NKUMBA UNIVERSITY

SCHOOL OF BUSINESS ADMINISTRATION

COURSEOUTLINE
COURSE NAME: E- BUSINESS
 OBJECTIVES: To introduce the operational techniques of conducting
business on electric media

 To impact the skills of using Internet services in conduction business.

 To impact skills of creating consumer and market space on electronic media.

CONTENT: Overview of E-business

Definitions of technologies and scope of E-Business
Traditional Vs electronic commerce

Importance of the Internet

Internet structure and growth
Network infrastructure

Handling money of the net

Transaction on the net
Requirements of payment system
Types of electronic payments
Tools for implementation

Security and E-Business

The benefit of cryptography
The process of encryption
A Comparison of Encryption method

Consumer and Business market

The consumer market and one to one marketing
 The business market, value chain and the market place

Offering consumer product on the Internet

Moving form phone sales to the web
The first online store
Website description: Guiding customer through choice

An Electronic Market place of buyers and sellers

Moving from point to online
Implementation

Strange for E-Business

Evolving with Internet
Creating a frame work for business value
Doing things differently in market place

Refrences:

2
OPERATION OF E-BUSINESS

In simple understanding E-Business is defines as buying and selling of products and

services over the internet, but from it operations, electronic business had included one
handling of purchased transactions and fund transfers over the networks.

E-Business has grown now to include the buying and selling of new commodities such
as electronic information.

In the past E-Business was basically Business to business, i.e. transaction between
large operations, banks and other financial institutions. This was considered as the
major components of E-business. The use of internet as a way to bring business to the
individual customer has let to the shift in E-business operations. (Business to
consumer) . Both the press and the business community have increased their focus on
E-Commerce involving the consumer.

Meanwhile B to B E- Commerce is roving along, stronger than before. The internet has
also given, asked B to B E- Commerce a boost. In some case, smaller companies are
discovering that they can conduct business on line, just like their larger counterparts.

Business of all size are finding that they can take advantage of the Internet to lower the
cost of electronic commerce’s either by replacing other network, and by using the
Internet as another communication medium, converting their data to digital form and
incorporating it with their business practices.

The Business Cycle

To meet the need of the market space, business design and manufacturer new
products, market their products, distribute them, and provide customers support,
generating revenue for them selves along one way.

Customers first and identify a need for something, whether it is physical product, a
service or information. Then they must look for information about the product or service,
find place that cells it and compare the options they have found i.e. in terms of price,
3
services, reputation etc. before they actually purchase the products. Making the sell
margin also involve negotiating the price, quantity, terms of delivery and may be legal
issues.
A sales cycle doesn’t end with delivery of the product or services, either customers
support adds more steps while working to the benefits of both parties. Customers get
what they want to keep their products performing well and suppliers learn more about
market needs.

Meanwhile banks and other financial institutions handle the transfer of funds between
buyers and sellers whether they are individual customers or large Multinational
Corporation
E-Business is a system that includes not only those transaction that center on buying
and selling goods and services to directly generate revenue, but also those transactions
that support revenue generation such as generating demand for those goods and
services, offering sales support and customer services or facilitating communication
between business partners.

The Cycle of Electronic Commerce

ACCESS

Follow on sale

Products

Customers
On line orders On line orders

Standard order

Distribution

Electronic Customer
Support 4
Traditional Vs E-Business

Sales Cycle step Traditional Business E-Business

Acquire product Information Magazines, flyers, Online Web pages, e-mails, online
catalogue

Request item Printed forms, letters E-Mail, website

Fax
COPORATE DATABASE

Get orders approved Printed forms, letters E-Mail

Check catalogs Prices Catalogs Online catalogs

Check product availability phone, fax web page

and confirm price

Generate orders printed form Email, web page

Send orders to suppliers, Fax mail Email, EDI

Receive orders from buyers

Schedule delivery Printed form E mail, Online database

Receive product Shippers Shippers

CUSTOMER
Confirm receipt SELLER Printed form E-mail
Provide Send information
Phones, Identify
Schedule payment
information Printed form fax, e-mail EDI, OnNeed
line dbase
Request information

Send payments (Buyers), Mail EDI, EFT

Web Surfing

Receive payments
Data sheets, WEB SITE
( suppliers)
catalogs,
demos, etc. Find source
NEWS GROUP
ELECTRONIC BUSINESS AND BUSINESS PROCESS
Find
Demoscustomer
reviews
Information NET COMMUNITIES
Sharing Evaluate
Provide
information
5
WEB SITE
Fulfill orders EDI Purchase

Information
Deliver soft goods
sharing
electronically

Website, phone, fax, e-mail Use

maintain
Support
Email list

Ordering,
payment
fulfillment

Services and
Support

6
Sharing Information
Before a sale is made, clients must be made aware of the product and services. That
means advertising and making are more generally, providing data for the customer’s
information gathering process.

Potential customers must get information about your company and its products. While
you learn more about your markets in order to reach your customer, and design your
product and services to meet their needs. With E-Business the two goals can go hand
in hand. Internet is used to provide information while learning about the market.

Also networked communities can be useful in distributing information about products.

Chat rooms. Mult-party conferencing bulletin board systems, and news group E.g. (the
Us Net news groups on the internet are all ways that you can foster discussion of your
company and its products. Many of these systems can be integrated with the web
servers.
The World wide Web (www) provides one effective medium for communicating with your
customers. You can design web site to include product catalogs that can be searched
electronically that provide new types of product information. If you maintain an on line
catalog of products using web, you can actively request information from visitors to your
web by providing them with a page for comment.

Asking web visitors to provide some information about them selves as they search your
catalog. Or prepare an online order, can help you tie demo-graphic data to produce
searches and information request, i.e. information that can help your marketing and
sales department You can also send periodic notices about product updates and new
features to interested parties by E-mail.

If you are maintaining a web server software, i.e. software that manages data at the
website, controls access to include a form to accept questions from customers using a
web browser i.e. software that allow you to connect with the Internet to access HTML
documents and their associated media files. You can compile questions that are arise
repeatedly into what is known as frequently asked questions (FAQ) files, and distribute
them via E-mail use net news and the web.

7
While a large number of websites are aimed at the general public, a significant number
you can find intermediaries or brokers, offering sites that allow buyers and sellers in a
particular market to interact, trade information, bid and make sales.
Ordering
It should be a routine matter for customers to electronically place orders for a
company’s goods or services. Electronic forms that mirror traditional paper order forms
are a good way of handling this. Clients/service applications have often been designed
to handle this, but because most web systems support electron form, many companies
are now turning to the web instead. Also the opportunity of accepting orders via E-mail
is used. Even if you do not use forms-based on E-mail on internet, it is to difficult to
write a CGI script (common gateway Interface script) which is a scripting system
designed to work with HTML web servers. This scripts usually written in the Perl coding
language, are often used to exchange data between a web server and the database.

Payments

Payment is the heart of the sales process, which is the actual receiving of the money for
the company goods or services. With a wide variety of payments mechanisms in place,
this is the most fast-charging part of electronic business.

Customers can use credit cards electronic cheques, digital cash, and even something
called micro cash. Where payments are only a few pennies.

Some business with Internet have long been using EDI, but for small business setup
has made it prohibitive. However, with the advent of EDI. On its businesses even
home busy can use EDI will have to be both consumer-based and business based
payments processed through internet.

Entrepreneurs are experimenting with a variety of electronic payments systems on

Internet. Many are electronic equivalents of the systems we are accustomed to using
every day, such as credit cards, cheques, and debt cards. Even digital cash, an attempt
to electronically represent the hard cash in your pocket, is also available. But all of these

8
electronic methods for paying for goods or services over network are still in infancy
stages when compared to all the transactions completed using cash.

Businesses have responded to the popularity of the web by putting their product data
sheets and catalogs for ordering on web servers, so trying payment systems to the
same medium makes sense. Many vendors offer commerce server- or merchant-server
web software specifically designed to handle and accept payments over the web.

Business are also starting the use of EDI for transaction over the internet with their
supplies, either by using web-based forms for entering EDI transactions with the
services company on the internet, or by using a service e-mail to forward EDI
transactions to their business partners.

In addition to all the methods for making payments electronically over the internet, these
are still the tried-ad-true methods used in every day, such as giving credit card
numbers over the telephone, or faxing an order with credit card number. The method is
slowly being replaced by electronic commerce.

Fulfillments
Most economies depend on the daily transfer of massive amounts of information many
companies make money generally, transferring, or analyzing that information. If a
company deals in information then their products is information, or data. The most
convenient way of distributing the product is Internet.

The kind of information that is most traded in falls into the following: Newsletter, news,
analysis reports, and stock prices, such products also include software. Documentation,
programs patches and upgrades are also well suited to Internet distribution.

If you deal in physical goods, you can’t actually deliver your products via internet. But
you can use EDI to inform your shippers of goods that need to be transferred, and the
Internet lets you use E-mail to communicate with shippers and distributors about
matters such as the status of deliveries. In some cases, shippers such as DHL, Federal
Express, United parcel Service etc. lets you check delivery status using the web.

9
No matter how innovative and popular your products are, they are no good if you can’t
deliver them to your customers. Once you create a product, you need a way to distribute
it. You also need to inform your current and potential customers about the product.
Whether your product is a soft good i.e. information or a hard good i.e. tangible products
you can use e-mail and websites to make product realize information available then you
would probably transmit via e-mail.

If you come to rely on intermediaries or other distributors to distribute your products and
product information, sharing product release schedules, products development and
marketing plans, and similar types of information between your company a and
intermediaries, then you should maintain a shared database accessible by outsiders
and allowing them to view and enter data.

Services and support

Company’s relationship with a customer does not end with the sale but the sale may
be only the beginning of a long and meaningful relationship with the customer.

Internet may be used to keep a strong touch with customers providing technical
assistance on a product. Internet can be used to forward User Manual of the product.

If the product requires physical servicing, Internet cannot be used, but can only help to
provide the nearest offices of technical support. or through intermediaries.

Items such as technical notes about your products feature and use FAQ, frequently
asked question) provide answers to your customers for most commonly posed inquiries.
Software update, and bug fixes, are only some of information to customers through a
variety of channels such as e-mail and web.

10
Benefits of E-business

Electronic advertisement for goods and services could lead right to the information
about web stores carrying that item, along with the store’s business hours and directions
and even pointers to reviews of the products. If a customer doesn’t need to see product
in person before buying it, orders could be placed and paid for electronically.

Electronic business offers other new opportunities to both individuals and business as
electronic commerce matters and more companies conduct business on line, you will be
able to do comparison shopping more easily.

In addition, vendors will be able to electronically notify potential customers about sale of
items in which they are particularly interested. The increase of direct buyer/seller
interaction at the expense of middleman has reduced.

E-business has open up a new opportunities for new kinds of intermediaries or brokers
to track special marketing, notifying clients of bargains, changing meet conditions and
herd–to-find items and even conduction periodic searches for special products on their
behalf.

The documents in Internet have become more appealing to customers. The World
Wide Web has allowed more customers to confidently use the Internet, and it has
offered individuals and business a new way to present and file information ‘B-to B
transactions can now take place at a less expense using Internet than they did using
private networks offered for EDI and bank transactions.

Network based systems can reduce paper work and allow greater focus on customers
needs. When more of the company information is digital, companies put more focus on
meeting customers needs this is encrypted by . tracking customer satisfaction,
requesting more customer feed back, and presenting custom solutions.

Internet Structure as Member of E- business

The Internet is global in scope and strongly decentralized, that it has no single
governing body. The physical network comprising the Internet form a hierarchy, the top
level of which is the high-speed backbone network maintained by market.

The majority of Internet traffic is funneled onto the backbone through the network
Access points (NAPS) which are maintained by Sprint, MFS and others and are located
in strategic metropolitan areas across the US, Europe and other states.

Independently created national networks (created by PSINET, and UUNET, among

others) mostly tie into the NAPS, but come service providers have made their own
arrangements for exchanging internet traffic in order to side step the NAPS, which are
becoming bottlenecks.

Lower levels in the hierarchy are composed of regional networks and then the individual
networks found on university computers at research organizations, and in business.
This grand networks of networks shares a common set of communicating protocols
known as TCP./IP
11
 Course work:
Despite the many achievements of E-business, discuss the disadvantages and potential
threats that are posed by this type of business using relevant exercises

HIGH SPEED BACKBONE NETWORK

PACBELL User Organizations

SPRINT MFS Network Access points (NAPS)

PACBELL
CTRL NET UUNET PSINET Regional networks

Local (SPS)

The growth of Internet

The growth of Internet has been phenomenal by any means the internet predecessor,
ARPANET, started in 1969, connecting together only 4 computers at different locations
in U.S. Over the past years, the number of computers attached to the Internet has
been doubling annually. What was a network designed primarily for academic research
is now a network populated largely by individuals outside universities, as well as
commercial enterprises.

The changes in demographics of the \Internet users have led to tremendous business
opportunities, many of which have grabbed the financial headlines. As opportunities
grow, so does the friction between entrepreneurs and original Internet designers. As a
business manager the Internet is a very dynamic entity with a life of it own. Outside
forces such as individuals companies with not new technologies and even the market
place itself. Attempt to change the Internet and how it function. However, there are
standards, of roles that make the Internet work various standard body exist to ensure
12
that the Internet runs as smoothly as possible, even though it is decentralized collection
of networks. If a manager put his eyes on technology and standards as they evolve,
and pay attention to what is changing opportunities for business companies will be
seen. The chances to use and profit from the Internet are open to any business.

Although many of the systems proposed for electronic business on the Internet they are
now and, in some cases, untried, the Internet has long been a breeding ground for
experimentation in electronic commerce.

On the other hand, traditional financial networks, with which we are familiar. Evolved as
very centralized and carefully planned systems. Some of these systems such as those
used by credit card issues and banks are effecting the evolution of E-business on the
Internet. They are bringing stability to Internet electronic business, and providing new
ways to tie the new opportunity of the Internet to the established financial process, we
use to day in E-business.

An Internet will not replace the present –day financial process however it will be a
strong complement to the seeing how the match each other, and also integrate with
your business practice is fundamental to the business effectively taking advantage of
electronic business.

New software connecting to the existing baking networks or credit card clearing
networks have given E-business a new look. For example many different companies,
such as Microsoft, Netscape, Cyber cash and Verifone are all developing software that
allows consumers to use Web browsers to pay for purchase electronically

These systems also include vendor software for processing the payments. But
ultimately they all use a connection into one existing banking networks or credit card
clearing networks. Some banks are now working on systems that will use the Internet to
make teat connection, instead of private network.

Networks Infrastructure

13
 Applications that fall within electronic Business depend on the underlying network
infrastructures. The network Infrastructure covers the media required for moving
information and thus includes the Internet, Cable television, telecommunications
networks and private corporate networks.

The building Block of E-business

Dbase

Multimedia
Credit cards, EDI, digital cash, authoring
E- business Applications
Security, E-mail. Web, FAQI Information
production
Production
Services

Email, Web, Share dbase

Distribution
Online catalog Internet
Value added Nws
Net communities Cable TV
Networks
Shipping Infrastructure Telephones
Networks

As the figure above shows other electronically based infrastructure may also be built
with business. The production infrastructure focuses on your company’s products and
what it takes you to create them

The distribution infrastructure lets you get your products and services to customers.
The service infrastructure handles such processes as payments, customer support and
security. The network infrastructure includes all technologies of internet. Technologies
are specified by protocols that governs the roles that determine everything about the
way the network operates. Protocols govern how applications access the network, the
way data forms an application is divided in to packets for transmission through cables
on a network cable.

14
A New vision of the Internet protocol is being implemented on the Internet that provides
more address for network devices along with added security and multi media options.

PROTOCOL RECOMMEDNED FOR E-BUSINESS

TCP/IP Protocols

The TCP/IP protocols defines how data is subdivided into packets for transmission
across a network, as well as how can transfer files and send electronic mail. The
protocols that form the TCP/IP stack are the basis of Internet.

PCP/IP makes use of many existing protocols that define network media, such as
Internet over twisted pair and other types of calls as well as fiber optical cables. Point to
point protocols (PPP) is one of the few protocols developed specifically to govern
TCP/IP transmission over a particular medium i.e. in serial connection with modem. -II 0
provide address space determine IP address. These occur at the Network and
transport layer as the core of the TCP/IP stack with Internet protocol (IP) being the key
protocol (ARP = The Address Resolution protocol)

Above the IP transmission control protocol (TCP) or user datagram protocol (UDP) can
be used to determine the maximum transmission that can be used the packet size, and
fine-tune transmission accordingly. TCP is used when 100% reliability of transmission
is required while UDP is used in less stringent situations.

Application Protocols

Everything that encompasses the network below the application layer is transparent to
the computer user. The application layer is where the user gets to do some thing useful
with the network, perhaps sending E-mail, browsing a website, or transferring a file.
While all of the network underlying structures is needed to make application work it is
the applications that are of greatest importance to conducting business on the Internet,
or on any other networks. Some of the important application protocols are :
 FTP (File transfer protocol) – for file transfers
 HTTP (Hyper text transfer protocol) for the world wide web object transmission.
 SNMP (Simple network management protocol) for controlling network devices.
15
 DNS (Domain Naming Services) responsible for converting numerical IP address
into names that can easily be remembered by the users.
 SMTP( Simple mail transfer protocol) for managing massage transmission.
 POP (Post Office Protocols) for connecting post office services.
 IMAP(Internet mail Access protocols)
 MIME (Multi media Internet mail extension) for e-mail services.

FTP
These are occasions when it is necessary to retrieve files, such as applications or
networks from some where else’s computer . On the Internet we use FTP for file
transfer between file serves and client computers. Depending on the software one
cans select file one by one and upload or download them or can create a list of files
and transfer them as a batch.

HTTP

Certainly the most visible interface to the internet these days is the web, which is
based on the standard set code called Hypertext markup language (HTML) and a
technology known as Hypertext transfer protocol (HTTP) . the browser on the users
computer works as HTML to determine how the text and graphics should be
displayed. HTTP determines how a file is transferred from server to client.

SMTP

Although web related traffic on the Internet is the single largest component of
internet, there are actually more e-mail users than web users on the Internet, E-mail
is probably the most used form of communication between industrial the Internet.
The simple mail transport protocol (SMTP) and post office protocols (POP) are two
essential Internet protocol for E-mail access protocol. (IMAP) are used to handle
and retrieval of messages.

POP & MIME

16
These were originally designed for text mail. A MIME or multimedia Internet mail
extension extends the message capability of E-mail messaging. MIME compliant
message can consist of more than one part, this part might be graphics, video or
sound clips, or other types of multimedia. MIME on the other hand is needed to
secure transfer of different types of commercial transaction on the Internet, Such as
EDI data.

OTHER NETWORKS
INTRANETS
Though the TCP/IP protocols form the basis of the Internet, the use of TCP/IP is not
restricted to the Internet. TCP/IP has become the preferred protocol stack for
companies seeking to adopt an open system outlook. With the growing popularity of
the Internet, business have also arisen to create networks using TCP/IP for
sharing information only within the operation.

EXTRANET
Using the web in conjunction with the TCP/IP networks allow companies to more
easily maintain a single user interface to many applications, as well as simplify the
distribution of new client software. Those companies that seek to share some of
their data with business partners or clients, perhaps by establishing a shared
database and connecting Intranets using TCP/IP sales these shared net extranets.
The major difference between each of these networks i.e. the Internet, Intranet, and
extranet is the control of access to information and how it is stored.

Corporate Internet

Networks
17
 - - Fire wall

TCP Protocol
Dbase programs

Shared data base

Extract
Business partners Internet

Firewall

TCP/IP protocol
Dbase programs Networks

VANS

The value added networks (VANS) are one of the non Internet technologies that are
maintained privately and dedicated to EDI between business partners. Larger
corporations have often maintained their own private Internets networks for company’s
business and on occasion have opened them up to business partners for exchanging
information. Banks and credit card clearing browser also maintained dedicated private
networks for electronic funds transfers among them selves and associated business.

VPN
Virtual Private Networks

18
These are networks that are essentially private, but use the Internet to substitute (in lieu
of) the expensive leased phone lines between offices. The networks landscape is
changing because of the increased influence of the Internet. The bigger charge in
business is looking at the ways to conduct financial transactions over open networks
like those comprising of the Internet. Businesses are investigating the possibility of
conducting EDI transactions over the Internet, which would greatly reduce the cost.
Many businesses are experiencing the technology to run their corporate nets as VPNs
over the Internet replacing the expensive leased phone lines between offices,

Handling Money on the Net

The Goals of Implementing an E-Business Trust Infrastructure
To take advantage of the opportunities of e-business/e-procurement and
avoid the risks of communicating and transacting business online, every
business must address practical problems and questions involving privacy,
security, and overall confidence in the underlying features of the system.
Such concerns include:

1. "How can I be certain that my customers' credit card information is not

accessible to online eavesdroppers when they enter into a secure
transaction on the Web?"
2. "How can I reassure customers who come to my site that they are
doing business with me, not with a fake set up to steal their credit
card numbers?"
3. "Once I've found a way to authoritatively identify my business to
customers and protect private customer information on the Web,
what's the best way to let customers know about it, so that they can
confidently transact business with me?"
4.   "When customers feel confident enough to buy something from me
online, how can I enable them to pay me easily using their credit cards
or other payment methods?"
5.   "How can I verify that customer's credit card information is valid?"
6. "What do I do with payment information once customers send it to
me?"

The process of addressing these general security questions determine the

fundamental goals of establishing an e-business/e-procurement trust
infrastructure:

Authentication: Customers must be able to assure themselves that they

are in fact doing business and sending private information with a real
entity — not a "spoof" site masquerading as a legitimate bank or e-store.

Confidentiality: Sensitive Internet communications and transactions,

19
 such as the transmission of credit card information, must be kept private.

Data integrity: Communications must be protected from undetectable

alteration by third parties in transmission on the Internet.

Nonrepudiation: It should not be possible for a sender to reasonably

claim that he or she did not send a secured communication or did not
make an online purchase.

The Internet Payment Processing System

Understanding how best to address the need for Internet payment gateway
services requires first briefly examining the participants in an Internet
payment processing system.

Participants in a typical online payment transaction include:

 The customer: typically, a holder of a payment card — such as a
credit card or debit card — from an issuer.
 The issuer: a financial institution, such as a bank, that provides the
customer with a payment card. The issuer is responsible for the
cardholder's debt payment.
 The merchant: the person or organization that sells goods or services
to the cardholder via a Web site. The merchant that accepts payment
cards must have an Internet Merchant Account with an acquirer.
 The acquirer: a financial institution that establishes an account with a
merchant and processes payment card authorizations and payments.
The acquirer provides authorization to the merchant that a given card
account is active and that the proposed purchase does not exceed the
customer's credit limit. The acquirer also provides electronic transfer of
payments to the merchant's account, and is then reimbursed by the
issuer via the transfer of electronic funds over a payment network.
 The payment gateway: This function, operated by a third-party
provider, processes merchant payments by providing an interface
between the merchant and the acquirer's financial processing system.
 The processor: a large data center that processes credit card
transactions and settles funds to merchants, connected to the
merchant on behalf of an acquirer via a payment gateway.

The basic steps of an online payment transaction include the

following:
1. The customer places an order online by selecting items from the
merchant's Web site and sending the merchant a list. The merchant
often replies with an order summary of the items, their price, a total,
and an order number.
2. The customer sends the order to the merchant, including payment
data. The payment information is usually encrypted by an SSL pipeline
set up between the customer's Web browser and the merchant's Web
server SSL certificate.

20
 3. The merchant requests payment authorization from the payment
gateway, which routes the request to banks and payment processors.
Authorization is a request to charge a cardholder, and must be settled
for the cardholder's account to be charged. This ensures that the
payment is approved by the issuer, and guarantees that the merchant
will be paid.
4. The merchant confirms the order and supplies the goods or services to
the customer.
5. The merchant requests payment, sending the request to the payment
gateway, which handles the payment processing with the processor.
6. Transactions are settled, or routed by the acquiring bank to the
merchant's acquiring bank for deposit.

(Check for repetition here)

In every day life, we pay for the goods and services in a number of different ways. If
you are an individual customer dealing with a merchant, you can pay by cash, cheques,
credit cards or debt cards. With increasingly commercialization of the Internet, and
popularity of the web, consumers and business are both looking for ways to conduct
business and settle transaction over the Internet.

Transactions on the Internet

21
 If a business is interested in allowing its customers to use electronic payments
methods on the net, many of the procedures for handling payments are similar to those
used in regular point-of –sale (POS) system. The main difference is that every thing
takes place on the Internet using consumers personal computers and web server. The
figure below describes the payment protocol on Internet
Acquiring
CONSUMER bank
Gate way
Browser Merchant or
Customer server

Protocol conversion
Transaction over Information or
BROWSE private network
management security Authorization
R information
Credit card settlement
checking A/c information charge back return
management Security Financial
digital cash receipt management
management

Security Capture settlement

- - - -

Other business process

Inventory

Accounting fulfillment
Meeting
USING BANK

Authorized settlements

Consumers use a web browser to place an order and provide information about their
form of payment, which might be a credit, digital cash or electronic cheques.

Soft ware on the server then has to settle the transaction by verifying the order and
getting authorization for the funds transfer from a bank or credit card acquires, usually
this is done via a gateway that communicates with the bank using either the Internet or
the banks private network.

22
Consumers are also beginning to use new systems such as ectronic checking and
digital cash for making small immediate electronic payments to information providers
and others that are in keeping with Interacting, read time nature of the Internet today.

A web server can be set up to present fields from an order form that consumers from
the browser back to the server which process it, usually adding it to the database,

Gateway are used to connect two that use different protocols. The connected networks
do not only transfer data between themselves but also converts the data into a
protocol computable form

Requirements of Payments System

Traditional financial transactions offer set special xtiars that people have come to
depend on even if they don’t think about them in many cases set requirements

Confidentiality

A buyer will need to keep to keep his information a confidential matter to only the seller.
For example when he give credit card number to the merchant, he expect
confidentiality that the number will only be disclosed to those who have the legitimate
need to know it such as the integrity. The settlement of any transaction requires that
both parties i.e the seller and the buyer are trust worth i.e neither the amount
purchased nor the good purchased will be altered in appropriately.

Authentication

Both the buyer and the seller may require authentication, i.e assurance that they are is
really who they claim to be. When goods and services are bought in person, it is easy
to authentic the vendor based on the location of the business and the permanence of its
facilities. If the payment is not by cash, the merchant usually asks to see your Identity,
passport, etc. or just compare your signature to authenticate the payer.

23
Authentication allows the merchant to determine if the buyer actually has the funds for
the purchase. The merchant will probably want to verify that the buyers account can
cover the amount of the purchase or get the information about the approval of the
payment mode.

Assurance

Some kind of assurance that the merchant is a competent and worthy to trust. This may
take the form of a business license, endorsements from other customers, newspapers
or magazines, or even security bonds for more complex transactions

Privacy

There are occasions when both buyers and sellers require privacy of some scale. For
example, a company conducting research might purchase a market report, but probably
wouldn’t want its competitors to learn what was purchased. Cash payment can offer
privacy because they don’t create a paper strings tying the buyer to products that was
purchased, Once a cash purchase is complete, the seller has no record of buyer’s
identity to tie a buyer to a particular item, receipt is the only proof that the buyer
purchased some items from a seller.

In electronic payments system, the above requirements are also to be adhered to.
There are technological answers for providing these principles online, but that alone
does not mean that they can be readily practiced for example we can electronically
authenticate our selves on the Internet by using digital signatures but the infrastructure
for providing our identity as it is and enabling all merchants to verify it, isn’t yet in place.
It is almost as if a merchant couldn’t read identity details because it used issued in a
foreign language

.In cyberspace, it is necessary to employ encryption to ensure confidentiality,

authentication, and privacy. Which requirements are met by a particular payment
system depends on what is encrypted and who is allowed to decrypt it. For example,
encrypted all the information passed by a customer’s web browser to the vendor’s web
server when making a purchase maintains the confidentiality of transaction, but neither
24
authentication nor assurance is guaranteed if the vendor can decrypt all of the
transaction information meaning that privacy is not totally guaranteed. Either since some
one monitoring the network can detect that there is traffic passed between the buyer
and the vender. Digital signature and certificates are used on the internet to fulfill some
of the requirements.

In many cases, business-to-business commerce depends on prior negotiations and

contacts. That is between extended to the world of electronic commerce by EDI, but
more flexible arrangements are needed to accommodate the fast paced world of today’s
business, where trading partners ships can be short-lived. The same is true for
consumer They may buy an item from a vendor with whom they’ve had no previous
dealings. i.e. fast-paced electronic commerce requires flexible arrangements

Types of Electronic Payments

The methods that have been developed for making payments on the Internet are
essentially electronic versions of traditional payments systems we use every day. I.e.
cash, cheques, and credit cards. The fundamental difference between the electronic
payment systems are traditional ones is that every thing is digital, and id designed to be
handled electronically from the get-go basis i.e there is no counting of shillings , no clink
of coins in ones product, or signing a cheque with a pen

In a simple way of speaking, every thing is about the payment has been virtualized into
strings of bits. Thus virtualization makes many of electronic payments options appear
similar to each other.

While many of the payments systems are currently implemented for use on personal
computers, many others are being introduced in the systems with devices supporting
them, e.g. personal digital assistants(PDA) are already underway with smart cards.
Credit Cards

In credit cards transactions, the customer presents preliminary proof of his ability to pay
by presenting his credit number to the merchant. The merchant can verify this with the
bank, and credit a purchaser slip for customer to endorse. The merchant then use this

25
purchase slip to collect funds from the bank, and on the next billing cycle, the consumer
receives a statement from the bank with records of transactions.

Using credit card to make a purchase over the Internet follows the same scenario. But
on the Internet added steps must be taken to provide for security and authentication of
both buyer and seller. This had led to a variety of systems for using credit card over the
Internet. Two of the features distinguishing these systems are the level of security they
provide for transactions, and software required on both the customer and business
sides of the transactions.

Credit card can be handled on line in one or two different ways, i.e. sending encrypted
credit card number over the Internet, or encrypting credit card details before any
transactions are transmitted.

Encrypting credit card transactions can also be subdivided according to what is

encrypted. If the transaction between the buyer and the seller encrypted, the merchant
(seller) has to decrypt at least the order details to complete a purchase. Then to further
assure the customer that only authorized parties see his credit cards information and
protect against seller fraud, a trusted third party can be used to separately decrypt the
credit card information for authorization of the purchase.

26
 Handling credit card and other data with HTML forms and CPI script (non-secure)

Client Web Browser

HTML Form
HTTP Server CGI script

Filled In form
Forward authorization
ORDER request
DATABASE
BANK

A customer browsing the web might enter a credit card number in an order form, and
click a submit bottom to submit the information to merchant’s web server. The data
would be raw, and thee is no security guarantee for this type of transaction, someone
would be monitoring network traffic and could intercept the transmission or some one
posing as a merchant could use un encrypted number for illegal charges.

On the business and, processing the incoming credit card information only requires a
web server with a CGI script to process the form filled out by the customer. To secure
the communications between buyer and seller against snooping, a good choice is a web
browser-server combination that supports the SSL protocol.

In order to protect information on credit card, the use of encrypted credit card the use of
encrypted credit card information with a trusted third party, such as cyber cash, first
virtual, etc in steady of allowing the merchant to handle credit processing.

Wallet: A helper application for need browsers used to pass an encrypted, credit card
number from buyer, through the sales merchant, and on to the server maintained by the
credit company.

27
There are two significant standards on the works that make the interoperability of
electronic wallet and credit card transactions simpler for both customers and
businesses.

1. SET
The secured electronic transaction (SET) protocol deployed by master card and visa
is a combination of protocol by other applications (such as web browser) and a
standard or recommended procedure for having Credit card truncations over the
Internet.

It was designed for cash holders, banks, and other card processors. SET uses
digital Certificate to ensure the identities of all parties involved in a purchase. SET
also encrypts credit card and purchase information before transaction on the
Internet.

(ii) JEPI
The second standard is Joint electronic payment initiative (JEPI) developed by a World
wide web consortium and commerce net negotiations. It is an attempt to standardize
payment On the buyers side it serves as an interface that enables a web browser to use
to use a variety of payment protocols.

On the merchant side (server side) it acts between the network and transport layers to
pass off the incoming transaction to the proper protocol and paper payment protocol

28
JEPI’S INVOLVEMENT IN PAYMENY PROCESS

CONSUMER
MERCHANT

payment server

JEPI PAYMENT
PROCESSING
SOFTWARE

Wallet Visa, Digital cheques,

Digital cash

Payment protocol
Payment protocol SET1, SET2, SET 1, SET2, Digital
Digital cheques, digital cash cheques Digital cash

Transport HTTP, SSL Transport

Email HTTP, SSL Email

JEPI
The
Internet

Multiple protocols may be available for payments; transport, and wallets, JEPI issues are easier
for buyer to use a single application and a sing el interface, in a variety of commercial situations.
It also makes it easier for merchants to support the variety of payment systems that consumers
will want to use.

To endorse, the merchant then use this purchase slip to collect funds from the bank, and on the
next billing cycle the consumer receives a statement from the bank with records of transaction

29
Using credit card to make a purchase over the internet follows the same scenario, but on the
Internet added steps must be taken to provide for security and authentication of both buyer and
seller. This has led to a variety of systems for using credit card over the Internet. Two of the
features distinguishing those systems are the level of security they provide for transactions, and
software required on both the customer and business sides of the transaction.

Credit card can be handled on him in two different ways, i.e. sending unaccredited credit card
number over the Internet, or encrypting credit card details before any transactions are
transmitted.

Encrypting credit card transactions can also be subdivided according to what is encrypted. If the
transaction between the buyer and seller encrypted, the merchant (seller) has to decrypt at least
the order details to complete a purchase.

Then to further assure the customer that only authorized parties see his credit card information
and protect against seller fraud, a trusted third party can be used to separately decrypt the credit
card information for an authorization of the purchase.

SSL secured socket layer (a protocol for providing authentication for server browser

Handling Credit Card and order data with HTML forms and CGI Script (secure with SSL)

30
Electronic Cheques

Credit card payment is very popular for commerce on the Internet. However, two systems have
been developed, one by Financial Services Technology Corporation (FSTC) and the other by
Cyber Cash, to let customers electronically pay cheques to web merchants directly.

A paper cheques is basically a message to customers bank to transfer funds from his account to
some one else’s account. The message is not sent directly to the bank, but to the intended
receiver of the funds, who must present cheques to a bank after the funds are transferred, the
canceled cheque is returned to the sender, and can be used as proof of payment.

In virtually all aspects, an electronic cheque has all the same features as a paper cheque. It
functions as a message to the sender’s bank to transfer funds, and, like a paper cheque, the
massage is given initially to the receiver who in turn endorses the cheques and presents it to the
bank to obtain funds.

The electronic cheque is a bit superiour to the paper chequs in that , as a sender, you can protect
yourself against fraud by encoding your account number to the public a key, there by not
revealing your account to the merchant.

The cyber cash’s system for electronic cheque is an extension of its wallet for credit cards, and it
can be used in the same way to make payments with the participating vendors. The function of
payment or clearing the electronic cheques is handled directly by the banks. Cyber cash do not
serve as an intermediate party for processing the cheques.

The FSTC is a consortium of banks and clearing house that designed on electronic cheques.
Modeled the traditional paper cheques, This new cheque is initiated electronically, and uses a
digital signature for signing and endorsing.

Electronic cheques can be delivered by either direct transmission over a network, or electronic
mail in either case existing channels can clear payments over their networks. This leads to a
convenient integration of the existing banking infrastructure and the Internet; because the
FSTC’s plan for electronic chequeing include money transfers and transactions including
automated clearing house association for transferring funds between the banks, business could
use the FSTC scheme to pay invoices from other businesses.

Ordinary consumers may prefer electronic cheques to other payment system for a number of
reasons. First more citizens or customers have cheque accounts than credit cards, so an
electronic equivalent for cheques serves a large amount..

Secondary at least with the FSTC system, a customer can make a variety of different payments
(i.e cheques, certified checks; ATM, and so on) using interface. It also means that the customer
only has to deal with his bank, not a number of financial institutions to make these different
types of payment.

31
Extending Electronic check to existing payment service

One can decide to pay utility bills by standard electronic cheques, but the coned designate that
one of the electronic cheques be delivered as a certified cheque in order to make a down payment
on a new house. The instruction accompanying a cheque would be processed by the EPH
software installed at your bank, and distributed by the appropriate payment network.

Digital Cash
In a digital cash system. Currently is nothing more than a string of digits. A bank might issue
these strings to digits and debit your account with a withdraw equal to the value of current
(token) issued. The bank validates each token with its digital stamp before transmission to your
personal computer.

When you want to spent E-cash, you only have to submit the proper amount of tokes to the
merchant, who then refers them to the bank for verification and redemption –(recover funds) to
ensure that cash token is used once, the bank records its serial number and it is spent.

Payment for an item by digital card

Digital cash developed a slightly different scheme called the blind structure, This allows buyers
to obtain E-cash from banks with out the bank being able to correlate the buyers name with the
token it issues. This is much more like regular cash, where all dollar bill you get from banks
does not bear your name on it. The bank has to honour the token when it receives it from a
merchant because of the validation stamp it originally attached to your token. But the bank cant
tell who made the payment.

Since digital cash doesn’t have to be divided into denomination marching those of real coins or
other legal tender, it can be used in smaller denominations they are only useful for undertaken
in the electronic world. In both the physical and electronic worlds, transactions are often
limited to some minimum amount to ensure that the transaction fees charged by banks and
clearing houses still leaves the merchant with a project on the sale.

The cost of a transaction is generally small, and using digital cash can keep them on order of a
few pennies per transaction. The smaller digital transactions used for such payments are called
micro cash, low cost, real time transactions using micro cash are also referred to as micro
transactions.

Wallet: a helper for a web browser used to pass an encrypted credit card number from buyer,
through the sales merchant, end on the server maintained by the credit company (or authentium
and approval).

Implementation of E-Business and Payments

The customers problem is only how to find the right product on a site and how to pay for it.
The business concern is accepting the right payment systems and integrating them with the
existing accounting, inventory and fulfillment systems. For some business this may mean
building a new system from scratch. But for many companies, the business process has include
legacy systems i.e linking all business process to electronic commerce, therefore requires

32
products such as interface between web servers and database, and back-end (called gateways) to
financial processing systems, including banks and credit card acquirers.

Business looking to setup a system for electronic business have three approaches they can follow
i.e use a web server with a toolkit to build their own system or buy a packaged system, or
outsource the project to an E-commerce service provider.

Tool kits can range from very basic kits for implementing the important protocols (such as Jerisa
systems kit go for SSL and SET or RSA’s S/PAT for SET) to add on that work with your server
to handle credit card processing appropriate protocols must be utilized. Many software are in
place that may work with the required protocols for example sun Microsystems has introduced
its Java E-commerce framework (JECT) a series of java libraries that include wallet and security
options to help java programmers handle e-payments.

Tool kits require a lot of development time, but they allow you to customize your code in order
to integrate it with existing legacy systems.

The disadvantage with tool kit that you will have a large development project a head of you.
You will not only have to write one software to handle payment negotiations and transactions,
but you will have to design your web site and integrate its information with your corporate
systems such as customer databases and inventories.

RSA= Public key encryption algorithm, named after Rivest, Shamin, and Adelman.

Another alternative is to buy packaged system, which is ready for use, in E-commerce. The
unfortunate part of it is that very few web commerce or merchant server packages currently
avoidable commerce or server programs support web storefronts, catalogs, and order processing
not all packaged system include links for financial networks, but as time passes more packages to
come will include such links, either by offering their own systems or by joining/attaching to
companies such as verifone and Cyber cash, the leading vendors of web-based wallets and
gateways to banks.

If the idea of setting up and maintaining your own commerce site, including links to banks, does
not appeal to you, you can outsource the job to an E-commerce service provider. A few Internet
service providers (IPSs) including AT&T, MC1, best Internet communications and BSN planet,
offer web hosting services that include the processing of commercial transactions. This is an
ideal solution for small companies that cannot spare the resources for their own commerce
server.

Additions to a web in implementing E-business

Although a web page is good start for conducting business on the internet, it is not the final
solution. If a business is planning to incorporate Internet –base access to legacy data and
integrate it with business practices, such as work flow or order fulfillment running on Internal
networks, they will have to consider more than setting a web server. With CGI scripts to handle
database access and distribution of data on Internet.

The HTTP-CGI approach to link web servers and database does not provide the level of high
performance that is often associated with other client server systems for handling transactions.
CGI script lacks the horse power to process hundreds of simultaneous requests in real time so
launching QCGI scripts to handle multiple clients requests is not only slow but an inefficient use
33
of server resources too. The statements connections provided by HTTP do not allow an
application to maintain a connection and maintaining a connection would be the only way to
ensure that a transaction such as updating a client’s purchase order is fully completed

If you are planning a heavy duty banking or E-commercial site that has to handle hundreds of
simultaneous user requests and you want to ensure that each transaction is completed, you
should consider transaction processing software that uses the web for the initial consumer,
connection and the switches to faster protocols to handle the actual transactions. Transaction
processing software, particularly the type called middleware is very useful if you have to tie the
data coming over the internet with series of legacy database within your corporation.
Middleware include XTML, BEA systems, TUXEDO Active web. e.t.c.

Security and E-Business

Security is important in financial system, whether they are based on physical or electronic
transactions. In real world we on physical security, while in the world of E-Commerce
additional dependence on electronic means for protecting data communications and transactions
is put in place. When working in the world of networked computer, there is a lot of different
types threats to security of your systems some of the threats with their solution are list below.

Threat Security Function Technology

Solution

Data intercept, read Encryption Encode data to Symmetric

or modified illicitly prevent tempering encryption
Asymmetric
encryption

Users misrepresent Authentication Verifies the ids of Digital signature

their Identity to both sender and
fraud receiver

Unauthorized user Firewall Fitters and presents Firewalls virtual

on one net work certain traffic from private nets
gains access to entering the network
another server

While streets of confidentiality integrity authentication authorization can be solved

electronically, the assurance and privacy threats depend much on individuals and organizations
acting responsibly when executing their business roles. Two would include their adherence
(abidance) to laws that protect customers and organization against frauds.

The process of Encryption

Encryption or encrypting information to prevent it from being read by unauthorized parties has
been the main use of cryptography since its early beginning for instance the army use audio
cryptography in its communication on radio calls, Julius Caesar used alphabetical codes when
communicating with his field commanders.

34
 For encryption to work properly, both the sender and receiver have to know what set of rules
(called Cipher) was used to transform the original information into its coded form (called the
Cipher text).

A simple cipher might be to add or subtract an arbitrary number of factors to the wanted factors
e.g. 49800 may be written as 61022 (+2) or John can be written as KPIO (+1) as long as the
receiving party knows what the sender did to the message, the receiving party can reverse the
process by add or subtracting.

Encrypting is based on two components: i.e an algorism and a key. A cryptographic algorism is a
mathematical function that combines plain text or other intelligible information with a string of
digits, called a key, to product unintelligible cipher text.

Although some special encryption algorithms that don’t use a key to exist, algorithms using keys
are particularly important. Basing encryption on a key based algorithm offers two important
advantages.

 Encrypted algorithms are difficult to devise, it is not desirable to come up with a

new algorithm each time you want to communicate privately with anew
correspondent. By using a key you can use the same algorithm to communicate
with many people, all you have to do is to use different key for each
correspondent

 If some one crack your encrypted messages, all you have to do is to switch to a
new key to start encrypting messages all over again. You don’t have to switch to
a new algorithm, unless the algorithm and the key proved to be insecure.

The number of possible keys each algorithm can support depends on the number of bits in the
key. E.g an 8-bit key allows for only 256 possible numerical combinations each of which is also
called a key (2 ) the grater the number of possible keys, the more difficult it is to crack an
encrypted message.

The security of an encryption algorithm correlates with the length of its key. Because knowing
that a key is n bits long only gives an idea of how much time you would have to spend to break
the code.

Symmetric Encryption
This is the oldest form of cryptography where both the sender and the recipient possess the same
key, which means that both parties can encrypt and decrypt data with the key. Symmetric
encryption presents some drawbacks i.e

 Both parties must agree upon a shared secret key

 If you have n correspondents then you have to maintain or keep track of n secret
keys, one for each of the correspondence.

 If one is used for more than one correspondent, then they will be able to read
others messages.

35
  Symmetric encryption also have a problem with authenticity because the identity
of a message’s originator or recipient cannot be proved since both the sender and
receiver possess the same key.
To solve the problem of symmetric encryption, a public key cryptography which make use of
asymmetric encryption algorithm is employed.

Asymmetric encryption (Public-key cryptography) public key cryptography is based on the

concept of a key pair each half of the pair (one key) can encrypt information that only the other
half (other key) can decrypt.
One part of the key, the private key is known only by the designated owner, the other part, the
public key is published widely but still associated with the owner. Key pairs have a unique
feature i.e. data encrypted with one key can be decrypted only with other key in the pair. In other
words it makes no difference if you use the private key or public key to encrypt a message, the
recipient can use the other key to decrypt it.

The key can be used in two different ways i.e to provide message confidentiality and to prove
authentication of a message generator.

 In order to provide a message confidentiality, the sender uses the recipient’s

public key to encrypt a message so that it will remain confidential until decoded
by the recipient with the private key.
 In order to use the key for authentication, the sender encrypts a message using the
private key, a key to which on the sender has access.
 For example in order to create confidential message, X would first acquire Y’s
public key, then X uses his public key to encrypt the message, and sends it to Y
since the message was encrypted by Y’s public key. Only some one with Y’s
private key (and presumably only Y has it) can decrypt the message.

Any one with a copy of your public key can read a message that has been encrypted with your
private key, intercepted messages can be decrypted.

In commercial transactions, standard procedures are for one buyer to encrypt messages with his
private key, while acknowledgement from seller would use the seller’s public key meaning that

36
anyone who knows the seller’s public key can read it. Other steps must be taken to ensure the
privacy of sensitive information sent from the seller.

Although encrypting a message with public key isn’t very different from using secret key
encryption, public key system offer some advantages.:
 The public key of your pair can be distributed on a server without fear that this
compromises your use of private key. You don’t need to send a copy of your
public key, to all your respondents, they can get it from a key server maintained
by your company or by a server provider.

 Another advantage of public key cryptography is that it allows you to

authenticate a messages originator. The basic idea is only a person who can
encrypt some thing with your private key is any one using your public, so he can
be sure that the message is from you. Thus your use of a private key on an
electronic document is similar to your signing a paper document. But note that ,
while the recipient can then be certain that the message come from you, there is
no grantee that no body else had read it as well.
MAINTAINING MESSGE CONFIDENTIALITY WITH THE PUBLIC KEY
Comparison of encryption method
No one encryption method system is ideal for all situations, the application of one
method depend on circumstances considering advantage and disadvantage.

The table below shows advantages and disadvantages of each type of encryption

Encryption method, Advantages Disadvantages

symmetric Last Both keys are the same
Can be easily Difficult to distribute
Implemented Keys not support digital
signature

37
 Public Key Uses two different keys Slow and encryptionally
Relatively easy and intensive
distribute key
Provide integrity through
digital signature

Managing E-Business Security Challenges

Introduction

As e-business matures, companies require enterprise-scalable functionality for their

corporate Internet and intranet environments. To support the expansion of their
computing boundaries, businesses have embraced Web application servers. Successful
companies recognize that their security infrastructures need to address the e-business
challenge. They are aware of the types of attacks that malevolent entities can launch
against their servers and can plan appropriate defenses.

Security Concerns

Enterprise security requires authentication to identify a principal user based on the

enterprise user registry, authorization to enforce the enterprise security policies,
encryption to keep information confidential, and pliable management of information. In
the Java environment, these technologies manifest themselves through the J2SE
security architecture, Java Authentication and Authorization Service (JAAS), Java
Cryptography Architecture (JCA), Java Cryptography Extension (JCE), Java Secure
Socket Extension (JSSE), Public-Key Cryptography Standards (PKCS), and support for
the Public Key Infrastructure (PKI).

Security considerations

Within the WAS environment, the security server is the primary user of JCA to validate
signatures on transactions and certificates. However, all primary and secondary objects
within the WAS environment can exploit the capabilities of JCA and JCE. For example,
an EJB object could sign data using a JCA Signature instance or encrypt data using a
JCE Cipher instance. The JSSE and PKCS sections demonstrate how JCA and JCE
functionality can be combined to create more complex technologies. JCA plays a
fundamental role to any Java application that implements public key security. Export
control restrictions by the United States Commerce Department currently prohibit such
a cryptography framework from being exported outside the United States or Canada,
unless appropriate mechanisms have been implemented in the framework that allow the
framework to control the type of encryption algorithms and their cryptographic strength
available to applications. The lack of exportability has significantly affected the usability
and deployment of JCE.

38
Exportability has been accorded to the new version, JCE version 1.2.1, in which JCE, not
its CSPs, enforces export restrictions. IBM’s distribution of J2SE contains an
implementation of JCE with a suite of commonly used cryptographic functions Java
Secure Socket Extension. Through the cryptographic APIs provided in J2SE and in the
standard JCE package, developers can invoke cryptographic functions from within Java
code. However, most developers and application designers would prefer to use ready-
built cryptographic protocols, rather than having to create them from the basic
elements of encryption and digital signatures.

Secure sockets layer (SSL) is the most widely used protocol for implementing encrypted
channels over the Web. Almost all e-business Web sites use SSL to ensure that their
own or their clients’ personal information, such as a credit card number, can flow
securely over the unsecured Internet.

What is SSL? SSL is a standard protocol proposed by Netscape Communications

Corporation for enabling secure transmission on the Web. The primary goal of the SSL
protocol is to provide privacy and integrity between two communicating parties. As the
name suggests, SSL provides a secure form of the standard TCP/IP (Transmission
Control Protocol/Internet Protocol) sockets protocol. In fact, SSL is not a drop-in
replacement because the application has to specify additional cryptographic information.
Nonetheless, it is not a large step for an application that uses regular sockets to convert
to SSL. Although the most common implementation of SSL is for HTTP, several other
application protocols have also been adapted.

SSL has two security aims:

1. To authenticate the server and the client using public key signatures and digital
certificates as required
2. To provide an encrypted connection for the client and server to exchange messages
securely

The SSL connection is private and reliable, using encryption after an initial handshake to
define a secret key. The SSL connection also maintains message integrity checks. Note
that in SSL, symmetric cryptography is used for data encryption, while asymmetric or
public key cryptography is used to authenticate the identities of the communicating
parties and encrypt the shared encryption key when an SSL session is established. This
way, the shared encryption key can be exchanged in a secure manner, and client and
server can be sure that only they know the shared secret key. In addition, the client
and server have the advantage of encrypting and decrypting the communication flow
with a single encryption key, which is much faster than using asymmetric encryption. In
this way, SSL is able to provide:

Privacy. The connection is made private by encrypting the data to be exchanged

between the client and the server. In other words, only they can decrypt and make
sense of the data. This allows for secure transfer of private information such as credit
card numbers, passwords, secret contracts, and the like.
Data integrity. The SSL connection is reliable. The message transport includes a
message integrity check based on a secure hash function. There is practically no
possibility of data corruption without detection.
39
Authentication. Optionally, the client can authenticate the server and an
authenticated server can authenticate the client. This means that, when authentication
is required, the information is guaranteed to be exchanged only between the intended
parties. The authentication mechanism is based on the exchange of digital certificates.
Nonrepudiation. Digital signatures and certificates together imply nonrepudiation.
This establishes accountability of information about a particular event or action to its
originating entity, and the communications between the parties can be proved later.

The SSL protocol can use different digital signature algorithms for authenticating the
communicating parties. SSL provides various key exchange mechanisms that allow the
sharing of secret keys used to encrypt the communicated data. Furthermore, SSL can
make use of a variety of algorithms for encryption and hashing. SSL cipher suites
describe the cryptographic options defined by SSL and whether or not the cipher
strength can be exported outside the United States or imported to other countries.

THE NEEDS OF E-BUSINESS SECURITY

The new millennium brought with it new possibilities in terms of information access and
availability, simultaneously introducing new challenges in protecting sensitive
information from some eyes while making it available to others. The Internet allows
businesses to use information more effectively, by allowing customers, suppliers,
employees, and partners to get access to the business information they need, when
they need it. These Internet-enabled services all translate to reduced cost: there are
less overhead, greater economies of scale, and increased efficiency. E-business'
greatest promise is more timely, more valuable information accessible to more people,
at reduced cost of information access.
With the changes in business operations as a result of the Internet era, security
concerns move from computer labs to the front page of newspapers. The promise of e-
business is offset by the security challenges associated with the disintermediation of
data access. One security challenge results from -, cutting out the middleman," that too
often cuts out the information security the middleman provides. Another is the
expansion of the user community from a small group of known, vetted users accessing
data from the intranet, to thousands of users accessing data from the Internet.
Application service providers (ASP) and exchanges offer especially stringent - and
sometimes contradictory requirements of per user and per customer security, while
allowing secure data sharing among communities of interest.

E-business depends on providing customers, partners, and employees with access to

information, in a way that is controlled and secure. Technology must provide security to
meet the challenges encountered bye-businesses. Virtually all software and hardware
vendors claim to build secure products, but what assurance does an e-business have of
a product's security? E-businesses want a clear answer to the conflicting security claims
they hear from vendors. How can you be confident about the security built into a
product? Independent security evaluations against internationally-established security
criteria provide assurance of vendors' security claims.

40
While putting business systems on the Internet offers potentially unlimited opportunities
for increasing efficiency and reducing cost, it also offers potentially unlimited risk. The
Internet provides much greater access to data, and to more valuable data, not only to
legitimate users, but also to hackers, disgruntled employees, criminals, and corporate
spies.

Increased Data Access

One of the chief e-business benefits of the Internet is disintermediation." The
intermediate information processing steps that employees typically perform in "brick
and mortar" businesses, such as typing in an order received over the phone or by mail,
are removed from the e-business process. Users who are not employees and are thus
outside the traditional corporate boundary: including customers, suppliers and partners,
can have direct and immediate online access to business information which pel1ains to
them.

In a traditional office environment, any access to sensitive business information is

through employees. Although employees are not always reliable, at least they are
known, their access to sensitive data is limited by their job function, and access is
enforced by physical and procedural controls. Employees who pass sensitive information
outside the company contrary to policy may be subject to disciplinary action; the threat
of punishment thus helps prevent unauthorized access.
Making business information accessible via the Internet vastly increases the number of
users who may be able to access that information. When business is moved to the
Internet, the environment is drastically changed. Companies may know little or nothing
about the users (including, in many cases, employees) who are accessing their systems.
Even if they know who their users are, it may be very difficult for companies to deter
users from accessing information contrary to company policy. It is therefore important
that companies manage access to sensitive information, and prevent unauthorized
access to that information before it occurs.

Much More Valuable Data

E-Business relies not only on making business information accessible outside the
traditional company, it also depends on making the best, most up-to-date information
available to users when they need it. For example, companies can streamline their
operations and reduce overhead by allowing suppliers to have direct access to
consolidated order information. This allows companies to reduce inventory by obtaining
exactly what they need from suppliers when they need it.

Streamlining information flow through the business system allows users to obtain better
information from the system. Now, businesses that allow other businesses and
consumers to submit and receive information directly through the Internet can expect
to get more timely, accurate, and valuable information, at less expense than if
traditional data channels were used.

Formerly, when information was entered into a business system, it was often
compartmentalized. Information maintained by each internal department, such as sales,
manufacturing, distribution, and finance, was kept separate, and was often processed
41
by physically separate and incompatible databases and applications so-called" islands of
information." Companies have found that linking island of information and consolidating
them where possible, allows users to obtain better information, and to get more benefit
from that information, which thus mak7s the information more valuable.

Improving the value of data available to legitimate users generally improves its value to
intruders as well, increasing the potential rewards to be gained from unauthorized
access to that data, and the potential damage that can be done to the business if the
data were corrupted. In other words, the more effective an e-business system is, the
greater the need to protect it against unauthorized access.

Scalability with Large User Communities

The sheer size of the user communities which can access business systems via the
Internet not only increases the risk to those systems, it also constrains the solutions
which can be deployed to address that risk. The Internet creates challenges in terms of
scalability of security mechanisms, management of those mechanisms, and the need to
make them standard and interoperable.

Security mechanisms for Internet-enabled systems must support much larger

communities of users than systems that are not Internet-enabled. Whereas the largest
traditional enterprise systems typically supported thousands of users, many Internet-
enabled systems have millions of users.

Manageability
Traditional mechanisms for identifying users and managing their access, such as
granting each user an account and password on each system he accesses, may not be
practical in an Internet environment. It rapidly becomes too difficult and expensive for
system administrators to manage separate accounts for each user on every system.

Interoperability
Unlike traditional enterprise systems, where a company owns and controls all
components of the system, Internet-enabled e-business systems must exchange data
with systems owned and controlled by others: customers, suppliers, partners, etc.
Security mechanisms deployed in e-business systems must therefore be standards
based, flexible, and interoperable, to ensure that they work with others' systems. They
must support browsers, and work in multi-tier architectures with one or more middle
tiers such as web servers and applications servers.

Hosted Systems and Exchanges

The principal security challenge of hosting is keeping data from different hosted user
communities separate. The simplest way of doing this is to create physically separate
systems for each hosted community. The disadvantage of this approach is that it
requires a separate computer, with separately installed, managed, and configured
software, for each hosted user community, providing little economies of scale to a
hosting company. Mechanisms that allow multiple different user communities to share a
single hardware and software instance, keep data for different user communities
separate, and allow a single administrative interface for the hosting provider, can
greatly reduce costs for the hosting service provider.
42
Exchanges have requirements for both data separation and data sharing. For example,
an exchange may ensure that a supplier's bid remains un-viewable by other suppliers,
yet allow all bids to be evaluated by the entity requesting the bid. Furthermore,
exchanges may also support "communities of interest" in which groups of organizations
can share data selectively, or work together to provide a joint bid, for example.

Assurance
E-businesses need some form of assurance of the security provided in the technology
products they purchase. For such assurance, there are international standards used to
validate vendors' security claims against established criteria in formal evaluations.

Security evaluations are carried out by independent, licensed and accredited

organizations. The evaluation process, from inception to certificate, often lasts up to a
full year (and sometimes longer). Vendors who have undergone evaluations of their
products learn to improve upon their development, testing and shipping processes as a
result of completing the demanding process.
Security evaluations are perhaps the most effective way to quality a vendor's assertions
about its security implementations. Is a product that has not completed such
evaluations secure enough to run an e-business? Is it secure enough to protect an
organization's most sensitive data? E-businesses demand that the software and
hardware vendors they select ship certified, provably-secure products. Assurance
afforded by independent security evaluations lets businesses be assured of the products
they purchase and deploy.

SUMMARY

E-business depends on providing customers, partners, and employees with access to

information, in a way that is controlled and secure. Managing e-business security is a
multifaceted challenge and requires the coordination of business policy and practice
with appropriate technology. In addition to deploying standards bases, flexible and
interoperable systems, the technology must provide assurance of the security provided
in the products.
As technology matures and secure e-business systems are deployed, companies will be
better positioned to manage the risks associated with disintermediation of data access.
Through this process businesses will enhance their competitive edge while also working
to protect critical business infrastructures from malefactors like hackers, disgruntled
employees, criminals and corporate spies.

43
E-business as a backbone of E-Procurement

The next generation of business has arrived. It is called e-business. E-business is about
using Internet technologies to transform key business processes. It is about
strengthening relationships with stakeholders, capitalizing on new business
opportunities and increasing efficiency to become more profitable. An e-business
connects critical business systems directly to customers, employees, suppliers, and
distributors via the Web to improve time to market, access a broader base of customers
and suppliers, improve efficiency, and reduce costs. In Simple terms, e-business
constitutes the ability of a firm to electronically connect, in multiple ways, many
organizations, both internal and external, for many different purposes. It allows an
organization to execute electronic transactions with any individual entity along the value
chain—suppliers, logistics providers, wholesalers, distributors, service providers, and
end customers. Increasingly, e-business allows an organization to establish real-time
connections simultaneously among numerous entities for some specific purpose, such
as optimizing the flow of physical items (raw materials, components, finished products)
through the supply chain.

Today, people are not asking why they should do e-business. They are asking how to
capture the advantages the Internet brings without abandoning their existing
investments in systems and data. People want insight into what works and what does
not. They want to learn from the experiences of others.

The e-business cycle

One thing that is become increasingly clear over the last three years is that e-business
is more than a technology discussion. The move to e-business requires a clear vision of
what needs to be done and an equally clear picture of how to make that vision a reality.
We have captured the process that companies go through to develop their vision of
what and how in something we call the e-business cycle. The cycle is made up of four
stages: transform, build, run and leverage. There is no hierarchy to this cycle; you can
start anywhere at any time. Your company can be active in one or several stages
simultaneously.

Transform
At the heart of the e-business cycle lies the ability to transform core business processes
by leveraging the reach and pervasiveness of the Internet. But business transformation
44
can never be taken lightly, and many organizations struggle with where to start and
which processes bring the best return on investment. We have found that for most
organizations the key to success lies in making your e-business priorities the same as
your business priorities. For instance, if your business priority is to improve customer
retention rates through better customer service, start by giving your customers instant
access to information on your Web site rather than making them call your toll-free
number. If your business priority is reducing response time and inventory handling
costs, then enable key suppliers to check inventory levels and ship replenishments as
necessary. Of course, if your business priority is extending your reach and capturing
new customers in new markets, then enable your Web site to support e-commerce
transactions so customers from around the world can shop and purchase 24 hours a
day, 7 days a week, 365 days a year

Build
When you begin the transition to e-business, it pays to move quickly. You will find that
the fastest and most risk-free way to begin the transformation process is simply to
extend and modernize existing applications you have been using to run your business
for years. A couple of ideas. If you are just starting, consider Web enabling your
existing applications so people can view information online with a browser. For
example, you can allow your employees to view job postings or customers to look at
their account balances. The next step is to promote more interactive Web self-service:
allow employees to change their benefits or add new ones, or clients to perform secure
transactions, transfer funds, open a new account or pay off a loan. Even when you take
the next step and start adding new capabilities such as an electronic catalog, the most
cost-effective approach is to integrate that new commerce application with your existing
inventory management and customer information systems. When building your e-
business applications, consider these development resource issues:
 Application reuse
 Application complexity
 Current developer skills.
Also consider evolving your applications to grow with your business:
 Degree of interaction between people
 Integration with existing applications or with other systems.

Run
A critical part of the e-business cycle is the environment in which these applications run.
As you move to deploy your e-business applications, consider all of the variables:
Information security, Application and systems manageability, Deployment flexibility,
creating a scalable, available and safe environment is the core of a successful e-
business. When deploying your applications, consider security and management issues:
 Level of asset protection
 Support for different types of clients
 How the applications will map to systems and data
 Level of application management.

Also consider scalability and availability issues:

 Total workload
 Transaction volume
45
  Small, departmental applications vs. mission-critical, e-business applications.

Leverage
Leverage the data you already have to create a greater understanding of your
customers. What do they buy, when and why do they buy? You already have the
information. It is a question of how you are using it. Another aspect of leverage is the
ability to capitalize on the experience and knowledge of individuals within your
organization. For instance, how to make a complex process work and how to roll out a
new product. To survive in the world of e-business, you need to leverage existing
knowledge and replicate best practices across the organization to improve innovation
and responsiveness.

E-business: Ready or not

Every day, thousands of customers move from using the Web for information to using
the Web to conduct business. And that makes the next step pretty clear. Either your
customers are doing e-business with you or they are thinking about doing it with one of
your competitors. But just because you have got a Web site just because you have got
some people that can write HTML does not mean you are ready for e-business. Over
the past few years, we have worked with enough customers to know that you can make
bad decisions. It is possible to make decisions that would not let you move as fast as
you need to continue going forward. It is possible to get locked into an environment
that would not let you provide the kind of reliable, available solution that is necessary to
protect the quality of the customer experience on your site. To help you create an
environment that is ready for e-business, here are some lessons that others have
already learned:

1) e-business solutions are created by connecting and integrating business

processes, information and people. E-business solutions reflect the style of
the Internet and the World Wide Web.
 They are built from existing assets.
 New functionality can be added quickly as long as it is based on standards.

The key to transforming any major process is to identify all of the sub processes that
are part of the solution; determining which must be automated, enhanced, integrated
and Web-enabled. When you have completed your process transformation road map
your organization can inventory its existing assets to detect which ones to update. You
can find the off-the-shelf applications you need to begin the process of integration,
refinement and customization.

2) e-business solutions continue to evolve over time.

 New devices can be supported on a plug-and-play basis.
 Information can be leveraged to continuously improve the user experience.

With the basic Web infrastructure in place, you are in control of your e-business growth.
The ability to evolve is a direct consequence of building solutions from a collection of
diverse components. You can move forward with simple implementations, knowing that
over time, your solutions can grow and change as needed.

46
3) e-business solutions must grow quickly in multiple dimensions.
 They must support legions of new users even if they appear overnight.
 They must handle an insatiable thirst for more and more content and
interactivity.

This is critical because the more successful an e-business solution, the more users it
attracts. In addition to the raw number of users, content on successful sites tends to
grow exponentially adding requirements for another dimension of processing power.
And looking into the future, the ability to grow will become even more important, given
the growth of digital media and the evolution of the Internet itself.

4) Finally, e-business solutions must work.

They must offer:
 Reliability that builds trust.
 Security that builds confidence.
 Manageability that ensures performance.

These solutions are, after all, the next generation of business. The industrial-strength
attributes associated with mission-critical IT applications (e.g. availability, security,
systems management, etc.) are increasingly important as e-business solutions become
the standard means of interaction with stakeholders n other words the face of the
business itself.

The application model matters

At the heart of an environment that is ready for e-business lies a new generation of
applications. And whether you buy these new applications or build them yourself, you
need to look for applications that differ from traditional client/server applications in six
key ways. Successful e-business applications are based on standards that span multiple
platforms. They are server-centric because you cannot control all the types of clients
you all want to access them over time. They extend existing applications. They are
scalable. They are easy to develop and use. And they are built to be managed. To get
applications with these characteristics, the application model you choose matters.

Client/server extended model

This model revolutionized the IT industry. Its strength was a tightly integrated client
and server environment that made new application development easier. But as
businesses extend this familiar model into the networked world, they are finding that its
strength is also its weakness. This model requires homogeneity. It favors a single client
type and requires simultaneous deployment of both the client and server. Additionally, it
has configuration dependencies and deployment options are limited.

47
The e-business application model

This model is the next generation of computing. Choose the e-business application
model for the heterogeneous world of e-business. The model was created to extend
your existing investments in applications, systems, data and skills. It adds the flexibility
and responsiveness missing from traditional client/server architectures. By using
multiplatform, multivendor standards, the e-business application model ensures that
application services and data can be anywhere, that applications can support all types
of clients and that the applications can be built independent of the deployment
platform.

The Application Framework for e-business

Developers have told us that they need more than a model to help them develop and
deploy their e-business applications. That is why we built the Application Framework for
e-business (the Framework). The Framework consists of:
 a set of industry standards and technologies,
 proven methodology and
 leadership products.

Industry standards and technologies

the Framework is based on multiplatform, multi-vendor standards like Javaª
technologies, CORBA and XML. It includes the client, application server, network, data
and infrastructure standards that make it possible for a client to access services and
data anywhere in the network. This model simplifies application development and
deployment. Developers can write an application on their platform of choice and deploy
it somewhere else without completely rewriting the application.

Proven methodology
Industry standards are just the beginning. Customers are building and buying mission-
critical applications and they need to know what works. Therefore, we are harvesting
our experience and turning it into methodology that our IBM services teams and
partners can use to help customers develop and deploy applications that will meet the
demands of their e-business environment. This ongoing process is focused in four
areas methodology for Business Analysis, Application Design, Application Development
and Application Deployment.

Leadership products
Although there are others in the industry whose products adhere to the standards and
philosophies of the Framework, IBM is fielding a battle-tested portfolio of software
which is the foundation for e-business applications.

48
Application server software
At the heart of our portfolio is a family of mature and secure, feature-rich and field
tested application and database serversÑthe product of years of experience helping our
customers develop and deploy mission-critical applications in a wide variety of
environments. Our cross-platform, distributed application servers for e-business
applications include:

Lotus¨ Dominoª The fastest way to support Web-based relationships and processes
based on messaging, workflow and collaboration.
 Rapidly develop and deploy collaborative applications
 Advanced capabilities for managing work and information flow
 Integration with database, ERP and transaction systems

IBM WebSphereª The fastest route from static Web pages to interactive, query- and
transaction-intensive e-business applications.
 Speed transition from publishing to Web-based transactions
 For transaction intensive environments
 Support for distributed business components

IBM DB2¨ Universal Database The truly scalable, multimedia-capable database with
built-in Web access the database that is ready for e-business.
 Best performing database for UNIX¨ and Windows¨ NT¨
 Handles multimedia as well as conventional data
 Optimized for Web applications
 Delivers enterprise class reliability and availability

IBM MQSeries¨ The information backbone for connecting applications across 35

operating systems, and counting.
 Connect applications
 Speed application deployment and integration
 Manage and integrate business process flow across more than 35 application
environments
IBM Net.Commerce The commerce engine of choice for online transactions combines
key IBM software, including DB2 Universal Database and IBM WebSphere, to provide a
solution for businesses that need to establish highly effective, high-end electronic
commerce sites.

Development tools and components

To complement our application servers, we are delivering a rich set of development
tools and reusable application components.

VisualAge¨ An industry-leading family of tools for developing applications that provide a

consistent development environment across all programming languages.
 Helps professional programmers extend existing applications and add new
functionality
 Visual programming environment
 Supports major languages, platforms and team development

49
Domino Designer The premier application to build collaborative Web sites.
 Customizable templates that speed deployment of collaborative applications
 Built-in services like workflow, content management and full-text search
 Visual development environment

Lotus eSuite and IBM SanFrancisco A Javabased collection of components and

frameworks that include hundreds of common business objects plus application-specific
components for core business processes.
 Reusable business components accelerate delivery of applications running on e-
business servers

Management Software
When you begin to transform your business, you need to think about security and
management. IBMÕs suite of security and management tools includes:
IBM SecureWay¨ This family of products simplifies the challenge of locating,
connecting and securing all the parties and resources involved in an e-business
transaction or interaction.

Locate
 Scalable, standards-based, cross-platform directory
 Directory integration across an extended enterprise

Connect
 Simplest solution for host integration
 Deliver Web applications on demand
 Mobile access

Secure
 Standards-based Public Key Infrastructure (PKI)
 Integrated security

Tivoliª systems management software Adds the ability to create the highly available,
highly manageable applications required in the world of e-business.

Manage
 Scalable, open, cross-platform
 Single-action management
 Easy deployment and maintenance
 Business system management

The engines of e-business

In the transaction-based world of e-business, the choice of servers is critical. PC servers
that routinely provide 99% availability will continue to provide an adequate environment
for application development and departmental deployment. But when you need to
support a large number of users, or you need maximum availability for the lowest cost,
scalable midrange servers may be the best choice. Midrange servers can give you
greater storage capacity, more powerful computing and close to 99.6% availability. If
you are running high-volume Web applications, you may want to consider using
50
enterprise servers. Enterprise servers offer a near-perfect degree of availability and
reliability 99.99% and they can handle applications that have a large number of
transactions. As evidence of this high performance, a recent International Technology
Group study reports that more than 2,300 companies used the mainframe as their Web
server at the end of 1998 and that 10,000 organizations will do so by 2000.

IBM offers a powerful family of servers for e-business, including:

Netfinity¨ These servers are establishing some of the most impressive numbers for
reliability and availability in the Windows NT environment.

RS/6000¨ IBM’s ultrascalable UNIX platform powers some of the most successful new e-
business sites.

AS/400¨ The AS/400 offers bulletproof security, broad scalability and 64-bit technology
all features that position it as a true engine of e-business.

S/390¨ Our latest S/390, the G5 Enterprise Server, provides business the closest thing
to continuous computing. As a company, IBM’s unique value proposition lies in a family
of software, servers, services and solutions that work together yet all are based on
multiplatform, multi-vendor standards. We have made this commitment to standards
because it positions us as the partner that can help you leverage your existing
applications, systems and skills investments to develop and deploy e-business
applications that meet the demands of today’s increasingly competitive, networked
world.

The E-Business Opportunity and Challenges

A secure e-business Website can provide businesses with powerful competitive
advantages, including increased online retail sales as well as streamlined application
processes for products such as insurance, mortgages, or credit cards. E-business credit
card sales can be especially lucrative: according to independent analysts, cash
transactions on the Internet will reach $9 billion in 2000, and $30 billion in 2005.

By offering products and services on the Web, businesses can gain unique benefits:
 New customers: Anyone with an Internet connection is a potential customer:
millions around the world are already using the Internet for business
transactions. Web storefronts are open 24 hours a day, and require no
investments in brick and mortar.
 Cost-effective delivery channel: Many products and services, such as
software or information, can be distributed directly to customers via the Web,
enhancing the customer experience and increasing profitability by eliminating the
shipping and overhead costs associated with order fulfillment.
 Streamlined enrollment: Paper-based enrollment workflows are fraught with
delays. Applications for insurance, a mortgage, or a credit card, for example, can
be held up in the mail. And once received, application information must be
entered into computer systems manually, a labor-intensive process that can
introduce errors. By accepting applications via a secure Website, businesses can
51
 speed application processing, reduce processing costs, and improve customer
service.
 Better marketing through better customer knowledge: Establishing a
storefront on the Web positions enterprises for one-to-one marketing — the
ability to customize products and services to individual customers rather than
large market segments. The Web facilitates one-to-one marketing by enabling
businesses to capture information about demographics, personal buying habits,
and preferences. By analyzing this information, enterprises can target
merchandise and promotions for maximum impact, tailor Web pages to specific
consumers, and conduct effective, tightly focused marketing campaigns.

The Risks and Challenges of E-Business

To succeed in the fiercely competitive e-business marketplace, businesses must become
fully aware of Internet security threats, take advantage of the technology that
overcomes them, and win customers' trust. Eighty-five percent of Web users surveyed
reported that a lack of security made them uncomfortable sending credit card numbers
over the Internet. The merchants who can win the confidence of these customers will
gain their loyalty — and an enormous opportunity for expanding market share.

In person-to-person transactions, security is based on physical cues. Consumers accept

the risks of using credit cards in places like department stores because they can see
and touch the merchandise and make judgments about the store. On the Internet,
without those physical cues, it is much more difficult to assess the safety of a business.
Also, serious security threats have emerged. By becoming aware of the risks of
Internet-based transactions, businesses can acquire technology solutions that overcome
those risks:
 Spoofing — The low cost of Web site creation and the ease of copying existing
pages makes it all too easy to create illegitimate sites that appear to be
published by established organizations. In fact, con artists have illegally obtained
credit card numbers by setting up professional-looking storefronts that mimic
legitimate businesses.
 Unauthorized disclosure — When transaction information is transmitted "in
the clear," hackers can intercept the transmissions to obtain customers' sensitive
information.
 Unauthorized action — A competitor or disgruntled customer can alter a Web
site so that it refuses service to potential clients or malfunctions.
 Eavesdropping — The private content of a transaction, if unprotected, can be
intercepted en route over the Internet.
 Data alteration — The content of a transaction can be not only intercepted,
but also altered en route, either maliciously or accidentally. User names, credit
card numbers, and dollar amounts sent "in the clear" are all vulnerable to such
alteration

52
Internet security systems
There are many different types of threats that can compromise the security of electronic
commerce. To construct these threats, a number of protocols and applications have been
developed using cryptographic techniques.

The Internet is known for its dependence on open standards. The support for open standards is
paired with the open exchange of information on the Internet, which many led to a thinking that
Internet and security are mutually exclusive terms. While Internet implemented less security in
the past than value added Networks, corporate nets, the efforts to provide a variety of security
mechanism to internet traffic has been moving a head in full gear. Internet has gained an access
of riches pertaining to security, with a variety of standard covering many levels of networking,
from packet level security.
It is a fact now that data involved in transaction is secured by using protocols, some of the
security standards for Internet and there functions are given in the table below.
Standard Function Application
Secured HTTP (S-HTTP) Secures web transactions browsers, internet
application
Secured sockets layer Secures data packets at the Browsers, web browsers
(SSL) network layer and Internet application
Secure MIME (S?MIME) Secures e-mail attachments e-mail packages with RSA
across multiple platforms encryption and digital
signature
Secure wide area nets Point to point encryption Virtual private networks
(S/WAN) between fire walls and
routes
Secured electronic Secure credit cards Smart cards, transaction,
transaction (SET) transaction servers, electronic
commerce

Security for web applications

The security for web applications revolves around two protocols i.e. secured HTT (S-HTTP) and
secured sockets layer (SSL) which provides authentication for server and browsers, as well as
confidentiality and data integrity for communications. In a web server and browser SHTTP is

53
specifically designed to support the hypertext transfer protocol (HTTP) providing for
authorization and security of documents.

SSL offer similar protection methods, but secures the communications channels by separating
banker in the network stack i.e between the applications layer and TCP/IP transport layer. SSL
can be used for transactions on web, but it does not handle security decisions based on
authentication at the application or document level. This means that you would have to use other
methods to control access to different file.

Security for e-mail (PEM, S/MIME, & PGP)

A variety of security protocols have been proposed for electronic mail on internet, but only one
or two have been widely applied. Privacy enhanced mail (PEM) is an internet standard for
securing email using either public keys or symmetric keys. PEM is declining in use because it is
nit designed to handle the newer multipart e mail supported by MIMI, authorities for using keys.
Secured MIMME (S\MIME) multimedia Internet mail extention) is a never proposed standards
that uses many cryptographic algorithms patented and licensed by RSA data security include
S/MIME depends on digital certificates and thus do depends on some kind of certificates
authority whether it be corporate or global to ensure authentication

. Another popular applications that was developed for securing messages and files is PGP
(pretty good privacy) It is probably the most widely –used security application for Internet e-mail
and uses a variety of encryption standards. PGP encryption/decryption applications are freely
available for all major o/s and messages can be encrypted before using our e-mail program, some
mail programs such as Endora Pro and FTP soft wares on NET, use special PGP plug-in modules
to handle encrypted mail. PGP was designed around the concept of web of trust which allowed
users to share their keys without requiring a hierarchy of certificate authorities.

Security for networks (fire wall)

When resources are connected on a corporate network to public network such as the Internet the
resource data and the computer system is at risk without a firewall, both the security of your
data, and the integrity of data it self is subject to attack. Like their counter parts in homes, at
other buildings, firewalls are meant to control damage, in this case, a data and computer system.
Fire walls can provide protection against attacks on individual protocols or applications, and can
54
be effective in protecting against spoofing (one pretending electronically as some one else) Fire
wall implements access controls based on the contents of the packets of data that are transmitted
between two parties of devices on the network.

Our major disadvantages of a firewall is that it provided a single point of control for security on a
network. Note that fire walls are not a cure for all Internet, so they don’t provide data integrity.
Also firewalls authenticate the source of data. However new protocols are being developed to
handle authentication and confidentiality of data packets on the Internet.

Consumer and business marketing

Consumer marketing in the Internet is a relatively new, but growing joining such a marketing,
one enjoys all risks and rewards accompanying new ventures. E.g. the marketing is limited to
people who have PCs and connected to internet, Dealers might have a broad understanding of
the customers they are trying to reach.

The success of any business in internet will depend on how effectively companies can define and
develop marketing scopes among Internet users. The Internet and web technologies offer
companies a greater opportunity to deal with customers on an individual and customized basis.

The consumer met. Is dominated by creating new relationships, new product, and new roles. As
companies use the Internet building business relationships, also intermediaries are able to assist
in information and maintenance of these relationships. So intermediaries will continue to be
formed on the Internet with business relations in mind.

One to One marketing

For any business to be successful, has to know the marketing environment. In case of Internet,
the consumer market is a bit new and undeveloped. Most users have been on the Internet for
only a year or two, and many retailers are experimenting with advertising and selling of goods
over the Internet.

Things to consider when planning E-business implementing 1-1 mail

Some of the things you should consider when planning to conduct business in any market are
associated with the consumer behaviours.

 Studying the demographics of potential customers you need to concern yourself

with the Internet’s unique ways for staying in touch with customers, and ensuring
their loyalty. The Internet probably has the greatest potential for dealing with
customers on a one to one basis hence maintaining a customer focus is important.

 The fundamental basis of one to one marketing and sales is that you need to
eliminate the one-size-fits all mentality and tailor your goods and services to the
individual’s needs. Creating custom relationships with each customer has also
55
 been referred to as relationship marketing, feedback marketing and mass
customization. What ever its name, this concept is a powerful strategy to gain
and keep customers.

 Although marketing makers have had carrying degrees of success with one to one
marketing using other media , the technologies integrated with the web and the
Internet make it easier and more automated than before. Web servers can create
customized web bags on demand, incorporating a customer’s preferences for
product information some of this information might come from user’s directly.
I.e. the web server can create customized web pages based on customer input and
information from your database.

 In real sense of E-business one to one relations are not simply restricted to
promotional of sales information alone. A web system should easily allow
customers to design and create custom bundles of products for themselves and
because customers are looking for solutions, rather than just products, customers
bandles are likely to be of more interest than individual pieces.

CUSTOMER DEMOGRAPHICS LOYALTY AND ACCEPTNCE

Once you get to know your customer base, and design ways to customize your approach for
potential buyers, you can begin to build customer loyalty and gain their acceptance.

Examining Demographics and implication to E-business marketing

Over the few years, various surveys have tried to determine the demographics of Internet users.
Three of the better known survey are the one conducted by Nielsen Media Research, O’Reilly
and Associates, and George Tech.

While the surveys don’t agree on no of Internet users, citing nos. between 12m and 50m by
1996, they do agree on certain general extensions of those users:
 The demographics is an alternative one, for money companies it is upscale
(increasing)
 Composed of a well-educated market.
 Medium age in the mid 20s and 30s.
 Users are median income with better college education.
 Although initial populations of users were predominantly male, the proportion of
female users has been using rapidly.

In addition to the usual demographic descriptors of the marketing, such as age, income,
geographic location, and education,. It is useful to categories Internet users recording to their
means of accessing the Internet. With access methods ranging from 144bps modems, integrated
services digital networks (ISNDN) and cable modems, to high-speed connections, you have to
give some considerations to the time it takes to get information to your customers, as well as the
type of monitor and computers they use to access your web site. For example down loading
large graphics or animation in a web page, over a slow modem, can take a very long time. Long
down loading time, and slow processing of web-based searches or orders will only lead to
frustration on part of your customer. It may convince then not to return to your site leading to
loss of sales.

56
Look first at the likely customer form the point of view of the technology they are using, because
this determines how they access the information and possibly the products provided. If these are
home- based customer, they may not have the latest fastest, or a fast way to connect to your net.
Majority of home-base computer users a fast as cable modem is 144 Kbs modem.

Future technologies such as cable modems, satellite access for Unexpected End of Formula,
and asymmetrical digital subscriber like (ADSL) will provide greater band width to home user,
not a significant proportion of the consumer marketing is expected to use those new technologies
any time soon.

The demographic analysis means that technically well designed web site with fast loading but,
formalized graphics, should be used to reach these customers, don’t use more graphics intensive
multimedia web add –ones, such as large Java applets, makes you feel that those technologies
must be used on your web site e.g presenting demos of games, or presenting dynamic data in
those cases try to keep their use to a minimum, and if possible make their use option.

Also don’t over look how Internet users exchange information. As popular as the web is for
providing information the number of people who use the e-mail is still larger than the number of
people who surf the internet. Keeping in touch with customer base via e-mail can be an
effective way to provide them with useful information. If you want them to visit your website,
include your URL (Uniform Resource Locators)in your e-mail

Building and maintaining loyalty

When dealing with physical products in our everyday trade, brand name and image are very
important influences on consumer buying habits. If you are not ready a brand name business
and consumers on Internet can switch services and find alternatives easily to retain and ensure
that you keep your customers base you need to do the following:
 Conditions and informative communication with your customers builds loyalty
customers, loyalty comes from continued Interactions between the customer and your
business. As long as you can provide information of value to your customers, they are
likely to treat you as a trusted partner.

 To maintain continued loyalty you have to offer products and services that customers
receive to be high value. This means that you should provide ready access to
information about your product and services, make them easy to select and acquire on the
internet, and charge the products and transaction process.

 Increase perceived value by decreasing transaction cost and increasing service. A

customer perceived value of a product is based on a combination of factors including
product features, services, transaction cost, risk, and maintenance cost over the life cycle
of the product, electronic technologies offers you the opportunity to increase the value of
your products by reducing transaction cost and increasing services

 Individualized attention will make customers reluctant to leave, because customers on the
internet can change vendor easily, your business must build an electronic relationship
that makes them reluctant to leave your business. E.g using web technologies with
database allows you to design your services to individual customers. The more you

57
 individualism your services, the more customers will feel that you are teaching them as
someone special.

 Monitor your customers browsing and buying habits on line to build your customers
profiles. Customers ca directly provide you with some of the information you need to
customize you with some of filling out a web form when they first risk your site you can
them monitor each customer’s browsing and buying history on your site , and
continuously use this information to refine the customized offerings you present to
them.

 Moving from one channel to another ca lead to loss of customers if you are dealing
solely with electronic goods and services, the Internet can be an ideal platform for
delivering those items. But if you are a retailer dealing with physical goods there is
danger of channel conflicts, leading to fewer total sales rather than more. This happen
when the company does not devote sufficient time and resources to maintain the two
channels. Disappointed customers who have not been loyal to the company using one
channel may not make the switch to the other sales channel.

Gaining Acceptance

A bell shaped curve called the technology adoption life cycle below have been used to
explain how business and users adopt new technology and products:
Conservatives
Pragmatists
Visionaries

Skeptics

At first, technical enthusiasts with in the company a product early on, simply because they love
technology and like to play with latest and greatest toys. Visionaries get involved early because
they are interested in revolutionalizing some aspects of their business to gain a competitive
advantage. Pragmatists want to use technology products to improve their productively in a non-
disruptive fashion while conservatives look to get by with safest, cheapest to technology they
find/ And then there are the skeptics who might never purchase your product. Customers fall
into some categories when it comes to embracing new technology and products. The acceptance
of new technologies, procedures and products may be connected with, age, education income
blackest or various other factors and you should take this willingness into account when
planning your venture into electronic business for example, many young people have grown up
with computers and there are more likely to use them for electronic banking and surfing the web
then adults in their 50s or 60s.

A new technology is more readily acceptable when it offers more convenience to the user than
the technology it is replacing. Consumers will use Internet for business when they see that it is
more a valuable way of doing things.
58
Ways of making internet more valuable
 Providing more information on your products on line

 Combining catalog searching and ordering into simple point-and –click operations using
a single application on the Internet, instead of requiring a faxed order, or calling toll-free
number, once they have found the product on line .

 Suggesting alternatives to out of stock items

 allowing the customer to track the status of their orders.

 Tracking customers purchases and catalog searches as to guide to bring new items to their
attention ot to mention related products.

 Don’t over whelm potential customers with complex systems. You should strive to
maintain simplicity in your systems. This included not only the technologies . You
employ on web and e-mail, but also the payment system used.

The Business market

The electronic business-to-business market is reported to be 100 times greater than the outline
consumer B to B use of the Internet, especially for commercial transactions, differ from the way
a consumer conducts business on the Internet. Business buyers are typically time constrained to
accomplish a job or task. Having little time to surf the internet to find what they want. On the
other hand consumers don’t shop with such a sense of urgency, and they can wander through the
Intenet looking at mere sources and choice.

When you are dealing with business consumers, you have to make it simple for them to search
your items and place an order. If they are repeat customers, for example, storing their billing,
payment, and shipping information on your server, and allowing them to secure that data when
they place more orders, make the order process more faster.

Consumers are more likely to make impulse purchases, show showing them different product
lines, or adding product information on web site, is less likely to keep them from shopping than
it would a business customer who knows exactly what they need to purchase.

Roles and marketing opportunities

On line communities and intermediaries can be used to initiate and strengthen relationships.
Two ways to build relationships that are important to e-business are in some ways unique to the
Internet.
 The first way is the online community, when a group of users Internet with each other
largely if not solely, via electronic means.

 Intermediaries and Integrators provide a second way of building business relationships,

by helping with buyers and sellers deal with one information and implementing large
numbers of possible interactions found on the Internet.

The roles of intermediaries

59
Intermediaries have long played a valuable economic role, even before the rise of Internet
commerce. Intermediaries v=can make markets, guide consumers, and provide technical
expertise. Intermediaries make a living by meeting critical economic functions:

Functions of Intermediaries
 The over come one sided information about products and parties in a transaction.
 They make markets by providing a place for buyers and sellers to meet.
 They often provide technical knowledge that would be too expensive for buyers or sellers
to have on hand.

N.R Being on intermediary or middleman does not automatically make them no partisan
(supporter) e.g. a real estate agents ate intermediaries, but they represent the best interests of the
buyer or seller.

Intermediaries can play crucial role in each of the business steps between buyers and sellers.
Their basic role are:
 support buyers in identifying their needs and in finding as appropriate seller.
 Provide an efficient means of exchanging information between both parties
 Execute the business transactions
 Assist the support after the sale

Types of Intermediaries

60