ELECTRONIC DATA

INTERCHANGE
 EDI
• Electronic commerce was identified as the
facilitation of commercial transactions
electronically, using technology such as
Electronic Data Interchange (EDI) and
Electronic Funds Transfer (EFT).
 WHAT IS ELECTRONIC DATA
INTERCHANGE?
• A Definition From Book:
– EDI is computer-to-computer communication using a
standard data format to exchange business information
between companies.
• Ex:
– Consider the Postal System
• A Definition From Net:
– (EDI) is about doing business and carrying out transactions
with your trading partners electronically.

– EDI covers most things that are traditionally done using

paper-based communication.

3
 EDI
• EDI is the structured
transmission of data
between organizations by
electronic means.
• It is used to transfer
electronic documents or
business data from one
computer system to another
computer system.

• EXAMPLES: Purchase orders,

invoices, shipping notices,
price listings
 Steps in an EDI System

Following are the steps in an EDI System.

•A program generates the file which contains the
processed document.
•The document is converted into an agreed
standard format.
•The file containing the document is send
electronically on network.
•The trading partner receives the file.
•An acknowledgement document is generated and
sent to the originating organization.
EDI layered architecture

VAN
EDI Application layer:-
• Describes the business application

Procurement example
1.Requests for quotes
2.Price quotes
3.Purchase orders
4.Acknowledgments
5.Invoices
• Specific to company & software used
 Application Layer
It consists of the actual business applications that are going to be connected
through the EDI systems for exchange of electronic information.
These applications may use their own electronic record formats and
document formats for storing, retrieving and processing the
information within the company systems.
For EDI to operate, they need to convert the internal company document
format to a format that can be understood by the system used by the
trading partner. When the trading partners are small in number, then
the converters for various partner formats can be built.
But, as the number of partners with different internal formats increase, the
task of building converters for each proprietary format to other format
becomes overwhelming.

8
 EDI Standard layer
• EDI Standard - “A set of rules, agreed upon, accepted, and voluntarily
adhered to, by which the data is structured into message formats for
exchange of business and operational information” (Beby, Daniel J., E-D-I
or D-I-E)
• Standards
– Started in 1950s and 1960s
– First developed for the transportation, warehouse, and grocery
industries
– Provide the commonality of format
– Interpretation for communicated information intelligible to both the
sender and receiver
The first, commonly known as X12, was developed by Accredited Standards
X12 committee of American National Standards Institute (ANSI) and
The second, the International Standard was developed by United Nations EDI
for Administration, Commerce and Trade (UN/EDIFACT) standard.
 ANSI X12 Standard

X12 devised the standards to deal with transactions such as purchase-order

placement, order-processing, shipping, invoicing and payments etc.
The paper documents related to particular business activities are mapped into a
transaction set.
The X12 standard defined a set of documents, referred to as transaction sets, for
a wide range of business transaction forms. Each transaction set is given a
numeric code which is similar to the way in most of the paper forms
where form numbers are assigned.
A transaction set is a term used in X12 standard for defining the transfer of
single document (purchase order, Manifest etc.) between the computers of
two trading partners.

10
ANSI X12
Standard

11
 EDIFACT Standard
Promoted by United Nations Economic Commission, which is responsible for adoption
and standardization of the messages. The International Standards Organization
(ISO) has been entrusted with the responsibility of developing the syntax and data
dictionary for the EDIFACT.
The EDIFACT serves the purpose of trans-border standardization of the EDI messages.
It combines the efforts of American National Standards Institute’s ASC X12, Trade
Data Interchange (TDI) standards developed and deployed by much of Europe
and United Kingdom.
The GE.1 group of UNECE/EDIFAC deals with data elements, and rules and formats
for automated data exchange. The GE.1 group coordinates the six EDIFACT
boards set up for Western Europe, Eastern Europe, Pan America, Australia/New
Zealand, Asia and Africa. Asia EDIFACT board (AEB) consists of members like
India, Japan, Korea, Hong Kong, China, Singapore, Taiwan and Malaysia.

12
 Data Transport Layer
The data transport layer consists of services that automate the task of electronic
transfer of messages.

The Electronic Mail exchanged through the network infrastructure has emerged as the
dominant means for transporting the EDI messages.

The electronic mail is used only as a carrier for transporting the formatted EDI
messages by the EDI Document Transport Layer.

ITU-T has adopted X.435 (X.400-based) standards to support electronic data

interchange (EDI) messaging.

14
 Data Transport Layer
X.435 standard consists of definition of normal EDI messages and a set of EDI
"notifications" to address the security requirement.

In order to achieve equivalence to the security control offered by the paper-based

systems, it has three types of notifications.

• A positive notification – It indicates that the recipient has received the document
and accepts the responsibility for it;

• A negative notification- It indicates that the recipient received but refused to

accept the document. The reason for refusal is attached with the notification.

• A forwarding notification- It indicates that the document was received, but

forwarded to another recipient.

15
 Physical/Inter Connection Layer
It refers to the network infrastructure that is used for the exchange of
information between trading partners.
In the simplest and most basic form it may consist of dial-up lines, where
trading partners dial-up through modem to each other and connect to
exchange the messages as illustrated in the following:

Phone
Exchange
 Physical/Inter Connection Layer
The leased lines and I-way, Internet or any reliable network infrastructure that
can provide ability of interconnection can be used.
Through the interconnection, the EDI partners are able to achieve document
exchanges between themselves:

Dial up/leased line

Communication
Network

Dial up/leased line

 Value Added Network (VAN)
• A value added network is an independent firm that offers
connection and EDI transaction forwarding services to buyers and
sellers engaged in EDI

• VANs are responsible for ensuring the security of data transmitted

• VANs charged a fixed monthly fee plus a per-transaction charge to

subscribers

• Used a lot prior to the internet

• Today’s VANs focus more on security issues

 Value Added Network (VAN)
• A value-added network (VAN) is a private network provider (sometimes
called a turnkey communications line) that is hired by a company to
facilitate electronic data interchange (EDI) or provide other network
services.
• Before the arrival of the World Wide Web, some companies hired value-
added networks to move data from their company to other companies.
• With the arrival of the World Wide Web, many companies found it more
cost-efficient to move their data over the Internet instead of paying the
minimum monthly fees and per-character charges found in typical VAN
contracts.
• Now, Value-added network providers focus on offering EDI translation,
encryption, secure e-mail, management reporting, and other extra
services for their customers.
 Value Added Network (VAN)
• A VAN acts as a regional post office.
VANs are third-party communication networks established for exchanging EDI
traffic amongst the partners. VAN services:
• For every subscriber, the VAN maintains an account, which serves as an
electronic post office box for the subscriber, for sending and receiving the EDI
messages.
• The subscriber’s account receives and accumulates all incoming mail from
other partners that can be viewed by the account owner as and when they
connect to the VAN account.
• It receives transactions, examines the 'from' and the 'to' information, and
routes the transaction to the final recipient.
• VANs may provide a number of additional services, e.g. retransmitting
documents, providing third party audit information, acting as a gateway for
different transmission methods, and handling telecommunications support.
 Value Added Network (VAN)
Producer
Dial up/leased line
Bank
Translation, Editing,
Compliance checking,
verification, Format
translation, Alerting
services, Storage and
Trader Mailbox

Value Added Network Transport

VAN
Dial
up/leased line

Trader Trader

21
 Services Provided By The VAN
Document conversion from one standard to another; typically required when two trading partners
use different standards for EDI Exchanges i.e. ANSI ASC X12 to EDIFACT or TDCC to
ANSI ASC X12;

Converting one ANSI ASC X12 document to another ANSI ASC X12 documents; often within
the same system the documents may need to be converted to another type. For example, a
Motor Carrier Details & Invoice (210) document may need to be converted to Generic
Freight Invoice (859).
The sender may follow certain conventions that are different from receiver. Translation from a
sender's conventions of a standard document to the receiver's conventions; i.e
• translate field separators,
• discard unwanted characters
• format translation from EDI standard to or from flat file, flat file to flat file,
XML, and other formats
• data translation among the PDF, XLS, MDB or other web-based documents

22
 Advantages of an EDI System

Following are the advantages of an EDI System.

•Reduction in data entry errors. − Chances of errors
are much less being use of computer in data entry.
•Shorter processing life cycle − As orders can be
processed as soon as they are entered into the
system. This reduced the processing time of the
transfer documents.
•Electronic form of data − It is quite easy to transfer
or share data being in electronic format.
 Advantages of an EDI System
• Reduction in paperwork − As lot of paper
documents are replaced with electronic
documents there is huge reduction in paperwork.
• Cost Effective − As time is saved and orders are
processed very effectively, EDI proves to be higly
cost effective.
• Standard Means of communication − EDI
enforces standards on the content of data and its
format which leads to clearer communication.
Benefits of EDI
 EDI Applications in Business

• Four different scenarios in industries that use

EDI extensively:
1. International or cross-border trade
2. Electronic funds transfer
3. Health care EDI for insurance claims
processing
4. Manufacturing & retail procurement
 1. International or cross-border trade

•EDI has always been very closely linked with international trade.
•Trade efficiency, which allows faster, simpler, broader & less costly
transactions.

Role of EDI in international trade

•EDI facilitates the smooth flow of information
•It reduces paper work
•EDI benefits for international trade are
1. Reduced transaction expenditures
2. Quicker movement of imported & exported goods
3. Improved customer service through “track & trace” programs
4. Faster customs clearance & reduced opportunities for corruption, a
huge problem in trade
 3. Health care EDI for insurance EDI

• Providing good & affordable health care is a universal problem

• EDI is becoming a permanent fixture in both insurance & health care
industries as medical provider, patients, & payers
• Electronic claim processing is quick & reduces the administrative
costs of health care.
• Using EDI software, service providers prepare the forms & submit
claims via communication lines to the value-added network service
provider
• The company then edits sorts & distributes forms to the payer. If
necessary, the insurance company can electronically route transactions
to a third-party for price evaluation
• Claims submission also receives reports regarding claim status &
request for additional information
 4.Manufacturing & retail procurement
using EDI
•These are heavy users of EDI
•In manufacturing, EDI is used to support just-in-time.
•In retailing, EDI is used to support quick response
Just-In-Time & EDI
•Companies using JIT & EDI calculates how many parts are needed each day based on
the production schedule & electronically transmit orders.
•Delivery has to be responsive, or it will cost too much in money & time.
•Getting data to suppliers quickly
•A major benefit of JIT & EDI is a streamlined cash flow.
Quick Response & EDI
•For the customer, QR means better service & availability of a wider range of products
•For the retailer & supplier, QR may mean survival in a competitive marketplace
•Much focus of QR is in reduction of lead times using event-driven EDI.
•In QR, EDI documents include purchase orders, shipping notices, invoices, inventory
position, catalogs, & order status
EFT- Electronic Fund Transfer
 ELECTRONIC FUND TRANSFER
• Exchange of Money from one account to another
a/c through Computer.
• EFT allows you to exchange funds between
individuals as well as organizations via electronic
gateways which can be accessed using internet,
computers and smart phones.
• Funds can be transferred instantly from one
account to another, either within the same bank
or to a different bank network at any given time.
 Various modes of EFT in India-
NEFT,RTGS,IMPS
• NEFT-NATIONAL ELECTRONIC FUNDS
TRANSFER
• RTGS-REAL TIME GROSS SETTLEMENT
• IMPS-IMMEDIATE PAYMENT SERVICE
 NEFT-NATIONAL ELECTRONIC FUNDS
TRANSFER
• The National Electronic Funds Transfer is a nation-
wide money transfer system which allows
customers with the facility to electronically
transfer funds from their respective bank
accounts to any other account of the same bank
or of any other bank network

• Funds transfer through NEFT requires a

transferring bank and a destination bank.
 NEFT……..
• Before transferring funds via NEFT you
register the beneficiary, receiving funds. For
this you must possess information such as
name of the recipient, recipient’s bank name,
a valid account number belonging to the
recipient and his respective bank’s IFSC code.
• Any sum of money can be transferred using
the NEFT system with a maximum capital of
Rs. 10, 00, 000.
 RTGS-REAL TIME GROSS SETTLEMENT
• It is a real time funds transfer system which
facilitates you to transfer funds from one bank to
another in real time or on a gross basis. The
transaction isn’t put on a waiting list and cleared
out instantly.
• RTGS payment gateway, maintained by the
Reserve Bank of India makes transactions between
banks electronically. The transferred amount is
instantly deducted from the account of one banks
and credited to the other bank’s account.
 RTGS……
• The minimum value that can be transferred using RTGS
is Rs. 2 Lakhs and above. However there is no upper
cap on the amount that can be transacted.

• The remitting customer needs to add the beneficiary

and his bank account details prior to transacting funds
via RTGS. The details required while transferring funds
would be the beneficiary’s name; his/her account
number, receiver’s bank address and the IFSC code of
the respective bank.
 IMPS-IMMEDIATE PAYMENT SERVICE

• The National Payments Corporation of India

introduced a pilot mobile payment project also
known as the Immediate Payment Service (IMPS).
• IMPS offers instant electronic transfer service
using mobile phones. The IMPS service also
features a secure transfer gateway and an
immediate confirmation on fulfilled orders.
• IMPS is offered on all the cellular devices via
Mobile Banking or through SMS facility.
 IMPS…..
• To be able to transfer money via IMPS route you
must first register for the immediate payment
services with your bank

• Thus IMPS enables customers to use mobile

instruments as an instant money transfer gateway,
facilitating user convenience and saving time and
effort involved in other modes of transfer.
• IMPS interbank transfer service is available 24X7
 ADVANTAGES OF EFT…..
• Increase efficiency and productivity.
• Manage cash flow easily.
• Improve safety and control.
• Saves money.
• Less paper works.
• Eliminate the risks associated with lost, stolen,
or misdirected cheques
“EFT SAVES OUR TIME AND
MONEY’’

In short we can say that EFT is FAST, SIMPLE,

SAFE, and SECURE.
 DISADVANTAGES
• The fund transfer process generally consists of a series of
electronic messages sent between financial institutions
directing each to make debit and credit accounting
entries necessary to complete the transaction.
• The fund transfer can generally be described as a series
of payment instruction messages, beginning with the
originator’s (Sending customer’s) instructions, and
including a series of further instructions between the
participating institutions, with the purpose of making
payment to the beneficiary (Receiving customer’s).
 DISADVANTAGES

• One of the major disadvantages of EFT is RISK OF SECURITY ISSUE.

Electronic banking largest adversary is the hackers who try to steal the
customer’s money and their information. When the account has been
compromised, money can be stolen. Hacker’s can also use the information
obtained to steal one’s identity. This could mean a lots of trouble for the
customer that can take years to fix. Ones credit accounts are opened in his
or her name it can be many years before the debts are taken care and
removed off of their credit report.

• If you entered the target account number incorrectly, there is no way to

reverse the transaction since the bank would process the transaction
under the belief that the information you provided is accurate

• Once an amount is transferred, the bank cannot reverse a transaction.

 DIFFERENCE B/W NEFT,RTGS & IMPS
• There is no cap on the minimum value that can be
transacted via NEFT. RTGS system however only process
transactions of a value starting from Rs. 2 Lakhs and above
as it caters to gross settlements.
• While the NEFT system settles transactions in batches, RTGS
option transfer funds in real time. Using NEFT if a transfer
order is received after the defined cut-off time, the
transaction will have to wait until the next clearance to be
fulfilled whereas RTGS transactions are processed
continuously throughout the RTGS business hours.
• IMPS stands out as the most convenient and instant mode
of money transfer, allowing transfer of money across various
accounts and banks on the go using a mobile device.
 Secure Electronic Transaction

(SET)

SMU CSE 5349/7349

 Credit Cards on the Internet
• Problem: communicate credit card and purchasing data
securely to gain consumer trust
– Authentication of buyer and merchant
– Confidential transmissions
• Systems vary by
– Type of public-key encryption
– Type of symmetric encryption
– Message digest algorithm
– Number of parties having private keys
– Number of parties having certificates

SMU CSE 5349/7349

 Credit Card Protocols
• SSL 1 or 2 parties have private keys
• TLS (Transport Layer Security)
– IETF version of SSL

• i KP (IBM)
• SEPP (Secure Encryption Payment Protocol) OBSOLETE
– MasterCard, IBM, Netscape
• STT (Secure Transaction Technology)
– VISA, Microsoft

• SET (Secure Electronic Transactions)

VERY SLOW
– MasterCard, VISA all parties have certificates ACCEPTANCE

SMU CSE 5349/7349

 Secure Electronic Transaction (SET)
• Developed by Visa and MasterCard
• Designed to protect credit card transactions
• Confidentiality: all messages encrypted
• Trust: all parties must have digital certificates
• Privacy: information made available only when
and where necessary

SMU CSE 5349/7349

 GOALS
• DATA CONFIDENTIALITY – ENCRYPTION
• WHO AM I DEALING WITH – AUTHENTICATION
• NO REPUDIATION : DIGITAL SIGNATURE
• ACESS CONTROL : CERTIFICATE ATTRIBUTES.
• Integrity : message digest

SMU CSE 5349/7349

 Participants in the SET System

SMU CSE 5349/7349

 SET Business Requirements
• Provide confidentiality of payment and
ordering information
• Ensure the integrity of all transmitted data
• Provide authentication that a cardholder is a
legitimate user of a credit card account
• Provide authentication that a merchant can
accept credit card transactions through its
relationship with a financial institution

SMU CSE 5349/7349

 SET Business Requirements (cont’d)

• Ensure the use of the best security practices

and system design techniques to protect all
legitimate parties in an electronic commerce
transaction
• Create a protocol that neither depends on
transport security mechanisms nor prevents
their use
• Facilitate and encourage interoperability
among software and network providers
SMU CSE 5349/7349
 SET Transactions

SMU CSE 5349/7349

 SET Transactions

• The customer sends order and payment information

to the merchant.
• The merchant requests payment authorization from
the payment gateway prior to shipment.
• The merchant confirms order to the customer.
• The merchant provides the goods or service to the
customer.
• The merchant requests payment from the payment
gateway.

SMU CSE 5349/7349

 hashing
• Hashing is an important Data Structure which
is designed to use a special function called the
Hash function which is used to map a given
value with a particular key for faster access of
elements. The efficiency of mapping depends
of the efficiency of the hash function used.

SMU CSE 5349/7349

 Message digest
• A message digest is a
cryptographic hash function containing a
string of digits created by a one-way hashing
formula. Message digests are designed to
protect the integrity of a piece of data or
media to detect changes and alterations to
any part of a message.

SMU CSE 5349/7349

 Crytography basics
• Encryption: It is the process of locking up information using
cryptography. Information that has been locked this way is
encrypted.
• Decryption: The process of unlocking the encrypted
information using cryptographic techniques.
• Key: A secret like a password used to encrypt and decrypt
information. There are a few different types of keys used in
cryptography.

SMU CSE 5349/7349

 SYMMETRIC KEY
• This is the simplest kind of encryption that involves only one secret key to
cipher and decipher information. Symmetrical encryption is an old and
best-known technique. It uses a secret key that can either be a number, a
word or a string of random letters. It is a blended with the plain text of a
message to change the content in a particular way. The sender and the
recipient should know the secret key that is used to encrypt and decrypt
all the messages. Blowfish, AES, RC4, DES, RC5, and RC6 are examples of
symmetric encryption. The most widely used symmetric algorithm is AES-
128, AES-192, and AES-256.
• The main disadvantage of the symmetric key encryption is that all parties
involved have to exchange the key used to encrypt the data before they
can decrypt it.

SMU CSE 5349/7349

 contd

SMU CSE 5349/7349

 PUBLIC KEY CRPTOGRAPHY
• Public-key cryptography, or asymmetric cryptography, is a cryptographic
system that uses pairs of keys: public keys which may be disseminated
widely, and private keys which are known only to the owner. The
generation of such keys depends on cryptographicalgorithms based on
mathematical problems to produce one-way functions. Effective security
only requires keeping the private key private; the public key can be openly
distributed without compromising security.[1]
• In such a system, any person can encrypt a message using the
receiver's public key, but that encrypted message can only be decrypted
with the receiver's private key.

SMU CSE 5349/7349

 Public key cryptography

SMU CSE 5349/7349

 Key Technologies of SET

• Confidentiality of information: DES

• Integrity of data: RSA digital signatures with
SHA-1 hash codes
• Cardholder account authentication: X.509v3
digital certificates with RSA signatures
• Merchant authentication: X.509v3 digital
certificates with RSA signatures
• Privacy: separation of order and payment
information using dual signatures
SMU CSE 5349/7349
 CONFIDENTIALITY
• he Data Encryption Standard (DES) is an
outdated symmetric-key method of
data encryption.
• DES works by using the same key to encrypt
and decrypt a message, so both the sender
and the receiver must know and use the
same private key.

SMU CSE 5349/7349

 INTEGRITY OF DATA
• A digital signature is a mathematical scheme
for verifying the authenticity of digital
messages or documents. A valid digital
signature, where the prerequisites are
satisfied, gives a recipient very strong reason
to believe that the message was created by a
known sender (authentication), and that the
message was not altered in transit (integrity).
[1]

SMU CSE 5349/7349

 Digital signatures
• Digital signatures employ asymmetric cryptography. Digital seals and signatures are
equivalent to handwritten signatures and stamped seals.[12] Digital signatures are
equivalent to traditional handwritten signatures in many respects, but properly
implemented digital signatures are more difficult to forge than the handwritten
type. Digital signatures can also provide non-repudiation, meaning that the signer
cannot successfully claim they did not sign a message, while also claiming
their private key remains secret. Further, some non-repudiation schemes offer a
time stamp for the digital signature, so that even if the private key is exposed, the
signature is valid. Digitally signed messages may be anything representable as
a bitstring: examples include electronic mail, contracts, or a message sent via some
other cryptographic protocol.

SMU CSE 5349/7349

 Dual Signature for SET

• Concept: Link Two Messages Intended for Two Different Receivers:

– Order Information (OI): Customer to Merchant
– Payment Information (PI): Customer to Bank
• Goal: Limit Information to A “Need-to-Know” Basis:
– Merchant does not need credit card number.
– Bank does not need details of customer order.
– Afford the customer extra protection in terms of privacy by
keeping these items separate.
• This link is needed to prove that payment is intended for this order
and not some other one.

SMU CSE 5349/7349