1 / 74

E-Commerce

E-Commerce. Sadiq M. Sait sadiq@ccse.kfupm.edu.sa Computer Engineering Department King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia. Commerce. Commerce: Exchange of Goods / Services Contracting parties: Buyer and Seller Fundamental principles: Trust and Security

pamelakeller
Télécharger la présentation

E-Commerce

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. E-Commerce Sadiq M. Sait sadiq@ccse.kfupm.edu.sa Computer Engineering Department King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia.

  2. Commerce • Commerce: Exchange of Goods / Services • Contracting parties: Buyer and Seller • Fundamental principles: Trust and Security • Intermediaries: • Direct (Distributors, Retailers) • Indirect (Banks, Regulators) • Money is a medium to facilitate transactions • Attributes of money: • Acceptability, Portability, Divisibility • Security, Anonymity • Durability, Interoperability

  3. Electronic Commerce-Definition Using electronic methods and procedures to conduct all forms of business activity including governance.

  4. Content Community Commerce Context Communication Collaboration Products Price Packaging Penetration Protection Pace E-commerce  6 Cs & 6 Ps

  5. Electronic Commerce-Issues Technology Infrastructure Legal Management Security Trade, Scope & Coverage Impact on Economy

  6. Infrastructure • Power • Reliable communication • Environment • Human resource • Interface with suppliers and consumers • Faith, trust and ethics • Legal

  7. e-Law: Global Internet requires Global Laws • Industrial laws to be transformed to Information Age • Laws to protect value protection and minimum ethics in Industrial practices when Government transforms itself to be a facilitator

  8. Relationship between Information Technology and Economy Information Technology and Paradigm Shift of Economy Agricultural Society Industrial Society Knowledge and Information-based Society Labor Farmer Knowledge Worker White Collar Worker Energy Intermediate Resource Informatization Industrialization Knowledge Rate of Transformation from Information to Knowledge Rate of Yields Value -Added Rate Main Resources Land Information Energy Product Farm Product Product Knowledge Product Site Research Institute, University Factory Farm

  9. Ontological issues • Definition • What is electronic money ? • Relative to traditional money • Relative to traditional electronic money • Continuity or upheaval ? • What should be the basis of definition • Purpose • Whatdo you buy ? • Payment system • How do you pay ?

  10. Technology • Hardware • Software • Firmware • Communication & Networks • Security • Smart Cards

  11. Role of Technology • lower transaction costs • reducing asymmetric information • 24-hour trading • borderless global trading network • improve market efficiency

  12. Electronic Commerce • E-Commerce is buying and selling of goods and services on the internet, especially the WWW.

  13. Overview • Electronic Commerce • Underlying Technologies • Cryptography • Network Security Protocols • Electronic Payment Systems • Credit card-based methods • Electronic Cheques • Anonymous payment • Micropayments • SmartCards

  14. Electronic Commerce: Involves? • Involves • Virtual storefronts on Web sites with online catalogs, sometimes grouped in a virtual shopping mall • The gathering and use of demographic data • Electronic Data Exchange (EDI) – the business to business exchange of data • Bulk e-mailing as a media for reaching prospective and established customers with news and updates

  15. E-Commerce Steps • Attract prospects to your site • Positive online experience • Value over traditional retail • Convert prospect to customer • Provide customized services • Online ordering, billing and payment • Keep them coming back • Online customer service • Offer more products and conveniences Maximize revenue per sale

  16. Other Requirements • Infrastructure, delivery system such as UPS in the US • Warranty, guarantee culture • Presence of international companies to boost customer trust and confidence • Based on TV model (but it is possible to determine which ad on the internet is bringing in more customers).

  17. Virtual Stores • 24 hour availability • Global reach • Ability to interact and provide custom info and ordering • Multimedia capabilities

  18. Examples • Expected to be a multibillion dollar source of revenue for global businesses • In 1997 Dell Computes reported orders of a million dollars daily! • In 1998, total business-to-business e-commerce revenues generated was $12.5 Billion, expected to rise to $131.1 Billion by the year 2000 (reported by eMarketer) • Vinton Cerf, Chairman of Internet Society (and executive at MCI) estimates that by 2003 e-commerce will reach between $1.8 and $3.2 Trillion • See amazon.com, travelocity.com, towerrecords.com, etc.

  19. Three Options • Buy ready-made solution ibm Net.Commerce • Rent space in a network-based e-commerce solution iCat Commerce and Yahoo Store • Build the system from scratch with components and parts (requires expertise, time, and budget---- but will give exact solution). Another option is to use a ‘plug-in’ application to FrontPage’98 --- JustAddCommerce For stats and growth of e-commerce and demographs see http://www.wilsonWeb.com/Webmarket/demograf.htm or http://ww.emarketer.com/estats

  20. EDI • EDI is the exchange of business data using an understood data format. It was in existence long before the Web • Involves data exchange among parties that know each other well and make arrangement for one-to-one connection, usually dial-up. • An EDI message contains a string of data elements which are separated by delimiters. Each data element represents a fact, such as price, product model number, etc. The entire string is called a data segment.

  21. EDI • A transaction set contains one or more data segments framed by a header and trailer. This is the EDI message or unit of transmission. • A transaction set usually contains information that would typically be contained in a business document or form. • Trading partners are parties who exchange EDI transmission.

  22. Bulk E-mail • Sending ads and info (sometimes in the form of newsletters) is a method for marketers to reach potential E-commerce customers. • Sometimes customers request to be added to newsletter or ‘’special offer’’ mailing list when visiting Web sites. • More often e-mail address are ‘harvested’ and sold to bulk e-mailers who send their messages to as many Web users as possible

  23. Bulk E-mail • Unsolicited e-mail is considered to be a ‘’SPAM’’ to the receiver. The email should include a message that explains how to remove yourself from the list (usually by replying with remove in the subject heading) See http://www.isoc.org/internet/issues/spamming http://www.anti-spam.net http://email.miningco.com http://stopspam.sparklist.com

  24. Steps • Netscape Virtual Office gives 7 steps to selling online: Step 1: Getting a free e-mail address for life Step 2: Building a custom Website for free Step 3: How to attract visitors to your site for free (with Register it) Step 4: How to track visitors (with Hitometer) Step 5: Tuning your Website (by running critical diagnostics) Step 6: Finding new customers for free Step 7: Selling Online

  25. NVO E-Store (an example) • A cost effective solution to selling on-line • Can add a store to your Website in few minutes • Can try it out for free for 30 days • Company logos and other products images can be uploaded by simple clicks. • Shopping carts, security of credit card data, confirmation via e-mail, automatic tax calculation, shipping charges, and detailed tracking and analysis are provided.

  26. E-Commerce Summary • Automation of commercial transactions using computer and communication technologies • Facilitated by Internet and WWW • Business-to-Business: EDI • Business-to-Consumer: WWW retailing • Some features: • Easy, global access, 24 hour availability • Customized products and services • Back Office integration • Additional revenue stream

  27. Things One Must do • Every business who wishes to accept credit cards through a Website much have all the following: • Merchant Account • Shopping Cart • Secure Server • Processing Mechanism • Real time • Manual

  28. Merchant Account • This is like a contract with the credit card company • These companies process your transactions and forward the money to your business account (you must have a business account) • Fees is reasonable, (application fee $50-$400, monthly statement fee $10-$30, Per transaction fee $0.30-$1.00 and monthly minimum transaction fee $20-$50). • Some e-commerce packages include the application for a merchant account.

  29. Shopping Cart • This is the software on your Web site which allows customers to ``Browse your store’’ and select items to ``place in their shopping cart’ for purchase when they check out. • The SW computes applicable state sales tax, shipping costs (if any) and quantity totals. • Many companies charge $100-$1000 for this SW. Some companies give it free with their E-commerce package (e.g., S-Mart sopping Cart software is available free).

  30. Secure Server • Most customers will not give their credit card information over the internet unless its over a secure server. • The current popular secure server is ‘’SSL’’ (secure socket layer). • SSL encrypts the data being passed from your consumer’s browser to the secure server (making data useless if intercepted)

  31. Processing Mechanism • This is the final requirement. Now that you have the merchant account, shopping cart software and a secure Web site, you will need a way to transmit your credit card transactions to your merchant account • There are two methods

  32. Processing Mechanism Methods • Real Time: Customer credit card info is checked for approval immediately while he waits. • Manual: This means that each transaction is entered by the merchant after the consumer’s purchase is made. • To process in real-time one must have a direct Web link with the processing company, usually through the secure Web site (Cybercash, a costly was to achieve real-time processing).

  33. E-Commerce Participants

  34. E-Commerce Problems Snooper Unknown customer Unreliable Merchant

  35. E-Commerce risks • Customer's risks • Stolen credentials or password • Dishonest merchant • Disputes over transaction • Inappropriate use of transaction details • Merchant’s risk • Forged or copied instruments • Disputed charges • Insufficient funds in customer’s account • Unauthorized redistribution of purchased items • Main issue: Secure payment scheme

  36. E-Commerce Security • Authorization, Access Control: • protect intranet from hordes: Firewalls • Confidentiality, Data Integrity: • protect contents against snoopers: Encryption • Authentication: • both parties prove identity before starting transaction: Digital certificates • Non-repudiation: • proof that the document originated by you & you only: Digital signature

  37. Encryption (shared key) m: message k: shared key - Sender and receiver agree on a key K - None else knows K - K is used to derive encryption key EK & decryption key DK - Sender computes and sends EK(Message) - Receiver computes DK(EK(Message)) - Example: DES: Data Encryption Standard

  38. Public key encryption m: message sk: private secret key pk: public key • Separate public key pk and private key sk • Private key is kept secret by receiver • Dsk(Epk(mesg)) = mesg and vice versa • Knowing Ke gives no clue about Kd

  39. Digital signature Sign: sign(sk,m) = Dsk(m) Verify: Epk(sign(sk,m)) = m Sign on small hash function to reduce cost

  40. Signed and secret messages pk2 m pk1 Verify-sign Encrypt(pk1) sign(sk1, m) Epk2(Dsk1(m)) Encrypt(pk2) Decrypt(sk2) First sign, then encrypt: order is important.

  41. Digital certificates How to establish authenticity of public key? Register public key Download public key

  42. Certification authority

  43. E-Payments: Secure transfer • SSL: Secure socket layer • below application layer • S-HTTP: Secure HTTP: • On top of http

  44. SSL: Secure Socket Layer • Application protocol independent • Provides connection security as: • Connection is private: Encryption is used after an initial handshake to define secret (symmetric) key • Peer's identity can be authenticated using public (asymmetric) key • Connection is reliable: Message transport includes a message integrity check (hash) • SSL Handshake protocol: • Allows server and client to authenticate each other and negotiate a encryption key

  45. SSL Handshake Protocol • 1. Client "Hello": challenge data, cipher specs • 2. Server "Hello": connection ID, public key certificate, cipher specs • 3. Client "session-key": encrypted with server's public key • 4. Client "finish": connection ID signed with client's private key • 5. Server "verify": client's challenge data signed with server's private key • 6. Server "finish": session ID signed with server's private key • Session IDs and encryption options cached to avoid renegotiation for reconnection

  46. S-HTTP: Secure HTTP • Application level security (HTTP specific) • "Content-Privacy-Domain" header: • Allows use of digital signatures &/ encryption • Various encryption options • Server-Browser negotiate • Property: cryptographic scheme to be used • Value: specific algorithm to be used • Direction: One way/Two way security

  47. E-Payments: Atomicity • Money atomicity: no creation/destruction of money when transferred • Goods atomicity: no payment w/o goods and viceversa. • Eg: pay on delivery of parcel • Certified delivery: the goods delivered is what was promised: • Open the parcel in front of a trusted 3rd party

  48. Anonymity of purchaser

  49. Payment system types • Credit card-based methods • Credit card over SSL - First Virtual -SET • Electronic Cheques • - NetCheque • Anonymous payments • - Digicash - CAFE • Micropayments • SmartCards

  50. Encrypted credit card payment • Set secure communication channel between buyer and seller • Send credit card number to merchant encrypted using merchant’s public key • Problems: merchant fraud, no customer signature • Ensures money but no goods atomicity • Not suitable for microtransactions

More Related