Documente Academic
Documente Profesional
Documente Cultură
Overview
This
is
not
a
comprehensive
discussion
Idea
is
to
make
you
aware
about
ecommerce
and
issues
related
to
it
History
of
eCommerce
(Source:
Wikipedia.com)
The
meaning
of
electronic
commerce
has
changed
over
the
last
30
years.
Originally,
electronic
commerce
meant
the
facilitation
of
commercial
transactions
electronically,
using
technology
such
as
EDI
and
EFT.
These
were
both
introduced
in
the
late
1970s,
allowing
businesses
to
send
commercial
documents
like
purchase
orders
or
invoices
electronically.
The
growth
and
acceptance
of
credit
cards,
automated
teller
machines
(ATM)
and
telephone
banking
in
the
1980s
were
also
forms
of
electronic
commerce.
Another
form
of
e-commerce
was
the
airline
reservation
system
typified
by
Sabre
in
the
USA
and
Travicom
in
the
UK.
Online
shopping
was
invented
in
the
UK
in
1979
by
Michael
Aldrich
During
the
1980s
it
was
used
extensively
particularly
by
auto
manufacturers
such
as
Ford,
Peugeot-Talbot,
General
Motors
and
Nissan.
From
the
1990s
onwards,
electronic
commerce
would
additionally
include
enterprise
resource
planning
systems
(ERP),
data
mining
and
data
warehousing.
Although
the
Internet
became
popular
worldwide
in
1994,
it
took
about
five
years
to
introduce
security
protocols
and
DSL
allowing
continual
connection
to
the
Internet.
By
the
end
of
2000,
a
lot
of
European
and
American
business
companies
offered
their
services
through
the
World
Wide
Web.
Since
then
people
began
to
associate
a
word
"ecommerce"
with
the
ability
of
purchasing
various
goods
through
the
Internet
using
secure
protocols
and
electronic
payment
services.
India
started
using
eCommerce
roughly
by
2002
onwards.
eCommerce:
Electronic
commerce,
commonly
known
as
e-commerce
or
eCommerce,
consists
of
the
buying
and
selling
of
products
or
services
over
electronic
systems
such
as
the
Internet
and
other
computer
networks.
Modern
electronic
commerce
typically
uses
the
World
Wide
Web
at
least
at
some
point
in
the
transaction's
lifecycle,
although
it
can
encompass
a
wider
range
of
technologies
such
as
e-mail
as
well.
Electronic
commerce
is
generally
considered
to
be
the
sales
aspect
of
e-business.
It
also
consists
of
the
exchange
of
data
to
facilitate
the
financing
and
payment
aspects
of
the
business
transactions.
Thus,
eCommerce
is
the
process
of
buying
and
selling
or
exchanging
of
products,
services;
and
information
via
computer
networks
including
the
Internet.
Electronic
commerce
that
is
conducted
between
businesses
is
referred
to
as
business-to- business
or
B2B.
B2B
can
be
open
to
all
interested
parties
(e.g.
commodity
exchange)
or
limited
to
specific,
pre-qualified
participants
(private
electronic
market).
Electronic
commerce
that
is
conducted
between
businesses
and
consumers,
on
the
other
hand,
is
referred
to
as
business-to-consumer
or
B2C.
This
is
the
type
of
electronic
commerce
conducted
by
companies
such
as
Amazon.com.
For
Educational
Purpose
only.
Vicky
D.
Shah
Page
1
of
10
eCommerce
Perspective:
From
a
communications
perspective,
it
is
the
delivery
of
information,
products/services,
or
payments
over
telephone
lines,
computer
networks,
or
any
other
electronic
means.
From
a
business
process
perspective,
it
is
the
application
of
technology
to-ward
the
automation
of
business
transactions
and
work
flow.
From
a
service
perspective,
it
is
a
tool
that
addresses
the
desire
of
firms,
consumers,
and
management
to
cut
service
costs
while
improving
the
quality
of
goods
and
increasing
the
speed
of
service
delivery.
From
an
online
perspective,
it
provides
the
capability
of
buying
and
selling
products
and
information
on
the
Internet
and
other
online
services.
Electronic
data
Interchange
-
EDI
Developed
in
early
60s
as
means
of
accelerating
the
movement
of
documents
pertaining
to
shipments
and
transportation.
It
is
defined
as
electronic
transfer
from
one
computer
to
another
of
computer
proccesable
data
using
an
agreed
standard
to
structure
the
data.
The
National
Institute
of
Standards
and
Technology
in
a
1996
publication
defines
Electronic
Data
Interchange
as
"the
computer-to-computer
interchange
of
strictly
formatted
messages
that
represent
documents
other
than
monetary
instruments.
Only
when
there
is
an
error,
or
for
quality
review,
and
for
special
situations
human
intervention
is
allowed.
Electronic
Funds
Transfer
EFT
It
is
defined
as
any
transfer
of
funds
initiated
through
an
electronic
terminal,
telephonic
instrument,
or
computer
or
magnetic
tape
so
as
to
order,
instruct,
or
authorize
a
financial
institution
to
debit
or
credit
an
account.
The
term
is
used
for
a
number
of
different
concepts:
Cardholder-initiated
transactions,
where
a
cardholder
makes
use
of
a
payment
card
Direct
deposit
payroll
payments
for
a
business
to
its
employees,
possibly
via
a
payroll
services
company
Direct
debit
payments
from
customer
to
business,
where
the
transaction
is
initiated
by
the
business
with
customer
permission
Electronic
bill
payment
in
online
banking,
which
may
be
delivered
by
EFT
or
paper
check
Transactions
involving
stored
value
of
electronic
money,
possibly
in
a
private
currency
Wire
transfer
via
an
international
banking
network
(generally
carries
a
higher
fee)
Payment
System
A
payment
system
is
a
system
(including
physical
or
electronic
infrastructure
and
associated
procedures
and
protocols)
used
to
settle
financial
transactions
in
market
(bond
markets,
currency
markets,
futures,
derivatives,
etc
or
to
transfer
funds
between
financial
institutions.
E.G:
Payment
Gateway
PayPal
PaisePay
CC
Avenue
For
Educational
Purpose
only.
Vicky
D.
Shah
Page
2
of
10
Intranet
and
Extranet
An
"intranet"
is
the
generic
term
for
a
collection
of
private
computer
networks
within
an
organization.
Extranets
are
extended
intranets
connecting
organizations,
which
may
include
personnel,
customers,
suppliers
and
strategic
partners.
An
extranet
is
one
way
in
which
a
firm
can
improve
their
offering
and
remain
competitive.
Intranets
and
extranets
are
communication
tools
designed
to
enable
easy
information
sharing
within
workgroups.
E.
G
Intranet:
Many
schools
and
non-profit
groups
have
deployed
intranets,
but
an
intranet
is
still
seen
primarily
as
a
corporate
productivity
tool.
E.G
Extranet:
Allowing
controlled
access
to
an
otherwise
private
company
network
enables
business-to-business
transactions
and
file
sharing.
Value
Chain
in
eCommerce
Primary
Activities
Identifying
Customers
Design
Purchase
Material
&
Supply
Manufacturing
Market
&
Sell
Delivery
of
Products
Providing
after
sale
service
and
support
Supporting
Activities
Finance
&
Administration
Human
Resource
Developing
Technology
Elements
Responsible
-
Success
of
eCommerce
Finance
Technology
Team
Back-office
Strategic
alliances
Initial
marketing
efforts
Competition
Target
audience
Transaction
Security
Network
Security
Reliability
Speed
Brand
Awareness
Traffic
Volumes
Community
Building
and
Stickiness
For
Educational
Purpose
only.
Vicky
D.
Shah
Page
3
of
10
eCommerce
Business
Model
Business
Model
-
Type
of
Transaction
Business
to
Business
-
B2B
Business
to
Consumer
-
B2C
Consumer
to
Consumer
-
C2C
Business
to
Anyone
-
B2A
Business
Model
Type
of
Operation
Model
1,
2
and
3
under
following
categories
1)
Product
Information
2)
Order
Registration
3)
Order
Execution
4)
Payment
Collection
Operations
1)
Product
Information
2)
Order
Registration
3)
Order
Execution
4)
Payment
Collection
Business
Model
Type
of
connectivity
Using
EDI
Connectivity
- Governments
Using
VPN
Connectivity
- Private
companies
Using
Internet
Connectivity
- For
end
users
Business
Model
Revenue
Subscription
Revenue
Model
-
Hosting
services,
etc
Advertising
Revenue
Model
-
Google
search
engine,
etc
Commission
Model
-
eBay,
etc
For
Educational
Purpose
only.
Vicky
D.
Shah
Page
4
of
10
Application
of
eCommerce
Email
Enterprise
content
management
Instant
messaging
Newsgroups
Online
shopping
and
order
tracking
Online
banking
Online
office
suites
Domestic
and
international
payment
systems
Shopping
cart
software
Teleconferencing
Electronic
tickets
Advantages
of
eCommerce
Increased
Profit
Large
Customer
Base
Increased
purchasing
opportunity
for
the
customers
Faster
Transaction
&
Multiple
Choices
Improved
&
Easier
Payment
System
Security
Accessibility
E-learning
or
Distant
Education
Disadvantages
of
eCommerce
Non
acceptance
of
eCommerce
by
Business
Processes
Technological
Issues
Scarcity
of
Potential
Customers
Cost
Benefit
Issue
Software
Issues
Legal
Issues
E-Commerce
Security
Security
Issues
eCommerce
Issues
Risks
Damage
to
site
Key
distribution,
certificate
authorities
For
Educational
Purpose
only.
Vicky
D.
Shah
Page
5
of
10
Security
Issues
Confidentiality
-
No
unauthorized
person
can
view
transaction
Integrity
-
Information
sent
by
the
sender
should
be
received
as
is
to
avoid
ambiguity
Availability
-
Information
should
be
available
24x7
Authentication
-
Receiver
should
know
who
has
sent
the
information
and
a
acknowledgement
must
be
made
on
receiving
the
data.
Non
Repudiation
-
Sender
or
receiver
of
the
message
cannot
deny
of
sending
and
or
receiving
the
message.
Especially
online
payment
related
issues.
E-Commerce
Issues
What
are
the
threats
to
ecommerce
sites?
-
Who
are
the
likely
attackers?
-
How
do
we
defend,
or
at
least
minimise
our
losses
E-Commerce
security
technology
-
SSL
(https),
certificates,
certificate
auth
Theft
from
our
bank
account
Not
getting
paid
for
a
product
-
stolen
credit
card
-
dishonest
customer
repudiates
purchase
Damage
to
site
(defacement,
DoS)
Theft
of
personal
data
about
customers
Damage
to
Site
Deface
web
site
-
Obscene
content,
rude
language
on
home
page
Crash
web
site
-
Distributed
Denial
of
Service
attacks
-
Hack
into
lots
of
computers
on
the
net,
get
all
of
these
to
flood
victim
with
packets
or
otherwise
attempt
to
deny
service
-
Difficult
to
stop
Legal
Issues
Legal
defense:
due
diligence
o Show
you
have
done
used
best
available
technology
to
protect
data
o Firewalls
are
good
for
this
Not
too
effective,
but
judges/lawyers
dont
know
this!
so,
need
a
firewall
which
looks
impressive
and
costs
money,
it
doesnt
need
to
actually
work
Domain
Name
Issue
Trademark
&
Copyright
Issue
Dispute
Resolution
For
Educational
Purpose
only.
Vicky
D.
Shah
Page
6
of
10
Risks
Who
pays
if
there
is
fraud
o Customer?
o Retailer
(e-commerce
site)?
o Credit-card
company?
o Someone
else?
Business
goal:
risk
is
fine
as
long
as
someone
else
pays!
Credit-card
fraud
Secure
Servers
Servers
which
use
cryptographic
protocols
(such
as
SSL)
so
that
net
traffic
is
private
and
authenticated
-
credit
card
info
cannot
be
read
-
shipping
addresses
cannot
be
changed
Secure
servers
-
There
are
easier
ways
of
getting
card
numbers
than
net
spying
-
CC
receipts
from
recycle
bin
-
bugging
phones
easier
than
tapping
Web!
Certificate
Authorities
Authenticate
public
keys
by
signing
Emerging
Technological
Aspect
mCommerce
and
Location
Based
Service
o It
is
existing
and
there
to
stay
eCommerce
will
be
partially
replaced
by
mCommerce
More
sophisticated
and
organized
attacks
anticipated
80%
of
the
business
would
be
online
IT
ACT
2000
Basic
legal
framework
for
E-Commerce
to
promote
trust
in
electronic
environment
Acceptance
of
electronic
documents
as
evidence
in
a
court
of
law
and
Acceptance
of
electronic
signatures
E-Commerce
and
E-Governance
as
major
applications
through
legal
sanctity
accorded
to
electronic
records
and
digital
signatures
Acceptance
of
electronic
documents
by
the
government
Defining
of
digital
signatures
based
on
asymmetric
public
key
cryptography
Establishment
of
Certifying
Authorities
to
issue
digital
signature
certificates
for
authentication
of
users
in
e-commerce
&
e-governance
Amendments
to
the
IT
Act
have
addressed
industrys
concerns
on
data
protection
issues
in
that
it
creates
an
enabling
legal
environment
in
India
that
addresses
breaches
of
confidentiality
and
integrity
of
data.
For
Educational
Purpose
only.
Vicky
D.
Shah
Page
7
of
10
Encryption
and
Decryption
and
Digital
Signature
What
is
Cryptography?
Science
of
secret
(hidden)
writing
kryptos
hidden
graphen
to
write
Encrypt
/
encipher
Convert
plaintext
into
ciphertext
Decrypt
/
decipher
Convert
ciphertext
into
plaintext
What
is
Digital
Signature?
A
digital
signature
is
an
electronic
means
of
authenticating
an
online
identity
A
digital
signature
can:
Authenticate
the
identity
of
the
sender
of
a
message
or
signer
of
a
document
Be
used
to
ensure
that
the
original
content
of
the
message
is
unchanged
Traditional
Paper
Based
Solution
Confidentiality
Envelopes
Integrity
Signatures,
Watermarks,
Authenticity
Notaries,
strong
physical
presence
Non-repudiation
Signatures,
receipts,
confirmations.
Electronic
Solution
Confidentiality
Data
Encryption
Authenticity
Digital
Signatures,
Certificates
Integrity
Hash
Algorithms,
Message
Digests,
Non-Repudiation
Digital
Signatures,
Audit
Logs
Requirements
for
Public
Key
Systems
SECRECY
of
the
private
key
-
Must
be
known
only
to
owner
-
Key
ownership
=
Identity
AVAILABILITY
of
the
public
key
-
Must
be
available
to
anyone
-
Requires
a
public
directory
For
Educational
Purpose
only.
Vicky
D.
Shah
Page
8
of
10
Certificate
Authorities
(CAs)
A
small
set
of
trusted
entities
known
as
Certificate
Authorities
(CAs)
are
established
to
sign
certificates
A
Certificate
Authority
is
an
entity
that
exists
only
to
sign
user
certificates
The
CA
signs
its
own
certificate
which
is
distributed
in
a
trusted
manner
Retrieving
Public
Keys
Public
keys
stored
in
repositories
Keys
can
be
retrieved
on
demand
Certification
Authorities
(CAs)
Users
send
keys
to
a
Certification
Authority.
CA
then
generates
a
certificate
for
the
user,
and
keeps
a
copy
of
it
in
certificate
repository
Registration
Registration
Authority
(RA)
-
verification
of
user
info
-
policy
enforcement
-
no
liability
-
only
handles
registration,
not
re-issuance,
revocation,
etc.
-
works
with
CA
Registration
can
be
local,
or
outsourced
Business
Implications
of
Digital
Signature
Commercial
Entities:
B2C
B2B
Non-commercial
Entities:
Government
General
Society
Advantages
of
Digital
Signature
Prevent
fraud
Prevent
unauthorized
access
of
data
Preserve
data
integrity
Applications
Contract
signing
Areas
like:
-Business
transactions
(e-commerce)
-Banking
-Insurance
For
Educational
Purpose
only.
Vicky
D.
Shah
Page
9
of
10
Considerations Technological No common international standard. Any number of companies will say their digital-signature technology is the safest and best Security Security threat always exists Hackers are constantly finding loopholes or cracking codes Social Digital Divide Hitting the critical mass is important in getting the technology into use However, slow adoption of IT hinder Digital Signature from being widely used