documents from the originator is generally broke
n up
into smaller data packets to dispatch. At the destination they are reassembled t
o form
the entire message. However, one may intercept the document and tamper the conte
nts
to the document. It thus becomes necessary to send the data in the encrypted/cod
ed
form for security and the receiver alone is enabled to decrypt/decode the concer
ned
document. The general cryptosystem is the symmetric cryptosystem and the more
secured the asymmetric cryptosystem.

Symmetric Crypto-system
This is the simpler form of cryptography. Both the sender and the receiver opera
te a
single key to encrypt or decrypt a message. This type of single key encryption i
s called
symmetric crypto-system.
Though this system ensures security, as both the sender and the receiver of the
message
use a single key, the key needs to be transmitted and hence is exposed to theft
of the key.
Also legal, it becomes impossible to ascertain the sender or the receiver and he
nce fix
the contractual capacity.
Asymmetric Crypto-system
It is also referred to as the public key system. Here there are two keys, the pr
ivate key
and the public key. The originator holds the private key, while to the intended
sender
the public key is distributed. A message encrypted with the private key can only
be
decrypted with its corresponding public key. The two keys form a unique pair and
the
presumption if a document is signed and sent through this type of transmission t
he
sender alone has given the authority to the receiver.
Requirements for Transaction Security
There are three basic requirements for transaction security:
Transaction Privacy
The threat of information privacy is technically called unauthorised monitoring
or
packet sniffing. Such sniffer attacks begin when a hacker breaks into a computer
and
installs a packet-sniffing program that monitors the network traffic. The sniffe
r
programs watch the network traffic, typically for the first part of the sessions
that
legitimate users initiate to gain access to another system, such as Telnet, FTP
etc.
The first part of such sessions contains the information that will enable the sn
iffer to log
onto other machines - log in ID, password, the name of the user logging in etc.
The
sniffer will also gather information about local users logging into other remote
machines, but also to any remote machine the user logs into. If the sniffed syst
em is on a
backbone network, intruders can monitor any traffic between nodes
on that network. Such a network monitoring can rapidly expand the number of syst
ems
intruders are able to access.
Users whose accounts and passwords are collected will not be aware that their ac
counts
are monitored. In one of the most famous sniffing case hackers defrauded the US
telephone major MCI to the tune of $28 million. They used sniffers to record 50,
000
credit card and phone card numbers and then sold the data to European users who
used
these accounts to make free long-distance calls.
Transaction Confidentiality
The E-commerce environment must ensure the confidentiality of the data being sen
t.
After successful delivery of information to the destination gateways, messages m
ust be
removed from the public network, leaving only the accounting record of entry and
delivery. All message archiving must be done in well-protected systems. Confiden
tiality
is important for the transaction of such sensitive data like credit card numbers
. It can be
accomplished using encryption methods, which secure links between computers.
Transaction Integrity
Integrity means that the transactions must remain unmodified during the transpor
t
between the client and the server. Transmission must be tamper proof in the sens
e that
no one can add, delete or modify any part of the message in transit. Mechanisms
for
integrity must prevent attacks involving the modification of data while the tran
saction is
in progress. Methods for ensuring information integrity include error detection,
sequence numbers, encryption techniques etc.
Encryption and Transaction Security
Using encryption or secret codes sensitive information over a public network lik
e
Internet can be protected. Encryption is the mutation of information in any form
(text,
video and graphics) into a form readable only with a decryption key. A "key" is
a very
large number, a string of zeros and ones. The goal of encryption is to make it i
mpossible
for the hacker who gets the cipher text (encrypted information) as it passes on
the
network to recover the original message. There are two main types of encryption
techniques.
Secret-Key Encryption
Secret-key encryption involves the use of shared key for both encryption by the
transmitter and decryption by the receiver. It works in the following way. Suppo
se a
customer wants to send his credit card number to his online merchant, in such a
way
that only the merchant can read it. The customer will encrypt the card number us
ing an
encryption key and sends the encrypted message (cipher text) to merchant. This m
akes
the message unreadable to any third party.
The merchant will then decrypt the cipher text using the decryption key and will
read
the number. In this both the encryption key and the decryption key are the same.
The
transmitter uses a cryptographic secret "key" to encrypt the message and the rec
ipient
must use the same key to decrypt it. Data Encryption Standards (DES) are availab
le to
implement such singe-key encryption techniques.
Although useful, secret key encryption has certain limitations. All parties must
know
and trust each other completely and have in their possession a protected-of the
key. If
the sender and the receiver reside in different cities, they risk being overhear
d about the
key via the communication networks. Since shared keys must be securely distribut
e to
each communicating party, secret key encryption suffers from the problem of key
distribution- generation, transmission and storage of keys. Secure key distribut
ion is
cumbersome in large organisations where a company deals with thousands of online
customers.
Further secret key encryption is impractical for exchanging information with a l
arge
group of previously unknown parties over a public network. For example, if for a
n
online merchant to conduct transactions securely with Internet subscribers each
customer would need a distinct secret key assigned by the merchant and transmitt
ed
over a separate secure channel such as the telephone, adding to the overall cost
. So,
secret key encryption cannot play a dominant role in E-commerce.
Public Key Encryption
Public key encryption uses two keys: one key to encrypt the message and a differ
ent key
to decrypt the message. The two keys are mathematically related so that data enc
rypted
with one key can only be decrypted using the other key. Unlike secret key encryp
tion
which uses a single key share by two parties, public key encryption makes use of
two
keys. One of the keys is "public" and the other key is "private". The public key
can be
made know to other parties, but the private key must be confidential and known o
nly to
the owner.
The best known public key encryption algorithm is the "RSA" algorithm. In this m
ethod
each participant creates two unique keys, a "public key" which is published in a
public
sort of directories and a "private key" which is kept secret. The two keys work
together;
whatever the data one of the key "locks", only the other key can unlock.
For example, a customer sends a message (credit card information) to the online
merchant through e-mail. The message will be encrypted with the locking key (pub
lic
key) and forwarded to the merchant. He unlocks the message with the unlocking ke
y
(his private key) and gets the information. If the copy of the key is intercepte
d or the
message is intercepted, it remains secure because the stolen "key" only locks th
e
contents; it is incapable of decrypting the message. The important concept in th
is is that
even if the channels are not secure, the message itself can be protected. The pr
oblem of
authentication is solved by checking the authenticity of the public key with a
certification authority and obtaining an Authorisation Certificate (AC).
The following table compares secret and public key systems.
Table 4.2 compares secret and public key systems.
In practical usage, both the key system are often combined to form a hybrid key
system,
in order to exploit the advantages offered by the two systems. To determine whic
h type
of encryption best meets its needs an organisation first has to identify its sec
urity
requirements and operating environment. Public key encryption is particularly us

eful
when the parties wishing to communicate cannot rely on each other or do not shar
e a
common key, which is the case in online commerce.
Digital Signatures
Digital signatures work with public key encryption to ensure authentication and
privacy.
It is cryptographic mechanism that performs the functions of a written signature
. They
are used for sender authentication. For example a recipient of data (such as e-m
ail
message) can verify who signed the data and that the data was n modified after b
eing
signed.
Let us consider the following scenario: a customer (say A) interacts with an onl
ine
merchant such as amazon.com. When A orders books from amazon.com, he will use
Amazon s public key to encrypt his confidential information. Amazon uses its pri
vate
key to decrypt the message. Thus the customer knows that only Amazon has receive
d
the information. To ensure further security he can send a digital signature, enc
rypted
with his private key, which Amazon could decrypt with A s public key and know th
at
only A could have sent it.
Data is electronically signed by applying the originators private key to the dat
a. To
increase the speed of the process the private key is applied to a shorter form o
f the data
called "hash" or "digital digest" rather than to the entire set of the data. The
resulting
digital signature can be stored and transmitted along with the data. The signatu
re can be
verified any party using the public key of the signer.
Digital signatures ensure authenticity in the following way. In order to digital
ly sign a
document, a user combines his private key and the document and performs a
computation on the composite (key + document) in order to generate a unique numb
er
called digital signature . For instance, when an electronic document such as a
order
form with credit card number is run through the digital signature process the re
sult is a
unique linger print of the document. The "finger print" is attached to the orig
inal
message and further encrypted with the private key of the signer. If the user is
communicating with his bank, he sends the second encryption to the bank. The ban
k
then decrypts the document using the user s public key and checks to see if the
message
is altered. To verify the signature the bank performs a computation involving th
e
original document, the purported digital signature and the user s public key. If
the
results of the computation generate an identical "finger print" of the document
the
signature is verified as genuine, otherwise it is fraudulent or tampered. These
digital
signatures are the basis of secure e-commerce.

Digital Certificate
Authentication is further ensured by the use of digital certificates. Before two
parties, A
and B, use public key encryption to conduct business, each wants to make sure th
at the
other party is authenticated. Before A accepts a message with B s digital signat
ure, he
wants to ensure that the public key belongs to B and not to someone else masquer
ading
as B on an open network. One-way to be sure that the public key belongs to B is
to
receive it over a secure channel directly from B, which in most cases, practical
ly
impossible.
An alternative to the use of a secure channel is to use a trusted third party to
authenticate that the public key belongs to B. such a party is known as a Certif
ication
Authority (CA). Once B has provided proof of his identity, the CA creates a mess
age
containing B s name and his public key. This message known as the CA digitally s
igns
the certificate. It contains the owner identification information as well as a c
opy of the
owner s public keys. To get most benefit, the public key of the certificate auth
ority
should be known to as many people as possible. Thus by using one public key (CA)
, as a
trusted third party means of establishing authentication disparate parties can e
ngage in
E-commerce with a high degree of trust.
For example in the credit card industry Visa provides digital certificates to th
e card
issuing financial institution, and then the institution then provides a digital
certificate to
the user. A similar process takes place for the merchant. At the time of the tra
nsaction,
each party s software validates both merchant and cardholder before any informat
ion is
exchanged. The validation takes place by checking the digital certificates that
were both
issued by an authorised and trusted third party.
Electronic Mail (E-mail)
E-mail or electronic mail can be defined as the exchange of messages and compute
r files
between computers over a computer network. This network can be as small as a Loc
al
Area Network (LAN) or it can be as large as the Internet that spans the world. E
lectronic
mail or e-mail is without doubt the most commonly used Internet service. E-mail
is
much older than the Web, and more people use it. Every system on the Net support
s
some sort of mail service, which means that we can send and receive e-mail from
millions of people around the world.
Advantages of Electronic mail
The main benefit of e-mail when compared to other messaging mediums like fax is
that
it is almost instantaneous; it directly reaches the concerned individuals electr
onic mail
box without getting buried under a mountain of paper. In some cases, you can eve
n
confirm whether your message has been received and read by the recipient.
Sure the good old telephone offers advantages similar to that of a letter or fax
, but what
do you do when the person you are calling is not at his table or if the person i
s a few
continents away?
With e-mail even if the recipient is not around, the message is delivered into h
is mailbox
and is available the next time he checks his mailbox. E-mail also ensures a much
higher
degree of security / privacy. Only an authorised person can open, or even know t
he
presence of the mail. An authorised person is one who knows the login name and
password to the recipient s mailbox.
Compared to other mediums e-mail is very economical. The cost of sending electro
nic
message across the world is the same as sending one across the city - in most ca
ses, a
local telephone call. Further, as the message is in an electronic form, you save
money on
printing, fax, paper and ink. Used correctly, e-mail offers many advantages over
physical
mail or message. For example, using encryption technology you could electronical
ly
deliver confidential documents saving time and money over the standard practice
of
having a reliable person - who could be waylaid - hand delivering a sealed doc
ument.
Similarly by using digital signatures, you can even hinder forgery as digital si
gnatures,
like fingerprints can be verified and are unique for every user and message.
E-mail Addresses and Mail Boxes
Every one with e-mail access has an e-mail address, which is the cyberspace equi
valent
of a postal address or a phone number. When you send an E-mail message, you ente
r
the address or addresses of the recipients so that the computer knows to whom se
nd it.
Internet mail addresses have two parts, separated by the @ (at sign). The part befor
e
@ is the mailbox which is roughly speaking your personal name, and the part afte
r that
is the domain. Usually the name of your Internet service provider (ISP), such as
bgl.vsnl.net.in or goa.vsnl.net.in or udupi.com, is the domain name.
The mailbox is usually your username, the name your provider assigns to your acc
ount.
If you are lucky, you get to choose your name; in other cases, you get what the
provider
gives. For example you can write to the President of the United States at
president@whitehouse.gov. The Presidents mailbox is president, and the domain tha
t
stores his mailbox is whitehouse.gov.
When an e-mail message comes across the Internet, the message needs space until
someone is ready to read it. The Internet has two mail protocols to handle this
POP
(Post Office Protocol) and SMTP (Simple Mail Transfer Protocol). Every Internet
Service Provider runs a POP server and an SMTP server for the use of its custome
rs.
When your mail program picks up the mail it gets your mail from your provider PO
P
server to your PC. After you have downloaded your message you can get disconnect
ed.
You can read and respond to your mail while you are offline. When you are ready
to your
responses you can reconnect and transmit your outgoing mail to the SMTP server.
This
process is very simple if you use a good E-mail program.
HowE-mail Works?
E-mail works on the store and forward principle. To understand this let us as
sume
person A (from a@bgl.vsnl.net.in) sends a mail to B (at b@hotmail.com). The bgl
server
checks the network for a mail server with the lowest traffic and uploads A s mai
l to this
server. This server in turn holds the mail while checking the network for a m
ail server
in turn holds the mail while checking the network for a mail server with the low
est
activity and uploads A s mail there. This process continues until the mail is
uploaded to
hotmail server into B s mailbox. The recipient then downloads it from the destin
ation
mail server, (here B downloads the mail from hotmail server).
E-mail works in the same way as the postal system does. When you write an e-mail
message and mail it, it gets posted in the mail server, which could be on your
private
network or the Internet. This is analogous to your local post office where all y
our letters
end up after you deposit the in the letterbox. The mail server also plays a larg
e part in
controlling the data traffic on the network. It stores messages when network tra
ffic is
high and forwards them when network traffic is low thereby reducing network
congestion. It also acts as a gateway or translator between different types of e
-mail
systems like the Internets POP3 or X400 (A recommended international
communication standard that defines how e-mail should be transported over differ
ent
kinds of network like TCP/IP or X25). Once the message reaches the destination m
ail
server, they are stored until the recipient collects it.
E-mail Options
Just like there is a car for every driver, different e-mail options are availabl
e from the
low budget option all the way up to the relatively expensive but rock stable cor
porate
option. Broadly speaking, the options available are:
E-mail through Internet service provider
Internet-based free e-mail
Internet-based e-mail for forwarding services
E-mail service providers
E-mail through Internet Service Provider:
The public access to Internet is available in India since August 15, 1995. This
service is
called Gateway Internet Access Services or GIAS. The country s long distance tel
ecom
service provider Videsh Sanchar Nigam Ltd. (VSNL) initially offered the service
in the
four metros of Delhi, Calcutta, Mumbai and Bangalore. Today GIAS has expanded to
many cities and includes the Department of Telecom (DOT) as a complimentary
connectivity provider.
The GIAS service presently offers two types of dial-up access to the Internet:
- Text-based Unix shell account (with a special discount option for students)
- TCP/IP protocol-based graphical account
In both cases, an e-mail account is offered as a default option to the subscribe
r.
Of the two options, though the text based Unix shell option is cheaper, it has i
ts
downside. It does not offer the familiar Windows-based interface and you will ne
ed to
spend some time familiarising yourself with the Pine e-mail program that is prov
ided to
shell account subscribers. Secondly, you cannot write your mail offline, you hav
e to be
connected to the GIAS service to be able to use Pine. If you send a lot of e-mai
ls or long
e-mails, this could result in hefty telephone bills. The only real advantage she
ll account
seems to offer is better connectivity. That is because most subscribers prefer t
he TCP/IP
service resulting in fewer lousy tones since the ratio of available shell accou
nt dial up
lines to subscribers has improved.
With the TCP/IP account you not only get the graphical interface to the Internet
, you
also get to choose any of the easy-to-use e-mail clients like Eudora or Netscape
s
Messenger. This allows you to connect, retrieve, read and write all your message
s offline
but also receives and sends them in multimedia rich HTML format. One disadvantag
e of
the TCP/IP account is poor connectivity. Due to its popularity the number of peo
ple
dialing the service has out-stripped the number of access telephone lines put up
by
VSNL in India.
Web based Free E-mail
Unlike GIAS service where you are provided an e-mail address by default, you nee
d to
have Internet access before you can start using Internet based free e-mail. This
can be
either through a dial-up connection. These can be used to access the two types o
f e-mail
available on the Internet: Web-based e-mail and post-office protocol (POP) based
email.
In the case of Web-based e-mail service, a web browser like Internet Explorer or
Netscape Navigator is the access client. To send or receive messages, you have t
o browse
to the e-mail service providers homepage, identify yourself and then read or wr
ite your
e-mail.
POP protocol based e-mail services are similar to the GIAS e-mail service. In fa
ct all
Internet messaging - including - GIAS is based on POP. As with GIAS -based e-mai
l, to
access your mail, you need a client like Eudora or Netscape messenger and you ca
n read
or write your message offline. Thus, irrespective of your location, be it Delhi

or New
York, as long as you have access to the Internet you will be able to send and re
ceive email. The only problem is that you will have to put up with a few advertisements
(that s
how these services make money) when you access your e-mail. POP based free e-mai
l
has the disadvantage of having to install and configure an e-mail client. This m
eans that
it is not portable like the Web browser-based e-mail services since client softw
are needs
to be installed at the access point - unless you are using a laptop PC, which ag
ain needs
an Internet connection.
Besides offering an e-mail address, most e-mail service providers, particularly
Web
browser ones, also offer you customised content. These include sports, financial
or
world news, articles from online magazines and special interest information or w
orld
news, articles from online magazines and special interest information. Most popu
lar
Web based e-mail services like Hotmail (www.hotmail.com) includes advanced featu
res
like spell checkers, anti-Spam options, auto e-mail filtering and sorting, abili
ty to collect
e-mail from your POP based accounts and a personal address book. Some, like
Net@address (www.netaddress.com), also allows you to access you e-mail through
Internet indexes and directories. In fact, most index and directories like Yahoo
! or
Excite also offer free e-mail services. To check out the Free E-mail Address Dir
ectory go
to www.emailaddresses.com which lists over 100 e-mail sources.
Internet-Based Forwarding Services
Free e-mail is not the only useful service that is available on the Internet. If
you have a
long e-mail address, would you not love to have one that is short and easy to re
member?
You can always open a free account with any one of the many Internet-based e-mai
l
services that have addresses easy to remember. But what do you do if you are one
those
types who like to keep all mails in one box? Then, you choose a forwarding servi
ce.
A forwarding service works like your paperboy who collects your paper and drops
it at
your house. The newspaper agent never gets to know where you live. All he knows
is
your name and the paperboy. And if he passes any message to the paperboy, like t
he
monthly bill, it will get delivered to you. Similarly, when you register yoursel
f with a
forwarding service, all you have to provide is your long e-mail address, which c
an often
be customised. For example, if you sport yourself to be a VIP or a computer addi
ct then
on NetForward (WWW.NetForward.com) you could pick yourself an address like
yourname@A-VIP.com or yourname@CyberJunkie.com. Now all you have to do is
distribute this e-mail address and all the e-mail mailed to this address will au
tomatically
be redirected to your long address. Even when you get a new, easy to remember email
address you can continue to use your forwarding service. All you have to do is c
hange
your forwarding e-mail address to the new e-mail address.
E-mail Service Providers
The e-mail service providers (ESP) existent even before the Internet became popu
lar.
Corporations use ESP services because of their superior connectivity and messagi
ng
solutions. Unlike Internet-based messaging services, which uses POP, most ESP s
use
either the X.25 and X.400 messaging has a return receipt option that notifies th
e sender
whether the recipient has received the mail or not, furthermore, these technolog
ical also
allow prioritisation of e-mail. These features, which are often important to mos
t
organisations, are not available in the existing internet-based messaging offere
d by
GIAS.
As ESP s do not use the standard Internet messaging technology, with ESP based
solutions you need to use messaging clients that are X.25 or X.400 compliant. Th
e ESP
provides these. Most ESP s also provide gateways to these popular messaging pack
ages
like cc Mail or Microsoft mail. However, there are some exceptions like Business
India
Information Technologys (BIITs) aXcess World that offer Internet technology-based
messaging.
On the negative side, if the e-mail volumes are high, e-mail provider-based mess
aging
becomes an expensive option. The reason is e-mail service providers charge by vo
lume,
connect time, peak hour charges and the message is for national or international
distribution. Most e-mail service providers also offer other value-added service
s like email-to-fix. Under this service you can send an e-mail message to a fax number a
nd the
service converts the e-mail message to a fax message. If you are sending loads o
f long
distance faxes, this works out cheaper compared to regular tax transmission and
costs
about the same as an e-mail message. But the advantage with ESP is that they off
er email solutions and onsite support to both small and large organisations. A servi
ce not
offered by the consumer e-mail oriented GIAS service. VSNL does not just offer I
nternet
messaging, they also offer X.400-based messaging services under their GEMS 400
service.
E-mail Software
Microsoft Outlook Express and Netscape Messenger are popular and smart E-mail
Software. E-mail Software is used to manage the E-mail accounts. Messages can be
composed off-line, and stored in an Outbox until all the mail to be sent is read
y. All the
mail in the Outbox can then be mailed together after connecting to mail server u
sing the
Internet account.
What your E-mail Program Needs to Know?

If you are using PPP account, you have to inform your e-mail program the name of
your
incoming (POP) and outgoing (SMTP) mail servers. Following are some things you n
eed
to know before using any E-mail software.
Your e-mail address: i.e. your username followed by an @ and the domain name.
Example: aimalu@md4.vsnl.net.in
Your e-mail password: The password for your mail box. In internet based e-mail t
his is
usually the same as the password for your Internet account.
Your incoming (POP3) mail server: The name of the computer that receives your email
messages. You can get this information from your ISP. Example:
aimalu@md4.vsnl.net.in or 140.128.1.1.
Your outgoing (SMTP) mail server: The name of the computer that distributes your
outgoing mails to the rest of the Internet (often the same as the POP3 server).
Example:
aimalu@md4.
QUESTIONS
1) Explain the basic security infrastructures.
2) What is a Firewall?
3) Explain the need of firewall.
4) What does Proxy server mean? Explain its functions.
5) How do Firewalls function as Gateways?
6) Explain the function of Firewalls as Control Points.
7) Explain the different types of Network Policy.
8) Explain the different types of firewalls.
9) Distinguish between Application Layer Firewalls and Network Layer Firewalls.
10) Describe the process of ensuring security in e-commerce transactions.
11) Explain the different types of online transactions.
12) What are digital signatures?
13) Explain the advantages of Electronic mails.
- End of Chapter UNIT V
E COMMERCE AND WORLD WIDE WEB
Electronic commerce is not an entirely new idea, nor is the online transaction.
Dial-up
computer services, like those provided by CompuServe since 1980, usually include
services and products that can be ordered online. Electronic funds transfer (EFT
) is
another relatively mature field that is only now reaching a mass market as ATMs,
gas
stations, and supermarkets increasingly accept credit, debit, and charge cards.
In 1993, when the World Wide Web protocols were first being proposed as Internet
standards, few people outside the research and academic world had even heard of
the
Internet, let alone used it. Today, the Internet and the World Wide Web are such
a part
of daily life that major mainstream publications no longer define Internet-relat
ed terms
like Web site, home page, or new posting.
The Internet Advantage
Despite the Internet s long existence as a non-commercial research network, its
commercialisation owes its apparent success to several factors:
The Internet is an open system
The Internet itself does not belong to anyone
The World Wide Web is the Internet s killer app.
The Internet is Open
All the Internet protocols are open and public, and anyone can use them to write
software implementations that can intemperate with other computers and networks
running the Internet protocols. Most of the competition between vendors of Inter
net
and TCP/IP software is based on performance, ease of use, and compatibility. Non
e of
these vendors is foolhardy enough to announce a new version of their software th
at
provides even the most attractive of new features at the cost of compatibility w
ith other
TCP/IP implementations.
LAN (Local Area Network) operating system vendors such as Novell and Microsoft h
ave
traditionally kept their product specifications private and incompatible, but ha
ve lost
the benefits of having an entire community of researchers and developers working
on
interoperable implementations, as has happened with the Internet protocols. Beca
use of
this openness, a wide range of implementations are available, from freeware thro
ugh
high-performance, high-function versions of Internet software sold by companies
like
FTP Software and SunSoft. The result of this competition is lower cost barriers
to small
companies and individuals who previously could not afford to connect to the Inte
rnet.
Connectivity through the Internet allows any connected individual to browse any
freely
available content, without regard to memberships. At least as important is that
anyone
with a dedicated Internet connection and a computer can be not just an informati
on
consumer, but also an information provider. And instead of communicating with an
online service population, people with Internet connectivity can potentially
communicate with anyone else connected to the Internet: 30, or 40, or 50 million
people, or more, depending on when you read this.
World Wide Web, Killer App of the Internet
Most Internet applications were developed by computer scientists more often conc
erned
with performance and extensibility than with usability. Applications such as tel
net (for
running terminal sessions on remote computers) and ftp (the File Transfer Protoc
ol
application, for transferring files between two computers) required from the use
r a high
level of awareness about the operating systems of the local and remote computers
.
While not entirely unusable by the less technically sophisticated, these applica
tions
nevertheless had a sufficiently high cost of entry (long learning times) to turn
off many
potential users.
Even before 1993, there were enough different information providers on the Inter
net to
make it a complicated matter to find a desired resource. Various applications we
re
developed to make searching the Internet simpler, but none was sufficiently comp
elling
to users. One application, Gopher, held promise. Gopher servers simply made vari
ous
Internet resources available through a common interface, using menus instead of

requiring entry of explicit commands. The resources could be file repositories o
r remote
computers allowing guest logins, or they could use any other allowable Internet
application; Gopher simply provided a simple character-based system, with a menu
based front end to those resources. No serious contender for a killer applicatio
n
appeared until the World Wide Web began and graphical browsers became available.
It
had always been a hassle to track down sources of information on the Internet, c
onnect
to the server, and attempt to locate the desired data. The World Wide Web offers
improvements both to the end users, who can point and click to navigate the Web
and
locate interesting or necessary information, and to the information providers, w
ho can
offers access to their own data as well as other related providers to a much wid
er
audience. Even more attractive is the ease with which regulate users can create
and
publish their documents for Internet consumption.
The result was an application that appealed to a huge potential user base: those
wanting
to access to free or cheap information and entertainment, but without the hassle
s of
figuring out how to work all the different computers and programs.
The World Wide Web
In 1989, the World Wide Web began to take shape as the ultimate networked hypert
ext
document. The idea was to use a mark-up language to create documents, relying o
n tags
(function-oriented labels that define how a part of a document behaves) rather t
han
using traditional word-processing formatting options to control the .way the doc
ument
is displayed. The result is that parts of each marked-up document behave the way
they
are supposed to, no matter how they are being displayed. For example, if a lin
e is
tagged as a title, it can be printed out in a specified font and size appropriat
e for hard
copy, but when it is displayed on a monitor it may appear in a different specifi
ed font,
size, and colour appropriate for that particular video display monitor.
This is very dry and technical way of saying that Web documents can be created i
n such
a way that a person using virtually any kind of computer (with a character-based
or
graphical user interface) can access virtually any information, resources, or de
vice
connected to a World Wide Web server. The user starts up client software and con
nects
to a home page, and then can surf on to other Web documents by traversing links
on the
home page and other connected pages. The result is world wide web of connections
between information services on the Internet. Connected services are often provi
ded
directly through Web documents, but the protocols allow any type of Internet
application to be accessed, including more traditional file transfer servers and
terminal
sessions on larger host systems.
Although backward compatibility with existing services and systems is important,
the
Web owes its success to an extra ordinarily simple user interface. Rather than r
equiring
an explicit search for Internet resources using arcane tools, all the services a
re available
in a graphic format and the user simply points and clicks to access them. As it
becomes
trivially easy for increasing numbers to access a Web site, it also becomes an e
specially
attractive avenue for companies looking for new ways to market their products. W
orld
Wide Web document development, server maintenance, specifications, and standards
are all important topics, but are also mostly beyond the scope of this book.
World Wide Web Standards
The World Wide Web is defined by handful of protocol specifications. Software
developers use those specifications to implement the Web browser and Web server
programs. The interaction between browser and server is defined by the Hypertext
Transfer Protocol (HTTP). Web browsers send messages conforming to this protocol
to
Web servers; these, in turn, return the requested information.
Traditional Internet addressing conventions are for locating computers attached
to
specific network interfaces. Special Internet host names and addresses are used,
but
these are sufficient only to locate a computer - locating a specific resource on
a
computer can be equally complicated, requiring the user to search through (somet
imes
unfamiliar) operating system directories, folders, and files. The Uniform Resour
ce
Locator (URL) protocol specifies how individual resources (file, documents, or e
ven a
specific section of a document) are to be identified within the World Wide Web b
rowsers
use these URLs in HTTP requests to remote servers. They identify to the server e
xactly
what resources are being requested.
Information transmitted from servers to browsers comes from Web documents stored
on the server that have been specially tagged using Hypertext Mark-up Language
(HTML) tags, which define the different functional pieces of each document. As
mentioned earlier, tags allow different parts of a document to behave differentl
y; most
important are the abilities of text and graphics to behave as pointers to other
parts of a
document, other documents and resources, and especially resources on other Web
servers. HTML documents consist of plain text (ASCII) files and may point to gra
phics
files, other types of multimedia files (for example, sound or full motion video
files)
stored in standard formats, or other network resources (URLs).
It isn t possible to put all the information that person browsing the Web would
like from
your site into HTML-formatted files. Large databases, in particular, work better
when
they stay in their original formats. The Common Gateway Interface (CGI) specifie
s
mechanisms for passing information from the person browsing your Web server to
other resources available through that server, in particular by collecting infor

mation
along to the other resource.
This type of interchange is vital to allow the remote user to access resources s
uch as
databases, but it is equally critical to collecting information (and then using
it correctly
and automatically) for the purposes of transacting business through the World Wi
de
Web. Designing forms to collect orders through a Web site is not enough; there m
ust be
some mechanism outside the server to handle that information. The user s order n
eeds
to be processed: if a physical product has been ordered, inventory and shipping
information must be handled; billing information must always be processed. CGI
provides the link between the Web server and the rest of commercial process. Fin
ally,
the security protocols relevant to the World Wide Web include secure Sockets Lay
er
(SSL) Hypertext Transfer Protocol (S-HTTP).
Browser and Servers
Web browsers (or clients) must be able to send HTTP requests and receive HTTP re
plies
from servers. The most popular browsers are fully graphical, although non-graphi
cal
browsers are necessity for character-based operating systems. Browser s range fr
om
Spartan text only implementations like Lynx for UNIX and other operating systems
to
full-featured commercial products like Netscape Navigator and Microsoft Internet
Explorer. Browser functions can also be integrated into more complete network or
communications packages (like Netcom s Netcruiser or Wollongong s Emissary), or
even
into operating systems (like IBM s OS/2 Warp).
There is no shortage of Web browsers for any taste or budget. All should provide
access
to any Web-connected resource, although some will offer extra functions or featu
res
such as integration with other Internet tools (e-mail, network news), options fo
r saving
or copying retrieved data to files, and display-customisation options. Performan
ce
enhancements, like the ability to "cache" or save documents already retrieved, c
an also
differentiate browsers. Just as Web browsers are available for virtually every c
omputer
and operating system, Web server software is also widely available. To offer Web
services, a computer must be connected to the Internet, be running a Web server
program, and have Web documents available. Web servers can contain highly grap
hical
content without being able to display that content locally: The server system ne
ed only
be able to run the server software and store the hypertext documents and files.
Although a basic PC with a full-time dial-up telephone link to the Internet is s
ufficient to
act as a Web server, it would not be sufficient to serve very many simultaneous
users.
More often, Web servers are set up on higher-performance systems with higherperformance connections to the Internet. Individuals and organisations wishing t
o
provide Web services have the option of setting up (and managing and maintaining
)
their own system, or paying an Internet presence provider to run their Web sites
for
them.
Selling on the World Wide Web
With its easy-to-use and graphical interface, the World Wide Web seems an ideal
medium for commerce. The biggest obstacle to commercialisation of the Internet,
its
funding by government agencies for research purposes only, disappeared rapidly i
n the
early 1990s as those subsidies expired and were not renewed. Obstacles such as a
lack of
market penetration and lack of mechanisms for secure transactions are rapidly
disappearing, as consumers and businesses are flocking to the Internet and devel
opers
are turning their attentions to the problem of securing the Internet for commerc
e.
Keeping in mind the previous discussion of commercial transactions, we can say t
hat
selling on the World Wide Web parallels selling in the real world. Very simply,
the
customer enters the merchant s Web site and views product and company informatio
n.
If the merchant successfully sells a product and fosters sufficient trust in the
customers
to generate an order, the customer will place an order.
The merchant s overall presentation, both online and offline, determines the con
sumer s
level of trust. The Web page presentation content - products, descriptions, pric
ing, and
delivery - will help the consumer to make a decision. The rest of the transactio
n is
carried on across the World Wide Web, but may require additional mechanisms
connected to it. For example, the purchase of a digital product such as the text
of an
article can be carried on entirely through the Web page: The buyer selects the d
esired
article and enters a credit card account number, and the Web server transmits th
e
article. Assuming that some security mechanism is in place to keep the credit ca
rd
account number private, no other network mechanisms are required (remember, of
course, that the vendor in this instance would have to collect the sale informat
ion and
process the credit card transaction manually).
Commerce over the World Wide Web requires more than transaction security: it
requires mechanisms for processing sales as well. Those mechanism cover the proc
ess
from the point at which the sale information has been captured through the Web,
moving information to the appropriate systems within the merchant s organisation
as
well as outside, to companies that provide services like credit card authorisati
on, to
banks providing electronic banking services, and to other organisations involved
in
electronic transfers of value.
Commerce Models and Environments
The movement of money between buyer and seller is rarely simple even in the
traditional storefront. Credit cards, debit cards, and charge cards all represen
t different
payment methods; add to the mix cash, personal and third party cheques, travelle
r s
cheques, and money order, and it is no longer simple to figure out where the mon
ey is
and where it is going.
Electronic commerce systems include many of the same options as non-electronic
commerce, but add different methods of transmission. Electronic payments can be
as
simple as the unencrypted transmission of a credit card account number, or as co
mplex
as the encrypted transmission of a digitally signed electronic check. Third-part
y
payment processors and electronic currencies add to the complexity.
Consumer Oriented e-Commerce (B2C)
The Internet offers the opportunity to buy and sell almost anything. Books, CDs
and IT
supplies have been among the first products to make a splash online but buying t
icket,
contracting insurance, servicing a bank account or finding a house are just a fe
w of the
many products and services that are available.
Consumer e-Commerce has gained a new dynamic by the popularisation and
commercialisation of the Internet but online business has been around for some t
ime
using technologies such as interactive videotext and TV shopping channels.
Consumer trade transactions are open to anyone with an Internet connection. eShopping can take place using a computer at home, from work or at a cyber cafe.
The eshop can be anywhere in the world and it is open 24 hours a day. All that said,
shopping
is still shopping and sometimes it is a pleasure and sometimes it is a curse. Ho
w it works
out depends on who is buying, who is selling and what is being sold. This sectio
n looks
at what constitutes an e-Shop and analyses e-Sales in terms of the stages of the
trade
cycle.
Internet e-Commerce
The basic elements of Internet use and of Internet e-Commerce are:
The user of the system with a computer hooked-up to the Internet. The user acces
ses
the Internet using software known as a browser, e.g. Netscape or Internet Explor
er; the
computer running the browser is the client.
The content provider who has set up an Internet application and installed it on
an
Internet linked computer. The computer that holds the Internet content is known
as a
server.
The Internet application may be linked to back office systems to process transac
tions
and utilise information held on databases.
For Internet service provider through the World Wide Web (web) the data is
formatted, for the basic web page, using mark-up language (HTML).
These elements are shown in the following figure:
e-Shop
For e-Commerce applications that are selling goods or services the Internet appl
ication,
held on the server, is an e-Shop. The infrastructure of the e-Shop can be very s
imple or it
may be very complex. The" basic element of an e-Shop is a web page that offers o
r
advertises the goods for sale and provides a means for the shopper to make the
purchase. A example of a simple e-Shop, set up by Charlie Bucket (and with apolo
gies to
Roald Dahl) are shown in Figure 2.
At its very simplest the e-Shop, or online advert, could simply list the product
s for sale
or the services offered and invite the customer to phone, fax or e-mail their or
der.
The next step up, to make a real e-Shop, is to add online purchasing. This add
s a level
of complexity, the site is no longer simply coded in HTML but needs some way of
interacting with the server so that the customer and credit card details can be
passed
across.
Complex e-Shops have many more features, these can include:
Customer Regi str ati on
Some e-Shops ask the customers to register and then store the customer details o
n a
database. This then allows the vendor to tailor its information for the specific
customer
and saves the customer typing in details again on future visits. Registration ca
n, it is
thought, encourage a customer to return but it can also be off-putting for the f
irst time
customer - it is a hassle to input a lot of personal details and the customer ma
y be
concerned about how the information will be stored and used.
Dynamic Web Pages
The basic web page is formatted in HTML and is then fixed; to change it requires
that
the source be edited. A dynamic web page is built for each user when the web bro
wser
requests it. Reading a database in which case the page can include, for instance
, the
latest price and possibly whether the goods are in stock may build the dynamic w
eb
page.
Per sonalised Web Pages
This is another use of the dynamic web page. If the customer has registered with
the site
the system can generate a page for that specific customer. An airline site could
, for
instance, display the details of the customer s frequent flyer programme and fea
ture
flight deals from the customers local airport.
A Shopping Basket
Customers in a conventional shop are likely to collect a number of products, in
a
shopping basket / shopping cart, before coming to the till and making the purcha
se. The
shopping basket analogy is used in many larger e-Shops. Goods can be selected an
d
placed in the electronic basket. Facilities are made available for the contents
of the
basket to be reviewed and unwanted goods can be returned to the shelves . When
the
shopping is complete the customer then makes payment for the goods in the basket
.
Additional I nfor mation
The e-Shop needs to let the customer know what the product or service is. The In
ternet
has both advantages and disadvantages in this area. The customer cannot select t
heir
own bananas or try on the jumper but they can have additional information not
normally available in a conventional shop. Examples of this are:
The wine shop that gives a detail assessment of each vintage;
Bookshops that provide customer views (both good and bad);
Music sites that can play a sample of the recording that is for sale.
The provision of the additional information, if done well and kept up to date, c
an give
the shop a buzz and keep the punters coming back.
Communi ty
Beyond the concept of additional information, is trying to create a sense of com
munity
around the store. Bulletin boards are one such device in this area (but preferab
ly not
bulletin boards where the shop and the products are criticised too much).
Multiple Payment Opti ons
The current norm for online payments is a credit card and most e-Shops will want
to
accept all major credit cards. Some e-vendors also have / accept:
Their own store credit card (often also available for use in conventional branch
es of the
store);
Debit Cards;
e-Cash, money represented electronically on the web and available for spending w
ith
sites that are participants in the scheme;
Payment by phoning the credit card number or posting a cheque. A device that del
ays
completing the transaction but that is made available for customers that are con
cerned
about online payments.
Encr ypti on
e-Shops are very sensitive to the notion that e-commerce is insecure, particular
ly when
it comes to online payments. Most e-Shops use an encryption system to secure (or
add
security) to the transmission of personal and payment details. There are various
security
/ encryption schemes in use or being developed and there are arguments as to whi
ch is
best.
Online Deliver y
Electronic products such as software, information and music can be delivered onl
ine.
Where is appropriate, the use of online delivery cuts the cost of distribution a
nd avoids
the customer having to wait for the goods to arrive.
Loyalty Schemes
Some e-Shops are introducing loyalty schemes. Each purchase made attracts a numb
er
of points, accumulated electronically by the vendor, can eventually be used for
discounts
or free goods.
Onli ne Help
Having used the Internet for sales it can also be used for after sales. The web
page can
be used for product instructions and self-diagnosis pages - all of which can be
updated
when the need arises. The customers can also use e-mail for online help (an expe
nsive
game for the vendor to play if the help service is free and it becomes popular).
Shoppi ng Mall
e-Shops may be set-up as a part of an online mail. Like their conventional equiv
alent the
online mall is designed to attract customers because there is a range of stores.
e-Mails
can help out the individual vendors with shared facilities, for instance a commo
n
customer file and a shared payment infrastructure.
Internet Shopping and the Trade Cycle
As with any other trade exchange, a purchase on the Internet has a number of sta
ges.
Typically for a retail sale the trade cycle is simpler than for business to busi
ness
transactions; there is no negotiation and settlement takes place at the same tim
e as the
order (there is no credit offered). The stages in the retail trade cycle, and so
me of the
difference when the selling is done online, are:
Search
To make a purchase a shopper has to find an appropriate vendor. This is true for
a
business looking for suppliers or a consumer going to conventional shops and is
equally
true of the online shopper. For the online shopper, the ways of finding goods ar
e:
Selecting a menu item or a button on the portal - the screen that is first shown
when
the user logs on to the Internet.
Using a search engine to find an appropriate Internet e-Store site.
Following a link to a store from another page that is advertising it.
Selecting a page that has been featured on an advert or that is recommended by a
friend.
And finding a shop that sells what is wanted in a way that the customer is comfo
rtable
with can be just as easy, or as hard, as it is on the high street. Once a useful
store is
found the customer is likely to want to return; Internet addresses are not neces
sarily
memorable and book marking the site in the browser is the way this is done.
Order
Once on the site the consumer has to do their shopping. In the conventional shop
the
consumer can wander through isles or departments looking at the merchandise or a
sk
an assistant for help. The online shop does the same, except electronically. The
larger eStore will have departments and there will be a search engine (or an index) that
can
assist in finding goods. There is less likely to be an assistant that comes to b
other you
(but the boffins are working on that one).
A picture and a description rather than the real thing represent the goods, when
found.
This can be a disadvantage for goods such as clothes but it may be an opportunit
y to
provide better information for items such as books and wine. Technical ways of
overcoming the deficit are being developed; virtual reality to show off garments
is one
such approach. Ordering of goods takes place by selecting the image, the name of
the
product or a selection box.
Payment
Once the goods have been selected they have to be paid for. The normally way of
paying
for online purchase is by the input of credit card details; e-Cash is an alterna
tive that is
under development.
Delivery
The smart way to do business is to get your customers to do the work for you. Ecommerce does this with the ordering process but not with delivery. In a convent
ional
shop the customer usually transports the goods home, in an e-Shop the goods have
to be
delivered and that could be inconvenient and always adds to the cost.
The delivery issue associated with e-commerce is an important one and it is one
that is
often ignored. An e-commerce vendor needs a retail distribution network that mat
ches
the nature of the goods, the cost structures of the distribution industry and th
e
expectation of the consumer. The delivery requirements differ for a book that ca
n be
posted from almost anywhere, fresh food that needs a local distribution depot an
d, for
instance, software that can be delivered, at the time of purchase, online.
After-Sales
Goods that you don t like or that don t work can be taken back to the store (alt
hough
how helpful the store can be another issue). Sending back goods bought online ca
n seem
to be more of a problem.
Advantages and Disadvantages of Consumer e-Commerce
The spread of Internet e-Commerce will depend on the perception of the consumer
of its
advantages and disadvantages. This perception depends, in part at least, on the
individual, their circumstances and the goods or services that are to be traded.
Among
the advantages of Internet e-Commerce for both the consumer and the trader are:
1. Home Shopping
Shopping can be done from the home, hopefully quickly and conveniently. Internet
eCommerce avoids the hassles of travelling, parking, queuing and whatever else ma
kes
you made in a shop.
2. World-wide, 24 hours a Day Trading
The Internet home shopper can access an e-Shop anywhere in the world at any time
day
or night (although not all e-Shops will deal with a world-wide clientele).
3. The Latest Thing at Bargain Prices
Goods bought online may be cheaper or more up-to-date than goods available in a
conventional retail shop.
4. Home Delivery
The goods are brought to your door - can be an advantage if you are there to tak
e them
in.
5. Online Sales Support
For some goods there can be information online on how to use them and how to fix
them. E-mail can also be an appropriate facility for after-sales services.
Disadvantages of Internet e-Commerce include:
1. Privacy and Security
The privacy of personal details and security of financial transactions are a con
cern to
many users and potential users of e-Commerce.
2. Delivery
Where tangible goods are bought online they have to be delivered. Delivery can b
e an
advantage but it causes delay, sometimes inconvenience and it adds another cost.
3. Inspecting Goods
The web can provide a good picture, an eloquent description and even customer re
views
or virtual reality displays but you cannot actually see, feel or try on the good
s you are
buying.
4. Social Interaction
Shopping for some is a chore and for others is an excursion. A shopping trip on
the
Internet will not be the same experience as a shopping expedition with family or
friends
(for those who like such things).
5. Return of Goods
Having to return faulty goods takes time and is an embarrassment. Returning good
to
an online vendor can seem even more problematic.
The online trader has some of these advantages; access to world-wide markets may
be
one of these. Advantages specific to a trader are:
a. High-tech Image
Being known as an online trader gives an up-to-date image. Some customers will
use
the web site to look up products and then use the conventional store to make pur
chase.
b. Reduced Costs
The online trader does not have the expense of staffing and maintaining conventi
onal
retail outlets - premises for an online trader can be much more functional.
An additional issue for the consumer is whether they will always have the option
to
choose between e-Commerce and the conventional trade alternative. The possibilit
y of
submitting forms to public administration electronically or getting discounts /
favourable terms for online services such as ticket sales and banking transactio
ns may
turn into compulsion. Service providers may be able to make significant cost sav
ings
using online transactions and the conventional alternative may, one-day, be with
drawn.
Electronic Payment Systems
1
1
The original source is greatly acknowledged
http://www.ex.ac.uk/~RDavies/arian/emoneyfaq.htrnl and other sites.
As the Internet continues to transform commerce, it known the method of payment
is
one component, which is critical to successfully conducting business across a ne
twork.
Electronic Payment Systems offers the first comprehensive, up-to-date survey of
the
major electronic payment schemes currently available - from a technical perspect
ive.
Motivation for Electronic Payment
Characteristics of Current Payment Systems
Cryptographic Techniques
Credit Card-Based Systems
Electronic Checks
Electronic Cash Payment Systems
Micropayment Systems
Payment Systems - Prospects for the Future
Requiring only a basic familiarity with computing and networking, the book cover
s
numerous Internet payment systems including SET (Secure Electronic Transactions)
,
FSTC electronic checks, electronic cash and Millicent. It also identifies the pr
operties
unique to the various payment schemes, provides a working knowledge of the neces
sary
cryptography, and explains the protocols involved. In eight concisely written ch
apters,
people acquire the background they need to fully understand how each payment sys
tem
works.
If they deal with payment systems and financial software on a daily basis, this
book does
the homework for them. It saves time by gathering and presenting timely informat
ion
on today s most influential Internet payment systems - and helps you understand
the
key criteria for evaluating and selecting a system that s efficient, effective,
and secure.
Digital Cash & Monetary Freedom
Much has been published recently about the awesome promises of electronic commer
ce
and trade on the Internet if only a reliable, secure mechanism for value exchang
e could
be developed. This lesson describes the differences between mere encrypted credi
t card
schemes and true digital cash, which present a revolutionary opportunity to tran
sform
payments. The nine key elements of electronic, digital cash are outlined and a t
enth
element is proposed which would embody digital cash with a non-political unit of
value.
It is this final element of true digital cash, which represents monetary freedom
-the
.freedom to establish and trade negotiable instruments. For the first time ever,
each
individual has the power to create a new value standard with an immediate worldwide
audience.
If all that digital cash permits is the ability to trade and store dollars, fran
cs, and other
governmental units of account, then people have not come very far. Even the majo
r card
associations, such as Visa and MasterCard, are limited to clearing and settling
governmental units of account. For in an age of inflation and government ineptne
ss, the
value of what is being transacted and saved can be seriously devalued. Who wants
a
hard drive full of worthless "cash"? True, this can happen in a privately manage
d digital
cash system, but at least then the market determines it and individuals have cho
ices
between multiple providers.
The section on key elements of a private digital cash system compares and contra
sts true
digital cash to paper cash as we know it today. Each of the following key elemen
ts will
be defined and explored within the bounds of electronic commerce:
Secure (unable to alter or reproduce)
Anonymous (untraceable)
Portable (physical independence)
Infinite duration (until destroyed)
Two-way (unrestricted)
Off-line capable (availability)
Divisible (fungible)
Wide acceptability (trust)
User-friendly (simple)
Unit-of-value freedom (non-political)
The transition to a privately operated digital cash system will require a period
of brandname recognition and long-term trust. Some firms may at first have an advantage
over
lesser-known name-brands, but that will soon be overcome if the early leaders fa
ll
victim to monetary instability. It may be that the smaller firms can devise a un
it of value
that will enjoy wide acceptance and stability (or appreciation).
True digital cash as an enabling mechanism for electronic commerce depends upon
the
marriage of economics and cryptography. Independent academic advancement in eith
er
discipline alone will not facilitate what is needed for electronic commerce to f
lourish.
There must be a synergy between the field of economics, which emphasises that th
e
market will dictate the best monetary unit of value and cryptography, which enha
nces
individual privacy and security to the point of choosing between several monetar
y
providers. It is money, the lifeblood of an economy, which ultimately symbolises
what
commercial structure we operate within.
"Money does not have to be created legal tender by government: like law, languag
e and
morals it can emerge spontaneously. Such private money has often been preferred
to
government money, but government has usually soon suppressed it." - F. A. Hayek,
Nobel Laureate.
The year is 2005. People buy lunch at a deli and they pay in wireless digital ca
sh from
them through electronic wallet. Currently, all promised visions of the future with one
notable exception. The cashier gives them a choice of monetary units, which are
both,
displayed on the flat-panel screen for them to view. The turkey and cheese sandw
ich will
cost them Rs.50 or 5 pvu. The monetary symbol "pvu" is an abbreviation for "priv
ate
value units", which now compete in most commercial settings with the US Dollar a
nd
have stayed remarkably stable since their initial issuance in mid-1996.
The future belongs to superior private currencies and the linchpin for successfu
l digital
cash ventures will undoubtedly be freedom in the unit of value. People are witne
ssing
nothing less than the birth of a new industry - the development, issuance, and
management of private currencies. Once seeded, digital cash as the representatio
n of
binary value will pave the way to a further off-network revolution in money. Muc
h has
been published recently about the awesome promises of electronic commerce and tr
ade
on the Internet and World Wide Web if only a reliable, secure mechanism for valu
e
exchange could be developed. This lesson highlights the differences between mere
encrypted credit card schemes, as Visa, Mastercard, and others are currently dev
eloping,
and "true" digital cash, which presents a revolutionary opportunity to transform
payments. The nine key elements of electronic, digital cash are outlined and a t
enth
element is proposed which would embody digital cash with a non-political unit of
value.
It is this final element of true digital cash, which represents monetary freedom
-the
freedom to establish, circulate, and trade negotiable monetary instruments. The
opportunity to launch an alternative monetary system on a grand scale simply has
not
been available until recently. Granted, small local experiments, such as LETS an
d
constants, with limited real-world penetration have always seemed to exist in on
e form
or another. But, only lately with a global, inter-networked societies can truly
say that the
established monetary order is susceptible to challenge.
Specifically, the Internet provides (1) ease of mass issuance and circulation, (
2)
accessible encryption technology, (3) affordable currency transfer infrastructur
e, and
(4) real-time conversion between competing units. Essentially, for the first tim
e ever,
each individual has the power to create a new value standard with an immediate w
orldwide audience. This should serve as a friendly warning to the clearing associati
ons,
banks, and financial service providers of the current paradigm.
Importance of Monetary Freedom
Monetary freedom is essential to the preservation of a free-market economy. As t
he
current trend on the Internet demonstrates, robust economic commerce depends on
a
flexible, responsive monetary system which can best be provided by unbridled mar
ket
competition. This implies not only market competition among issuers but also str
ong
competition among the units or representative units that are being issued. Ultim
ately,
the competition for the standard of value should be no different than the compet
itive
market of multiple providers that see for toothpaste or shoes.
When a single currency issuer, such as the "Fed", controls the supply of money a
nd the
specific units being transacted, the potential exists for monetary manipulation
and an
overbearing control of the economy. With the unprecedented growth of the Interne
t, the
standards for electronic commerce are still evolving. Neither the US Dollar, nor
any
other governmental unit, has gained a foothold into this new economy. The moneta
ry
landscape is ripe and wide open and private currencies should infiltrate now.
If all that digital cash permits is the ability to trade and store dollars, fran
cs, marks, yen,
and other governmental units of account, then people have not come very far. Eve
n the
major card associations, such as Visa and MasterCard, are limited to clearing an
d
settling governmental units of account. For in an age of inflation and governmen
t
ineptness, the value of what is being transacted and saved can be seriously deva
lued.
Who wan; a hard drive full of worthless digital "cash"? True, this can happen in
a
privately managed digital cash system, but at least then the market determines i
t and
individuals have choices between multiple providers.
Key elements of a private digital cash system
This section compares and contrasts true digital cash to paper cash. Each of the
following key elements will be defined and explored within the bounds of electro
nic
commerce:
Secure
Anonymous
Portable (physical independence)
Infinite duration (until destroyed)
Two-way (unrestricted)
Off-line capable
Divisible (fungible)
Wide acceptability (trust)
User-friendly (simple)
Unit-of-value freedom
As would-be currency providers should note, there are ten key elements to a succ
essful,
private digital cash system. This section compares and contrasts true digital ca
sh to
paper cash, as we know it today. Each of the following key elements of digital c
ash
"token" will be defined and explored within the bounds of electronic commerce. I
t has
yet to discover a working digital cash system, which meets all ten criteria alth
ough
several are reportedly close. In 1991, Tatsuaki Okamoto and Kazuo Ohta proposed
six
properties of ideal digital cash, which are incorporated into elements one throu
gh six
below:
Secur e: The transaction protocol must ensure that a high-level security is main
tained,
through sophisticated encryption techniques. For instance, Alice should be able
to pass
digital cash to Bob without either of them, or others, able to alter or reproduc
e the
electronic token.
Anonymous: Anonymity assures the privacy of a transaction on multiple levels.
Beyond encryption, this optional intractability feature of digital cash promises
to be one
of the major points of competition as well as controversy between the various pr
oviders.
Transactional privacy will also be at the heart of the government s attack on di
gital cash
because it is that feature which will most likely render current legal tender ir
relevant.
Both Alice and Bob should have the option to remain anonymous in relation to the
payment. Furthermore, at the second level, they should have the option to remain
completely invisible to the mere existence of a payment on their behalf.
Por table: The security and use of the digital cash is not dependent on any phys
ical
location. The cash can be transferred through computer networks and off the comp
uter
network into other storage devices. Alice and Bob should be able to walk away wi
th their
digital cash and transport it for use within alternative delivery systems, inclu
ding noncomputer-network delivery channels. Digital wealth should not be restricted to a
unique, proprietary computer network.
Two-way: The digital cash can be transferred to other users. Essentially, peer-t
o-peer
payments are possible without either party required attaining registered merchan
t
status as with today s card-based systems. Alice, Bob, Carol, and David share an
elaborate dinner together at a trendy restaurant and Alice pays the bill in full
. Bob,
Carol, and David each should then be able to transfer one-fourth of the total am
ount in
digital cash to Alice.
Off-line capable: The protocol between the two exchanging parties is executed of
fline, meaning that neither is required to be host-connected in order to process.
Availability must be unrestricted. Alice can freely pass value to Bob at any tim
e of day
without requiring third-party authentication.
Divisibl e: Digital cash token in a given amount can be subdivided into smaller
pieces
of cash in smaller amounts. The cash must be fungible so that reasonable portion
of
change can be made. Alice and Bob should be able to approach a provider or excha
nge
house and request digital cash breakdown into the smallest possible units. The s
maller,
the better it is to enable high quantities of small-value transactions.
I nfinite dur ation: The digital cash does not expire. It maintains value until
lost or
destroyed provided that the issuer has not debased the unit to nothing or gone o
ut of
business. Alice should be able to store a token somewhere safe for ten or twenty
years
and then retrieve it for use.

Wide acceptability: The digital cash is well known and accepted in a large
commercial alone. Primarily a brand issue, this feature implies recognition of a
nd trusts
in the issuer. With several digital cash providers displaying wide acceptability
, Alice
should be able to use her preferred unit in more than just a restricted local se
tting.
User -fr i endly: The digital cash should be simple to use from both the spendin
g
perspective and the receiving perspective. Simplicity leads to mass use and mass
use
leads to wide acceptability. Alice and Bob should not require an advanced degree
in
cryptography, as the protocol machinations should be transparent to the immediat
e
user.
Uni t-of-value fr eedom: The theme of this lesson: the digital cash is denominat
ed m
market-determined, non-political monetary units. Alice and Bob should be able to
issue
non-political digital cash denominated in any defined unit, which competes with
governmental-unit digital cash.
Implementing a Non-political Unit of Value
The transition to a privately operated digital cash system will require a period
of brandname recognition and long-term trust. Some firms may at first have an advantage
over
lesser-known name-brands, but that will soon be overcome if the early leaders fa
ll
victim to monetary instability. It may be that the smaller firms can devise a un
it of value
that will enjoy wide acceptance and stability (or even appreciation).
Potential Unit Providers
Opportunities abound for almost anyone but in reality the greatest advantage cur
rently
goes to the on-line shopping malls and the large merchant sites on the Internet,
such as
Open Market, Internet Shopping Network, and Net Market, for it is this group tha
t will
directly influence the payment channel between consumer and merchant through the
ir
extensive contact with both. And, this influence can be utilised to their advant
age to
build preference for their "site" through money issuance in much the same way th
at
various forms or scrip and coupons build customer loyalty and guarantee repeat v
isits.
As will be explained later, the true business gain is realised when the units ar
e
negotiable in their own right and not merely accepted at the mall only.
Other potential unit providers include Internet service providers (ISPs), bullet
in board
system operators (BBSs), content publishers, card-based payment networks, and we
llknown manufacturer or service companies. They all share in common the existence
of
an extensive base of on-line customers. As the new digital cash providers, inter
national
brand names, such as Coca-Cola, Microsoft, and IBM, find themselves in an enviab
le
position to capitalise immediately on their global name recognition.
Distribution and Circulation
Probably the least exploited system in the world of money is the metric system.
To cite
an example, I propose a decimal unit-of-value measurement system that is based o
n the
1864 metric system. It possesses built-in ease of calculation and is universally
recognised. Hypothetically, it would have the following monetary unit prefix
designations:
kilo- (1,000)
hecto- (100)
deca- (10)
base unit name (1)
deci- (0.1)
centi- (0.01)
milli- (0.001)
The base unit name becomes the unit, which is being distributed, such as a pvu i
n the
2005 example. Initial distribution techniques for the new private money include
elimination of discount fees for merchants, free coupons or promotions to consum
ers,
and royalty schemes for content providers that accept payment in the new digital
cash.
This area affords unique opportunities for innovative advertisers and marketers
to
involve them in electronic commerce. Once digital cash has hit the market, circu
lation
will then be a factor of merchant acceptance and the rewards of ultimate redempt
ion.
Redemption and Convertibility
Monetary backing includes equity mutual funds, commodity funds, precious metals,
real
estate, universal merchandise and/or services, and even other units of digital c
ash.
Anything and everything can be magnetised. This will undoubtedly develop into a
main
basis for competition among digital cash providers as each one promotes their
underlying currency backing as the strongest and most reliable. Unlike today s n
ational
monetary systems, the benefits of a strong currency will be immediately noticeab
le
within a country s borders. With multiple monetary unit providers, domestic pric
es will
adjust rapidly to reflect relative values of monetary units and the holders of s
tronger
currencies will benefit. This is a vastly different world then people have now a
nd
consumers will analyse currencies as the investments that they really are.
Focusing on the option of equity mutual funds, this does not imply that a prospe
ctive
digital cash provider learns to become adept at managing an entire portfolio. Mu
tual
funds of mutual funds exist today and contracts can be executed with the special
ist
managers of those funds. Outsourcing the portfolio function takes advantage of t
he
experts in the field today who compete already on reliability and overall perfor
mance prime benchmarks for a private monetary unit. The issuer s skills should concent
rate on
distribution, monitoring geographic circulation of the unit, and managing the ra
te of
redemption.
Managing a Non-political Unit of Value
After initial issuance and circulation, the digital cash providers must turn the
ir attention
to the management of the monetary unit if it is to survive in an ultra-competiti
ve
environment. This can prove the most difficult area due to the perennial temptat
ion of
over-issuance.
Digital Cash-flow Administration
Since electronic monetary units on a client/server network can return to the iss
uer
almost instantaneously, extreme diligence is required in accounting for digital
cash and
tracking redemption patterns. This need not be solely the function of the issuer
and
probably will not be as new sheets and databases evolve to manage the discountin
g and
exchange function. As multiple currencies infiltrate the market, their relative
values will
dictate that they trade at a discount or premium to some other benchmark. These
freemarket clearinghouses act as a central bank forcing each issuer to maintain an a
dequate
balance between digital cash outstanding and the chosen reserve backing. Systems
of
clearing and redemption are a necessity for the smooth operation of free banking
as they
provide a check on over-issuance and the general deterioration in sound credit.
Therefore, the manager of a private monetary unit can rely on these clearinghous
e
parties to communicate to the public the unit s standing in the economy. Moreove
r, if
the discount of a particular unit begins to deteriorate, it can alert management
to the
fact that some market forces are affecting the demand for that unit.
Issuer Benefits
Taking the proposal one step further, let us assume that after witnessing the on
-line
successes with monetary freedom a point-of-sale brand such as American Express
wanted to capitalise on their global infrastructure and issue proprietary moneta
ry units,
in both digital cash and non-digital cash form. Just as with our on-line provide
r, the
benefits to American Express are substantial if an American Express monetary uni
t can
gain world-wide acceptance. Primarily, American Express will benefit from:
a) Increased acceptance of American Express card products at merchant locations.
This
will be possible because of the lower fees and discount rates derived from manag
ing a
private unit of account.
b) Increased demand for American Express card products in countries without
established currencies and in countries with severe monetary instability of the
established currency. This applies to several new democracies in Eastern Europe
and the
volatile third world nations of Africa and South America. Devaluations and reval
uations
of a currency have always plagued American Express from a financial management
perspective. However, a new American Express monetary unit will provide these
countries with a stable alternative to their own currency without the political
ramifications of adopting the "imperialist" US Dollar.
c) Natural marketing benefits associated with a private currency or unit of acco
unt. It is
easiest to displace cash and cheques by becoming cash and cheques. American Expr
ess
will gain clout from the name association and brand identification that accompan
ies a
pricing system. Since American Express s private monetary unit will be the first
nongovernmental unit of account. It is difficult to compare to other products, but
it is fair to
say that from a trade perspective American Express will benefit in much the same
way
that the United States benefits when products globally are priced in US Dollars.
d) Transaction volume that remains within the American Express system by providi
ng a
unit of account with ultimate redemption only at an American Express location. A
sharp,
sustained increase in transaction volume can be expected because the majority of
cardholder transactions made in the American Express monetary the acceptor of th
e
American Express monetary unit will duplicate unit. This will occur because of t
he
incentive to avoid costly conversion out of the American Express monetary unit.
The
user incentive is maintained by providing a stable unit of value with strong mer
chant
acceptance. The great irony occurs when Visa and Mastercard begin accepting and
processing transactions denominated in the American Express monetary unit throug
h
their authorisation and clearing systems.
e) Open market operations conducted by American Express that expand or contract
the
available supply of American Express currency. The gains in this case are derive
d from
the fact that American Express can determine its own monetary unit s short-term
interest rate, and hence lending revenue, by manipulating its own unit s supply.
The
capital for these operations is generated from the difference between the digita
l cash
face value and the cost to produce and ultimately back the electronic token. Iss
uers may
lend capital or spend capital that is generated in this fashion.
Since the treasury division of American Express would resemble, in some respects
, the
dealing room of the Federal Reserve Bank, American Express could artificially ex
pand
the supply of its own monetary unit to generate direct corporate revenue with th
e
obvious constraint being the long-term preservation of the unit s market value.
This may
prove to be a tricky endeavour and it is the tightrope that a monetary issuer wa
lks.
f) Increased corporate borrowing capacity resulting from an almost immediate inc
rease
in overall capitalisation of the company. Over time, the balance sheet of the is
suing
entity will largely be a function of the American Express monetary units in circ
ulation. A
stronger balance sheet can only enhance the strategic position of the corporatio
n in
financial markets.
g) Potential unrealised profits from a managed portfolio comprised of a reservebacked
currency at a time when government fiat currencies are suffering from internatio
nal
market instability. The profits of currency held are a direct result of the appr
eciation of
the new monetary unit relative to other monetary units.
True digital cash as an enabling mechanism for electronic commerce depends upon
the
marriage of economics and cryptography. Independent academic advancement in eith
er
discipline alone will not facilitate what is needed for electronic commerce to f
lourish.
There must be a synergy between the field of economics, which emphasises that th
e
market will dictate the best monetary unit of value and cryptography, which enha
nces
individual privacy and security to the point of choosing between several monetar
y
providers. It refers to this new sub-discipline as cryptonomics. The Internet is
a new
world demands a new currency - a new standard of value. As an enabling mechanism
for
social change, digital cash has vast implications for macroeconomics in the area
of a
government s money monopoly and taxing authority. In light of the growing attack
s on
individual privacy both in the United States and abroad, there has never been a
more
important time to emphasise the concepts behind the vigilant protection of total
financial and monetary privacy. It is money, the lifeblood of any economy, that
ultimately symbolises what commercial structure, and hence what political struct
ure,
humans operate within.
Prepaid Smart Card Techniques
A prepaid smart card contains stored value, which the person holding it can spen
d at
retailers. After accepting stored value from cards, system providers periodicall
y
reimburse retailers with actual money. A system provider receives money in advan
ce
from people and stores identical value onto their cards. During each of these th
ree kinds
of transactions, secured data representing value is exchanged for actual money o
r for
goods and services. Telephone cards used in France and elsewhere are probably th
e best
known prepaid smart cards (though some phone cards use optical or magnetic
techniques, which are not considered here). National prepaid systems combining p
ublic
transportation, public telephones, merchants, and vending have already been
announced in a number of countries. And road tolls at full highway speed are not
far
behind. The systems proposed so far are compared, after a quick look at the card
types
on which they are based.
Card Types
There are in essence only four types of microcircuit card that have been suggest
ed for
use in prepaid applications, each based on a particular kind of chip. They are l
isted here
in historical order:
Memor y car ds: The chip in these cards consists only of storage and a little ex
tra
hardware that prevents access to the stored data unless certain stored passwords
or
PINs are input correctly. Most telephone cards are of this type.
Shar ed-key car ds: Secret keys in the chip let the card authenticate its
communication with any device sharing the same keys. The chips are standard micr
ocontroller card chips, with masked-in software for the cryptographic authenticat
ion
algorithms.
Si gnatur e-tr anspor ti ng car ds: The same chip hardware as in shared-key card
s is
used, but with different software masked-in. The card stores publicly verifiable
digital
signatures created by the system provider, and fills them in like blank cheques
when
spending them.
Si gnatur e-cr eating car ds: These chips also contain a micro-controller, but i
n
combination with a dedicated co-processor capable of making digital signatures.
Instead
of spending signatures created by the system provider, they create their own.
Comparison
Security and cost are the fundamental criteria used here for comparing prepaid c
ard
techniques, but the best choice of technology depends on the situation. Security
suitable
for an in-house company card, for instance, may be wholly inadequate for a natio
nal or
international card, which may require protection of many system providers from e
ach
other as well as protection of personal privacy. Also depending on the setting,
higher
card costs can lead to lower system costs.
Closed or Open Security
Memory cards are suitable only for closed systems where a single company issues
the
cards and accepts them as payment for goods and services, or for systems with ve
ry low
fraud incentive. The reason is that defrauding such systems requires only a smal
l
computer interposed between an actual card and a cash register. The computer mer
ely
has to record the secrets communicated during an initial transaction and can the
n, as
often as desired, be used to play the role of a card having the initial balance.
Shared-key card systems require a tamper-resistant secured module in each vendin
g
machine or other point of payment. The module uses the key it shares with a card
to
authenticate messages during purchases. This lets the card convince the module t
hat it
has reduced its stored value by the correct amount and that it is genuine. A car
d
convinces by using the shared key to encrypt a random challenge issued by the mo
dule
together with an amount, so that the module can decrypt the transmission and com
pare
the result with the expected challenge and amount. Periodically, the module tran
smits a
similarly authenticated message, via telecommunication or manual collection
procedure, back to the system provider, who reimburses the retailer.
The secured module in a shared-key system thus needs to store or at least be abl
e to recreate secret keys of all cards, which gives some problems. If the cards of mult
iple
system providers are to be accepted at the same retailers, all the retailers mus
t have
secured modules containing keys of every provider. This means either a mutually
trusted module containing the keys of multiple providers, which might be hard to
achieve, or one module per provider, which becomes impractical as the number of
providers, grows. Furthermore, in any shared-key system, if a module is penetrat
ed, not
only is significant retailer fraud facilitated, but also the entire card base ma
y be
compromised.
Signature-transporting and creating card types avoid these problems since they d
o not
require secured modules. Cash registers need no secret keys, only public ones, i
n order
to authenticate the signatures, which act like guaranteed checks filled in with
all the
relevant details. The system provider for reimbursement can later verify these s
ame
signatures. (Although tamper-resistant modules are not needed for verification,
they can
still be used to aggregate transactions.) Both signature-based card types also a
llow the
cards of any number of issuers to be accepted at all retailers; retailers cannot
cheat
issuers, and issuers cannot cheat each other. These are the only truly open syst
ems.
Privacy
All cards, except the signature-transporting type, uniquely identify themselves
in each
transaction. This means that even if the card does not reveal the person s ident
ity, all
payments a person makes are linked together by the card identity. As a consequen
ce, if a
reload or any one of the payments made by a person is traced to that person, the
n they
all are. The reason for identification of shared-key cards is that security is t
hought to be
too low if all cards have the master key. Therefore cards are given unique keys,
and the
cash register needs the card identity each time to re-creates the corresponding
unique
card key from the master key. The signature-transporting approach avoids the nee
d for
identification, since instead of a single key per card, cards use a different si
gnature per
payment. When the system provider makes signatures on blinded checks that are th
en
un-blinded by the card, not even the system provider can trace payments to cards
.
Card Costs
The overall cost of cards for a system is determined not only by how much each c
ard
costs, but also by how long cards last and how much of each card is needed. Nonrefillable memory cards have a very limited card lifetime and are suitable only
for a
single purpose. But micro-controller cards can last years and is flexible enough
to
handle a variety of things, not limited to stored value, thereby allowing sharin
g of card
cost among multiple applications.
Bonding chips into modules, assembling them into cards, and printing can cost ab
out
the same for all card types, roughly US$ 0.50 to 2.00 (plus the cost of the smal
l fraction
of chips that are damaged during production). Non-refillable cards, however, typ
ically
use less durable materials and less costly production techniques.
Memory card chips are much smaller, and consequently much less expensive to
produce, than those in micro controller cards. They cost, depending on the type,
roughly
between US$ 0.10-0.40 in quantity. Shared-key and signature-transporting cards t
oday
use exactly the same chip hardware, only the masked-in software differs. Suitabl
e chips
cost about US$ 1.00-1.20 in quantity. Signature-creating card chips, which need
extra
circuitry for the co-processor (or a very powerful processor), require more on a
chip, are
relatively new on the market, and currently cost several times more.
Non-Card Costs
Apart from cards themselves, the other main system costs are card issuing and re
filling,
retailer equipment, and system provider processing and security measures. If car
ds are
issued with value on them, as is of course required with non-refillable memory c
ards,
then they must be transported, stored, and dispensed, using costly security and
audit
provisions, like those associated with bank notes. Refillable cards can be distr
ibuted
without value and avoid these costs, but on the other hand require infrastructur
e for online reload transactions with system providers. Retailer equipment costs may be
higher
than card costs. Typical ratios of cards to points of sale (about 100 to 1 for c
ash registers
and higher with vending, phones, etc.) and even the price of current terminals (
about
US$ 150-1500) suggest that the point-of-sale equipment can be more costly than e
ven a
dedicated micro-controller card base.
In the shared-key approach, secured modules trusted by all system providers must
be
installed in all retailer equipment. In open systems such security modules must
be
significantly more elaborate and costly than any card, since the security offere
d by a
card is generally considered inadequate to protect the keys of all other cards.
But the
higher cost of terminals incorporating such modules is at odds with the objectiv
e of
automating all manner of low value payments, such as in vending. Transaction
processing by the system providers also requires tamper-resistant devices. Prope
r
management of keys and auditing of such systems are cumbersome > and expensive.
If
shared-key systems grow, and start to include less trustworthy retailers and mor
e
system providers, even the minimum security necessary becomes excessively costly
.
With either signature card type, suitable software not tamper-resistant modules
are all
retailer equipment needs in order to verify payments and later forward the signa
tures
for reimbursement. These can then be verified by any transaction processing comp
uter
that has copies of the freely available public keys, thereby reducing exposure w
hile both
increasing the quality and reducing the cost of security audit and controls.
The simplest of the four card types, the memory card, is well suited for closed
systems
where there is little incentive for fraud by persons or retailers. The low card
cost makes
this approach attractive, but the low security makes it unsuitable for more gene
ral use.
The most expensive type, the signature-creating card, seems to offer little fund
amental
advantage over less expensive cards and, incidentally, is far too slow in signin
g for
highway speed road-tolls and even some Telephones. The remaining two card types,
shared-key and signature transporting, can today be based on exactly the same ki
nds of
micro-controller chips, and thus have the same card cost. The system cost with s
haredkeys, however, is significantly higher than with signature transporting. The mai
n reason
is that shared-keys require tamper-resistant modules at all points of payment and
processing sites, while these modules are not needed with signature- transportin
g.
In addition to cost, there are other reasons to prefer signature-transporting ca
rds for
larger systems. Privacy may be an issue in large-scale consumer systems, and the
other
card types are unable to address this problem, while signature transporting solv
es it
neatly. When more retailers and system providers are included, as large open sys
tems
are built or as closed systems grow and merge, .he cost of maintaining even mere
ly
acceptable security with shared keys becomes prohibitive. By contrast, signature
transporting maintains a very high level of security while allowing flexible sca
ling and
merging of systems.
PayMe Protocol Set
The use of the www as an electronic marketplace is increasing, and there is a ne
ed for a
cash payment system that is scalable, anonymous and secure. In this lesson exami
ne
two existing systems: E-cash and NetCash, discuss their strengths and weaknesses
and
propose a new system called the PayMe Transfer Protocol (PMTP). It shows how it
improves on existing systems, and illustrates its use with an example based on p
urchase
of goods across the WWW.
Keywor ds: "Web payment, electronic cash, secure payment, scalable payment,
Internet payment mechanisms, and security".
The World Wide Web has potential to become a highly efficient electronic marketp
lace
for goods and services. When payments are effected electronically, there is alwa
ys a risk
that organisations may resort to gathering information relating individuals with
the
amounts that they have spent, locations involved and types of good purchased. Mi
suse
of such information can give rise to serious breaches of personal privacy. If a
payment
system for the WWW is to receive widespread support, it must offer its users som
e form
of protection against the gathering of such information. The most effective meth
od of
achieving this is to implement a form of electronic cash, where the coins being
spent
cannot be linked with their owner. This gives rise to a secondary problem in tha
t since
the coin is an electronic quality that is easily duplicated, such a payment syst
em must
guard against the coin being spent more than once. It should not be possible for
an
attacker to bypass the system or to falsely obtain monetary value from it.
At the time of writing, it has been estimated that there may be over 30 million
users of
the Internet spread across 96 different countries using over 6.6 million host co
mputers,
and these figures are rising very rapidly. This means that an effective electron
ic payment
system must be highly scalable. In practice, the system must support large numbe
rs of
buyers and sellers affiliated to many different banks. The problem of detection
of double
spending is particularly acute, and solutions must be found, that allow for larg
e
numbers of payments to take place without requiring unreasonably large databases
to
be maintained. In the following section, will be discuss related work on two sys
tems for
electronic payment and go on to propose a new set of protocols that surmounts so
me of
their inherent problems.
Related Work
Recently, two electronic cash systems, requiring no additional hardware such as
smart
cards, which can be used to make payments for WWW resources have been published.
The first, Ecash, is a fully anonymous electronic cash system, using numbered ba
nk
accounts and blind signatures. The second, NetCash, uses identified electronic c
ash
giving a more scalable but less anonymous system.
Electronic cash is the electronic equivalent of real paper cash, and can be impl
emented
using public-key cryptography, digital signatures, and blind signatures. In an e
lectronic
cash system there is usually a bank, responsible for issuing currency, a custome
r who
has accounts at the bank and can withdraw and deposit currency, and merchants wh
o
will accept currency in exchange for goods or a service. Every customer, merchan
t, and
bank has its own public/private key pair. The keys are used to encrypt, for secu
rity, and
to digitally sign, for authentication, blocks of data that represent coins. A ba
nk digitally
signs coins using its private key. Customers and merchants verify the coins usin
g the
bank s widely available public key. Customers sign bank deposits and withdrawals
with
their private key, and the bank uses the customer s public key to verify the sig
nature.
Ecash from DigiCash
Ecash is a fully anonymous electronic cash system, from a company called Digicas
h,
whose managing director is David Chaum, the inventor of blind signatures and man
y
electronic cash protocols. It is an on-line software solution, which implements
fully
anonymous electronic cash using blind signature techniques.
The Ecash system consists of three main entities: Banks, who mint coins, validat
e
existing coins and exchange real money for Ecash; Buyers who have accounts with
a
bank, from which they can withdraw and deposit Ecash coins; Merchants who can
accept Ecash coins in payment for information, or hard goods. It is also possibl
e for
merchants to run a pay-out service where they can pay a client Ecash coins.
Ecash is implemented using RSA public-key cryptography. Every user in the system
has
his own public/private key pair. Special client and merchant software is require
d to use
the Ecash system. The client software is called a "cyberwallet" and is responsib
le for
withdrawing and depositing coins from a bank, and paying or receiving coins from
a
merchant.
Withdrawing Ecash Coins
To make a withdrawal from the bank, the user s cyber-wallet software calculates
how
many digital coins of what denominations are needed to withdraw the requested
amount. The software then generates random serial numbers for these coins. The s
erial
numbers are large enough so that there is very little chance that anyone else wi
ll ever
generate the same serial numbers. Using a 100-digit serial number usually guaran
tees
this. The serial numbers are then blinded using the blind, signature technique.
Multiplying the coins does this by a random factor. The blinded coins are then p
ackaged
into a message, digitally signed with the user s private key, encrypted with the
bank s
public key, and then sent to the bank. The message cannot be decrypted by anyone
but
the bank.
When the bank receives the message, it checks the signature. The withdrawal amou
nt
can then be debited from the signature owner s account. The bank signs the coins
with a
private key. After signing the blind coins, the bank returns them to the user, e
ncrypted
with the user s public key. The user can then decrypt the message, and unblind t
he coins
by dividing-out the blinding factor. Since the bank couldn t see the serial numb
ers on
the coins it was signing there is no way to now trace these coins back to the us
er who
withdrew them. In this way the cash is fully anonymous.
Spending Ecash
To spend Ecash coins, the user starts up their cyberwallet software and a normal
Web
client and then browses the Web till they find a merchant shop selling goods. Th
e Ecash
software can be used with any existing Web client and Web server software. A mer
chant
shop is simply an HTML document with URLs representing the items for sale. To bu
y an
item the user selects the URL representing that item. The following steps occur
in
making a purchase with Ecash:
1) The user s Web client sends an HTTP message requesting the URL to the Merchan
t s
normal Web server. This URL will invoke a Common Gateway Interface (CGI) program
.
2) The CGI program invoked will be the merchant Ecash software, and it will be p
assed
details of the item selected encoded in the URL. The location of the buyer s hos
t
machine will also be passed in an environment variable from the server to the me
rchant
Ecash software.
3) The merchant software now contacts the buyers wallet using a TCP/IP connectio
n,
asking it for payment.
4) When the cyberwallet receives this request, it will prompt the user, asking t
hem if
they wish to make the payment. If they agree, the cyberwallet will gather togeth
er the
exact amount of coins and send this as payment to the merchant. The coins will b
e
encrypted with the merchant s public key so that only the merchant can decrypt t
hem:
{{Coins} K[public, Merchant]
If they disagree or do not have the exact denominations necessary to make a corr
ect
payment, the merchant is sent a payment refusal message.
5) When the merchant receives the coins in payment, he must verify that they are
valid
coins, and have not been double spent. To do this he must contact the bank, as o
nly the
minting bank can tell whether coins have been spent before or not. Thus the merc
hant
packages the coins, signs the message with his private key, encrypts the message
with
the bank s public key, and sends it to the bank:
{{Coins}K[private,Merchant]}K[public,Bank]
6) The bank validates the coins by checking the serial numbers with the large onl
ine
database of all the serial numbers ever spent and returned to the bank. If the n
umbers
appear in the database then they are not valid, since they have been spent befor
e. If the
serial numbers don t appear in the database, and have the banks signature on the
m,
then they are valid. The values of the coins are credited to the merchant s acco
unt. The
coins are destroyed, and the serial numbers added to the database of spent coins
. Thus
coins are good for one transaction only. The bank notifies the merchant of the s
uccessful
deposit.
7) Since the deposit was successful, the merchant was paid, and a signed receipt
is
returned to the buyer s cyberwallet.
8) The purchased item, or an indication of successful purchase of hard goods, is
then
sent from the merchant Ecash software to the Web Server.
9) The Web server forwards this information to the buyer s Web client.
Ecash client and merchant software is available for many platforms. Currently no
real
money is used in the system, but an Ecash trial with 10,000 participants, each b
eing
given 100 "cyberbucks" for free has been running since late 1994. There are many
sample Web shops at which to spend cyberbucks.
Advantages and Failings
The strengths of Ecash are its full anonymity and security. The electronic cash
used is
untraceable, due to the blind signatures used when generating coins.
By employing secure protocols using RSA public key cryptography, the Ecash syste
m is
safe from eavesdropping, and message tampering. Coins cannot be stolen while the
y are
in transit. However, password protection and encryption could strengthen the
protection of coins on the local machine.
The main problem with Ecash may be the size of the database of spent coins. If a
large
number of people start using the system, the size of this database could become
very
large and unmanageable. Keeping a database of the serial number of every coin ev
er
spent in the system is not a scalable solution. Digicash plans to use multiple b
anks each
minting and managing their own currency with inter-bank clearing to handle the
problems of scalability. It seems likely that the bank host machine has an inter
nal
scalable structure so that it can be set up not only for a 10,000-user bank, but
also for a
10,00,000-user bank. Under the circumstances, the task of maintaining and queryi
ng a
database of spent coins is probably beyond today s state-of the-art database sys
tems.
NetCash
NetCash is a framework for electronic cash developed at the Information Sciences
Institute of the University of Southern California. Many of the ideas used in Pa
yMe
came from the NetCash proposal. It uses identified on-line electronic cash. Alth
ough the
cash is identified there are mechanisms whereby coins can be exchanged to allow
some
anonymity. The system is based on distributed currency servers where electronic
checks,
such as NetCheque can be exchanged for electronic cash. The use of multiple curr
ency
servers allows the system to scale well.
The NetCash system consists of buyers, merchants, and currency servers. An
organisation wishing to set up and manage a currency server obtains insurance fo
r the
new currency from a central certification authority. The currency server generat
es a
public/private key pair. Being signed by the central authority then certifies th
e public
key. This certificate contains a certificate ID, name of the currency server, cu
rrency
server s public key, issue date and an expiry date, all signed by the central au
thority:
{Certif_id, CS_name, K[public) CS], issue_date, exp_date} K[private, Auth]
The currency server mints electronic coins, which consist of:
Cur r ency Server Name: Identifies a currency server.
Cur r ency Server Networ k Address: Where the currency server can be found. If
this address is no longer in use, a name server can be queried to find the curre
nt
address.
Expir y Date: Limits the state that must be maintained by each currency server.
Ser i al Number : Uniquely identifies the coin.
Coi n Value: Amount coin is worth.
The coin is signed with the currency server s private key:
{CS_name,CS_addr,exp_date,serial_num,coin_val}K[private,CS]
The currency server keeps track of the serial numbers of all outstanding coins.
In this
way checking a coin s serial number with the currency server at the time of purc
hase (or
exchange) can prevent double spending. If the coin s serial number is in the dat
abase it
has not been spent already and is valid. When the coin is checked the serial num
ber is
then removed from the database. The coin is then replaced with a new coin (coin
exchange).
An electronic cheque can be exchanged with a currency server for electronic coin
s. The
currency server is trusted not to record to, whom the coins are issued. To furth
er aid
anonymity a holder of coins can go to any currency server and exchange valid coi
ns for
new ones. The currency server does not know who is exchanging coins, only the ne
twork
address of where they are coming from. By performing the exchange and by choosin
g
any currency server to do this with, it becomes difficult to track the path of t
he coins. If a
currency server receives coins that were not minted by it, it will contact the m
inting
currency server to validate those coins.
The following steps are clearly explained how a buyer uses NetCash coins to purc
hase an
item from a merchant. In this transaction the buyer remains anonymous since the
merchant will only know the network address of where the buyer is coming from
NetCash assumes that the buyer has or can obtain the public key of the merchant,
and
that the merchant has the public key of the currency server.
Implementation details of how the NetCash protocols might be linked with applica
tions
such as the Web are not available, but it could be done in a similar fashion to
Ecash
using an out-of-band communications channel. The transaction consists of the fol
lowing
four steps, starting from when the buyer attempts to pay the merchant:
The buyer sends the electronic coins in payment, the identifier of the purchased
service
(S_id), a freshly generated secret key (SK[Buyer]), and a public session key
(K[public,Buyer]), all encrypted with the Merchant s public key, to the merchant
.
{Coins, SK[Buyer],K[public, Buyer], S_id} K[public, Merchant]
The message can t be eavesdropped or tampered with. The merchant to establish a
secure channel with the buyer later uses the secret key. The public session key
is later
used to verify that subsequent requests originate from the buyer who paid for th
e
service.
The Merchant needs to check that the received coins are valid. To do this he sen
ds them
to the currency server to be exchanged for new coins or for a cheque. The mercha
nt
generates a new symmetric session key SK[Merchant] and sends this along with the
coins and the chosen transaction type to the currency server. The whole message
is
encrypted with the server s public key so that only it can see the contents:
{Coins, SK[Merchant], transaction_type} K[public, CS]
The Currency Server checks that the coins are valid by checking its database. A
valid
coin is one whose serial number appears in the database. The server will then re
turn
new coins or a cheque to the merchant, encrypted with the merchant s session key
:
{New_coins} SK[Merchant]
Having received new coins (or a cheque) the merchant knows that the buyer has
properly paid him. He now returns a receipt, signed with his private key and enc
rypted
with the buyer s secret key:
{{Amount,transaction_id,date}K[private,Merchant]}SK[Buyer]
The buyer can then use the transaction identifier and the public session key to
obtain
the service purchased.
This is the basic purchase protocol used in NetCash. While it prevents double sp
ending
it does not protect the buyer from fraud. There is nothing to stop the merchant
spending
the buyer s coins without providing a receipt.
Extensions to the protocol are detailed in these are more complex and give prote
ction
against fraud for both the merchant and buyer. There are also mechanisms to allo
w the
merchant to be fully anonymous to the buyer. Partially offline protocols where th
e
bank does not need to be contacted during a purchase are also described. These h
owever
rely on the buyer contacting the currency server beforehand, and knowing who the
merchant is at that time. They use a time window in which the coins are only val
id for
certain short lengths of time.
The advantages of NetCash are that it is scalable and secure. It is scalable sin
ce multiple
currency servers are present and security is provided by the cryptographic proto
cols
used. Possible disadvantages of the system are that it uses many session keys an
d in
particular public key session keys. To generate a public key of suitable length
to be
secure takes a very large amount of time compared with that involved in generati
ng a
symmetric session key. This could compromise the performance of the system as a
whole.
NetCash is not fully anonymous, unlike Ecash. It is difficult but not impossible
for a
currency server to keep records of who it issues coins to and who it receives th
em back
from. The ability to exchange coins and use any or multiple currency servers inc
reases
the anonymity of the system.
A NetCash system is currently being implemented, but no details are given as to
how it
will be linked with applications such as the Web. NetCheque will be used to prov
ide
cheques, which can be used to buy coins, or which can be issued when coins are t
raded
in.
The two payment systems outlined each have their strengths and weaknesses. Ecash
is a
fully secure system that provides for very strong anonymity. The use of banks wi
thin the
system reflects current practice in non-electronic payment systems. Successful
operation of the Ecash system depends on the maintenance of a central database o
f all
coins ever issued within the system. If it were to become accepted as a global p
ayment
system, this would quickly become a major problem.
NetCash uses identified coins with multiple currency servers, and thus, while an
onymity
is maintained, there is only a requirement to keep track of all currency current
ly in
circulation. This makes for a much more scalable solution to the payment problem
.
NetCash is also fully secure, and achieves these using protocols that are quite
complex in
nature.
The PayMe Protocol Set
In an attempt to combine the best features of the two systems described, a new p
ayment
system called the PayMe Protocol Set was devised. A major goal was to preserve a
s much
of the anonymity provided by Ecash while adopting many of the features of NetCas
h
that allow it to scale to large numbers of users with multiple banks. In the fol
lowing
sections, will be discussed the overall design of the protocol set and work thro
ugh an
example of a network payment. Since this paper concentrates on payment for WWW
resources, detailed coverage will be given of both the currency representation a
nd the
protocol primitives used during a Web transaction.
The PayMe system and protocol set are now presented. Many of the design ideas ar
e
based on a close examination of systems such as NetCash, Ecash and other related
systems such as Magic Money and Netbill. In this way PayMe is a collection of th
e
successful parts from existing systems, minus the failings of those systems.
PayMe is an on-line electronic cash system. The entities involved are banks and
users.
Users can be either buyers or merchants but each has the same functionality. The
y can
make payments, accept payments, or deal with the bank. Each bank mints its own
identified electronic cash with serial numbers. The bank maintaining a database
of coins
in circulation prevents double spending of coins. This scale is better than the
blind
signature electronic cash approach. Any user in the PayMe system can accept paym
ents
and make payments. Merchants can receive payments for selling Web goods but they
can also make payments to the buyers. This can be used for making refunds or in
payout services.
The PayMe system uses its own secure communications protocol, the PayMe Transfer
Protocol (PMTP), to communicate between entities. This provides security and a m
eans
of communicating out-of-band, that is, outside the Web s HTTP protocol. This app
roach
was adopted to allow a full prototype to be developed that could eventually be u
sed with
any emerging Web security standard.
PayMe Currency
Coins are the pieces of data that represent monetary value within the system. Th
e coins
are digitally signed by the bank using public key cryptography to make them vali
d
currency. Each coin has a serial number, which is entered into the bank s databa
se,
when the coin is minted. Coins have fields for the coin value, serial number, ba
nk id,
bank host name and port number, and expiry date. When these five fields are put
together and signed with the bank s private key, a valid coin is created. An exa
mple coin
is of the form:
{10 MIK1234 BANK1 bank.cs.ted.ie.8000 18-12-98}K[private,BANKl]
Here the coin is worth 10, its serial number is MIK1234, the user-id of the bank
s public
key is BANK1, the bank is located at port 8000 on the machine bank.es.ted.ie, an
d the
coin expires on 18th December 1998.
A bank within the PayMe system mints coins, maintains a database of the serial
numbers of coins in current circulation to prevent double spending, and manages
the
accounts of merchants and buyers.

PayMe Transfer Protocol (PMTP)
PMTP is the set of secure messages designed to provide the communications necess
ary
in the PayMe system. It uses both symmetric and public-key cryptography. PMTP
consists of six request-response message types. For each of the six message type
s there
are three different possible message identifiers. There is one request message i
dentifier
and two different response message identifiers. These have been called request,
response and refusal respectively. A request is where the receiver is being aske
d to
perform an action. A response message identifier indicates that the action has b
een
performed and the message body contains the results of that action. A refusal is
where
the receiver refused to perform the action, and the message body may contain a r
eason
for this refusal.
A bank account owner to withdraw or deposit coins, or obtain a bank statement fr
om the
bank for that account uses the first three messages.
Withdraw Coins
Requires an account identifier, matching account name, account password, and amo
unt,
digitally signed by the account owner.
Deposit Coins
Attempts to deposit coins into a bank account. The bank will check that the coin
s
are*valid before crediting the account. The account identifier, name, and digita
l
signature are required to make a deposit. A deposit can be done with any bank wi
th
which the user has an account. If that bank does not mint the coins then the min
ting
bank will be contacted to validate the coins. Banks have accounts with other ban
ks and
in this way records are kept of how much each bank owes another. These accounts
could
then be settled using a real-world inter-bank clearing mechanism.
Request Bank Statement
Returns a bank statement for an account. A digital signature is required to auth
enticate
the account owner.
Exchange Coins for new ones
Any user, who holds valid coins from a bank, can exchange the coins for new ones
. The
process for doing this is anonymous, but it is still secure. During the exchange
the bank
only knows the network address of where the coins are being sent. If the coins i
t receives
are valid it will return new ones in exchange. It is not necessary to have an ac
count at a
bank to exchange coins. For efficiency an exchange must be done with the bank th
at
minted the coins.
Either a buyer or merchant can use this mechanism to help hide their identity. W
hen a
user withdraws coins from a bank the bank could record the numbers on the coins
and
whom it gave them to. Then when a merchant later deposits the coins the bank cou
ld
check to whom it issued the coins. In this way the spending habits of a user cou
ld be
recorded.
However, if during a purchase a merchant exchanges the coins rather than deposit
ing
them, then the bank does not know who has performed the exchange. Either the
merchant or buyer, or even another trusted third party could perform this exchan
ge to
"launder" the money, making it more difficult to trace spending habits.
Ask for payment
The last two messages are used between a user and another user such as a merchan
t.
The ask payment message is used to ask a buyer for a payment amount. During a
purchase a buyer remains anonymous to the merchant. Ideally the buyer should hav
e
obtained the merchant s public key before the purchase. However the merchant s p
ublic
key is also sent within the payment request. There is some risk involved with th
is, since
an attacker could replace the merchant s key with his own. The user is given the
choice
to accept a new merchant key in this way or not. If the user already holds the m
erchant s
public key, then this is compared with the one received in the payment request a
s part of
the procedure to authenticate the merchant.
Pay coins
Attempt to pay coins to a merchant. The buyer remains anonymous to the merchant
in
this transaction. The merchant only knows the network address of the buyer. The
parameters will often be generated automatically by the PayMe software. The addr
ess of
where to send the message to, also needs to be given.
PMTP Security
PMTP messages are secure from attacks using eavesdropping, message tampering,
replay, and masquerading techniques.
Eavesdropping Prevention
An attacker cannot see the contents of a PMTP message because the message is eit
her
encrypted with the public key of the receiver. Only the private key can decrypt
the
message, or
encrypted with a symmetric session key which has been distributed securely. The
session key was distributed by sending it in a public-key encrypted message.
The only exception to this is the ask_payment_request message. Since the buyer i
s to
remain anonymous this message is transmitted in clear text.
Message Tampering Prevention
Any encrypted message cannot be tampered with, since it will not be possible to
decrypt
it after it has been changed. By using message digests, a digitally signed messa
ge cannot
be tampered with.
Replay Prevention
A nonce is used within each PMTP message to ensure that the message can be used
for
one occasion only, and to prevent a replay of that message. It ensures that the
message
must come from a specific network address and within a small time window. If an
attacker can forge the IP network address to be the same as that of the message
sender,
then he could possibly replay the message within the short time frame that it is
valid. To
help prevent this software keeps track of all recently received nonce s and will
not accept
two messages with the same nonce such as a replayed message would have.
Masquerading Prevention
Where possible all messages are authenticated with a digital signature. Bank
withdrawals also require the password of the bank account. In the anonymous mess
ages
where a digital signature is not possible, knowledge of a symmetric session key
is used.
The network address within the nonce prevents an attacker at another site from
masquerading as the message sender at the original network address.
Private Key Protection
The private key of a user is stored on file at the user s local site. It is encr
ypted with a
secret passphrase. If the user s account is broken into, this prevents the attac
ker being
able to access the private key. Without this private key any cash stored locally
cannot be
decrypted, and PMTP messages cannot be sent.
PayMe with the Web
PayMe was tailored for use with any Web client or server. To purchase an item a
user
starts up both their PayMe Wallet and any Web client. They browse the Web until
they
find a merchant shop, which will be presented by an HTML document. Combinations
of
PMTP messages are used in a purchase transaction...
1) To purchase an item (information, hard goods, or pay-out service) a URL is se
lected
representing that item. When selected the URL causes the Web server to automatic
ally
start up a merchant s Wallet software. This is done using the Common Gateway
Interface (CGI).
2) The Wallet is passed the item details and the network address of the requesti
ng Web
client. Additional information, such as a shipping address for hard goods, can b
e passed
through a Web form if required.
3) The Wallet then looks up the cost of the item and contacts the buyer s Wallet
software
asking for payment. This is a PMTP ask_payment_request.
4) The buyer will be notified of the request. He will then either refuse
(ask_payment_refusal) or accept (pay_coins_request) the payment request. If he
accepts the Wallet selects the coins needed to make the exact payment and sends
them
to the Merchant.
5) The Merchant validates the coins by either anonymously exchanging them for ne
w
coins or depositing them into a bank account. For efficiency, if an exchange is
performed
it must be done with the bank that minted the coins. A deposit can be done with
any
bank with which the merchant has an account. The minting bank checks the serial
numbers of the coins with those in its database. If a serial number is not prese
nt in the
database the coin is not valid and is rejected. If the serial numbers are presen
t then the
coins are valid.
Having performed the check the bank then removes the serial numbers from the
database, thereby invalidating the coins. This must be done because otherwise th
e same
coins could be presented many times and they would always be valid. The merchant
is
given new coins in replacement, or the amount can be credited to his bank accoun
t.
6) The merchant will receive an indication from the bank as to whether the coins
were
valid. A valid coin indication will be new coins in an exchange
(exchange_coins_response), and a deposit acknowledgement (deposit_coins_response
)
with a deposit.
7) For a good payment the merchant then issues a signed receipt to the buyer
(pay_coinsresponse).
8) The purchased item is sent from the merchant to the Web server,
9) The Web server then forwards this to the buyer s Web client.
Payments must be made with the exact amount. No change can be given since this c
ould
compromise anonymity if a merchant colluded with the minting bank.
Implementation
A prototype was implemented in a C++/Unix environment on a Sun workstation clust
er.
An extended version of PgpTools, a set of C functions, which provide low-level P
GP
packet functionality in memory, was used to implement the cryptographic function
s. It
uses RSA to provide the public key cryptography and IDEA for the symmetric key
cryptography. Pgptools is subject to similar patent restrictions as PGP.
Coin backups and log files are maintained to increase the fault tolerance of the
system.
In this way the chance of losing coins, and hence monetary value, is kept to a m
inimum
if any of the entities crash.
PayMe could be used for schemes other than just monetary payment. A coin within
the
system could be used to represent a unit of CPU time, or connection time to a li
mited
resource, in order to provide resource sharing in an institution. Jobs which req
uire units
of CPU time could be submitted or initiated through the Web where the merchant w
ould
be the CPU host requesting the PayMe coins representing time on that CPU.
For applications where anonymity is important the exchange coins mechanism can b
e
used to anonymously exchange the coins with a bank preventing the bank knowing w
ho
now holds the new coins. In an environment where anonymity is not necessary or
desirable the banks involved can be configured to refuse any requests to exchang
e
certain coins, such as those representing CPU time. In this way the bank can rec
ord to
whom it issues the coins and who then deposits them, knowing for certain that no
anonymous exchange has taken place. Thus the configuration of the bank can contr
ol
the anonymity available to its users.
Taking the best features of existing systems, a new payment mechanism using elec
tronic
cash for use with the Web has been designed and implemented. It offers the follo
wing
desirable properties:
Secur i ty
The system was designed to be secure from fraud. The possibility of an attacker
being
able to bypass the system or falsely obtain value in it was minimised. PMTP was
designed to provide secure communication. Security steps were also taken to prot
ect
coins, the private cryptographic keys used, and the accounts at the bank.
Scalabi lity and Reliabi lity
Multiple banks can be used in the PayMe system, giving no central point of failu
re. The
simple PMTP protocols can be used for inter-bank communication as well as with
regular users; Electronic cash where only a database of the serial numbers in cu
rrent
circulation is used, much like in the NetCash system. In this way it is much mor
e
scalable than Ecash. The serial numbers of every com ever spent need not be
maintained. Secondly the serial numbers can be short, unlike the long serial num
bers of
about 100 digits, necessary to prevent serial number collisions when using blind
signatures.
Usable by all
It is important that the system can be used by anyone provided they have the mon
ey to
pay for the items they wish to buy. No credit card numbers are used, since not a
ll
Internet users, for whatever reasons, hold valid credit cards, in theory anyone
who
wants to can buy PayMe electronic coins and have an account at a PayMe online ba
nk.
Usable wi th any Web cli ent or server softwar e
PayMe can be used with any Web client or server software and it is not limited t
o any
specific product or HTTP version. As many new innovations and advances in Web
technology are designed and released, it is important that a Web payment mechani
sm
can be used with all of these. By using its own secure out-of-band protocol, Pay
Me can
be used with both current and emerging Web technology and protocols.
Payment for i nfor mation, har d goods, and pay-out servi ces
Web information of any type such as text, images, audio streams or video can be
purchased using PayMe. Hard goods can be paid for through the Web using forms. T
he
PayMe client software used by a buyer can also receive payments. In this way pay
-out
services can be used.
Har dwar e independent
No special hardware s, such as smart cards, are required to use PayMe. The syste
m can
be used right now using only software, and this is more suited to the global Int
ernet
where it would take time for users to obtain and begin to use new hardware.
Limited Anonymity and Pr ivacy
It is desirable to prevent a database being, built with full details of every pu
rchase made
by an individual. Some anonymity can be provided by the system by anonymously
exchanging coins with a bank, similar to NetCash s exchange mechanism. A buyer w
ill
also remain anonymous to a merchant during a purchase transaction, as only the
buyer s network address will be known.
The system does not offer offline operation. It was not possible to fulfill all
the above
requirements and at the same time remove the need for a bank to be contacted dur
ing a
purchase transaction. However it is felt that with the trend towards faster, and
more
reliable global networks, offline operation is not required. Secondly, on the In
ternet
where it is easy to hide one s identity, it is not acceptable to use an off-line
electronic
cash system where fraud will only be detected after it has occurred.
The final implemented system provides a secure and scalable means of paying for
all
types of Web services. It would seem to be more scalable than the fully anonymou
s
Ecash system, and more efficient than the complicated protocols and use of both
symmetric and asymmetric session keys of NetCash.
In this lesson have examined two existing means of effecting anonymous electroni
c
payment across networks and looked at their strengths and weaknesses, then prese
nted
the design of PMTP, a hybrid of these two approaches that offers a fully secure,
scalable
anonymous payment system. And it was shown how this can be combined with WWW
client and server software allowing payment to occur on an out-of-band link as u
sers
browse the Web. Only a payment system with these properties will allow the Web t
o1 be
used as an electronic marketplace without compromising the privacy of its users.
Electronic Data Interchange (EDI)
Electronic Data Interchange (EDI) is used by organisations for transactions that
occur
on a regular basis to a pre-determined format. For the most part it is used for
purchase
transactions. The area of application of EDI to the trade cycle is shown in figu
re 3.
EDI is most commonly applied in the Execution and Settlement phases of the trade
cycle. In execution of a simple trade exchange, the customer s order can be sent
by EDI
and the delivery notification from the supplier can also be electronic. For sett
lement the
supplier can use EDI to send the invoice and the customer can finish the cycle w
ith an
electronic funds transfer via the bank and an EDI payment notification to the su
pplier.
This whole cycle may be more complex and other electronic messages can be includ
ed.
The cycle can be repeated many times, as often as the supermarket wants to buy
Cornflakes or the vehicle assembler needs new supplies of wheels.
EDI can be used for pre-sales transactions; there have been EDI messages develop
ed for
transactions such as contract buy they are not widely implemented. Finding an
appropriate trading partner and negotiating conditions of trade is likely to be
undertaken by a member of staff in the buying department (or a manager on golf
course). EDI could be used for after-sale transactions but only if they were in
a
standardised format and frequent enough to justify the system costs; transaction
s such
as a dealer claiming payment for warrantee work could be a possible application.
EDI
can also be used for standardised and repeated transactions that do not fall wit
h the
usual definition of trade exchanges. Examples are:
In the UK, many National Health Service Dentists keep dental records on a
computer system and treatment details are sent, by EDI, to the Dental Practice
Board. The board then pays the dentists for its proportion of the treatment cos
t
and again this transaction is electronic, using the national bank clearing syste
m
(BACS) (Willmott 1995).
British Telecom has also started using EDI, in this case for its bills from the
gas
electricity and heating oil utilities. With 9,000 telephone exchanges computer
centres and offices up and down the country it was processing about 120,000
bills a year from the various utilities. In 1996 it started a programme of
switching these invoices to EDI starting with the 250 bills from Scottish Power
the 250 bills, processed manually, took up two days work, much of which can be
saved using EDI (Electronic Commerce. 1996)
Both these applications of EDI facilitate the passing of data between the comput
er
applications of trading/co-operating organisations without the delays, inaccurac
ies and
inefficiencies associated with the exchange of data on paper.
EDI Definition
EDI is often summed up as Paperless Trading. More formally EDI is defined, by th
e
International Data Exchange Association (IDEA), as: The transfer of structured
data, by
agreed message standards, from one computer system to another, by electronic mea
ns.
This definition of EDI has four elements, each of them essential to an EDI syste
m.
1. Structure Data
EDI transactions are composed of codes, values and (if necessary) short pieces o
f text;
each element with a strictly defined purpose. For example, an order has codes fo
r the
customer and product and values such as quantity ordered.
2. Agreed Message Standards
The EDI transaction has to have a standard format. The standard is not just agre
ed
between the trading partners but is a general standard agreed between the tradin
g
partners but is a general standard agreed between or international level. A purc
hase
Order will be one of a number of agreed message standards.
3. From One Computer System to another
The EDI message sent is between two computer applications. There is no requireme
nt
for people to read the message or re-key it into a computer system. For example,
the
message is directly between the customer s purchasing system and the supplier s
order
processing system.
4. By Electronic Means
Usually this is by data communications but the physical transfer of magnetic tap
e or
floppy disc would be within the definition of EDI. Often networks specifically d
esigned
for EDI will be used.
There are many further definitions of EDI; most of them include the same four po
ints.
The definition presented by Sokol (1989) is one further example:
The INTER COMPANY COMPUTER-TO-COMPUTER communication of
STANDARD BUSINESS TRANSACTIONS in a STANDARD FORMAT that
permits the receiver to perform the intended transaction.
This definition emphasis the point that the normal application of EDI is in busi
ness
transactions between companies but, contrary to this definition, there are also
applications of EDI for information exchange and for intra-company transactions.
The Benefits of EDI
EDI can bring a number of advantages to the organisations that use it. It should
save
considerable time on the exchange of business transactions and has the potential
for
considerable saving in costs. EDI can be simply used to replace paper transactio
ns with
electronic transactions - this is the normal route taken in the initial installa
tion of EDI.
The full advantage of EDI is only realised when business practices are restructu
red to
make full use of the potential of EDI; when EDI is used as an enabling technolog
y to
change the way the business operates - just-in-time (JIT) manufacture and quick
response supply being prime examples of where EDI is used as an enabling technol
ogy
to gain competitive advantage.
The direct advantages of EDI include:
Shor tened Or der ing Ti me
Paper orders have to be printed, enveloped and sent out by the customer s post r
oom
and input to the supplier s order processing system. To achieve all this reliabl
y in underthree days would be to do very well. EDI orders are sent straight into the netwo
rk and
the only delay is how often the supplier retrieves messages from the system. Ord
ers can
be in the suppliers system within a day, or if there is urgency the messages can
be
retrieved more frequently, for example every hour.
Cost Cutting
The use of EDI can cut costs. These include the costs of stationery and postage
but these
all probably be fully matched by the costs of running the EDI service. The princ
iple
saving from the use of EDI is the potential to save staff costs. The obvious exa
mple of
this is that if the orders are directly input to the system there is no need for
an order
entry clerk. Note also that seasonal peaks, staff holidays, etc. no longer creat
e a backlog
in the order entry area. The cost savings need to be offset against the system
development and network costs.
Elimination of Er r or s
Keying any information into a computer system is a source of errors and keying p
aper
orders into the order processing system is no exception. EDI eliminates this sou
rce of
errors. On the down side, there is no order entry clerk who might have spotted e
rrors
made by the customer - the customer will get what the customer asked for.
Fast Response
With paper orders it would be several days before the customer was informed of a
ny
supply difficulty, such as the product is out of stock. With EDI the customer ca
n be
informed strait-away giving time for an alternative product to be ordered or an
alternative supplier to be used.
Accur ate I nvoi cing
Just like orders, invoices can be sent electronically. EDI invoices have similar
advantages to EDI orders in saved time and avoided errors. However, the major
advantage in EDI invoices is that they can be automatically matched against the
original
order and cleared for payment without the sort of queries that arise when paper
invoices
are matched to orders.
EDI Payment
Payment can also be made by EDI. The EDI payment system can also generate an EDI
payment advice that can be electronically matched against the relevant invoices,
again
avoiding query and delay.
Indirect advantages of the use of EDI can be:
Reduced Stock Holdi ng
The ability to order regularly and quickly reduces the amount of goods that need
to be
kept in a storeroom or warehouse at the shop or the factory. For many JIT manufa
cture
and quick response supply systems stockholding is eliminated altogether with goo
ds
being delivered only as they are needed. Reduced stock holding cuts the cost of
warehousing, the double handling goods (into store and*then out again onto the f
actory
or shop) and the capital requirement to pay for the goods that is just sitting i
n store.
Cash Flow
Speeding up the trade cycle by getting invoices out quickly, and directly matche
d to the
corresponding orders and deliveries, can and should speed up payments and hence
improve cash flow. Elimination of most invoice queries can be particularly signi
ficant in
reducing delays in payments.
Business Oppor tuni ti es
There is a steady increase in the number of customers, particularly large, power
ful
customers that will only trade with suppliers that do business via EDI. Supermar
kets
and vehicle assemblers are prime examples. Being ready and able to trade electro
nically
can be an advantage when competing for new business.
Customer Lock-in
An established EDI system should be of considerable advantage to both customer a
nd
supplier. Switching to a new supplier requires that the electronic trading syste
m and
trading relationship be redeveloped, a problem to be avoided if a switch of supp
lier is
not essential.
To gain these advantages EDI has to be seen an investment - there are costs up-f
ront
and the payback is longer term. The cost is the set up of the EDI system (hardwa
re,
software and network) and the time required establishing agreements with trading
partners. The savings only start when there is a significant volume of business
transacted using EDI, a point that is called the critical mass in the jargon o
f EDI.
EDI Example
The nature and use of EDI is best illustrated by an example. At the simplest lev
el EDI
can be a direct replacement for the paper transactions and this, using the Pens
and
Things case study, is what this example shows.
Pens and Things plans its production on a monthly basis. Each month the details
of
orders and sales are reviewed and sales forecasts for the coming month are made.
The
sale forecast is then compared with the goods in stock and a production plan is
devised.
The production plan is, in turn, correlated with the stock of raw materials, com
ponents
and packaging and orders are placed with the stocks of raw materials, components
and
packaging and orders are placed with the suppliers. The monthly production plan
does,
however, need to be flexible - any significant new order can require that the pl
an is
modified and that new materials be ordered at short notice, if they are not avai
lable
from the factory store. Most of Pens and Things production materials are easily
held in
store. The range of materials is limited; the items are relatively small, not ea
sily held in
store. The ranges of materials are applicable across a range of products; Pens a
nd
Things can keep two or three months supplies in stock without any great disadvan
tage.
The exception to this is the packaging. The packaging is also very dependent upo
n the
customer order and is the item most vulnerable to short notice changes in the
production schedule.
Pens and Things has been talking to its packaging supplier on how the situation
might
be improved. Pens and Things wants to cut down on its stock of packaging and its
supplier would like to improve its processing of orders, particularly urgent ord
ers. The
packaging supplier used EDI with other customers, EDI is an option in Pens and T
hings
production control system and it is EDI that is to be used for this requirement.
Assume,
for example, Pens and Things need, at short notice, more packaging for their Exe
cutive
Elite fountain pen and ball-point pen set. Before the EDI system went in:
The production controller would have typed out an order and posted or, more prob
ably,
faxed it. A copy of the order would be retained and be entered into the stock co
ntrol
system to keep the records straight . The order is shown at the following figur
e 4.
When the order arrived with the packaging company it had to be keyed into their
order
processing system / production control system. Hopefully the order would be
recognised as urgent and would be keyed in correctly, but that would not always
be the
case.
EDI Applications in Business, EDI and E-Commerce
EDI has potential applications in any organisation where the administration proc
esses
are computerised and that exchanges regular and standardised transactions with o
ther
organisations. Extensive users of EDI include:
Bhs
Bhs is a UK and European multiple retailer dealing mainly in apparel (fashion) g
oods. It
operates some 120 large retail outlets and is represented in most major UK shopp
ing
centres. Bhs deals with about 400 suppliers on a regular basis and all orders fo
r
merchandise are sent by EDI. Using just-in-time supply it is important for Bhs t
o know
what the suppliers have in stock and for the supplier to be able to anticipate d
emand by
seeing Bhs sale data; this two-way flow of information is also maintained using
EDI. In
addition to the orders, EDI is used to confirm supplier delivery and to communic
ate bar
code information for use in delivery and packaging. The use of EDI at Bhs is the
backend to an integrated merchandising, sales and replenishment system. Replenishmen
t
decisions are dependent on the sales plan and the stock available (updated from
the
EPOS systems). New EDI orders can be generated overnight and be with the supplie
r
the next day. Bhs calculate that they can be making 4.5 million replenishment de
cisions
each working week.
- Derived from the role of computers within Bhs(1994)
Lucas Ri st
All volume, car manufacturers make extensive use of EDI as a facilitator of just
-in-time
manufacturing systems. Typically parts supply is divided into categories, many s
maller
parts are stocked in warehouses at the assembly plant but a number of large part
s will
be ordered for sequenced delivery for the models that are to go down the line
on that
day.
Lucas Rist manufactures the "main harness for Rover Cars. The main harness is a
wiring loom that carries all the electrical cables for virtually every electrica
l part of a
motor car. The loom can contain as many as a thousand individual wires and a tho
usand
individual components; the configuration of the loom varies individual component
s; the
configuration of the loom varies depending on the model, variant and component
configuration of the specific car that is being built.
Rover sends Lucas Rist a ten day build plan and later a provisional order, both
by EDI.
The actual, confirmed EDI orders are placed every two to four hours and are for
delivery
of the correct specification main harness, in sequence, to track side within 10
hours
from the dispatch of the order. Lucas Rist inform Rover, again using EDI, of whe
n the
part is to be dispatched; this gives Rover requirement is that the part needs to
be there,
to be fitted to the body shell before it goes through the paint shop; without th
e part the
production line stops.
- Based on a case supplied by Perwill Plc
TeleOrdering
The EDI system for the book trade is called TeleOrdering, a system that is linke
d to the
Whitaker s catalogue Books in Print. The book trade has a number of methods of s
upply.
Some bookshops deal with the representatives of the major publishers and some wi
th
wholesale book suppliers but, for the academic bookshop, the Whitaker s catalogu
e is a
standard tool.
Books in Print is a monthly catalogue issued on CD-ROM. It allows the bookshop to
look up any book that is in print but not in stock. If the customer then wants t
he book
ordering the system will format an EDI order that is sent via TeleOrdering to th
e
appropriate publisher. The system is flexible and readily copes with the various
types
and sizes of organisations in the book trade. Smiths, for example, have incorpor
ated
Whitakers into their own warehouse. At the other end of the scale, the small pub
lisher
that does not have an online connection to the system will receive a printed ver
sion of
the EDI order, from TeleOrdering, in the post. A good supply chain is important
to both
the virtual as well as the physical bookshop. Online bookshops must ensure that
orders
are satisfied as rapidly as possible and Blackwells, for example, have made a po
int of
linking their online bookshop to TeleOrdering so that efficient supply can be as
sured.
EDI Trading Patterns
Hubs and Spokes
Many of the prime movers in the adoption of EDI have been large retail organisat
ions,
such as Bhs and component assembly manufacturers such as the Rover Group. These
prime movers have set up extensive electronic trading networks with their suppli
ers.
The EDI flows have been typified as a hub and spoke pattern, the major organis
ation is
the hub and the suppliers are the spokes. The orders are sent from the hub to th
e
suppliers (spokes) and, after the goods have been delivered, the spoke will tran
smit the
EDI invoice to the hub.
Initially EDI is implemented with a small number of important suppliers and then
, over
time, the system is extended to encompass all suppliers to the core business act
ivity. For
many of these organisations EDI is made a condition of trade - if the supermarke
t is to
sell your product then you will use EDI. Bray (1992) expresses it thus:
Therefore, when it (the Hub) says, "thou shall trade electronically", or in a ph
rase
attributed to the UK supermarket chain, Tesco: EDI or DIE
The hub and spoke pattern of electronic trading leads to the formation of closed
user
communities. The supermarket or the car builder hub chooses the VADS and the EDI
standard and the suppliers (spokes) are required to confirm. The arrangements wi
ll in
fact be more specific than that - the supplier will specify a number of very det
ailed
requirements including a strict subset of the EDI standard that is specific to t
hat closed
user community (and is not always in strict compliance with the EDI standard).
This arrangement can work reasonably well for a supplier that is a spoke serving
just
one hub. The EDI implementation decisions are already taken, they just need to b
e
implemented. Some hub organisations will specify the system or even supply the
software that is to be used. The position is less satisfactory when the supplier
trades
with more than one hub. The major food processors will typically supply most, if
not all,
of the major supermarket chains. In Britain, these suppliers will have to join a
t least two
EDI VADS (most supermarkets trade using the GEIS/INS network but one of the majo
rs
uses IBM for its network) and then meet the different EDI standard and other
conditions laid down by each of the hub organisations.
This situation is illustrated by Hood, et al. (1994). Their paper presents a stu
dy of one of
the large supermarkets and four of its suppliers. One of the suppliers, a bakery
, supplied
several of the top ten food retailers and the following supply arrangements are
recorded
with different customers:
EDI orders and invoices with three customers
EDI orders only and manual invoices
Telephone orders and manual invoices
Manual orders but invoices on tape
Salesmen calling at the retail outlet.
The authors summarises the situation as:
Supermarkets see only their own systems whilst suppliers have to cope with mult
iple
EDI systems, and the attendant coding problems, and combine this with a non-EDI
system for other customers
The spread of EDI trading is increasing the number of electronic traders and the
number of trading partners that any organisation might have. The hub and spoke
pattern is becoming messy:
The spokes are becoming inter-wined and the hubs are spokes to other hubs.
Different EDI standards, messages and message subsets are used by different
organisations.
The number of available EDI VADS is growing and interconnection with organisatio
ns
connected to other VADS can be difficult.
These issues are further examined in the following sub-sections:
Over lapping User Communi ties

As illustrated above, electronically capable suppliers to organisations such as
supermarkets and vehicle assemblers are becoming involved in EDI trading relatio
nship
with several customers. The user community looks like a hub and spoke network to
the
hub but more like a spider s web to the spoke organisation, entrapped by the con
flicting
requirements of a number of powerful and demanding customer organisations. An
illustration of the nature of the overall trading network is given at figure 2.
Between the players in the network
To further tiers of suppliers of subcontractors
Links to secondary suppliers are a logical development. If the supplier of cakes
to the
supermarket is receiving EDI orders then they might want to use the same system
to
purchase the flour and dried fruit they use in their baking. EDI links with seco
ndary
suppliers have not occurred at the same rate as with the major hub organisation.
Many,
but by no means all, supplier organisations are small or medium size firms which
:
Have enough on their plate coping with the EDI and JIT demands of their customer
s.
Are less computerised, automated and streamlined than their larger trading partn
ers.
The extension of the trading network is further discussed in the following secti
on.
Differing Patterns of EDI Trade
The hub and spoke is often presented as the general pattern of EDI trade. As ED
I trade
has developed differing patterns are beginning to develop for differing sectors.
The
patterns vary in the range of trading links established and the type of messagin
g that is
used. Retailing is one the sectors most advanced in electronic trading and a pat
tern has
developed of:
Major retail chains with EDI links to many (or most) suppliers;
Suppliers with links to one or (typically) several of the major retail chains.
This pattern has already been illustrated in Figure 2. Automotive assembly is an
other
sector that is making widespread use of EDI and the trading pattern is similar t
o that of
the retail sector. The pattern of suppliers trading with a number of hubs gets f
urther
complicated when second tier suppliers start trading electronically. As already
discussed
this has been happening but in general development has not been rapid. There are
,
however, instances of large organisations introduced to electronic trading by th
eir
customers which have then gone on to make extensive use of EDI in their own supp
ly
networks:
Spokes like Courtaulds Textiles (pushed into EDI by customer pressure), which are
large companies and have their own suppliers, are busy becoming hubs of their ow
n EDI
networks, so that they can reap the same benefits as their own customers
(Bray, 1992)
The spread of EDI to second tier suppliers, when added to the picture at figure
2,
extends the network still further, see figure 3. The addition of further layers
of suppliers,
and suppliers acting at more than one layer, has the potential for a significant
increase
in complexity (a complication if there are disparate EDI standards, messaging an
d
networks in use).
The hub and spoke pattern, with the spokes networking to several hubs, seems to
be the
most common pattern but is not the only pattern of EDI trade. An alternative pat
tern is
that exhibited by a wholesaling organisation. In a simple form the wholesaler ha
s EDI
links with a number of its (larger) customers and then is a traditional hub of
its own
supplier network (maybe it could be called a corn sheaf structure , but then ag
ain
perhaps only). This structure is illustrated at figure 4. It is of course, very
possible for
wholesalers to be integrated into wider supply networks, the reader is left to c
onstruct a
mental picture of this structure integrated with the links of the network shown
at figure
7.
Co-operative User Communities
The hub and spoke pattern of electronic trading is typically lead by the hub cus
tomer
and, as already discussed, the suppliers who form the spokes are not necessarily
willing
participants. In many instances the customer organisation, in the hub and spoke,
can
also gain considerable competitive advantage from the arrangement at the expense
of
the supplier organisations.
EDI trading is not sold on this basis and there are EDI communities where the pr
ocess
of setting up the community is co-operative and where a win-win share of advanta
ge
appears to be achieved. One such EDI network is TeleOrdering; the network used b
y
bookshops for ordering books and featured as a case study at the start of this c
hapter; all
publishers and book retailers, large and small can take part in this network, se
nding and
receiving book orders on a broadly equal basis. Further such examples exist, par
ticularly
in Scandinavian countries where electronic trade systems are often set up by tra
de
associations or organised as co-operative ventures.
Open User Communities
The opposite of a closed user community is an open user community. The hub and
spoke pattern and the closed user community evolved to later for the established
trading
relationships. The spread of electronic trading has produced unwelcome complexit
y
within that model. That complexity has evolved while trade is still restricted t
o the core
business of organisations. A new approach is required if electronic trading is t
o be
extended to most, if not all, of the inter-organisational transactions that orga
nisations
make. EDI must be defined and implemented in a way that is appropriate to an ope
n
user community. There are three principle barriers to the evolution of open EDI
trade:
Networks
EDI Standards
Product Coding
The norm for EDI trading is the use of a VADS - closed user communities will con
duct
all their business on a single VADS chosen by the hub. There are, however, some
half
dozen major VADS offering their services in the UK. There has been a tendency fo
r any
given trade sector to concentrate on one particular VADS and this has lessened t
he
potential problem. However, by definition, miscellaneous trade will cross trade
sector
boundaries and the problem of the user community defined by the membership of a
VADS will increase. The problem is both national and international. VADS have li
nks to
similar services in Europe, North America and across the world but again these
partnerships only give access to the user community belonging to the connected V
ADS.
The EDI standards that have evolved are again associated with closed user commun
ities.
Standards have been evolved on national basis (e.g. Tradacom or XI2), on an indu
stry
basis (e.g. Odette) or even for one industry in one country (e.g. VGA). The requ
irement
is for a common EDI standard and this is recognised by the European Community
promotion of EDIFACT and the evolution of other standards towards the underlying
structure of the EDIFACT standard. This move to a common standard starts to solv
e one
of the problems but generates another. The EDIFACT standard, in trying to encomp
ass
the needs of all, is so vast that it cannot, readily, be fully implemented and d
ialects are
being used - in effect reproducing the problem of separate standards that the us
e of
EDIFACT was designed to overcome.
The final problem is that of product codes and the quantities they imply. Most
manufactures code their products but it can be a problem unless the coding syste
m is
accepted on an industry basis.
EDI Transactions
EDI Tr ade Exchanges
The main use of EDI is for the execution and settlement exchanges of the trade c
ycle.
These exchanges take place within an agreed trade relationship and often in the
context
of a formal contract. The basic pattern of documentation for these trade exchang
es is:
The customer sends an order to the supplier.
The supplier sends the goods and a delivery note.
The supplier follows up the delivery note with an invoice.
The customer makes payment against the invoice and sends a payment advice.
This pattern is illustrated in the following figure 9.
This is a simple, perhaps idealised, version of trade documentation. The four ex

changes
shown are present in most trade exchanges even if not exactly in the form indica
ted
above. Some of the important variations and complications that occur in each of
the four
phases are outlined below:
Order
The order (often referred to as a purchase order) is a contract for one specific
consignment of goods. It specifies what is wanted, in what quantity, where it is
to be
delivered, who will pay and often much more beside. The order may reference a co
ntract
or it may be against call-off order, see below.
Along with the order comes the need to amend orders. The customer may need to
amend or part of an order. The supplier might have a problem in fulfilling the o
rder, for
example errors in the order data or unavailability of stock. The EDI order serve
s the
same purpose as the paper order. Its merit is that it gets into the suppliers or
der
processing system speedily, cheaply and with no transcription errors. EDI can al
so be
used to amend orders or confirm receipt and availability; these later facilities
will often
not be implemented because of the system costs of setting them up.
Another form of order that is widely used in commercial transactions, it is the
call-off
order . This is an order for goods that will be needed but it does not specify w
hen
(and/or where) they will be delivered. It is arguably more of a contract than an
order. It
is perhaps most easily understood by considering a couple of examples:
Vehicle assemblers extensively use call-off orders. The assemblers place large c
all-off
orders with component suppliers. These specify product, price, etc., but not del
ivery.
The assembler then places orders, weekly, daily or even hourly, for the delivery
of the
required quantity of components for the specific production plan.
Call-off orders are also used in the retail trade. The call-off order can be pla
ced for, say,
a large quantity of a particular design of garment. The actual orders than speci
fy the
quantity, date and retail location for delivery. This then gives the retailer th
e flexibility
to ensure that each outlet gets the stock it requires when it needs it (the adva
ntage to the
supplier is more datable, the supplier could be left with stock that the retaile
r never asks
for).
The call-off order will be for large quantities and / or for an extended period.
It can be
EDI but the real advantage is in using EDI for the many orders raised against ca
ll-off
order.
Delivery Note
Goods arriving at a customer s door should have documentation to indicate who th
ey are
from and why they have been sent; there should be a notification of which order
they
fulfil. The document that does this is the delivery note. It may be that the inv
oice is sent
with the dual purpose of notifying delivery and requesting payment but it is a c
ommon
practice to keep the two functions separate: a delivery note for the lads (and l
asses) in
blue overalls and with dirty hands in goods-in and an invoice for the nice cle
an people
in the office.
The delivery note is used to check the goods in - the details from the delivery
note then
have to be input to the computer system and matched with the originating order (
the
system needs to know that the goods have been delivered before payment can be
authorised). There can be a discrepancy against the ordered quantity or there ca
n be
damaged or faulty goods. This in turn sparks off a further exchange with a deliv
ery
variance or goods returned note. The delivery note can be sent by EDI. This save
s the
not inconsiderable effort involved in typing the details from the delivery note
and
matching it to the corresponding order; the electronic delivery note will have a
ll the
correct codes and the matching should be automatic. The problem with the EDI del
ivery
note is that it does not prove that the package and the goods actually arrived.
There is
still the need to confirm that delivery took place but this can be done with muc
h less
detail - many organisations use bar - code labels on the delivery to meet this n
eed and to
allow automated matching with the electronic delivery note.
Invoice
When goods or services have been delivered, the supplier issues an invoice. This
-says
what has been supplied, for which order(s) and the total cost (which we would no
w like
paying). Invoices can be issued for each order or at the end of the month for al
l orders
sent out in that period (sometimes referred to as a statement).
The payment of invoices is often delayed to take advantage of credit, with or wi
thout
acquiesce of the supplier. Most organisations check invoices against the origina
l orders
and deliveries to make sure that they are only paying for goods and services rec
eived.
The task is made more difficult by disparate invoice formats, incorrect / incomp
lete data
and complications such as partial deliveries / multiple deliveries of an order.
The
processing of paper invoices can be a costly and time-consuming matter.
The use of EDI for invoicing means that the invoice gets through reliably and qu
ickly
and is accurately matched to the original order and subsequent delivery-note. Th
e use of
EDI should save time for the customer, cut out most invoice queries and improve
cash
flow with earlier payment for the most invoice queries and improve cash flow wit
h
earlier payment for the supplier. The excuse that the invoice was lost in the po
st loses its
credibility.
Payment and Payment Advice
The final step in the cycle is payment. For paper systems this requires a cheque
and a
payment advice to indicate what the cheque is for. The processing of the cheque
is
relatively easy, it goes to the bank. The payment advice is another matching job
, this
time it is the supplier that needs to search through the outstanding invoices an
d tick off
those that are paid. With EDI, both payment and payment advice can be electronic
.
Payment can be sent to the bank either using an EDI payment message or the BACS
system. The payment advice can be sent to the supplier as an EDI message and is
readily
matched, within the computer system, to the invoice(s) for which it is the payme
nt.
Many banks offer an EDI payment service and will take instruction on payment fro
m the
supplier and forward the payment advice to the customer (arguably giving confide
nce
that the payment advice actually represents a real payment).
EDI Adoption and EDI Maturity
Business System Evoluti on
The development of business computer systems has essentially taken place over th
e last
30 years. Initially, the commercial use of computers was limited to mainframe
computers, the main administrative processes and to large organisations. The
development of mini and microcomputers allowed the adoption of information
technology by medium and small size enterprises and, in many organisations, ther
e is
now a computer on every desktop.
The marriage of computers and telecommunications has enabled organisations to
network their computers. Offices have local area networks linking one desktop to
another, to a server and / or a central computer. Geographically dispersed organ
isations
have wide area networks linking their locations and systems together, throughout
the
country and / or across the world. Many organisations have used these networks t
o
interface or integrate their business processes with common customer files, inte
rfaces to
the accounting system and the like.
At the simplest level this is achieved by numerous interface transactions but it
can also
involve the set-up of the corporate database of distributed database on networke
d and
client server systems. The integration of systems has been a factor in improving
customer service and customer care, it has also given birth to new products and
services,
particularly in the financial services industry.
However, this integration of computer systems stopped at the companies front (a
nd
back) doors. Inside the company, for example, the order processing system formul
ated
the replenishment demand, updated the stock file and made a posting to the accou
nting
system but then printed the order on paper. The paper order was then posted to t
he
supplier where it would be typed into their order processing system with the ine
vitable
quota of delays, transaction errors and coffee stained documents. It is calculat
ed that,
for a typical company, 70% of the documents they type into their system will hav
e been
printed out from another computer system and, of these documents, 50% will be in
put
with mistakes in the transcription. The answer to these difficulties and ineffic
iencies is
the Inter-organisational System (IOS). The prime "technology" of the IOS is EDI.
The development of EDI and IOS systems is, arguably, a new generation of compute
r
application that has changed inter-organisation business practices in much the s
ame
way as the evolution of IT and IS has radically changed intra-organisational pro
cedures.
These developments of business information systems can be represented as three s
tages
or three generations:
The development of Internet enabled system is arguably the next stages in this
evolution. The overall impact and implications of the development of the Interne
t on
corporate systems is still to be evaluated.
EDI Matur ity
EDI development, it is suggested, follows a fairly standard pattern. This can be
represented as a six-stage maturity model. The model had as its starting point a
three
stage model suggested in Saxena and Wagenaar, (1995) and has been developed usin
g
the author s own commercial and research experience. The model was first present
ed in
a paper EDI: Re-Engineering the Competitive Edge , Whiteley, (1995).
The stages of the model and some of the opportunities and implications of each s
tage
are:
a. Discovery Stage
The first stage in EDI development is the discovery stage. Discovery can be by a
n
organisation choosing to adopt EDI to gain competitive advantage or to solve an
administrative problem. Often it arises from the realisation that competitors ar
e
adopting EDI and the being left behind will result in competitive disadvantage.
For most
EDI users discovery has come in the form of a request from a significant custo
mer
organisation that is converting its trade transactions to EDI - such requests
are not
necessarily negotiable.
b. Introductory Stage
Organisations setting out on the EDI path generally start with a pilot scheme. I
nitiators
of EDI trading networks will choose one or two trading partners with which to pi
lot a
single message (transaction) type. Organisations, which are forced into EDI trad
ing by
an insistent partner, start electronic trading in a similar way. This stage can
be termed
the introductory stage. This stage requires investment - there are direct costs
in
computer hardware and software but at least as significant will be the time comm
itment
in establishing the parameters of the electronic trading relationship. This stag
e, on its
own, does not result in any cost saving or efficiency gain.
c. Integration Stage
Having found out about EDI and having gained some practical experience the syste
m
can be developed further. Very probably the introductory system was a free stand
ing
system with transactions being transcribed from the EDI system to the main busin
ess
system (or vis a versa depending on the selected message type). There is little
benefit in
an EDI system if, for example, orders have to be printed out and typed back into
the
order processing system. The next stage therefore is to interface the EDI softwa
re with
the business application so that EDI messages can be transferred electronically
and
automatically between the two systems. This stage is referred to as the integrat
ion stage.
The work involved in this stage is very variable but is often expensive. To esta
blish the
EDI service EDI software can be bought off-the-shelf. Integrating the EDI softwa
re and
the business system would normally apply to data input. Integration is an essent
ial stage
for the large user of EDI. Many small organisations, often forced into EDI by a
large
trading partner, never achieve integration.
d. Operation Stage
Integration realises the EDI benefits of saving time and avoiding transcription
errors.
Real business benefits only come when a significant number of trading partners a
nd / or
commonly used trade transactions are converted to EDI. Reaching a critical mass
in the
volume of electronic trading gives cost savings - the staff dealing with manual
transactions can be re-deployed. The conversion of the major part of the trade c
ycle,
both in volume of trading partners and in numbers of
message types is the ope
rational
stage. Different organisations have placed differing emphasis on the completion
of the
operation stage. Large retailers have been keen to convert all their suppliers t
o EDI
orders but there has been less emphasis on electronic invoicing and payment. The
vehicle assemblers, however, tend to be more advanced in implementing other mess
age
types. Completing the electronic trade cycle speeds up business transactions and
gives
the opportunity to look at the organisation of the trade cycle and the supply ch
ain.
e. Strategic Stage
There are savings to be made by simply replacing paper documents by their electr
onic
equivalent. The real opportunities come from making changes to established busin
ess
practice. These opportunities only arise when significant progress is made in th
e
operational stage - the implementation of these changes is the strategic stage.
Possible
areas of change and examples of where such changes have taken place are:
The sequence of trade documents can be revised. Document matching is a considera
ble
problem in order processing: the customers have to match deliveries to the order
s and
invoices to the deliveries; the suppliers have to match deliveries to the orders
and
invoices to the deliveries; the suppliers have to match payments to invoices - e
ach
process made more complex by
Disparate document types, part deliveries and incorrectly recorded codes. EDI ma
kes
the process easier - at the very least codes should be correct and in the proper
place. The
use of EDI has allowed companies to disband their order processing and invoice
matching sections with large staff savings reported by the major EDI users. EDI
also
gives the opportunity to re-engineer the trade document cycle; self-invoicing, d
iscussed
earlier in this chapter, having been adopted by a number of major organisations.
EDI can give dramatic timesaving. The time between formulating a replenishment
demand to the order being processed by the supplier can be as short as is requir
ed - for
all orders, not just rushed orders. This has facilitated the reduction or elimin
ation of
stock holding (by the customer organisation at least) and is a part of the devel
opment of
just-in-time (JIT) manufacture and quick response supply.
f. Innovating Stage
The establishment of an operational EDI infrastructure and the change of operati
onal
procedures that it facilitates also give the possibility of changing the nature
of the
product or the provision of new services. These developments are termed the inno
vation
stage in the model and it is contended that they open up new possibilities for
competitive advantage. Examples of such developments are emerging as the early u
sers
of EDI achieve maturity in their systems. One example of such a development is:
Rover Cars who, for the UK market at least, have stopped producing cars for stoc
k only
produce a car when they have the dealers order. EDI and the associated changes
in
supply and production have reduced the time from production planning to delivery
of a
car from seven weeks to two. Rover dealers have been equipped with computer syst
ems
where the punters can specify their own car (well at least the options they want
) and two
weeks later there it is with sun roof, alloy wheels and gleaming pink paint work
.
A number of moves for product customisation rely on a mature EDI infrastructure.
For
example:
Raleigh will build their top of the range mountain bicycles to a customer specif
ication.
Levi Jeans, if you are female and live in the US, will produce a factory made to
measure
pair of jeans. The measurements are taken in the store and submitted electronica
lly to
the centre.
Further moves to exploit a mature EDI infrastructure in an innovative way should
be
expected. A sector where the linking of EPOS and EDI is set to change the market
is that
of the best seller book trade. Timely market intelligence can allow reprints of
successful
blockbusters to be rushed out before the stock disappears and the public interes
t is lost.
Eddi Bell, chairperson of Harper Collins, forecast this possibility in 1992 in a
speech to
the BIC Symposium:
"With EPOS and EDI working together on our behalf, we could have had the reprint
out
three weeks earlier; no bookshop need ever have been out of stock - and we could
probably have doubled our sales during this early hot period. The
Converse is that the same market information can dramatically reduce the half of
all
printed books that are remaindered or pulped.
EDI and Internet e-commerce
The use of EDI is in no way rendered redundant by the introduction of internet e
Commerce. Internet e-Commerce provides for searching for products and for once-o
ff
purchase; it is, above all else, a person to application interface. EDI is, in c
ontrast, an
application to application interface for repeated and standardized transactions.
As
already discussed it is an essential part of the JIT or quick response supply ch
ain of
many organisations.
The user of Internet e-Commerce is looking for a quick response. One of the prob
lems of
Internet e-Commerce is waiting for delivery and this problem is compounded if th
e
online retailer does not have stock and there is a second delay while goods are
ordered
from the wholesaler or manufacturer. The e-Commerce vendor needs their own quick
response supply chain to minimize stock-outs and back-order delays. There is not
much point n being able to order goods in matter of minutes from home if deliver
y times
are unpredictable and can stretch out to be several weeks.
For many e-Commerce vendors EDI is, and will be an essential element of their su
pply
chain. Existing retailers, supermarkets that start an e-Commerce / home delivery
operation being an obvious example have their supply chain and distribution oper
ations
already in place. Other e-Commerce vendors are, as they grow, going to need to p
ay
attention to their back-office systems. The Blackwells online bookship is specifi
cally
designed to interface with the book trade TeleOrdering system and that is that i
s but one
example. The overall electronic supply chain is illustrated at the following fig
ure 12.
EDI Implementation
The final technical element of the EDI system is the EDI software. If Pens and T
hings is
to send an order from its production control system to Packaging Solutions it ne
eds to
code that order into the agreed EDI standard and squirt it into the chosen VADS. T
o
pick up the order at the other end, Packaging Solutions has a similar need to ex
tract the
data from the network and to decode the data from the EDI message into its order
processing system. The coding/decoding of the EDI message and the interfacing wi
th
VADS is normally achieved using EDI software. The overall picture is summarized
in
Figure 13.
The EDI software is normally bought in from a specialist supplier. There are a n
umber
of software houses supplying EDI solutions or the EDI software may come from:
Major Trading partner the trading partner may supply the software or
recommend a third party supplier
The VADS supplier.
As part of applications package, e.g. packaged software for production control,
order processing or accounting may include EDL software as an integral feature
or as an optional module.
A third party. An example of this is that a number of banks provide EDI solution
s
that include the collection of and accounting for electronic payments.
Obtaining EDI software from an interested party has both advantages and
disadvantages. If the software is, for example, bought from the VADS supplier
then, hopefully, there would not be any problem interfacing with the chosen
network but using an additional VADS or switching to a new network supplier
may be more problematic.
The basic functions of the EDI Software are the already outlined, namely:
Coding business transactions into the chosen EDI standard;
Interfacing with the VADS.
Many EDI software suppliers provide additional functions. These may include:
A trading partner database integrated into the EDI software. This can provide fo
r code
transaction (e.g. internal customer codes to a trade sector standard code) and /
or for
the specification of the EDI requirement of each trading partner;
Support of multiple EDI standards. The selection of the appropriate standards ma
y be
determined by the trading partner database;
Sophisticated facilities to ease the formatting of internal application data to
and from
the EDI Standard. Drag and drop interfaces are available for this purpose. Var
ious EDI
software suppliers have associations with the large suppliers of business applic
ations
(production planning, order processing, etc.) and provide standardised interface
s to
those packages;
Facilities for transactions to be sent by fax or e-Mail to customers that do not
use EDI.
The identification of such customers may be determined by the trading partner
database;
Interfacing with a variety of EDI VADS (including the Internet). The selection o
f the
appropriate VADS may be determined by a trading partner database;

The option to encrypt the EDI message;
Facilities for the automatic acknowledgement of the EDI message;
Message tracking and an audit trail of messages sent and received;
Direct input and printed output of EDI transactions - allowing free standing EDI
Operation - in effect the EDI system provides the service of a fax machine.
EDI Software is available on a variety of platforms, from the basic PC up to a m
ainframe
system. As with all classes of software the price varies: the basic PC packages
starting at
(say, 500 pounds sterling / 800 US dollars and the price then goes up from there
for the
larger machines, additional facilities and services such as consultancy. For som
e EDI
software the support of each standard and / or VADS is additional plug-in that i
s paid
for separately. Yearly maintenance charges, that include updates as the new vers
ions of
the EDI Standards are released, tend to quite hefty.
At the top of the range is the concept of an EDI Corporate. This software, often
mounted
on its own, mid-range, machine acts as a central clearinghouse for all the e-com
merce
transactions of a large organisation. The external interfaces can link to severa
l EDI
VADS s and translate to a variety of EDI Standards to meet the needs of a large
number
of trading partners. The internal interfaces can link to a number of business sy
stems
such as order processing and accounts payable, possibly systems that are replica
ted
across the various divisions of the organisation. The system can also be used fo
r intraorganisational transactions - if the interface for external customers and suppli
ers uses
EDI, why not use the same interfaces for trades between divisions of the organiz
ation.
QUESTIONS
1) Describe the salient features of WWW
2) Explain the World Wide Web standards.
3) Give short notes on Browsers and Servers.
4) What do you understand by the term e-Shop?
5) Explain Multiple Payment Options.
6) Explain Internet Shopping and the Trade Cycle.
7) Discuss in detail advantages and disadvantages of Consumer e-Commerce
8) Why monetary freedom is important for the growth of EC?
9) Explain the key elements of a private digital cash system.
10) What is Smart Card Technique?
11) Explain the different types of Cards that can be used to make payment in EC
12) Explain the strengths and weaknesses of electronic payment.
13) Explain the approaches to the payment system in EC.
14) What is protocol set?
15) Explain the Secure Cash Payment.
16) Explain the cash payment system in EC.
17) What will back the new monetary units and how will they be redeemed?
18) Who will be the new monetary unit provider?
19) What will the providers be issuing and how will they circulate it?
- End of Chapter UNIT - VI
INTRA-ORGANISATIONAL ELECTRONIC COMMERCE
In this category we include all internal organisational activities, usually perf

ormed on
Intranets that involve exchange of goods, services, or information. Activities c
an range
from selling corporate products to employees to online training and cost-reducti
on
activities.
The purpose of intra-organisational applications is to help a company maintain t
he
relationships that are critical to delivering superior customer value by paying
close
attention to integrating various functions in the organisation. In this perspect
ive some
of the applications offered by E-commerce are:
Workgroup Communications
These applications enable managers to communicate with their employees using e-m
ail,
video conferencing and bulletin boards. The goal is to use technology for knowle
dge
sharing, which will result in better-informed employees.
Electronic Publishing
These applications enable companies to organise, publish and disseminate human
resource manuals, product specification, sales data etc. The goal is to provide
the
information to enable the better strategic and tactical decision making througho
ut the
firm. Also online publishing shows immediate and clear benefits: reduced costs f
or
printing and distribution, faster delivery of information etc.
Sales Force Productivity
These applications improve the flow of information between the production and sa
les
force, and between the companies and the customers. By better integrating the sa
les
forces with other parts of the organisation, companies can have greater access t
o market
intelligence and competitor information, which can be funneled into a better str
ategy.
Within intra-organisational commerce the largest area of growth has been in the
area of
"corporate Intranets". Intranets are primarily set up to publish and access corp
orate
information.
APPLICATIONS OF INTRANETS
In this section, review the applications of intranets from three perspectives: g
eneric
functions, application areas, and industry specific intranet solutions.
To build an intranet, we need Web servers, browsers, Web publishing tools, backend
databases, TCP/IP networks (LAN or WAN) and firewalls.
A. Generic functions of Intranet
The major generic functions that intranets can provide (SurfCONTROL 1997) are
Corporate/department/individual Web pages
Database access: Web-based database
Search engines and directories: assist keyword-based search
Interactive communication: chatting, audio, and video conferences
Document distribution and workflow: web based download and routing of documents
Groupware: fancy e-mail and bulletin board
Telephony: intranets are the perfect conduit for computer based telephony
Integration with EC: interface with Internet-based electronic sales and purchasi
ng
Extranet: linking geographically dispersed branches, customers, and suppliers to
authorised sections of intranets creates happier customers, more efficient suppl
iers, and
reduced staff costs.
These functions provide for a large number of applications.
B. Intranet Application Areas
According to a survey conducted by Information Week with 988 responding managers
(Chabrow 1998), information that is most frequently included in intranets are co
rporate
policies and procedures, document sharing, corporate phone directories, human
resource forms, training programs, customer database, product catalogues and man
uals,
data warehouse and decision support access, image archives, purchase orders,
enterprise suits, and travel reservation services. The applications are customer
databases, product catalogues and manuals, purchase orders, and travel reservati
on
services are directly related to electronic marketing a.id purchasing.
Electr oni c commer ce: Sales and purchasing can be done online.
Customer ser vi ce: UPS, FedEx, and other pioneering companies have proved that
information about product shipments and availability make customers happier.
Reduced ti me to mar ket: Easy online access for product development speeds
teamwork.
Enhanced knowl edge shar ing: web pages can enhance knowledge sharing.
Enhanced gr oup deci sion and business pr ocess: Web based group-ware and
workflow is becoming the standard Intranet platform.
Empower ment: Everything should be available to everyone with the right to know.
Vir tual organisations: Web technology at both ends removes the barrier of
incompatible technology between businesses.
Softwar e di str ibuti on: Use the Intranet server as the application warehQtase
e and
avoid many maintenance and support problems.
Document management: Employers can access pictures, photos, charts, maps, and
other documents regardless of where they are stored.
Pr oj ect management: Share the reports and check the project progress.
Training: The Web page is a valuable source of providing knowledge to novices.
Faci li tate tr ansacti on pr ocessing: The data are entered efficiently through
the
Intranet Web only once, and internal control can be applied consistently through
out the
system.
Eli minate paper -based infor mati on deli ver y: Eliminating the paper in a fir
m
can result in lower cost, easier accessibility, and greater efficiency.
Admi ni str ati ve pr ocess suppor t: The internal management of production,
inventory, procurement, shipping, and distribution can be effectively supported
by
linking these functions in a single threaded environment - intranet - and these
functions
can also be seamlessly integrated with the inter organisational extranets.
C. Industry-Specific Intranet Solutions
Intranet solutions are frequently classified by industry instead of technology,
because
the technology is no longer a bottleneck for implementation. The development of
business models has become a critical concern for the managerial success of Intr
anets.
According to the classification of Information Week Online, the top 100 Intranet
and
extranet solutions can be classified by industry as follows:
Financial services: banking, brokerages and other financial services, insurance
I nfor mation technology

Manufactur ing: chemicals and oil, consumer goods, food and beverage, general
manufacturing, and pharmaceuticals.
Retai l
Ser vices: construction/engineering, education, environmental, health care, medi
a,
entertainment, telecommunications, transportation, and utilities.
SUPPLY CHAIN MANAGEMENT
Supply chain is a stream of interrelated activities that extends from an organis
ations
suppliers to its end customers. It is a network of facilities and distribution o
ptions that
performs the function of procurement of materials, transformation of these mater
ials
into intermediate and finished goods and the distribution of these finished prod
ucts to
customers. It includes suppliers, logistics providers, distributors and retailer
s. The
typical supply chain for an organisation is:
A supply chain has 3 key flows namely,
Materials, products and services
Information
Money
Supply chains exist in both service and manufacturing organisations, although th
e
complexity of the chain may vary greatly from industry and firm to firm. In an e
fficient
supply chain,
Goods flow seamlessly from suppliers to customers.
Information flows immediately and openly up and down the chain.
Activity in the money conduit is triggered when the customer actually purchases
the
product/services.
Players in the Supply Chain
The players in the supply chain are:
1) Suppliers
Preferred suppliers
Tier-1 suppliers
Tier-2 suppliers
Vendors
Preferred vendors
2) Logistics providers (both inbound and outbound)
Surface transport providers like
Road ways
Railways
Shipping companies
Air cargo companies
Warehouse providers
3) Manufacturers and Service providers
4) Distributors
Country wide
Region wide
5) Retailers
Super markets and chain stores
Specially stores
Industrial retailers and dealers
6) End-customer
Companies
Individual customer
Components of Supply Chain
The components of supply chain are plan, Buy, Make, move and sell. Each componen
t
requires focused expertise as well as knowledge and managerial effort. They are:
Plan - The organisation-wide synchronisation and deployment of products and
services across the entire supply chain to meet both operational needs and
customer demands.
Buy - Those activities related to sourcing and purchasing from suppliers of all
types.
Make - The process of manufacturing and configuring products for customers or
for companies in the service sector, organising operations to provide services.
Move - The transportation, warehousing and distribution activities which get
materials and products from suppliers to the end-customer and back.
Sell - The support, sales and marketing activities that service customer in
buying, ordering, delivery and returning processes.
The right operation strategy will differentiate a company from its competitors.
While
products, services and technology can be matched, operating efficiencies driven
by the
right supply chain strategy will yield a sustainable advantage.
Pull vs. Push Supply Chain Models
The rapid growth in technology is driving companies to more efficient operations
. It is
also an era where the customer is more increasingly determining his choice rathe
r than
other way round. As more and more companies strive for competitive advantage the
y
are beginning to realise that satisfying the customer demands is the only way.
This
consumer-need-based business is forcing a paradigm shift from a manufacturers pu
sh
based model (build-to-stock) to a customer-pull-based model (build-to-order).
In the push based model the product is actually pushed into the customer. The fo
llowing
figure shows this:
In this model the customer data is not flowing through the supply chain. The int
eraction
among various players is not coordinated. The manufacturer pushes the inventory
to the
distributor based on the safety stock levels (warehouse) and the distributor in
turn
replenishes the retailer based on the shelf inventory level (safety stock) of th
e retailer.
As the power being shifted to the customer today, such a model will not yield an
y
advantage. The push-based model addresses these shortcomings. The figure shows t
he
model.
As the figure shows, the information associated with the movement of the product
flows
seamlessly throughout the supply chain. Demand data becomes accurate as retailer
s and
distributors share the customer data with the manufacturer. The full model requi
res
companies to:
Collect data about the customer demands quickly and accurately.
Satisfy the customer demand quickly and at the lowest possible cost.
Maintain the customer loyalty by delivering the products and services promptly.
Financial and Accounting Management
This aspect of supply chain management deals with the financial flows associated
with
the suppliers and the customers through financial intermediaries. The streamlini
ng of
the financial flows help companies to process their invoices faster and also avo
ids
unnecessary delays in financial transfers.
Problems with Traditional Supply Chain
Traditional supply chain management takes an over-the-wall approach to filling
customer demand and time lags between systems make it impossible to commit to
orders in real time. Manufacturing determines production and passes finished goo
ds to
distribution. Distribution packages the goods and passes them to transportation,
which
delivers them to the customer. These processes take place sequentially, which re
sults in
delivering commitments that cannot be fulfilled efficiently.
Traditionally, marketing, distribution, planning, manufacturing and the purchasi
ng
organisations along the supply chain operated independently. These organisations
have
their own objectives and are often conflicting. Marketing s objectives of high c
onsumer
service and maximum sales conflict with manufacturing and distribution goals. Ma
ny
manufacturing operations are designed to maximise output and lower costs with li
ttle
consideration for the impact on inventory levels and distribution capabilities.
Purchasing contracts are often negotiated with very little information beyond hi
storical
buying patterns. The result of these factors is that there is not a single, inte
grated plan
for the organisation.
The process of logistics - distribution and transportation - can t react to chan
ges in
customer demand because distribution focuses inside the four walls and transport
ation
manages equipment. Distribution planning systems allocate goods to warehouses an
d
warehouse management packages products and gets them to the shipping dock. But
these systems don t have access to real-time information about production plans,
inventory in other facilities, or customer delivery routes.
Lack of integration among manufacturing systems and the supporting logistics cre
ates
breaks in the process of fulfilling customer demand. And at each handoff between
applications, increased uncertainty leads to overstocked inventories, longer pro
duct wait
time, and slower customer response. These problems clearly indicate that a new
approach to supply chain management will be the key in the new market of today w
hich
are dynamic and volatile.
Supply Chain Management (SCM) as a Competitive Strategy
One of the biggest challenges facing organisations today is the need to respond
to everincreasing volatility. Faster customer service, greater product diversity, short
er Product
and technology lifecycles and globalisation have all dramatically increased the
complexity of running a business.
The changed conditions in the global marketplace demand a much more agile respon
se
from the organisation and its partners in the supply chain. In the past, success
was
based upon strong brands and innovative technologies. Today brands and innovatio
n
are still critical but they are not enough. Instead the winning combination is s
trong
brands and innovative technologies supported by an agile supply chain capable of
responding more rapidly to volatile demand. In today s business environment it i
s
important that a business be agile as well as efficient. Supply chains can help
achieve
this through the ability to respond quickly to customer demand and by reducing
operating costs.
Recent years have seen a significant shift in the balance of power between the c
onsumer
and companies providing them with products and services. Companies accustomed to
pushing products to stable homogenous markets are now straining to succeed in
satisfying more knowledgeable and demanding consumers. Companies that deal with
the consumer through complex distributor/ retailer channels are now finding
themselves face-to-face with their end customers via the Internet. Increasing de
mands
for customised products require firms to match market demands with production
capabilities and their inventory. Gaining quick access to accurate data can be d
ifficult.
The bottom line is that customers want ever more innovative and complex products
tailored to their specific personal needs and delivered when and where they choo
se.
To meet these new consumer-driven challenges, companies are reinventing their su
pply
chains in order to succeed. They now seek partnership with organisations whose
complementary capabilities can give the whole supply chain a competitive edge. T
rue
competitive advantage is gained when the organisation is able to consistently me
et the
needs of customers more precisely and in a more timely way than anyone else. The
ir
goal is to bring together the production, delivery, and service capabilities of
multiple
supply chain partners, and to have them operate as though they were one seamless
organisation.
Supply chain management has come into vogue because companies no longer compete
simply on quality. Manufacturing quality - a long-time competitive differentiato
r - is
approaching parity across the board, meeting customer s specific demands for pro
duct
delivery has emerged as the next critical opportunity for competitive advantage.
In the
past, manufactures were the drivers of the supply chain, managing the place at w
hich
were manufactured and distributed. Today, customers are calling the shots, and
manufacturers are scrambling to meet customer demands for options/styles/feature
s,
quick order fulfillment and fast delivery. To meet the challenge, companies must
undergo a fundamental management shift. They have to stop looking at jobs in iso
lation,
and start seeing the supply chain as continuous cycle.
Supply Chain Efficiency
This often means the difference between success and failure for companies. If a
customer is seeking a company s product arid it is not available when he/she wan
ts it,
the customer will purchase another company s product. So, having the right produ
ct at
the right place at the right time is one way to define "customer service."
Save Money/Reduce Costs
It includes reducing the cost of getting the products to market. In other words,
containing all costs associated with moving the product through the supply-chain
. And
this usually results in a more time-efficient supply chain as well. Companies le
ading in
supply chain efficiency have an advantage in cash-to-cash cycle time over averag
e
companies. Leading companies have cash available 2 to 3 months faster. (Cash-tocash
cycle time begins when commitments are made for the sourcing and procurement of
materials and components and continues through the manufacturing and assembly
process to final distribution and finishes with the receipt of payment from the
customer.) The quicker a company gets it, the quicker it can reinvest it in raw
materials
and /or plant/operations improvements.
Critical time advantage
SCM helps companies to compete on time. A company, which reduces its time to
market, will emerge as the winner.
Finding opportunities to create value for shareholders is a constant pursuit of
the CEO.
Historically, many senior executives viewed the supply chain as a collection of
materials
management functions (procurement, manufacturing, warehousing, and
transportation). In the 1980 s and 1990 s numerous reengineering programs reduce
d
supply chain costs and assets within companies.
True value creating opportunities are not limited to cost reduction and asset
productivity - supply chains can be significant source of competitive advantage
and
revenue growth. At the same time, recent technology advances in software,
communications and computing power have created a wealth of opportunities to pla
n
and execute supply chain activities more quickly and effectively than ever befor
e, raising
the bar of competitive performance. The major emerging opportunity over the next
few
years lies in creating more value for consumers by enhancing the supply chain am
ong
supply chain partners. Striving to achieve efficiency in supply-chain management
should last as long as the company is in business.
As the realisation grows that it is no longer company competing against company
but
rather supply chain against supply chain, how well a company manages its supply
chain
will determine its business performance. The ultimate goal is to improve shareho
lder
value by differentiating the supply chain from that of the competitors and winni
ng and
retaining customers as a result. Heightened customer expectation and shorter cha
nnel
response times will be difficult to achieve for some organisations, but for thos
e that can
deliver the right product in a timely fashion, increased market share will be th
e reward.
SCM and E-Commerce
In the traditional supply chain, raw materials flow to manufacturers, and then f
inished
product flow to distributors, retailers and consumers. E-Commerce is changing th
is
linear view of business-to-business interactions. Instead of goods flowing from
one
participant to the next, today s online market places allow each participant to
reduce
costs by bypassing some of the other participants. To survive, each participant
in the
chain must establish a more direct connection with the party who pays for it all
the
consumers.
Retailers can ensure their place in the supply chain by establishing themselves
online.
This enables them to provide information about available goods, fulfill electron
ic orders,
and reach some consumer s directly all while reducing costs.
Distributors can leverage electronic information to supply value to their retail
ers. They
can link the best manufacturers with the appropriate retailers to vied better en
d-to-end
service. In some instances, E-Commerce enables distributors to reach consumers
directly. Manufactures can provide better product information to the rest of the
supply
chain and take advantage of new electronic channels to reach customers for their
branded products.
In addition to these opportunities there exist certain risks also. Traditional r
etailers rely
on physical locations to store and sell products to consumers. Manufacturers and
distributors alike can bypass these retail channels by selling directly to consu
mers via
the World Wide Web. Distributors are easy to eliminate from the supply chain, be
cause
E-Commerce makes it much easier for manufacturers to sell directly to consumers
and
retailers. Also manufacturers need to reinforce brand identity to build mind sha
re with
the public and ensure future sales. In an electronic environment, consumers have
a wide
range of choices and are not as influenced by the physical placement of goods or
their
packaging, making manufacturers with weak brands vulnerable.
Developing a Web Enabled Supply Chain Model
The model is based on the "Pull" based supply chain whereby the customer initiat
es the
purchase and drives the activities along the supply chain. This model is the rea
lity today
with the power being shifting to the customer.
The model will address the information issues that are associated with above flo
ws. The
integration of information issues will enable the organisation to manage its sup
ply chain
in a better way. In the Pull model customer satisfaction depend on effectively l
inking the
customer information gathering front lines (sales and customer service) to the u
pstream
functions (manufacturing and distribution). If we consider the supply chain play
ers as a
single organisation the, basic model will be...
In such a basic model the information flows using the Web may be considered to b
e:
If the model is to be considered in terms of a manufacturer centric one certain
functions of the model are ideal for converting into a web enabled one. For inst
ance we
can consider web enabling the supplier and the manufacturer. For this we have to
make
certain assumptions. They are
The company has a vendor rating program
A source list of all the raw materials for all products is maintained
The supplier is having net enabled PC
The information exchange is secure and protected
The manufacturers web site is integrated with his internal IT system (central)
repository)
The information exchange that accompanies the flow of goods and services between
the
manufacturer and the supplier may be
1) Electronic purchase orders
2) Production plans (time period)
3) Re-order levels
4) Information re-order levels
The Stages of SCM
Stage 1
Web presence is the first stage, which prepares the organization for E-Commerce.
Stage 2
The second stage is when suppliers go beyond displaying electronic brochures and
allow
the customers to place the orders directly with them by linking to internal line
of
business systems. Both stages are supplier-centric models.
Stage 3
In the next stage, Internet will shift to customer-centric computing. This will
help
customers to obtain personalized data and products and service tailored to their
needs.
Suppliers in this case will therefore deliver data and the product and services
that can be
integrated in to the customers business process electronically.
It also enables radically different relationships and generates competition and
how
effectively suppliers can integrate their information with the customers business
systems.
Stage 4
The ultimate stage is the automated inter-business process where the decision ma
king
system between the customers and suppliers are tightly integrated. Supply chain
decisions are strategic decisions (long term) and operational decisions (short t
erm). The
four major decisions are location, production, Inventory and Transportations
(distribution).
According to Mr. George Moakley, Supply chain excellence through technology
forecasts that the real competitive edge for organizations will come through the
se
Intelligence supply chains.
In the Logistics SCM a concurrent move is taking place in electronically linking
up the
logistics providers along with suppliers and customers. Thus the complete supply
chain
including logistics can be operated through E-Commerce.
Supply Chain in the Age of E-Commerce
Lower operating costs through reduced inventory requirements
Improve customer satisfaction by maintaining adequate stock
Improved productivity through better data integrity, fewer order entry errors, l
ess
rework and faster communications.
Supply Chain Management as E-Business
This is done over the web using:
Customised extranet sites
Web servers
Group-ware (email integrated collaborative software)
Characteristics of Supply Chain Management
Supply chain management is a tool to achieve sustainable competitive advantage.
It supports both differentiation-based and cost-based strategies
It contributes to world-class performance by progressing beyond functional excel
lence
and cross-functional integration.
It focuses on the practices used by the different businesses that together produ
ce the
product and service the customer.
It integrates the activities of all members of the value-added chain to produce
higher
levels of performances than can be achieved individually.
Supply chain management practices create supply chain integration that yields
superior business performance.
Supply chain integration utilises a variety of business practices such as just-i
n-time
manufacturing, quick response and continuous replenishment.
Objectives
The progress and success of supply chain management should be measured against
objectives. Supply chain integration can be evaluated against the objectives of.
..
Servi ce: Do customers receive what they ordered, when they want it in the manne
r
they desire?
Cost: Is the net landed cost to the end user optimised with service and time
requirements?
Assets: Does inventory exists within the supply chain merely to respect the vari
ability
of consumer demand, or to create operational efficiencies?
Ti me: Is this cycle time from source to delivery limited only by physical const
raints?
Supply chain integration is practised in aboard range of industries.
Supply Chain Management in Practice
Supply chain integration practices can be tailored to unique industry situations
. A
leading distributor of hospital supplies offers a program to deliver hospital pr
oducts
directly to the nursing station, bypassing storage and handling in a hospital in
a hospital
store room Orders are issued based on nursing station use, and replenished direc
tly
from the distributor inventory, timeliness and accuracy are paramount, yet an en
tire
step in the traditional flow of products is eliminated, reducing operating costs
and
investment.
The Supply Chain Development Model
Fi r st Dimensi on: The closed loop
It contains of the four stages. These are
1. Diagnosis and concept development
The first stage is assesses the supply-chain competitiveness of the organisation
and
builds a vision the desired supply changed. The evaluation begins with the diagn
osis and
comparison of business objectives against existing capabilities and performance.
2. Detailed action planning
The second stage is the engineering phase that future develops the master plan i
n detail
that is created in stage one. During the phase, the long terms supply chain stru
cture is
designed in detail.
3. Building capabilities
This is the stage of the effort when detailed plants to achieve world class supp
ly chain
agility and performance are executed. New technology, capital, people and resour
ces are
effected to team building and high involvement activity.
4. Performance Results
It is the stage when results of the plan are measured for performance success of
the five
drivers like velocity, flexibility, quality, cost and service. The master plan i
s a continuous
closed loop process, and once performance drivers are assessed, the major activi
ty
returns to stage 1 for further diagnosis and development.
Second Dimension: Si x Key Holes
These are production, supply, inventory, location, transportation, and informati
on.
1. Production
Strategic decisions regarding production focus on what customers went and the ma
rket
demands. The production must focus on capacity, quality and volume of goods keep
ing
in mind that customer demand and satisfaction must be met.
2. Supply
An organisation must determine what their facility or facilities are able to pro
duce, both,
economically and efficiently while keeping the quality high and must carefully s
elect the
suppliers for raw materials.
3. Inventory
The strategic decisions focus on inventory and how many products should be in-ho
use.
A delicate balance exists between too many inventories and not enough inventorie
s to
meet market demands.
4. Location
The strategic decision must focus on the placement of production plants, distrib
ution
and stocking facilities, and placing them in prime locations to the market serve
d.
5. Transportation
Any organisation must have a transport mode in place to ensure a smooth distribu
tion
of goods.
6. Information
Effective supply chain management requires obtaining information from the point
of
end-use, and linking information resources throughout the chain for speed of exc
hange.
Thi r d Di mensi on: Per for mance dr iver s for success
These are velocity, flexibility, quality, costs and service.
1. Velocity
It is the rate at which raw materials, parts, components, finished products and
information travel through the supply chain.
2. Flexibility
It is the ability to adopt new or changing demands m the market.
3. Quality
It is the degree of excellence performed in designing, selling, producing and de
livering
products and information.
4. Costs
Cash are the total cost of the conversion and movement through the supply chain
per
unit.
5. Service
Customer s service is the quantitative as well as qualitative measurement. Quant
itative
approach is the more traditional method of customer service of orders placed to
orders
shipped. The qualitative approach measures the customer s satisfaction with serv
ice
received.
Requirements of Supply Chain Management
Any secure networked supply chain requires:
Public-Key Infrastructure (PKI) Technology Solution
Data Privacy over un-trusted networks Encryption
Data Integrity Digital Signature
Password management
Public key authentication techniques.
Electronic Authentication and Digital Signature with PKI certificate
Strong binding between a user and a transaction Public Key Infrastructure
- Digital Signature Encryption
- Digital Certificates
- Time stamping of transactions and events
- Trust Management (Certificate Revocation)
- Encryption Key Recovery PKI Integration with Business Application
With the adoption of the above-mentioned aspects the supply chain would prove to
be a
competitive differentiator to a firm.
Supply Chain Management Software
From source to shipping to manufacturing, SCM software turns discrete supply cha
in
function into an intelligent process.
For companies concerned about time-based competition, SCM software can be one of
their most powerful weapons. It enables them to collaborate with suppliers
Importance of Networked Supply Chain Management
Today s customers want / expect to buy in small quantities
buy customised products
postpone the buying decision to be close to the act of purchase
enjoy and be rewarded by the buying experience and
get instant gratification of their needs
Supply Chain Modelling Approaches
It consists of the following three methods:
A. Network Designs Methods
These models typically cover the four major strategic decisions.
Location
Production
Inventory
Transaction (distribution)
These decisions are focus more on the design aspect of the supply chain, the
establishment of the network and the associated flows on them.
B. Rough Cut Methods

This method gives guiding policies for the operational decisions. These models t
ypically
assume a "single site" (i.e., ignore the network) and add supply chain character
istics to
it, such as explicitly considering the sites relation to the others in the netwo
rk.
C. Simulation based methods
It is a method by which a comprehensive supply chain model can be analysed,
considering both strategic and operational elements. However, one can only evalu
ate
the effectiveness of a pre-specified policy rather than develop new ones.
Supply Chain Process
Supply chain integration links suppliers, manufacturers, channel partners, and
customers through the process used from order creation to customer delivery. Eac
h
supply chain partner should support others to create greater productivity, value
, and
customer satisfaction. Processes that are well aligned will produce higher servi
ce, incur
lower manufacturing and distribution costs, and give higher quality. The key pro
cesses
within the supply chain are depicted in the above figure. Each of these processe
s results
in the clear output, and the potential to contribute to supply chain integration
.
Or der Cr eation
Order creation results in the customers decision as to the quantity, frequency an
d
composition of an order. Supply chain integration through the order creation pro
cess
requires deep understanding of marketing strategy, competitors capabilities, and
cost
structures. Leaders in supply chain integration establish operational capabiliti
es are
coupled with managed service, time and cost, to permit a mutual benefit.
Or der Entr y
The order entry process enables a customs desires to be acted upon. The opportuni
ty to
manage the method or order entry creates the potential to solidify marketing str
ategies,
create sales opportunities, and build relationships. Supply chain integration th
rough the
order entry process requires through knowledge of customer requirements, custome
r
business practices and technology. Leaders in supply chain integration provide a
variety
of order entry methods so that customers can order, on the way they desire. Comp
uterto-computer Electronic Data Interchange (EDI) and voice response expand traditio
nal
but often valid, approaches such as phone or mail.
Pr oduction Pl anning
Production planning establishes the location, quantity, and schedule of product
generation. The opportunity to co-ordinate consumption and production creates th
e
potential to minimise investments in finished goods, storage space, and handling
costs.
Producing closer to the point of need minimises the risk of obsolescence or rewo
rk.
Supply chain integration requires linkages with purchasing, production, and cust
omers,
to balance the multiple objectives of each in a manner that achieves overall obj
ectives.
Leaders in supply chain integration have established the shop floor procedures a
nd
process by which the material will be used in production. Customised transportat
ion
programs between supplier and manufacturer are often developed to manage total c
ost
and create mutual efficiencies.
Pur chasing
The purchasing process results in decisions on source of supply, purchase quanti
ty,
purchase frequency, and purchase order composition. Correct decisions maximise
availability and minimise cost. Making the correct decision requires a detailed
knowledge of production requirements and an intimate understanding of each suppl
ier s
business drivers. Supply chain integration transforms the procurement process fr
om an
adversarial relationship based primarily on price to a partnering relationship b
ased on
total cost. Leaders in supply in integration establish customised order quantiti
es and
frequencies based on mutual understanding of the activities required to create m
aterial
on the part of the supplier and process by which the material will be used in pr
oduction.
Customised transportation programs between supplier and manufacturer are often
developed to manage total cost and create mutual efficiencies.
Pr oducti on
The production process generates product. A production process that exhibits fle
xibility
and responsiveness strengthens supply chain integration. The benefits of co-ordi
nation
between customers and manufacturer are lost if the production process cannot rou
tinely
respond with quality products.
I nventor y Management
The inventory management process establishes the available product to respond to
customer demands. A business strategy of make-to-stock or make-to-order creates
different issues, but the objective remains the same. The opportunity to establi
sh singleinventory investments between supplier and manufacturer and customer establishes
a
potential benefit in capital reduction through integrating this process. An obje
ctive of
maintaining inventory only to respect the variability of consumer demand, or to
create
an operational efficiency in production or procurement that reduces net landed c
ost,
establishes a stretch goal.
I nventor y Deployment
Inventory deployment determines the location of product awaiting orders. Decisio
ns on
inventory deployment strongly influence the customer service parameters of ord
er
cycle time and order completeness. Inventory deployment presents the opportunity
to
create competitive advantage through responsiveness and service quality.
Or der Fulfi llment

Order fulfillment results in the configuration of products that conform to the c
ustomer s
desires. The opportunity to customise an order provides the potential to create
additional value by avoiding duplicate efforts and re-handling. Supply chain int
egration
through order fulfillment requires detailed understanding of customer requiremen
ts,
flexibility in order selection efficient processes that permit mutual benefits.
Deli ver y Pr ocess
The delivery process produces the cycle time, delivery precision, and arrival qu
ality of
the customers order. The opportunity to minimise cycle inventory, reduce buffer
inventories and create cost efficiencies. Supply chain integration through the d
elivery
process requires careful monitoring of transportation economics, a commitment to
long-term business relationships and a willingness to act in partnership with ot
hers.
These supply chain processes are applicable to a broad range of businesses. By f
ocusing
on the process outputs, progressive organisations can develop new business pract
ices
that achieve improved results. Without a results-oriented process approach, atte
mpts at
true breakthroughs among supply chain partners may not be achieved. Attention ma
y
focus on functional performance and tradeoffs among functions and channel partne
rs
may not be achieved. Supply chain integration must therefore be judged against
performance rather than by technique.
Integrating the Supply Chain
Initiating supply chain management requires top management involvement. Supply
chain integration may produce fundamental changes in the relationship among chan
nel
partners. Such change must have the full support and commitment of senior
executives. In addition, the supply chain management approach will call for a c
ultural
change within an organisation.
Requirements of Supply Chain Integration
Identifying opportunities for supply chain integration requires a deep knowledge
of
customer satisfaction objectives, documentation of the existing supply chain eco
nomies,
and understanding of practices used in other businesses and industries. From the
se,
thoughtful analyses will reveal gaps in practices or gaps in execution that can
lead to a
prioritised action plan.
Customer Satisfaction Objectives
Establishing customer satisfaction objectives requires quantitative analysis of
customer
requirements and an analysis of the customers business issues. Customer requireme
nts
for many criteria such as order cycle time, delivery precision, item availabilit
y and order
fill rate can be established by a variety of survey approaches and methodologies
.
Current Business Practices
Understanding current business practices requires an ability to explain not only
how key
business processes work but what derives the process. Utilising framework based
on
business processes assists in moving toward supply chain integration. Since proc
esses
produce results. Close attention must be paid to identifying the rules, beliefs,
values,
and principles that are incorporated within a business process. Completion of th
ese
steps ensures analysis of supply chain integration and contains and understandin
g of
existing business practices and alternative approaches used by others.
Performance profile
The performance profile quantifies performance along the entire supply chain: su
pplier,
manufacturer, channel partner, and customer. The dimensions of time, cost and
investment should be applied to understand the service, quality, and financial
performance that result along the supply chain. With this knowledge, opportuniti
es will
surface and leverage points may be identified. Leverage points represent the pla
ces
along the supply chain where large improvements are possible with a relatively s
mall
investment.
Gaps in practices and gaps in execution
From these three building blocks an objective assessment of gaps in practices an
d gap in
execution must be made. Potential improvement opportunities may be revealed, and
sufficient knowledge will exist to suggest how such opportunities could improve
customer satisfaction and business performance. These can then be synthesised an
d
prioritised, so that efforts initiated for supply chain integration yield substa
ntial
benefits.
The Role of SCM in Financial and Market Place
Supply chain management assists in achieving financial and marketplace success.
The
integrated movement of materials through the supply chain can build customer
satisfaction and improve performance. Supply Chain Management does not require
massive scale or volume. It does require insightful thinking about the processes
used to
make, move, and sell products. Functional excellence is expected of companies to
day.
Supply chain management moves beyond that to better align the capabilities of
suppliers, manufacturers, channel partners, and customers, to increase customer
satisfaction and yield better performance. Competitive advantage will spring lar
gely
from service-focused commitments - the result of intelligent performance with su
ppliers
and customers. Supply chain management provides and approach for making those
objectives a reality.
The web life style is going to be the order of the day in time to come. Hence, e
very
business will have to think as to how they will survive and prosper in their new
emerging
world. Wor k i n time, be fast, be flexi ble, be adaptable, or be left behind t
hat
is the frantic pace of E-commerce. Through supply chain management, corporate wi
ll be
forced to revamp their traditional marketing and operating strategies. They woul
d
become much more agile in their approach. The enti r e concept of the tr aditi o
nal
br ick-and-mor tar shop wi ll be r eplaced by the vir tual stor e.
CASE STUDY: ASIAN PAINTS
Background
One of the pioneer paint companies in India, Asian paints was among the first
companies in India to go for computerisation. In 1971 the company decided to go
for a
mainframe. By 1978, all the account functions of the company have been transferr
ed to
this new machine. From 1981 onwards on the company went for CP/M machines. The
new machines handled functions like customer billing and dealer requirements. In
1983
the company decided to extent computerisation to the shop floor. Asian paints be
came
the first company to use Unix on the shop floor. All this computerisation brough
t direct
changes in two areas. The company s clerical staff strength has not gone up much
and
computerisation has helped the company to tackle competition in a more effective
manner.
The company s strategy to compete against MNCs liker Berger paints and ICI was t
o
spread to smaller towns. This it could do by providing better service and also a
wider
range of stocks to the retailers. It had therefore to do two things - spread its
geographical reach and increase its product reach. All this meant that the compa
ny
started selling paints in more number of colours, shades and can sizes than the
competition to a larger dealer network. So the company developed a Manufacturing
Resource Planning (MRP) application in 1984 which is working well even today.
Today the company has 73 branches and 14,000 dealers - one of the largest networ
ks in
India. The company sells 2000 shades and pack types in decorative paints and ano
ther
1500 in industrial paints. Six Regional Distributions Centres (RDC), each in one
zone of
the country, receive the previous days stock position from each of the company s
73
branches. Since each branch is dealing on an average of 300 dealers, there is an
enormous amount of data is being generated. The salesman, sales supervisor or th
e
branch manager according to his requirement does the data crunching.
The Road to SCMs
In 1994, Asian paints installed VSATS (Very Small Aperture Terminals) in three p
lants
and 16 branches. Today a total of 49 VSATS installed at a cost of Rs,30 million
link six
factories and 43 depots. But for many Indian companies installing a VSAT is a co
stly
option even today. The paint major then decided to install a Supply Chain Manage
ment
System (SCMS). SCMS is being implemented in modules and will be fully functional
by
year 2000.
Why did the company go for SCMS instead of an Enterprise Resource Planning (ERP)
?
The company felt that ERP implementation takes a long time. Since it touches alm
ost
every person in the organisation, it meant that all most all the persons in the
organisations need to be trained. Also the ERP needs to be customised or the

organisation may have to adapt to the ERPs process logic both of which are big a
nd will
take a long time. But SCMS touches a lesser number of people and takes lesser ti
me.
The SCMS takes care of the planning system, corporate office, users at the plant
s among
other functions. It helps to make the core business of the company efficient whi
ch is the
supply chain for a manufacturing or marketing company. It allows the company to
have
shorter production cycles, enable it determine proper inventory levels based on
demand
and supply variability. SCMS will reduce sales forecasting by the depots from th
e
present 15 days to one week to one day. The Company will know exactly how much s
tock
each depot will require. With increasing competition this is important, since if
the
products are stocked out, the company may lose a sale eventually the customer.
SCMS will also help to track the various promotion schemes adopted by a branch
manager. The full installation of SCMS will lead to a shorter planning system Fo
r
example, if earlier 100 cans were dispatched, now the company will need to send
only
20 cans so that it is not supplying more than necessary. The reaction from the p
lants
and depots will also be much faster. The company recruits IT professionals and a
lso
rope in training institutes like NUT to train its staff. The company feels that
it has a 10
year lead time over its competitors and it wants to maintain this. No wonder, th
en it had
gone to implement SCMS to further hone its competitive edge.
Electronic Commerce Catalogues or Online Catalogues
An important factor in EC is the manner in which products of services are presen
ted to
the users. This is frequently done via online catalogues.
Evolution of Online Catalogues
Printed paper has been the medium of advertisement catalogues for a long tune.
However, recently electronic catalogues on CD-ROM and on the Web have gained
popularity. For merchants, the objective of online catalogues is to advertise an
d promote
products and services, whereas the purpose of catalogues to the customer is to p
rovide a
source of information on products and services. Electronic catalogues can be sea
rched
quickly with the help of software agents. Also, comparisons involving catalogues
products can be made very effectively.
Electronic catalogues consist of product database, directory and search capabili
ty, and a
presentation function. On the web-based e-mails, web browser, alone with Java
and
sometimes virtual reality, play the role of presenting static and dynamic inform
ation.
The majority of early online catalogues were online replication of text and pict
ures of the
printed catalogues. However, online catalogues have evolved to be more dynamic,
customised, and integrated with selling and buying procedures. As the online cat
alogue
is integrated with order taking and payment, the tools for building online catal
ogues are
being integrated with merchant sites.
Electronic catalogues can be classified according to three dimensions:
1) The dynamics of the information presentation
Two categories are distinguished.
a. Stati c catalogues: The catalogue is presented in textual description and
static pictures
b. Dynamic catalogues: The catalogue is presented in motion pictures or
animation, possibly with sound to supplement static content.
2) The degree of customization
Two extremes are distinguished:
a. Ready-made catalogues: Merchants offer the same catalogue to any
customer.
b. Customi sed catalogues: Deliver customised content and display
depending upon the characteristics of customers.
3) The degree of integration of catalogues
With the following business processes:
a. Order taking and fulfillment
b. Electronic payment system
c. Intranet work flow software and systems
d. Inventory and accounting system
e. Suppliers or customers extranet
f. Paper catalogues
Comparison of Online Catalogues with Paper Catalogues
The advantages and disadvantages of online catalogues are contrasted with those
of
paper catalogues in the following table. Although there are significant advantag
es of
online catalogues, such as ease of updating, ability to integrate with the purch
asing
process, and coverage of a wide spectrum of products with a strong search capabi
lity,
there are still disadvantages and limitations. Most of all, customers need compu
ters and
the Internet to access online catalogues. However, since computers and Internet
access
are spreading rapidly, we can expect a large portion of paper catalogues to be r
eplaced
by or at least supplemented by electronic catalogues. On the other hand, conside
ring the
fact that printed newspapers and magazines have not diminished due to the online
ones,
we can guess that the paper catalogues will not disappear in spite of the popula
rity of
online catalogues. There seems to be room for both media. However, in B2B, paper
catalogues may disappear more quickly, as shown in the following Application Cas
e 1:
Advertising in Online Catalogues versus Electronic Mails
Some catalogues on Web sites provide text and pictures without linking them to o
rder
taking. Refer to Calvin Klein ads in www.pobox.upenn.edu/davudtic. The site has
an
electronic directory with a large number of electronic catalogues. However, ther
e is no
reason why the catalogues cannot be linked with order taking or at least e-mail
contacts.
So, the dedicated advertising site seems to be a transient form of e-mail. Howev
er, some
ads about company image can only be linked with e-mail, because the ads do not
correspond to a specific product. For instance, Coca-Cola s Web site

(www.cocacola.com) is not appropriate for taking Coke s orders online. It just r
eminds
people about the taste of Coca-Cola. However, you can buy Coke s collector items
and
more.
APPLICATION CASE 1
With annual revenues of more than $5.2 billion, AMP, an electronics components
manufacturer, spent more than $7 million each year to mail and update 400 specia
lty
catalogues to its distributors around the world and another $800,000 in faxback
phone
costs. These catalogues cover about 134,000 electrical and mechanical components
.
In this past, AMP had only enough resources to update about one-half of their 40
0
catalogues each year, so many catalogues had a life-cycle of two years, even tho
ugh
products changed more often than that. The estimate of the cost of setting the o
nline
catalogues up and running is $1.2 million, roughly one-fifth of the previous pri
nting
costs. Of the $1.2 million, software and hardware costs were $300,000 to $400,00
0,
with the remainder spent for language translation and catalogue development.
Customised Catalogues
A customised catalogue is a catalogue assembled specifically for a company, usua
lly a
customer of the catalogue owner. It can be tailored to individual shoppers in so
me cases
as well. There are two approaches is to let the customers identify the interesti
ng parts
out of the total catalogue as is done by companies such as One-to-One
(www.broadvision.com) and Point Cast (www.pointcast.com). Then, customers do not
have to deal with irrelevant topics. A tool that aids customisation is LiveComme
rce from
Open Market (www.openmarket.com/livecom). See the demos of their customers.
LiveCommerce allows the creation of catalogues with branded, value-added capabil
ities
that make it easy for customers to find the products they want to purchase, loca
te the
information they need, and quickly compose their order. Product offerings can be
specialised for each customer s organisation or for individuals with specific ne
eds. Every
customer company can view a custom catalogue with individualised prices, product
s,
and display formats. An e-mail manager who uses LiveCommerce can control a
complete range of information that the customer sees and link the online catalog
ue with
related computing resources. LiveCommerce features a specialised catalogue langu
age
that offers complete control over the look and feel of catalogs. This combinatio
n of
power and flexibility allows a catalogue to be quickly and easily modified to me
et the
evolving needs of customers.
The second approach is to let the system automatically identify the characterist
ics of
customers based on their transaction records. For collecting data, Cookie techno
logy is
used to trace the transactions. However, to generalise the relationship between

the
customer and items of interest, data mining technology and support by intelligen
t
systems, such a neural network, is necessary. This second approach can be effect
ively
combined with the first one.
As an example of the second approach, let us review a scenario of using a tool b
y Oracle
called ICS in a customised catalogue.
Joe logs on to the Acme Shopping site, where he has the option to register as an
account
customer and record his preferences in terms of address details, preferred metho
d of
payment, and interest areas. Acme shopping offers a wide range of products, incl
uding
electronics, clothing, books, and sporting goods. Joe is only interested in clot
hing and
electronics. He is not a sportsman or a great book lover. Joe also has some very
distinct
hobby areas-one is photography.
After Joe has recorded his preferences, the first page of the electronic store w
ill show
him only the clothing and electronic departments. Furthermore, when Joe goes int
o the
electronics department, he only sees products related to photography -cameras an
d
accessories. But some of the products are way out of Joe s price range, so Joe f
urther
refines his preferences to reflect that he is only interested in electronics tha
t relate to
photography and cost $300 or less
1
.
Such personalisation gives the consumer a value-added experience and adds to the
compelling reasons for revisiting the site, building brand loyalty to that Inter
net store.
Against the backdrop of intense competition for Web airtime, personalisation pro
vides a
valuable way to get the consumer matched to the products and information they ar
e
most interested in as quickly and painlessly as possible.
1 Source: Oracles white paper (1998), P6.
DOCUMENT MANAGEMENT AND DIGITAL LIBRARIES
Gone are the days when libraries were store houses of books. Information technol
ogy
has changed the complexion of today s libraries in a big way with the current th
rust on
universal education. With the development of automation and computing and a
knowledge society, libraries have evolved to become information provider rather
than
mere documents provider. The Internet explosions have opened up electronic
information to the masses and they are demanding that information be presented t
o
them in an aesthetic manner. Indeed recent advances in the field of information
technology contribute significantly to improve the services of libraries. Furthe
r, the
impact of information technology has led to a paperless society, digital librari
es and
virtual libraries. It may not be wrong to say that everyone associated with the
management of knowledge in the coming days would be talking about the digital
processes and the digital library. With the availability of computers, capable o
f
computing at very high speed and having large disc storage space, it is possible
to
digitise and store information in the form of high quality graphics, colour imag
es, voice
signal and video clips at a relatively affordable cost. Internet, a worldwide ne
twork of
thousands, of networks interconnecting countless computers located world-wide, h
as
become a most efficient channel for dissemination of information. World Wide Web
(WEB) technology based on Hyper Text Markup Language (HTML) and emergence of
advanced web browsers have provided a very easy-to-use interface to users, givin
g
clickable access to the vast amount of multi-media information stored on million
s of
web servers across the globe.
The World Wide Web popularly known as WWW was started as a project in 1992 by
CERN (European Laboratory for particle physics) in Switzerland. This is meant fo
r
information retrieval services on the Internet. WWW also provides hypertext link
s
between textual documents of related files. The word hypertext (HT) means the
combination of natural language text with embedded links enabling non-linear
information s access and navigation. A large number of information fragments, ch
unks
such as text, graphics and images linked together electronically/forming a multi
faceted
indefinite shaped database in which one can write and read the information nonlinearly. Hypertext Transfer Protocol (HTTP) refers to the protocol enabling ret
rieval of
information pointed to by the hypertext link. This protocol can transfer plain t
ext file,
hypertext or even images from the server end to the user s end. It is important
to
mention here that HTTP is an internal requirement of WWW and is also sometime
referred to as client - server protocol. In this process the client (who is a us
er of
hypertext document) may ask a query to the server makes available the required
information in a formal, which is interpreted by a WWW browser such as Internet
explorer, Netscape communicator, Mosaic etc. Precisely, we can say that the web
is an
important tool for dissemination of information. Hypertext Markup Language (HTML
)
allows the authors of a document identify particular locations within their docu
ment as
the source of the links and to specify the location of the target of those links
.
The Uniform Resource Locator or URL specifies the Internet Address of a file sto
red on
a host computer connected to the Internet. Every file on the Internet has a uniq
ue URL.
The Web software programmes use the URL to retrieve the file from the host compu
ter
and the directory in which it resides. URLs are translated into numeric addresse
s using
the Domain Name System (DNS). The format of the URL is: Protocol/host/path
filename. For example in the site - http://www.vtls.com, http stands for the proto
col;
www stands for World Wide Web i.e. Web or the Internet; the middle name vtls
belongs to a particular organisation (it refers to the organisation to which the
site
belongs); and com means a commercial organisation. Similarly edu means educa
tional
institutions, while org normally stands for voluntary or non-profit organisati
on. In
addition to the above, dozens or domain names have been assigned to identify the
country and locate files stored on host computers in different countries around
the
world.
Meaning of Digital Library
Digital Libraries does not mean Libraries in the classical sense, but a network
of
multimedia systems. A typical digital library is a media server (group of interl
inked
workstations) connected to high-speed networks. Unlike a conventional library wh
ere
users are provided with physical materials from many sources, a digital library
is a
group of distributed repositories that users see as a single repository in digit
al form.
According to the Berkeley Digital Library project, University of California, "th
e digital
library will be a collection of distributed information sources. Producers of in
formation
will make it available, and consumers will find it perhaps through the help of a
utomated
agents". The Stanford Digital Library project states, "Integrated digital librar
y will create
a shared environment linking everything - personal information collection to col
lection
of conventional libraries to large data collection shared by scientists. Integra
ted virtual
libraries provide an array of new services, uniform access to networked informat
ion
collection. In other words we can say that in digital library, the information ar
rives as
needed at the users screen, like the ever-attendant waiter filling your water gl
ass before
you know it is empty.
Need for Digital Libraries
In 1990 Alvin Toffler estimated in his book, "Powershift" that in one year the U
nited
States runs out 1.3 trillion documents. By now the number of documents may have
risen
to four trillion. According to another estimate, there are close to 50,000 perio
dicals in
Science and Technology. This information explosion is not confined to any partic
ular
subject and is also taking place in Social Sciences and Humanities and in every
country.
With libraries facing manpower and monetary constraints, it is impossible to acq
uire
every publisher s document under one roof and thus evolved the concept of resour
ces
sharing and networking. Since information can be digitised, the participant libr
aries are
coming together to convert their holdings to electronic form and then putting th
em on
the network. The technology for electronic transfer of information is developing

rapidly;
electronic publishing, electronic storage, processing and delivery of informatio
n
including text and images are all feasible and operational. Further, presently m
ost of the
information is reproduced on paper. The legibility of documents, which are repro
duced,
is poor, and the transmission of the same to other users is difficult. Moreover,
it requires
a large amount of storage space. Since there is a demand for information with a
facility
for searching tailor-made information at faster speed, the digital library seems
a suitable
solution at the moment.
Characteristics of Digital Libraries
The transformation effects that digital technology brings in to information syst
em are as
follows:
Collecti ons: Digital library collections contain fixed, permanent documents. Wh
ile
current libraries have more dynamic collections, a digital library facilitates q
uicker
handling of information.
Wor k: Digital libraries are to be used by individual working alone. There is wo
rkoriented perspective focusing on a group of information analyst, work being done
and
the documents and technologies that support it.
Tr ans-bor der ing of I nfor mation: Breaking the physical boundaries of data
transfers within and outside the countries. It is viewed that the support for
communications and collaboration is as important as information seeking activiti
es.
Technologies: The digitisation requires certain technologies. They are basically
grouped as:
1) Computer technologies with input devices that collect and convert information
into
digital form. Such devices include keyboards; touch screens, voice recognition s
ystems,
flatbed scanner, reprography copy stand, high-resolution digital camera, image
navigator software etc.
2) Storage technologies - a variety of devices to store and retrieve information
in digital
form such as magnetic tapes/cassettes, floppy disks, hard disks, DAT Tape, CR-RO
M,
smart cards etc.
3) Processing technology - creating the systems and applications software that i
s
required for the performance of digital network.
4) Communication technologies primarily to communicate information in digital fo
rm.
5) Display technologies - varieties of output devices.
Methodology
The first major process is to digitise the entire physical medium. This may get
started
with the use of Optical Character Recognition (OCR) to convert the captured digi
tal
images to text content. Next, the content has to be catalogued and indexed so th
at the
repository can be easily made available to users, allowing them to make searches
for
information through bibliographic description or content. In case of multi-media
collection such as video, catalogues would have a preview of a video clip descri
bing the
consents of the actual video file.
Functions of Digital Library
The key functions of digital library are:
Providing access to a very large information collection(s)
Supporting multi-media content
Making the network accessible
Providing user-friendly interface
Providing unique referencing of digital objects
Enabling link representation to local/external objects (hypertext)
Supporting advanced search and retrieval
Making information available for a very long time
Supporting traditional library missions of collection development, organisation,
access
and preservation of information.
Supporting editing, publishing, annotation and integration of information
Integrating personal, group, enterprise, public digital libraries.
Advantages of Digital Library
The major advantages of Digital Libraries are mentioned below:
Promote universal accessibility
Access to more information than is possible to physically acquire and maintain
Protecting rare books that are rapidly deteriorating due to over-use and poor st
orage
conditions.
The user can peruse them instantly.
The e-books and journals provide key words, subject and various other searches.
Provide multiple access and access through the campus LAN
Facility for the downloading and printing
Saving the cost and manpower required for publishing and bringing out new editio
n.
One copy of the documents could be viewed by any number of persons simultaneousl
y.
Saving space which is required for physical documents.
A tool for preservation of heritage.
Users of the Digital Public Library
Digital library can be accessed by all sections of the community, irrespective o
f caste,
creed, religious, age, sex etc. One can enlighten himself/herself even sitting a
t home.
This facility is very useful since it not only saves the amount of money require
d for
travelling but also precious time. Any research scholar writing thesis on agrari
an
reforms done during Mogul period in India may access the requisite material from
any
corner of the globe provided the library specialises in the said theme is puttin
g their
material in digitised form for world wide access.
Challenges Faced by the Digital Library
1) Pr otecting the intellectual proper ty r i ghts
A major administrative challenge is in complying with copyright and intellectual
property rights issues. The library authority have to discuss seriously with pub
lishers on
this aspect in order to evolve some mechanism profitable to both users, publishe
rs as
well as authors, Users may be charged for each access, downloading from servers
and/or
each kind of digital library collection. This would provide revenue for publishe
rs,
authors and libraries.
2) Secur i ty aspect
This is the most pressing challenge of the digital affair. Piracy of database, v
iral
invasions, parallel satellite, and networking stress etc. are some of the issues
for digital
libraries are confronted as a way of routine.
3) Lack of exper ti se
Not too many vendors/experts are available m the country and abroad as well. Ove
rseas
vendors charge too much and also reluctant to import techniques/technology.
4) Technophobia
In general, some people do, however, fear any upcoming technology. Individuals m
ay
have several reasons for not using the new technology.
Efforts in the West
The Vatican Library possesses an extraordinary collection of rare books and
manuscripts such as original copies of works by Aristotle, Dante, Euclid, Homer
and
Virgil However, because of the time and cost required to travel to Rome, only ab
out
2000 scholars can afford to visit each year. In 1995, a team comprises the Vatic
an
Library IBM research, the Pontifical Catholic University of Rio De Janeiro and C
ase
Western Reserve University investigated the practically of prodding Online Digit
al
Library service to scholars. The project s goals included:
- Allowing broader access to the unique collections held by the library
- Providing tools that enable more effective scholarship
- Protecting the Vatican Library s assets
- Determining how to achieve self-funding digitisation and delivery.
These goals were pursued though scanning set of manuscript, making them availabl
e
via, the Internet and collecting the view of participating scholars. Moreover, s
everal
digital library projects have also been executed in the USA, for instance the (U
S)
National Gallery of Arts has an extensive collection of paintings and drawings.
In 1990,
IBM started working to develop a digital library of images of the gallery s arts
. It was
successfully completed and the Gallery later decided to provide access to their
collections through a web site that serves the general public. Their website www
.nga.gov
first made public in 1997 provides some of the most beautiful images available o
nline.
These are not only the libraries/information centres which have made progress m
the
area of digitisation. In fact there are a number of libraries in the developed c
ountries
where sizeable collections of the library have already been digitised and also m
ade
available for world wide access able it with some restrictions.
Indian Scenario
India has made tremendous progress in the field of Information Technology. We ar
e
indeed, proud of having produced the best IT professionals. These professionals
are
greatly in demand across the globe interestingly, in the field of automation of
libraries
not only IT professionals but also libraries have shown a great interest and hen
ce today
a number of libraries in the country / have either been automated or in the proc
ess of
automation. However, unfortunately, in the digitisation area, we have not yet ma
de any
significant headway. Indeed the vast amount of information in our country is sca
ttered
in libraries, individual possessions, oral and disciple traditions, archaeologic
al findings,
museums and at so many others places. Some of this invaluable information have g
ot
lost, mutilated, destroyed and stolen, for which we cannot do much. Nevertheless
huge
amount of information is still available and could be used for the development o
f
society. We can start digitisation process of our rate collections, which would
be an
important step in preserving our composite culture and heritage. In academic ins
titutes,
probably, the central University of Hyderabad (UOH) will establish the first dig
ital
library in the country. The university has already identified and started digiti
sation
process for its thesis/dissertation collections. This will be joint effort of UO
H, Sunmicro
Systems and VTLS Software Company.
QUESTIONS
1) Explain Intra-organisational Electronic Commerce and its functions, and
applications.
2) What is supply chain management?
3) Narrate the components of a typical supply chain.
4) Explain supply chain management (SCM) as a competitive strategy.
5) Briefly explain the problems of traditional supply chain.
6) Why do companies care about supply chain efficiency?
7) Explain the characteristics of an efficient supply chain management.
8) Discuss in detail supply chain modelling approaches.
9) Explain the importance of networked supply chain management.
10) Describe the supply chain development model
11) List the advantages of electronic catalogues over paper catalogues.
12) How does a Digital Library work?
13) Explain the need of digital library and its challenges, and advantages.
- End of Chapter -

E Business

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

E Business

Enviado por

Direitos autorais:

Formatos disponíveis

UNIT I

protocols. To assure security and privacy, an extranet relies on secured channel

advances in information and telecommunications technology. The ability of the In

3. The transaction crosses enterprise boundaries, either between two businesses

functions in the organisation and helps the flow of information in a seamless ma

responsibility of updating them. This is costly and time consuming.

Electronic commerce primarily addresses inter organisational and trading

commerce is being driven by lower purchasing costs, reductions in inventories, l

Manufacturers, wholesalers and retailers are working together to form standards

businesses connected electronically and by facilitating collaboration on project

Now let us elaborate the notion of dis-intermediation and re-intermediation furt

d. Mass customization for make-to-order: Manufacturers have to be adaptive to th

2. They are moderately priced - expensive enough to make the transaction

13. Software Supplies and Support

commerce in commodities, and commodities derivatives such as futures.

the browser industry are Netscape communications (Netscape communicator) and

be a concern and this provides a market opportunity for many players.

Accessibility - right to access information and payment of fees to access it.

that recognizes, facilitates, and enforces electronic transactions worldwide. Fu

International agreements that establish clear and effective copyright, patent, a

weaken valuable trademark rights.

advertising to alleviate national legislative road blocks and trade barriers.

needed to assure reliability, interoperability, ease of use and scalability in a

The network protocol used on the Internet is Transmission Control Protocol/Inter

browser or a separate software package. Incoming e-Mails are downloaded from a p

server uses TCP/IP for its Internet transmissions.

7) What are privacy issues in EC?

network or to another gateway machine connected to the other network.

policy in the following sections.

security zone to another. The International Standards Organization (ISO) Open Sy

origin of the initiating connection. Having an application in the way in some ca

application. SMTP is based on a simple, human-readable, text-based dialog betwee

secured the asymmetric cryptosystem.

requirements and operating environment. Public key encryption is particularly us

signatures are the basis of secure e-commerce.

or write your message offline. Thus, irrespective of your location, be it Delhi

What your E-mail Program Needs to Know?

Internet resources available through a common interface, using menus instead of

other resources available through that server, in particular by collecting infor

and then retrieve it for use.

accounts of merchants and buyers.

Over lapping User Communi ties

This is a simple, perhaps idealised, version of trade documentation. The four ex

appropriate VADS may be determined by a trading partner database;

In this category we include all internal organisational activities, usually perf

I nfor mation technology

B. Rough Cut Methods

Or der Fulfi llment

organisations need to be trained. Also the ERP needs to be customised or the

correspond to a specific product. For instance, Coca-Cola s Web site

used to trace the transactions. However, to generalise the relationship between

the network. The technology for electronic transfer of information is developing

Você também pode gostar