Introduction to e-commerce E Commerce Introduction: E commerce consists primarily of the distributing, buying, selling, marketing, and servicing of products

or services over electronic systems such as the Internet and other computer networks. It can involve: - electronic funds transfer, supply chain management, e-marketing, online marketing, online transaction processing, electronic data interchange (EDI), automated inventory management systems, and automated data collection systems. Electronic Commerce (EC) is the process of buying, selling, or exchanging products, services, and information via computer networks Example :A buyer sends an electronic purchase order to a seller. The seller then sends an electronic invoice back to the buyer ECommerce Profit from selling online Reach customers previously unattainable Professional Approach 24hr shop Cheapest sales channel EXAMPLE Ryanair.com flights and other products Ireland.com membership Amazon.com - Books and other products eBay.com Auction Cbg.ie - Advertising

EC Definitions & Concepts (cont.) Internet vs. Non-Internet EC VANsvalue-added networks LANslocal area networks Single computerized machines Using a smart card in a vending machine Using a cell phone to make an online purchase

Evolution of Information Technology Ecommerce

1955 1974 1975 1994

The Electronic Data Processing (EDP) era The Management Information System (MIS) era 1995 so on.. The Internet Era (Ecommerce) Classification of EC by the Nature of the Transaction

Business-to-business (B2B) : EC model in which all of the participants are businesses or other organizations (between 2 orgainsation) B-2-B SITES (Business-to-business) Consumer Are Not Involved Exchange Of Goods And Service Between Two Organization Through Website For Stock And Receives The Order Stock From The Other Business Organization To which E-order is placed EXAMPLE Joined Airnew Co.links major airlines with suppliers Fuel Fuel services Light maintenance services Catering

Business-to-consumer (B2C): EC model in which businesses sell to individual shoppers B-2-C ( Business-to-consumer ) Business to Consumer sites Between business org and customer Order are place by the customer by email Payment are made by credit cards/Debit Card EXAMPLE Online booking E-mails to frequent-flyer members Mileage bonuses and opportunities to win $10,000 AU Wireless communications

Business-to-business-to-consumer (B2B2C): EC model in which a business provides some product or service to a client business; the client business maintains its own customers, to whom the product or service is provided

Consumer-to-business(C2B): individuals who use the Internet to sell products or services to organizations and /or seek sellers to bid on products or services they need

Consumer-to-consumer (C2C) : consumers sell directly to other consumers Intra business (organizational) EC: EC category that includes all internal organizational activities that involve the exchange of goods, services, or information among various units and individuals in an organization

Business-to-employee (B2E): EC model in which an organization delivers services, information, or products to its individual employees E.G. Online training, Online banking

E-government: Government-to-citizens (G2C): EC model in which a government entity buys or provides good, services, or information to businesses or individual citizens ADVANTAGES OF E-COMMERCE For the seller: Increases sales/decreases cost (less paper work) Makes promotion easier for smaller firms Can be used to reach narrow market segments Improved customer relationship by providing fast Information about the product. For the buyer: Makes it easier to obtain competitive bids Provides a wider range of choices Provides an easy way to customize the level of detail in the information obtained In general: Increases the speed and accuracy with which businesses can exchange information Electronic payments (tax refunds, paychecks, etc.) cost less to issue and are more secure Can make products and services available in remote areas Enables people to work from home, providing scheduling flexibility DIS-ADVANTAGES OF E-COMMERCE 1. It is compulsory to be with the change in business environment and technological issues as it is changing very rapidly, which requires a lot of money and it is also not possible to decide a figure on this cost. 2. In E-commerce problem of privacy and security is always an issue, as web transaction takes place with credit cards only. In this system the buyer is not sure about the

sellers identity and vice versa. Therefore it cannot be said that the credit card number and password is not used for malicious purpose. 3. Some legal questions and public-social policies are always there while marketing on web, some legal question arises such as validity of an electronic signature, copyright violations, loss of right to trade secrets etc. whereas government rules and regulations, economic policies and censorship are also present in this system. 4. In this system inefficient consumer search is always a problem because sometimes sellers may not provide all necessary information about the product/services due to this consumer is not able to buy a suitable product. 5. In e-market there is a permanent place for requirement of intermediate. Though wholesalers and retailers are not there but these intermediaries are required for product quality, bargaining and conflict resolution. Due to this the transaction cost get increased. 6. Reconsideration of existing business plan is always required in this system as competition is more in the global market. It also requires to carefully deal with the efforts in overall business plans. 7. In E-commerce problem of eligibility authentication is always work as an threat, as it is difficult to locate the criminals and cheats because no evidence is their to find them. So it takes advantage of this secrecy. 8. Their is no guarantee to get returns from the web stores as competition is more in global market. 9. Many products and services require a critical mass of potential buyers (e.g. online grocers) 10.Cultural impediments: People are reluctant to change in order to integrate new technology 11.The legal environment is uncertain: Courts and legislators are trying to catch up Value chain analysis in Ecommerce A way of looking at the activities of an industry organization. Primary activities Costs are directly allocated to a product Support activities Costs are associated with the overall operation of the organization or

Inbound Logistics : Handling goods that are brought into the company, storing then and making them available to operation as required Operations : The production process, in many cases a series of sub activities that can be represented on a detailed value chain Outbound Logistics : Taking the product of the company, storing them if necessary and distributing them to the customer in a timely manner

Sales and Marketing : Finding out the requirements of potential customer and letting them know of the products and services that can be offered. Service : Any requirement for installation or advice before delivery and them after sales service one the transaction is completed Profit Margin : Last stage in the cycle of primary activities of Value chain analysis E-commerce payment systems A payment system are the procedures and is the ability to accept a form of electronic payment. This form of electronic payment is referred to as financial electronic data interchange (FEDI). FEDI has become Increasingly popular over the last number of years due to the widespread use of the internet based shopping and banking. DEBIT CARD Use of Debit card has become very common these days. Growth of the financial sector worldwide has made the mode of payment system easier resulting a common use of debit card. At the time of making purchases, the person through debit card can make the purchases and get deducted directly from his account No credit facility is granted Every debit card has a magnetic strip on the backside for automatic entry through a card reader. CREDIT CARDS Over the years, credit cards have become one of the most common forms of payment for e-commerce transactions. In the early years many consumers were apprehensive of using their credit cards over the internet because of fear that their credit card numbers would get stolen. However, due to increased security with credit card companies such as Visa (company) American Express and MasterCard there is widespread use of credit card use over the internet, Credit of purchase depend on the type of credit card Payment to the bank can be done within stipulated period of minimum 30 day after that period interest will be charged to the card user SMART CARDS the use of smartcards has become extremely popular. Smartcard is similar to a credit card; however it contains an embedded 8-bit microprocessor and uses electronic cash which transfers from the consumers card to the sellers device. A popular smartcard initiative is the VISA Smartcard. Using the VISA Smartcard you

can transfer electronic cash to your card from your bank account, and you can then use your card at various retailers and on the internet. Like a plastic card as credit card Contain micro chip store detail such as financial, medical, insurance, credit card number etc. Data is encrypted therefore secure.Data cannot be decrypted by the user of smart card by putting pin no EFT (ELECTRICAL FUND TRANSFER) It refers to transfer of money electronically from one organization bank A/c to another organization The payment are not made with the help of paper money e.g ICICI BANK deposits the salary of all the employee in their respective a/c electronically. E-CHEQUE This mode of payment is almost same as cheque payment It is recognize under IT ACT 2000, Negotiable Act 1881 It send a message to the receiver who endorses the cheque and present it in his bank to obtain money. The e-cheque provide protection to the customer a/c by encoding the a/c number with the bank public key. so the merchant a/c no is protected Electronic Funds Transfer at Point of Sale (EFTPOS) While travellers cheques meant 'pay-now-buy-later' and credit cards had 'buy-now-pay-later' advantages, EFTPOS or debit cards signify 'buy-now-pay-now' but without cash transaction. The user presents his ATM card when he buys goods and the EFTPOS system immediately debits his bank account. LIMITATION OF TRADITIONAL PAYMENT SYSTEM Lack of trust: User tend not to trust existing system with the long history of fraud, misuse or low reliability, as well as novel systems without established positive reputation. In the present situation, money loss by customers is quite possible while using existing payment systems, such as credit cards for Internet payments. Potential customers often consider this as a key reason why they do not trust a payment service therefore do not make internet purchases

Lack of usability: Existing payment systems for the Internet require from the end user to provide a large amount of information, or to. Fill forms or make payments using complex elaborated website interfaces. For instance credit card payments via internet require entering extensive amount of personal data and contact details in the form. Lack of security: Current payment systems for the internet are an easy target for stealing/misusing the money and personal information. Customers have to provide in detail general and personal information online. This data is

sometimes transmitted in an unsecured way and thus inviting risks. In practice this happens even in spite of introduction of secure transactions mechanisms, such a secure socket' layer. Providing these details through mail or telephone also entails security risks. Lack of eligibility: Not every potential customer with money and intention to pay can make use of certain payment methods. Not all potential buyers can obtain credit cards due to credit history limitations, low inc6me or other reasons. Lack of efficiency: Some payments over the", internet can be too small to be handled by existing payment system, because of overheads. Included in the processing of payments and transaction. Credit. Cards are too expensive for effecting small payments and are unsuited' for small transactions. The miniml1.m fixed fee charged to the retailer for processing a transaction could even surpass the value of the goods sold. Lack of applicability: Not 'all web sites support a particular payment method, thus limiting customers ability to pay. Credit cards work only with merchants who have signed-up to the services of the corresponding credit card company, and do not' support direct business-to-business or interpersonal payments.

THREAT TO E-COMMERCE There are various kinds of threats to e-commerce some of which are classified as under (A) Poor Infrastructure: Such threats can take place due to poor building or substandard quality hardware such as cables, computers, etc. Computer network also face huge amount of risk due to poor electrical fittings, abnormal vibrations and also due to sudden electric cuts. Such an electric cut may cause huge losses to the system and can also cause a permanent damage. Alternate power generation, and uninterrupted power supply can reduce the risk and also prevent such damage. One should always look to reduce the threats relating to infrastructure where selecting or designing information. As far as possible, the power should be provided by two separate devices/providers. (B) Threats Relating to Natural Calamities: Nature related threats can be of different kinds. Such as from storm, fire, earthquake, flood, or even heavy rainfall. In case you want to save your machine from storm you should always keep your machines at higher floors of the building. (Similarly in case of fire one should always have a fire extinguisher a his workplace where there are many machine. Also, in case of heavy rainfall one should always keep t , machines away from windows specially during rainy season , Timely backups

and data stored in another place helps retrieve data back after a major disaster such as a: earthquake. (C) Threats Related to Mankind: "To err is human" this famous proverb proves the human nature of forgetting and being fu of mistakes. Undoubtedly true, humans are the most lazy species on the earth who tend to not consider one's own actions and be careless especially to take preventive measure regarding the machines. Although, some of the human threats are also deliberate destruction of confidentiality. Such an act usually arises from malicious intentions which ma lead to loss of information resulting in huge damages. Again there are laws governing such unlawful acts' to protect privacy of individuals. Such laws are most important for . people and commercial organisation who completely conduct their transactions on the internet. (D) THREATS FROM INTERNET: It is difficult to trace internet attacks. A person does not have to be personally present at the site to carry out the attack! Attacks can be launched from anywhere in the world and the location of the attacker can be easily hidden. . The growth of internet has expanded the need for well trained and experienced people to manage the network in secure manner. As the need for network security experts for exceeds the supply inexperienced people are assigned to secure systems, opening number of opportunity for intruders. SOCIAL ENGINEERING: It refers to tricks used by hackers to gain entry to the computer systems. e.g. looking through organizations garbage for important documents that might give hacker some hints on how to break into a network. Other e.g. is hidden e-mail attachments such as virus. Hackers also use computer viruses to manipulate everyone with e-mail address. E-mail with subject lines such as "Happy Birthday Joshi" worked their way into email inboxes creating havoc. on the e-mail servers. RISK FROM VIRUS, TROJANS,WORMS Viruses, Trojan horses and worms are all computer programs that can infect computers. Viruses and worms spread across computers and networks by making copies of themselves, usually without the knowledge of computer user. A Trojan horse is a program that appears to be legitimate but actually contains another program or block of undesired malicious , destructive code, disguised and hidden in a block of desirable code. Trojans can be used to infect a computer with a virus.

A back-door Trojan is a program that allows a remote user or Hacker to bypass the normal access controls of a computer and gain unauthorized control over it. Typically a virus is used to the back-door Trojan onto a computer, and once the computer is online, the person who sent the Trojan can run Programs on the infected computer, access personal files, and modify and upload files. RISKS TO E-COMMERCE SYSTEMS: While some viruses are merely irritants, others can have extremely harmful effects. Some of the threats that they pose to ecommerce systems include: Corrupting or deleting data on the hard disk of your server Stealing confidential data by enabling hackers to record user keystrokes Enabling hackers to hijack your system and use it for their own purposes Using your computer for malicious purposes, such as carrying out a denial-of-service attack on another website. Harming customer and trading partner relationships by forwarding viruses to them from your own system. HOW DO VIRUS SPREAD Viruses are able to infect computers via a number of different routes. These include: CDs and floppy disks containing infected documents emails containing infected attachments Internet worms that exploit holes in your system's operating system when you are connected to the Internet METHOD OF PREVENTING VIRUS Use of proper Anti Virus Updating Anti Virus from Time to Time using a virus checker on your Internet connection to trap viruses both entering and leaving the business' IT systems installing software patches provided by the 'supplier of your operating system to close security loopholes that could be exploited by viruses using a firewall to prevent unauthorized access to your network avoiding download of unauthorized programs and documents from the Internet and ensuring your staff adhere to this policy

COMMON E-COMMERCE SECURITY CONTROL

AUTHENTICATION: There are several techniques that can identify and verify someone-seeking to address an e-commerce system. These include: A user name and password combination, where the password can vary in length and include numbers and characters."Two-factor" authentication requiring something the user has(e.g. an authentication token) and something the user knows(e.g. a personal identification number). A digital certificate that enables authentication through the use of an individual's unique signing key.A person's unique physical attribute, referred to as a biometric. This can range from a fingerprint or iris scan, through to retina or facialfeature recognition. ACCESS CONTROL: This restricts different classes of users to subsets of information and ensures that they can only access data and services for which they have been authorized. These include using: network restrictions to prevent access to other computer systems and networks application controls to ensure individuals are limited in the data or services they can access Changes to access privileges must be controlled to prevent. users retaining them if they transfer between departments or leave the business. Firewall is a software which enforces an access control policy between an internal network in an organization and the rest of the Internet. It may also be used for access control between two parts of the same internal network. A firewall blocks some Internet traffic and permits some other traffic. Some firewalls are more restrictive than others. It's important to understand that a firewall implements a policy, so it's only as good as the policy it implements. If the policy is inconsistent or not well thought of, then a firewall may not be a good protection. The main thing firewalls protect against is unauthorized login. In addition they may block some or all of the outside traffic, while permitting all or most of the traffic from the inside to the outside. The traffic that usually is permitted is e-mail (both to and from the network) and HTTP access from the inside to the outside of the firewall. Protocols that may or may not permitted are FTP, SSL, database connections, and so on. In addition to access control, firewalls keep statistics of the Internet packages and requests, and may be configured to issue a warning if some suspicious activity is going on.