Professional Documents
Culture Documents
E Commerce Notes
E Commerce Notes
E Commerce Notes
SEMSTER: I
CONTACT: 0721597710
PRE-REQUISITE
BIT222 Web Systems and Technologies I
BIT226 Business Application Software
BIT312 Web Systems and Technologies II
COURSE OUTLINE
Week Activity Assessment
1 E-commerce
Categories
Comparison with traditional methods
Applications
On-line shopping
Business to business transactions
Page 1 of 139
Week Activity Assessment
Server infrastructure
Architecture
Web server
Commerce servers
Database servers
Transaction servers
Client considerations
o Hardware and software requirements.
4 Electronic Data Interchange (EDI)
Requirements
Standards
Internet
VAN based EDI
5 Intranet commerce
Benefits
Drawbacks
Applications.
6 CAT 1
7 Secure payment protocols
SET
DigiCash
CyberCash
Other protocols
The SET protocol
Securing electronic transactions.
8 Online payments
digital cash
electronic cheques
credit card systems
Business to business security
traditional EDI
EDI on the Internet.
Consumer payment protocol
Payment systems requirements.
Home banking
Banking and ecommerce
Implementation
Personal finance software
Using online services.
Page 2 of 139
Week Activity Assessment
Measuring web site success.
Business processes
Internet applications
EDI
hybrid EDI
interactive EDI
Business application tools.
10 Corporate finance
Intranets in financial management
HR strategy
Finance software market.
11 CAT 2
12 Case Study
13 Case Study
14 Revision
Mode of Delivery
Lectures, demonstration, Group/class discussions and practical exercise, case study
Assessment
CATs …………………………………………………………………………….. 30%
Final Semester examination ……...……………………………………………….. 70%
Core References
Chaudhury, A. & Jean-Pierre, K. (2002). e-Business and e-Commerce Infrastructure:
Technologies Supporting the e-Business Initiative, McGraw-Hill Inc.
Saloner, G.A., Spence, M. (2001). Creating and Capturing Value: Perspectives and Cases on
Electronic Commerce
Turban, Efraim, King& David (2008). Introduction to Electronic Commerce.
Other References
Strauss, Judy, Frost, Raymond, El-Ansary, & Adel(2008); E-Marketing
Electronic Material
International Journal of Information Technology and Computer Science (IJITCS) eISSN:
2074-9015 http://www.mecs-press.org/ijitcs/
International Journal of Information Technology and Management eISSN: 1741-5179
www.inderscience.com/ijitm
Approval
--------------------------------------------------------------- -------------
------
Lecturer/Instructor Date
Page 3 of 139
--------------------------------------------------------------- -------------
------
COD Information Technology Date
Introduction to E-Commerce
Modern electronic commerce typically uses the World Wide Web for at least one part of the
transaction's life cycle, although it may also use other technologies such as e-mail.
Mobile Commerce
The phrase mobile commerce was originally coined in 1997 by Kevin Duffey at the launch
of the Global Mobile Commerce Forum, to mean "the delivery of electronic commerce
capabilities directly into the consumer’s hand, anywhere, via wireless technology.
E-Business
This is the digital enablement of transactions and processes within a firm, involving
information systems under the control of the firm.
Page 4 of 139
century, the evolving Internet and other information technologies will shape the twenty-first
century.
Prior to the development of e-commerce, the process of marketing and selling goods was a
mass marketing and sales force-driven process. Consumers were viewed as passive targets of
advertising “campaigns” and branding blitzes intended to influence their long-term product
perceptions and immediate purchasing behaviour.
Selling was conducted in well-insulated “channels.”
Consumers were considered to be trapped by geographical and social boundaries, unable
to search widely for the best price and quality.
Information about prices, costs, and fees could be hidden from the consumer, creating
profitable “information asymmetries” for the selling firm.
o Information asymmetry refers to any disparity in relevant market information
among parties in a transaction.
It was so expensive to change national or regional prices in traditional retailing (what are
called menu costs) that “one national price” was the norm, and dynamic pricing to the
marketplace and changing prices in real time was unheard of.
E-commerce has challenged much of this traditional business thinking
Ubiquity
In traditional commerce, a marketplace is a physical place you visit in order to transact. For
example, television and radio typically motivate the consumer to go someplace to make a
purchase. E-commerce, in contrast, is characterized by its ubiquity: it is available just about
everywhere, at all times. It liberates the market from being restricted to a physical space and
makes it possible to shop from your desktop, at home, at work, or even from your car, using
mobile commerce. The result is called a marketspace - a marketplace extended beyond
traditional boundaries and removed from a temporal and geographic location.
The ubiquity of e-commerce lowers the cognitive energy required to transact in a market-
space. Cognitive energy refers to the mental effort required to complete a task. Humans
Page 5 of 139
generally seek to reduce cognitive energy outlays. When given a choice, humans will choose
the path requiring the least effort—the most convenient path.
Global Reach
E-commerce technology permits commercial transactions to cross cultural and national
boundaries far more conveniently and cost-effectively than is true in traditional commerce.
As a result, the potential market size for e-commerce merchants is roughly equal to the size
of the world’s online population. The total number of users or customers an e-commerce
business can obtain is a measure of its reach.
Universal Standards
One strikingly unusual feature of e-commerce technologies is that the technical standards of
the Internet, and therefore the technical standards for conducting e-commerce, are universal
standards; they are shared by all nations around the world. In contrast, most traditional
commerce technologies differ from one nation to the next. For instance, television and radio
standards differ around the world, as does cell telephone technology.
The universal technical standards of the Internet and e-commerce greatly lower market entry
costs; the cost merchants must pay just to bring their goods to market.
For consumers, universal standards reduce search costs; the effort required to find suitable
products.
By creating a single, one-world marketspace, where prices and product descriptions can be
inexpensively displayed for all to see, price discovery becomes simpler, faster, and more
accurate.
Users of the Internet, both businesses and individuals, experience network externalities;
benefits that arise because everyone uses the same technology. With e-commerce
technologies, it is possible for the first time in history to easily find many of the suppliers,
prices, and delivery terms of a specific product anywhere in the world, and to view them in a
coherent, comparative environment. Although this is not necessarily realistic today for all or
many products, it is a potential that will be exploited in the future.
Richness
Information richness refers to the complexity and content of a message. Traditional markets,
national sales forces, and small retail stores have great richness: they are able to provide
personal, face-to-face service using aural and visual cues when making a sale. The richness of
traditional markets makes them a powerful selling or commercial environment. Prior to the
development of the Web, there was a trade-off between richness and reach: the larger the
audience reached the less rich the message.
Page 6 of 139
Interactivity
Unlike any of the commercial technologies of the twentieth century, with the possible
exception of the telephone, e-commerce technologies allow for interactivity, meaning they
enable two-way communication between merchant and consumer.
Television, for instance, cannot ask viewers any questions or enter into conversations with
them, and it cannot request that customer information be entered into a form. In contrast, all
of these activities are possible on an e-commerce Web site.
Information Density
The Internet and the Web vastly increase information density; the total amount and quality
of information available to all market participants, consumers, and merchants alike. E-
commerce technologies reduce information collection, storage, processing, and
communication costs. At the same time, these technologies increase greatly the currency,
accuracy, and timeliness of information making information more useful and important than
ever. As a result, information becomes more plentiful, less expensive, and of higher quality.
Personalization/Customization
E-commerce technologies permit personalization: merchants can target their marketing
messages to specific individuals by adjusting the message to a person’s name, interests, and
past purchases.
The technology also permits customization - changing the delivered product or service based
on a user’s preferences or prior behaviour.
Given the interactive nature of e-commerce technology, much information about the
consumer can be gathered in the marketplace at the moment of purchase.
Page 7 of 139
With the increase in information density, a great deal of information about the consumer’s
past purchases and behaviour can be stored and used by online merchants. The result is a
level of personalization and customization unthinkable with existing commerce technologies.
In today's fast-paced world, in order to stay in contention and thrive in the business world, it
is very important to break-through these conventional rules and adapt the information
technology ways of doing business.
The main points of difference between traditional commerce and E-Commerce are as follows:
In E-commerce:
Everything is digital.
Less overhead costs
Elimination of the middleman (disintermediation)
Financial transactions on the internet can actually be more secure than in traditional retail
environments.
Speed.
Empowerment.
Personalization.
Page 8 of 139
Advantages of E-Commerce
E-commerce uses the technology of digital information processing and electronic
communications through internet in business transactions that helps in facilitating and
redefining the relationships between or among organizations, and between organizations and
individuals for value creation. Multiple benefits are provided by E-commerce to the
consumers in form of availability of goods at lower cost, wider choice and saves time.
Internet is treated as a functional and operational medium for consumers, business owners,
information seekers, and entrepreneurs. E-Commerce sales would rise in the years to come
with the increasing availability of broadband Internet services combined with new
applications.
1. Being able to conduct business 24 x 7: E-Commerce can operate all day every day.
Physical storefront does not need to be open for customers and suppliers for doing
business electronically.
2. Reduce cost to buyers: Electronically open market places will increase competition and
reduce buyers cost.
3. Reduced cost to the suppliers: The ability to access online databases of bid opportunities, to
submit bids electronically and to review awards online will reduce supplier's costs.
4. Create New markets: The ability to reach potential customers easily and cheaply will
create new markets.
5. Easy market entry: Market entry will be easier when geographic limits are no longer
relevant.
6. Increase in variety of goods: As the market will expand; the variety of goods available will
also expand. Wide variety of goods are available than ever before.
7. Reduce inventories: Electronically linking the demand for goods and services through just-
in-time inventory and integrated manufacturing techniques will allow companies to
maintain reduce inventories.
8. No Middlemen: There is a direct contact with customers in e-commerce through internet
without any intermediation. Companies can now focus more on specific customers by
adopting different one-to-one marketing strategy.
9. Improved and better customer service: Since there is a direct contact with the customers, it
is possible to solve their queries regarding price, quality, additional features of the
product, etc and thus resulting in a better improved customer service. Response time is
reduced more quickly between the seller and the buyer.
10. Teamwork: The output of the E-Commerce is the teamwork that helps organizations
work together. Email is one of the examples of how people collaborate to exchange
information and work on solutions. It has changed the way organizations interact with the
suppliers, vendors, and customers.
11. Information sharing with the customers: It is possible for the buyers to keep in touch
with the seller's site through the real time information and can make quick purchase
decisions. Knowledge of the customer is increased about the product and its varied
features. Thus web is a source of dissemination of information for its customers.
12. Customized products: On the basis of the demand from the customers for their
requirements about the product, it is possible to differentiate the product for them. There
are many websites that helps in reorganizing, revising or editing the digital products.
13. Swapping of goods and services: Swapping is to exchange or using a barter system for
goods and services on the websites between the business firms. Here one firm offers
something for a want of something from another firm for its services. The popular sites
performing these functions are webswap, ubarter, etc.(For example instead of accepting
Page 9 of 139
cash for a consultancy service from a firm, a person or another firm can buy products in
exchange from that firm).
14. Information sharing: It takes only few seconds to share information over the internet. A
firm can e-mail its customers about any new product and can solve their product related
queries and welcome suggestions. This is a major advantage overcoming the limitation of
traditional methods of doing business.
15. Global reach: Just by creating a web site and uploading it on the server, a firm is able to
reach millions of customer worldwide. E-commerce creates the whole world as a global
village from where anyone can buy anything at anytime from anywhere.
16. Advertising of goods and services: A business firm can easily promote its product on
the website by giving the complete required information over the internet. One of the
tools of E-Commerce is sales promotion from where not only the firm gains but also the
customers are benefited.
17. Higher profits: A very great amount of reduction in cost is measured in doing e-
commerce in terms of various kinds of commercial transactions i.e. no manual handling
of the transactions, paperless exchange, easy payments from customers, no transportation
except in the case of tangible products and higher profit margins from higher sales
volume. Also business over the internet attracts every customer from all over the world
and exposure in the new markets enhances the profits of the business firm.
18. E-Payment system: The electronic payment system on the internet is facilitated by
payment gateways (an intermediary) between the business firms and customers and
between business firms for assuring the payments from the customers. E-Payments are
made without any loss of time but security is to be insured when using this system
because customers are sending their personal detail related to credit card numbers.
19. Ensure secrecy: The various security measures that are in- built are used in e-commerce
transactions to prevent any unauthorized access to information on the internet. These are
encoding, encryption, passwords, etc.
20. Computer platform: Independent-Customers are not limited by existing hardware
systems. Computers have the ability to communicate via the internet, independent of
operating systems and hardware.
Benefits to Organization
E-commerce provides the following benefits to the organization:
1. Reduced cost on paper based information used for creating, processing, distributing,
storing and retrieving the information.
2. Reduced inventories and overhead cost.
3. Supply chain management with a view to provide the customers the right product at right
time, at right price and right place.
4. Reduced time lag between capital outlay and the receipt of goods and services.
5. A BPR (Business Process Re-engineering) project that involves rethinking of the
organizations business processes and functions in doing E-Commerce, increases the
productivity of sales people, knowledge and trained workers, provides integrated
department, increased flexibility improved business performance and more satisfied
customers by 100 percent.
6. E-commerce lowers telecommunication cost.
7. Access to international markets thereby increasing market share.
8. Other benefits include improved image, improves customer service, simplified and fast
processes, eliminating paper work, ease of networking, cost saving, etc.
9. E-Commerce minimizes Supply Chain inefficiencies, reduces inventories, reduces
delivery delays.
Page 10 of 139
10. Enables efficient e-procurement.
11. Low barriers to entry. Anyone can start up a company on the internet. Equal footing is
being given to the small organizations, with the large international firms.
Limitations of E-commerce
Huge cost is involved in E-commerce. Such as, advertising cost, high start-up cost that
may be related to hardware/software, setup cost, connection cost, maintenance and
enhancement cost of the website.
Lack of trust and key public infrastructure. A primary concern without which it is
difficult to sustain in e-market is e-security. It aims at preventing unauthorized access to
the data/information travelling on the internet. The protection needs to be taken- from the
hacker, viruses, data transfer and transaction risk, client and server risk. Internet provides
universal access but companies must protect their assets from accidental or malicious use.
Customer information needs to be protected from internal and external misuse.
High risk of buying unsatisfactory products.
In the late 1960s, electronic data interchange was used to reduce the amount of time and
effort inputting data such as invoices, purchase orders and bills. Since this type of
information often had a regular format, computer systems were designed to read these
documents electronically. Formats had to be agreed, and for many industries, such as
transport and shipping, which are global in nature, such a unified approach was important.
Businesses that engage in EDI are referred to as Trading Partners. The biggest users of e-
commerce were traditionally government agencies and large corporations. This was due to
the high cost of implementation.
Until the late 1990s, EDI meant the buying of expensive computer software and hardware,
and establishing of direct network connections with all trading partners. Although some
companies did offer value-added networks (VANs) as systems to conduct EDI, subscribing to
such VANs came at a high cost.
Page 11 of 139
started to see a decline. Thousands of businesses became obsolete as a lack of advertising
revenue meant they could not sustain their early promise.
The ‘dot-com’ bubble that burst at the end of the late 1990s has led to a revision of the
approaches to establishing e-commerce initiatives. Whilst the first wave of e-commerce was
dominated by US businesses and was primarily in English, it is now far more common to find
e-commerce shoppers interacting with websites in their own languages.
The key characteristics of the second wave of e-commerce can be understood to be based on
internationalisation and widening participation.
1. Many businesses have realised that the internet is a global marketplace and have begun to
provide global e-commerce presences. Businesses have begun to produce websites in
local languages which are customised to local markets in terms of the content they
provide.
2. Online businesses are now more often established with their own funds and capital. Great
effort and care is taken in devising revenue models and identifying appropriate revenue
streams. There is an emphasis not on who will supply us with revenue, but how are we
going to generate revenue.
Page 12 of 139
3. Businesses are willing to be flexible in terms of how revenue is generated, and believe
that reacting to current trends is the key to establishing a successful online presence.
4. There has been an explosion in the number of internet users worldwide, and it is fair to
say that most countries in the world now have internet access, if not always at the same
level of quality. However, many internet users worldwide now have access to broadband
connections, and these have meant that digital content such as video and music can be
sold and exchanged online.
5. There is a much greater emphasis on the use of customised email strategies. Businesses
now use email for formulating deep relationships with consumers and ensuring that
consumers are contacted in a timely manner.
6. Businesses today use a multitude of sophisticated advertising approaches that are
integrated with their e-business activities. They have developed new strategies for the sale
of distributed products with advertising attached.
Page 13 of 139
Categories of E-commerce
E-commerce types fall into various categories namely B2C, B2B, C2C
Business‐to‐Business (B2B)
This is the largest category of e-commerce. It involves companies conducting e-procurement,
supply chain management, network alliances, and negotiating purchase transactions over the
internet. In this case, both the buyer and the seller are business organizations. Unlike B2C e‐
commerce, it is buyer‐driven rather than seller‐driven. That means, a buyer submits a request
to the system and then respective sellers respond to the request.
Businesses use e-commerce to lower transaction costs of conducting business and to make
savings in terms of time and effort when conducting business.
Consumer‐to‐Consumer (C2C)
Consumer-to-consumer (C2C) e-commerce is concerned with the use of e-commerce by
individuals to trade and exchange information with other individuals. There has been a huge
growth in consumer-to-consumer auctions sites such as e-Bay and sites enabling consumers
to offer goods and services to other consumers on an individual basis.
With the advent of e‐commerce, on‐line auctions provide an effective means for supporting
C2C e‐commerce. For example, eBay (www.eBay.com) provides the world’s largest online
trading service by means of online auctions. Basically, a user places an item on the eBay Web
site for bidding. Other interested members then bid for it before the deadline. Where the
English auction system is used, the highest bid wins. By means of online auctions, they
participate in the buying and selling of a wide range of items, including books, stamps,
music, etc. In addition to auctions, eBay creates a virtual community for its users to “talk” at
the eBay Live Chat (a chat room) and to communicate with other users via the bulletin
boards.
Consumer‐to‐Business (C2B)
This is a new form of commerce in which a consumer specifies the requirements to a
business, which provides a product that meets these requirements. These requirements could
be as simple as an acceptable price, or could involve considerable customization of an
existing standard product, or creation of a new product. An example of this in the traditional
commerce setting is a “made to measure” tailor. The key distinction is related to who is
driving the specification of the product being purchased.
Page 14 of 139
collection system”. It allows consumers to “name the price” and hence it is consumer driven
not seller driven. Suppose you want to buy an air‐ticket. You can provide Priceline with your
travel requirements (e.g. how many tickets you want to buy, departure return date,
departure/arrival city, etc.), the desirable price, and your credit card number. Then Priceline
will try to find an airline that can meet your requirements. After finding a match, Priceline
will buy the ticket(s) for you with your credit card. As you can “name the price”, the deal is
final (i.e. no alteration is allowed). Besides air‐tickets, Priceline also handles the purchase of
many other products/services such as cars, hotel rooms, long‐distance calls and even
mortgage.
Business-to-Government e-commerce
Business-to-government (B2G) e-commerce is concerned with the need for business to sell
goods or services to governments or government agencies. Such activities include supplying
the army, police force, hospitals and schools with products and services. Furthermore,
businesses will often compete in an online environment for contracts to provide services to
the public on behalf of the government. Such services may include the collection of taxes,
and the supply of public services.
To date there have been very few successful commercial applications of P2P e-commerce
with the notable exception of illegal downloading of copyrighted music. Napster.com, which
was established to aid Internet users in finding and sharing online music files, was the most
well-known example of peer-to-peer e-commerce until it was put out of business in 2001 by a
series of negative court decisions. However, other file-sharing networks, such as Kazaa and
Grokster, quickly emerged to take Napster’s place. These networks have also been subjected
to legal challenge.
Application of e-commerce
Page 15 of 139
An online shop evokes the physical analogy of buying products or services at a bricks-and-
mortar retailer or shopping centre; the process is called business-to-consumer (B2C) online
shopping. In the case where a business buys from another business, the process is called
business-to-business (B2B) online shopping. The largest of these online retailing corporations
are Alibaba, Amazon.com, and eBay.
Business-to-business (B2B) transactions
This refers to a situation where one business makes a commercial transaction with another.
This typically occurs when:
A business is sourcing materials for their production process, e.g. a food manufacturer
purchasing salt
A business needs the services of another for operational reasons, e.g. a food manufacturer
employing an accountancy firm to audit their finances
A business re-sells goods and services produced by others, e.g. a retailer buying the end
product from the food manufacturer
Supply chain management has been defined as the "design, planning, execution, control, and
monitoring of supply chain activities with the objective of creating net value, building a
competitive infrastructure, leveraging worldwide logistics, synchronizing supply with
demand and measuring performance globally.
Page 16 of 139
Like other advertising media, online advertising frequently involves both a publisher, who
integrates advertisements into its online content, and an advertiser, who provides the
advertisements to be displayed on the publisher's content. Other potential participants include
advertising agencies who help generate and place the ad copy, on ad server which
technologically delivers the ad and tracks statistics, and advertising affiliates who do
independent promotional work for the advertiser.
Inventory management
This is a computer-based system for tracking inventory levels, orders, sales and deliveries. It
can also be used in the manufacturing industry to create a work order, bill of materials and
other production-related documents. Companies use inventory management software to avoid
product overstock and outages. It is a tool for organizing inventory data that before was
generally stored in hard-copy form or in spreadsheets. It is often associated with and is
similar to distribution software, as distributors that can compete with less cash tied up in
inventories have a distinct advantage over their competitors
The activities which most businesses engage in as they conduct commerce are called business
processes.
Page 17 of 139
It is clear today that some products are more suited to the internet than others. This is because
the merchandising skills related to these products transfer more easily to the web. Products
that are well suited are books, CDs, and DVDs, software which can be downloaded easily via
the web, and the sale and purchase of services such as tickets and travel services.
Business Processes
Business process refers to the use of e-commerce to tailor the internal activities of a business
in order to maximise their efficiency and effectiveness. Through the use of e-commerce,
businesses can fine-tune supply chains, provide advanced consumer relations management
systems, and reduce transaction costs.
Revenue Models
Revenue models are the various models used by web businesses today to generate revenue.
Such models include web catalogue, advertising-supported, advertising-subscription mixed,
and fee-based.
These approaches can work for both business-to-consumer (B2C) and business-to-business
(B2B) electronic commerce. Many companies create one website to handle both B2C and
B2B sales. Some businesses use the same revenue model for both types of sales, despite
creating separate sites (or separate pages within one site) for B2C and B2B e-commerce.
A useful way to think about electronic commerce implementations is to consider how they
can generate revenue. However, it is important to remember that not all electronic commerce
initiatives have the goal of providing revenue; some are undertaken to reduce costs or
improve customer service.
When a company of this type wishes to enter the e-commerce market, they transfer or
supplement their catalogue with an online version. When the catalogue model is expanded in
this way, it is often called the web catalogue revenue model.
One of the first academic organizations to make the transition to electronic distribution on the
web was the Association for Computer Machinery (ACM). The ACM Digital Library offers
subscriptions to electronic versions of its journals to its members and to library and
institutional subscribers. Academic publishing has always been a difficult business in which
to make a profit because the base of potential subscribers is so small. Even the most highly
regarded academic journals often have fewer than 2000 subscribers. To break even, academic
journals must often charge each subscriber hundreds or even thousands of dollars per year.
Page 18 of 139
Electronic publishing eliminates the high costs of paper, printing, and delivery, and makes
dissemination of research results more efficient and less expensive.
The overall success of online advertising has been hampered by two major problems.
1. First, no consensus has emerged on how to measure and charge for site visitor views. It
has been difficult for web advertisers to develop a standard for advertising charges
because interaction with the web can be measured in a multiple of complex ways.
Interaction with a website may be measured in terms of number of visitors, number of
unique visitors, number of click-throughs, and other attributes of visitor behaviour. In
addition to the number of visitors or page views, stickiness is a critical element in creating
a presence that attracts advertisers. If a website is sticky, people will spend more time on
it, visit it often and bookmark it (add it to their list of favourite websites).
2. As most successful advertising on the web is targeted at very specific groups, the second
problem is that very few websites have a sufficient number of visitors to interest large
advertisers. The set of characteristics that marketers use to group visitors is called
demographic information. This includes personal information such as address, age,
gender, income level, type of job held, hobbies and religion.
The removal of an intermediary, such as a human agent, from a value chain is called
disintermediation. The introduction of a new intermediary, such as a fee-for-transaction
website, into a value chain is called re-intermediation.
Page 19 of 139
Revenue Models in Transition
Success on the web depends upon being willing and able to change and develop business
structures as both technology and attitudes develop. Many companies have gone through
transitions in their revenue models as they learn how to do business successfully on the web.
As more people use the web to buy goods and services, and as the behaviour of those web
users changes, companies often find that they must change their revenue models to meet the
needs of those new and changing web users. Here are some examples:
After two years of offering free disk storage space, Xdrive found that it was unable to pay the
costs of providing the service with the advertising revenue it had been able to generate. It
switched to a subscription-supported model and began selling the service to business users as
well as individuals.
In January 2002, Northern Light decided that the advertising revenue it was earning from the
ads it sold on search results pages was insufficient to justify continuing to offer that service.
It stopped offering public access to its search engine and converted to a new revenue model
that was primarily subscription supported. Northern Light’s main revenue source in its new
model is from annual subscriptions sold to large corporate clients.
Page 20 of 139
Multiple Transitions
Encyclopaedia Britannica began its online expansion with two web-based offerings. The
Britannica Internet Guide was a free web navigation aid that classified and rated information-
laden websites. It featured reviews written by Britannica editors who also selected and
indexed the sites. The company’s other website, Encyclopædia Britannica Online, was
available for a subscription fee or as part of the Encyclopædia Britannica CD package.
Britannica used the free site to attract users to the paid subscription site.
The Britannica.com site then offered the full content of the print edition in searchable form,
plus access to the Merriam-Webster’s Collegiate Dictionary and the Britannica Book of the
Year. After two years of trying to generate a profit using this advertising-supported model,
Britannica faced declining advertising revenues. In 2001, Britannica returned to a mixed
model in which it offered free summaries of encyclopaedia articles and free access to the
Merriam-Webster’s Collegiate Dictionary on the web, with the full text of the encyclopaedia
available for a subscription fee.
Such a channel conflict can occur whenever sales activities on a company’s website interfere
with its existing sales outlets. The problem is also called cannibalisation because the
website’s sales consume sales that would be made in the company’s other sales channels.
Page 21 of 139
Business to Business Infrastructure
Business to businesses buyers factor response time into their purchasing choices because it is
a critical part of any competitive situation. This requires a good infrastructure. However,
creating a B2B e-Commerce infrastructure that can handle the demands in numerous fast-
paced industries is not easy, especially with ever-evolving technology.
Consider the relevance of B2B e-commerce infrastructure in the case of making a sale to a
customer. If you ask a vendor to supply you with a quote for a product or service, but they
take two weeks to get back to you, chances are you will have moved on and pursued another
opportunity with a competitor that got back to you much faster. On the other hand, if a seller
provides a good quote quickly, you’re far more likely to buy what they’re offering because
your business moves fast and therefore, your purchasing decisions should too.
That pressure to provide instant pricing for quicker sales cycles is causing considerable stress
on antiquated vendor pricing infrastructure. The tech stack at many companies isn’t built to
support the kind of real-time, digital selling environment that business must now operate in.
Many organisations are potentially losing ground, and increasingly face a need to update their
systems to deliver greater agility and keep pace in evolving industries.
The ability to deliver a personalised, accurate quote quickly has become a steadily more
important competitive advantage for businesses. It’s not just the price itself that buyers care
about; they’re also looking for a timely, agile quote that matches their fast-paced business
needs.
Electronic commerce needs a network infrastructure to transport the content; data, audio,
visual, text, animation and so on. This network infrastructure is provided by what is known as
the I-way or information super highway.
The information super highway may be defined as a high capacity, electronic pipeline to a
consumer or business premises that is capable of simultaneously supporting a large number
of E-commerce applications and providing interactive connectivity between users and
services and between users and other users.
I-way has emerged as the basic network infrastructure for all types of E-commerce activities
due to its capability to provide integrated voice, data and video services.
I-way has changed the way businesses advertise, market or sell their products and
services.
It has changed the relationships between business and customers, and between business
and their collaborators.
It has greatly affected the information sharing between various parts of the organisation
and has had a considerable impact on the individual productivity and efficiency.
Page 22 of 139
The entire network infrastructure is interconnected, and can be used for internal
communications, external communications or both.
Routers
A router is a device that forwards data packets along networks. A router is connected to at
least two networks, commonly two LANs or WANs or a LAN and its ISP's network. Routers
are located at gateways, the places where two or more networks connect
Wireless routers
A wireless router is a device that performs the functions of a router and also includes the
functions of a wireless access point. It is used to provide access to the Internet or a private
computer network.
Network Switches
Switch is a device in networks that filters and forwards packets between Local Area Network
(LAN) segments. In computer networking, hub is a small, simple, inexpensive device that
joins multiple computers together.
A network switch is a hardware device that channels incoming data from multiple input ports
to a specific output port that will take it toward its intended destination. It is a small device
that transfers data packets between multiple network devices such as computers, routers,
servers or other switches.
In a local area network (LAN) using Ethernet, a network switch determines where to send
each incoming message frame by looking at the physical device address (also known as the
Media Access Control address or MAC address). Switches maintain tables that match each
MAC address to the port which the MAC address is received.
A network switch operates on the network layer, called layer 2 of the OSI model.
Hub
A hub is the most basic networking device that connects multiple computers or other network
devices together. Unlike a network switch or router, a network hub has no routing tables or
intelligence on where to send information and broadcasts all network data across each
connection. Most hubs can detect basic network errors such as collisions, but having all
information broadcast to multiple ports can be a security risk and cause bottlenecks. In the
past, network hubs were popular because they were cheaper than a switch or router. Today,
switches do not cost much more than a hub and are a much better solution for any network.
Gateway
This is a node in a network that serves as an entrance to another net Web site. In homes, the
gateway is the ISP that connects the user and fire wall.
Bridge
If a router connects two different types of networks, then a bridge connects two subnetworks
as a part of the same network. You can think of two different labs or two different floors
connected by a bridge.
Page 23 of 139
Network Repeaters
Repeater is a powerful network device which is used to regenerate the signals, when they
travel over a longer distance, so that the strength of the signal remains the same. Repeaters
are used to establish Ethernet network. A repeater exists as the first layer of the OSI layer that
is physical layer. Repeaters are used for cables which cover the needs of the 100 meters long
cable. Repeaters are used to get signals from optical fibres, copper cables and coaxial cables.
The repeaters have been developed to perform more important uses such as to regenerate the
microwaves from a satellite; such repeaters are named as transponders. Hence repeaters are
capable of carrying electric as well as light signals.
Proxies
Proxies are devices that make requests on behalf of clients. Proxies monitor, filter and log
traffic on a corporate network.
Server
A server is a computer that provides data to other computers. It may serve data to systems on
a local area network (LAN) or a wide area network (WAN) over the Internet.
Many types of servers exist, including web servers, mail servers, and file servers. Each type
runs software specific to the purpose of the server. For example, a Web server may run
Apache HTTP Server or Microsoft IIS, which both provide access to websites over the
Internet. A mail server may run a program like Gmail, which provides SMTP services for
sending and receiving email. A file server might use the operating system's built-in file
sharing services to share files over a network.
Reverse Proxy
A reverse proxy is a server that sits in front of web servers and forwards client (e.g. web
browser) requests to those web servers. Reverse proxies are typically implemented to help
increase security, performance, and reliability. In order to better understand how a reverse
proxy works and the benefits it can provide, let’s first define what a proxy server is.
Proxy Server
A forward proxy, often called a proxy, proxy server, or web proxy, is a server that sits in
front of a group of client machines. When those computers make requests to sites and
services on the Internet, the proxy server intercepts those requests and then communicates
with web servers on behalf of those clients, like a middleman
For example, let’s name 3 computers involved in a typical forward proxy communication:
A: This is a user’s home computer
B: This is a forward proxy server
C: This is a website’s origin server (where the website data is stored)
Page 24 of 139
Why would anyone add this extra middleman to their Internet activity? There are a few
reasons one might want to use a forward proxy:
To avoid state or institutional browsing restrictions - Some governments, schools, and
other organizations use firewalls to give their users access to a limited version of the
Internet. A forward proxy can be used to get around these restrictions, as they let the user
connect to the proxy rather than directly to the sites they are visiting.
To block access to certain content - Conversely, proxies can also be set up to block a
group of users from accessing certain sites. For example, a school network might be
configured to connect to the web through a proxy which enables content filtering rules,
refusing to forward responses from Facebook and other social media sites.
To protect their identity online - In some cases, regular Internet users simply desire
increased anonymity online, but in other cases, Internet users live in places where the
government can impose serious consequences to political dissidents. Criticizing the
government in a web forum or on social media can lead to fines or imprisonment for these
users. If one of these dissidents uses a forward proxy to connect to a website where they
post politically sensitive comments, the IP address used to post the comments will be
harder to trace back to the dissident. Only the IP address of the proxy server will be
visible.
The difference between a forward and reverse proxy is understated but important. A
simplified way to sum it up would be to say that a forward proxy sits in front of a client and
ensures that no origin server ever communicates directly with that specific client. On the
other hand, a reverse proxy sits in front of an origin server and ensures that no client ever
communicates directly with that origin server.
Typically, all requests from D would go directly to F, and F would send responses directly to
D. With a reverse proxy, all requests from D will go directly to E, and E will send its requests
to and receive responses from F. E will then pass along the appropriate responses to D.
Page 25 of 139
Protection from attacks - With a reverse proxy in place, a web site or service never
needs to reveal the IP address of their origin server(s). This makes it much harder for
attackers to leverage a targeted attack against them, such as a DDoS attack. Instead the
attackers will only be able to target the reverse proxy, such as Cloudflare’s CDN, which
will have tighter security and more resources to fend off a cyber-attack.
Global Server Load Balancing (GSLB) - In this form of load balancing, a website can
be distributed on several servers around the globe and the reverse proxy will send clients
to the server that’s geographically closest to them. This decreases the distances that
requests and responses need to travel, minimizing load times.
Caching - A reverse proxy can also cache content, resulting in faster performance. For
example, if a user in Paris visits a reverse-proxied website with web servers in Los
Angeles, the user might actually connect to a local reverse proxy server in Paris, which
will then have to communicate with an origin server in L.A. The proxy server can then
cache (or temporarily save) the response data. Subsequent Parisian users who browse the
site will then get the locally cached version from the Parisian reverse proxy server,
resulting in much faster performance.
SSL encryption - Encrypting and decrypting SSL (or TLS) communications for each
client can be computationally expensive for an origin server. A reverse proxy can be
configured to decrypt all incoming requests and encrypt all outgoing responses, freeing
up valuable resources on the origin server.
Load Balancer
A load balancer is a device that acts as a reverse proxy and distributes network or application
traffic across a number of servers. Load balancers are used to increase capacity (concurrent
users) and reliability of applications.
Ethernet
Ethernet is the technology that is most commonly used in wired local area networks (LANs).
A LAN is a network of computers and other electronic devices that covers a small area such
as a room, office, or building. It is used in contrast to a wide area network (WAN), which
spans much larger geographical areas. Ethernet is a network protocol that controls how data
is transmitted over a LAN. Technically it is referred to as the IEEE 802.3 protocol. The
protocol has evolved and improved over time to transfer data at the speed of a gigabit per
second.
Many people have used Ethernet technology their whole lives without knowing it. It is most
likely that any wired network in your office, at the bank, and at home is an Ethernet LAN.
Most desktop and laptop computers come with an integrated Ethernet card inside so they are
ready to connect to an Ethernet LAN.
Page 26 of 139
The Domain Name System (DNS) is one of the foundations of the internet, yet most people
outside of networking probably don’t realize they use it every day to do their jobs, check their
email or waste time on their smartphones.
At its most basic, DNS is a directory of names that match with numbers. The numbers, in this
case are IP addresses, which computers use to communicate with each other.
SMTP is generally integrated within an email client application and is composed of four key
components:
1. Local user or client-end utility known as the mail user agent (MUA)
2. Server known as mail submission agent (MSA)
3. Mail transfer agent (MTA)
4. Mail delivery agent (MDA)
SMTP works by initiating a session between the user and server, whereas MTA and MDA
provide domain searching and local delivery services.
VoIP
Voice over Internet Protocol (VoIP) is a technology used for delivering different kinds of
data from a source to a destination using IP (Internet Protocol). The data may be in many
forms, including files, voice communication, pictures, fax or multimedia messages. VoIP is
most often used for telephone calls, which are almost free of charge.
Data is more secure and faster with private networks, but the costs are much higher. For the
purpose of a communication system with very low cost, VoIP was introduced. This
technology provides fast and high quality voice communication all over the world.
VPN
A virtual private network (VPN) is a private network that is built over a public infrastructure.
Security mechanisms, such as encryption, allow VPN users to securely access a network from
different locations via a public telecommunications network, most frequently the Internet.
VPN data security remains constant through encrypted data and tunnelling protocols. The key
VPN advantage is that it is less expensive than a private wide area network (WAN) buildout.
As with any network, an organization's goal is to provide cost-effective business
communication.
Page 27 of 139
In a remote-access VPN, an organization uses an outside enterprise service provider (ESP) to
establish a network access server (NAS). Remote users then receive VPN desktop software
and connect to the NAS via a toll-free number, which accesses the organization's network. In
a site-to-site VPN, many sites use secure data encryption to connect over a network (usually
the Internet).
Edge Computing
Edge computing is the deployment of data-handling activities or other network operations
away from centralized and always-connected network segments, and toward individual
sources of data capture, such as endpoints like laptops, tablets or smartphones. Through this
type of network engineering, IT professionals hope to improve network security and enhance
other network outcomes.
Generally, the term "edge computing" is used as a kind of catch-all for various networking
technologies including peer-to-peer networking or ad hoc networking, as well as various
types of cloud setups and other distributed systems. One other predominant type of edge
networking is mobile edge networking or computing, an architecture that utilizes the edge of
the cellular network for operations.
One of the major uses of edge computing is to improve network security. There is a lot of
concern about security architecture in the internet of things age, where more and more
diverse devices are getting different kinds of access to a network. One strategy is to pursue
edge computing to aggregate data further out, and encrypt it as it passes further in, for
example, through firewalls and perimeters.
The key benefit to NMS is that it permits users to monitor or manage their entire business
operations using a central computer.
Page 28 of 139
Increases productivity: Helps manage every aspect of the office network, which
includes software, hardware and other peripherals. The NMS identifies an issue as soon
as it occurs it to ensure that there is no productivity slowdown or data loss.
Firewalls
A firewall is software used to maintain the security of a private network. Firewalls block
unauthorized access to or from private networks and are often employed to prevent
unauthorized Web users or illicit software from gaining access to private networks connected
to the Internet. A firewall may be implemented using hardware, software, or a combination of
both.
A firewall is recognized as the first line of defence in securing sensitive information. For
better safety, the data can be encrypted.
An IDS works by monitoring system activity through examining vulnerabilities in the system,
the integrity of files and conducting an analysis of patterns based on already known attacks. It
also automatically monitors the Internet to search for any of the latest threats which could
result in a future attack.
Another type of detection is anomaly-based detection, which compares the definition or traits
of a normal action against characteristics marking the event as abnormal.
Page 29 of 139
Network Intrusion Detection System (NIDS): This does analysis for traffic on a whole
subnet and will make a match to the traffic passing by to the attacks already known in a
library of known attacks.
Network Node Intrusion Detection System (NNIDS): This is similar to NIDS, but the
traffic is only monitored on a single host, not a whole subnet.
Host Intrusion Detection System (HIDS): This takes a “picture” of an entire system’s
file set and compares it to a previous picture. If there are significant differences, such as
missing files, it alerts the administrator.
Intrusion prevention systems are also known as intrusion detection prevention systems
(IDPS). An IPS can be either implemented as a hardware device or software. Ideally (or
theoretically) and IPS is based on a simple principle that dirty traffic goes in and clean traffic
comes out.
Intrusion prevention systems are basically extensions of intrusion detection systems. The
major difference lies in the fact that, unlike intrusion detection systems, intrusion prevention
systems are installed are able to actively block or prevent intrusions that are detected. For
example, an IPS can drop malicious packets, blocking the traffic an offending IP address, etc.
IAM verifies user access requests and either grants or denies permission to protected
company materials. It also deals with various administrative functions including password
problems, and helps oversees employee identity management. Standards and applications of
IAM include the maintenance of user life cycles, various application accesses and singular
logons.
There are several advantages of IAM including business value and security enhancements,
increased work productivity and a reduction in the IT staff's workload. Businesses use IAM
in order to comply with best practice standards, whether in healthcare, finance or other
sectors. Best practice standards throughout several organizational arenas require record
protection, which becomes increasingly important as more organizations adopt
interoperability in confidential records systems.
Key Management
Key management is the process of administering or managing cryptographic keys for a
cryptosystem. It involves the generation, creation, protection, storage, exchange, replacement
and use of said keys and with another type of security system built into large cryptosystems,
enables selective restriction for certain keys.
Page 30 of 139
In addition to access restriction, key management also involves the monitoring and recording
of each key's access, use and context.
A critical cryptosystem component. key management is also one of the most challenging
aspects of cryptography because it deals with many types of security liabilities beyond
encryption, such as people and flawed policies. It also involves creating a corresponding
system policy, user training, interdepartmental interactions and proper coordination.
For a multicast group, security is a large issue, as all group members have the ability to
receive the multicast message. The solution is a multicast group key management system, in
which specific keys are securely provided to each member. In this manner, an encryption
using a specific member’s key means that the message can only be accessed and read by that
group member.
Certificate Authority
A certificate authority (CA) is a trusted entity that manages and issues security certificates
and public keys that are used for secure communication in a public network. The CA is part
of the public key infrastructure (PKI) along with the registration authority (RA) who verifies
the information provided by a requester of a digital certificate. If the information is verified
as correct, the certificate authority can then issue a certificate.
Certificate authorities are trusted third-party entities who provide digital certificates to
organizations that have the need to ensure that their users are provided with secure
authentication and connection. Certificates given by CAs build trust between the users and
the providers because they can ensure the validity of each other’s identities and authorities.
CAs provide the most basic security and business process principles in a public key
infrastructure by creating trust relationships between enterprise and entities. Defined trust can
be used to enable certain types of connections while limiting others, including:
Applying consistent issuance policies for certificates
Applying consistent formatting for names in issued certificates
Preventing issued certificates from being used in some applications
Preventing implementation of certain unauthorized subordinate CAs
In the 1970s, private organizations managing large network services competed with state
government-controlled telecommunications services. To differentiate from state services,
private organizations recognized a driving need to add communication value. This proved
complicated and led to the concept of user-defined networks, which preceded Internet service
providers (ISPs).
As the Internet developed, many companies found it more cost-effective to transport data via
the Internet, rather than incurring minimum monthly fees or per-character charges typical to
VAN contracts. VAN providers countered by offering additional services, including secure
Page 31 of 139
email, encryption, management reporting and Electronic Data Interchange (EDI) translation
between organizations.
VANs are now used in the absence of state-controlled telecommunications. However, the
VAN term primarily describes business-to-business (B2B) communications, especially EDI
for Administration Commerce and Transport (EDIFACT), which is an international U.N.
standard that competes with Extensible Markup Language (XML). VANs continue evolving
into more specific industry processes with particular emphasis on retail and high-tech
manufacturing.
ISDN was designed to run on digital telephone systems that were already in place. As such, it
meets telecom's digital voice network specifications. However, it took so long for ISDN to be
standardized that it was never fully deployed in the telecommunications networks it was
intended for.
ISDN takes all kinds of data over a single telephone line at the same time. As such, voice and
data are no longer separated as they were in earlier technologies, which used separate lines
for different services. ISDN is a circuit-switched telephone network system, but it also allows
access to packet-switched networks.
ISDN is also used with specific protocols, such as Q.931, where it acts as the network, data
link and physical layers in the OSI model. Therefore, in broad terms, ISDN is actually a suite
of transmission services on the first, second and third layers of the OSI model.
X.400
X.400 is a suite of protocols defining standards for email messaging systems. It was defined
by the ITU-TS (International Telecommunications Union—Telecommunications Sector) in
1984 and again in 1988. Used as an alternative to the more common email protocol called
Simple Mail Transfer Protocol (SMTP), X.400 is more widely used in Europe and Canada
than in the U.S and other countries.
X.400 is more complex than SMTP. However, it is familiar to many email server
administrators who use Microsoft’s Exchange email server. Exchange also supports SMTP
because Exchange is used globally and must support as many standards as possible.
Page 32 of 139
8. S: surname
DSL was originally part of the Integrated Services Digital Network (ISD) specification
introduced in 1984. In the beginning, ISDN was being used for point-to-point connections for
different kinds of data sharing. With the passage of time and the increasing size of networks,
ISDN gave a low data speed because of various issues, from interruptions in telephone lines
to natural factors like fog and rain. After the failure of ISDN, DSL emerged and started
providing broadband connections over an analog medium with an efficient network
environment. DSL mainly uses copper wires and fiber optic cables as its transmission
medium.
Page 33 of 139
E-Commerce Technology Infrastructure
In order for electronic commerce to exist, a number of technologies must first be in place.
Both the internet and the WWW require support from database software, network switches
and hubs, encryption hardware and software, multimedia structures and a way to integrate
each of these technologies.
The Internet
A computer network is any technology that allows people to connect computers to each other.
The internet is a global computer network, to which new computers are connected on a daily
basis. This computer network - the internet - is the basic technology structure underlying all
electronic commerce.
Of the millions of people who use the internet every day, only a small percentage of them
really understand how it works. The internet is a large system of interconnected computer
networks that span the globe.
This is its most important asset, as it is this which renders it accessible to the majority of
users who are not computer experts.
The WWW is software that runs on computers that are connected to the internet. The network
traffic generated by web software is currently the largest single category of traffic on the
internet, outpacing email, file transfers, and other data transmission traffic.
Packet-switching networks
A local area network (LAN) is network of computers located close together (for example, in
the same building). Networks of computers that are connected over greater distances are
called wide area networks (WANs).
Packet-switching describes the type of network in which relatively small units of data
called packets are routed through a network based on the destination address contained within
each packet. Breaking communication down into packets allows the same data path to be
shared among many users in the network.
An individual packet of information travels from one network to another through routing
computers. The computers through which the packet travels determine the best route for
getting the packet to its destination. Routing computers, routers, or gateway computers act as
the gateway from a LAN or WAN to the internet. They decide how best to forward each
packet, as they are located at the border between the organization and the internet. The
programs on router computers that determine the best path on which to send each packet
Page 34 of 139
contain rules called routing algorithms. The programs apply their routing algorithms to
information they have stored in routing tables or configuration tables.
The internet also has routers which handles packet traffic along the internet’s main
connecting points. These routers and the telecommunications lines connecting them are
collectively referred to as the internet backbone. These routers are very large computers that
can each handle more than 50 million packets per second. They are often known as backbone
routers.
Note: A hop represents one portion of the full path between source and destination.
TCP is the protocol that defines how each message is de-assembled into packets before
transmission and also specifies how such packets are re-assembled into a message or file once
they arrive. IP is the protocol that specifies the rules that govern how packets are routed from
their source computer across the internet to a destination computer.
When a router breaks a message into packets before sending it onto the internet, the router
marks each packet with both the source IP address and the destination IP address of the
message. To make them easier to read, IP numbers (addresses) appear as four numbers
separated by periods. This notation system is called dotted decimal notation. An IPv4 address
is a 32-bit number, so each of the four numbers is an 8-bit. In most computer applications, an
8-bit number is called a byte; however, in networking applications, an 8-bit number is often
called an octet. In binary, an octet can have values respectively.
Page 35 of 139
The Internet Engineering Task Force (IETF) worked on several new protocols that could
solve the limited addressing capacity of IPv4, and in 1997, approved Internet Protocol
version 6 (IPv6) as the protocol that will replace IPv4. The new IP is being implemented
gradually because the two protocols are not directly compatible.
Due to concern that users might find the dotted decimal notation difficult to remember, the
founders of the internet created an alternative addressing method that uses words. In this
system, an address such as www.kibu.ac.ke is called a domain name. Domain names are sets
of words that are assigned to specific IP addresses and can contain two or more word groups
separated by periods. The rightmost part of a domain name is the most general, as you move
to the left; each part of the domain name becomes more specific.
Markup languages
Web pages can include many elements, such as graphics, photographs, sound clips, and even
small programs that run in the web browser. These elements are stored on the web server as
separate files.
The most important parts of a webpage, however, are the structure of the page and the text
that makes up the main part of the page. The page structure and text are stored in a text file
that is formatted, or marked up, using a text markup language. A text markup language
specifies a set of tags that are inserted into the text. These markup tags, also called tags,
provide formatting instructions that web client software can understand. The web client
Page 36 of 139
software utilises the instructions as it renders the text and page elements contained in the
other files into the webpage that appears on the screen of the client computer.
Standard Generalized Markup Language (SGML): Used for many years by the
publishing industry to create documents that needed to be printed in various formats and
that were revised frequently. In addition, SGML is also a meta language - a language that
can be used to define other languages. SGML offers user-defined tags, is non-proprietary
and platform independent.
Hypertext Markup Language (HTML): HTML includes tags in an electronic document
that define the format and style of text elements. The tags in an HTML document are
interpreted and used by the web browser to format the display of the text enclosed by the
tags. The web organizes interlinked pages of information residing on sites around the
world. Hyperlinks on web pages form a “web” of those pages. Versions of HTML
released by the W3C after 1997 include an HTML tag called the object tag and also
include support for Cascading Style Sheets. Web designers can embed scripting language
code on HTML pages by using the object tag.
Extensible Markup Language (XML): XML is referred to as a meta language since
users can create their own markup elements, thus extending its usefulness. Note that
XML includes data management capabilities that HTML cannot provide. XML differs
from HTML in two important respects. First, XML is not a markup language with defined
tags. It is a framework within which individuals, companies, and other organizations can
create their own sets of tags. Second, XML tags convey the meaning (the semantics) of
the information included within them without specifying how text appears on a webpage.
HTML and XML Editors: Web designers can create HTML documents in any general-
purpose word processor or text editor. However, by using one of the special-purpose
HTML editors, web designers may be able to create web pages much more easily. There
are many freeware, shareware, and commercial HTML editors available for download on
the internet. XML files, like HTML files, can be created in any text editor.
Page 37 of 139
E-Commerce Framework
Every computer in the Internet runs a TCP/IP protocol. To an end user, the lower level
protocols like TCP/IP on which the Internet is built is transparent. A user interacts with the
Internet through one of several client/server applications. An application (client) running in
one computer (client) requests a service from another application (server) running in another
computer. In this architecture, there are two major classes of software that work together:
Client Software: It usually resides on an end user’s computer and typically requests
services such as a Web page, database access, e-mail, and FTP to the server. It does very
little work.
Server Software: It usually resides on another computer that interprets requests from the
client, processes them, access services from other computers if needed, and returns the
result to the client.
In Web-based client-server application, the client is the Web browser (Internet Explorer,
Netscape) and the server is the Web server software (Internet Information Server, Apache
Server).
E-Commerce Architecture
E-commerce is based on client/ server architecture; Client processes requesting service from
server processes. This model was first used in 1980s. The model improves to be e-commerce
usability, flexibility, interoperability and scalability.
Client/server architecture is a computing model in which the server hosts, delivers and
manages most of the resources and services to be consumed by the client. This type of
architecture has one or more client computers connected to a central server over a network or
internet connection. This system shares computing resources.
Client/server architecture works when the client computer sends a resource or process request
to the server over the network connection, which is then processed and delivered to the client.
A server computer can manage several clients simultaneously, whereas one client can be
connected to several servers at a time, each providing a different set of services. In its
simplest form, the internet is also based on client/server architecture where web servers serve
many simultaneous users with website data.
In e-commerce the client is defined as the requestor of a service and a server is the provider
of the service. Browser is the client and the customer, the computer that sends the HTML
files is the server. The server can also be a computer program that provides services to other
computer programs. Thus a web server serves requested HTML pages or files.
Page 38 of 139
Advantages of Client/server architecture
• The client/ server architecture reduces network traffic by providing a query response to
the user rather than transferring total files.
• The client/ server model improves multi-user updating through a graphical user interface
(GUI) front end to the shared database.
• In client/ server architectures client and server typically communicate through statements
made in structured query language (SQL).
Basically, a one-tier architecture keeps all of the elements of an application, including the
interface, middleware and back-end data, in one place. Developers see these types of systems
as the simplest and most direct. Some experts describe them as applications that could be
installed and run on a single computer. The need for distributed models for Web applications
and cloud hosting solutions has created many situations where one-tier architectures are not
sufficient. That caused three-tier or multi-tier architecture to become more popular.
The benefits of a multi-tier solution are often evident. Then can provide:
1. better security
2. better performance and
3. Are more scalability
However, the appeal of a single-tier architecture can relate to the costs that are involved,
where it might make more sense to keep simpler applications contained in one easy platform.
Separating these two components into different locations represents a two-tier architecture, as
opposed to a single-tier architecture.
In two-tier architecture the client is tier 1 and the server is tier 2. A two-tier system directs
communications between the client on the Internet such as a Web browser and the Web
server on the other end.
Page 39 of 139
In two-tier client-server architecture the user interface runs on the client and the database is
stored on the server. The business application logic can either run on the client or the server.
The user application logic can either run on the client or the server. It allows the client
processes to run separately from the server processes on different computers.
The client processes provide an interface for the customer that gather and present the data
on the computer of the customer. This part of the application is known as presentation
layer.
The server processes provide an interface with the data store of the business. This part of
the application is known as data layer.
The business logic, which validates data, monitors security and permissions and performs
other business rules, can be kept either on the client or the server.
In this architecture, typically a user types a URL in the browser’s address line (and hits
return) or clicks a link on a Web page. The browser then formats the request into a proper
HTTP message and passes to the Internet.
A Web server always listens to a particular port (port 80) for any incoming HTTP
message. When it receives a request, it establishes a connection with the client computer. It
locates the requested Web page and formats it into an HTTP message, and sends it back to
the browser. The connection is then broken.
When the client receives the message, it recognizes that the page is written in HTML-
something it can interpret, and displays the formatted page. If the page contains any
graphics, another connection is made between the client and the server.
Hypertext Transfer Protocol (HTTP): HTTP is a lightweight, stateless protocol that
browsers and servers use to converse with each other. There are only seven commands in the
protocol. Two of these commands are: GET and POST. When a browser requests for a page
from the Web server, it uses the GET command.
The HTTP is stateless because every request that a browser makes opens a new connection
that is immediately closed after the document is returned. This means that the server cannot
maintain state information about successive requests in a straightforward fashion.
This statelessness represents a substantial problem for electronic commerce applications,
because an individual user is likely to have a series of related interactions (browsing catalog,
select items, enter a payment information) within the application. The problem is worsened
because the shopping mall is likely to have several buyers.
A typical HTTP request from the client to a server consists of three major parts:
· A request line
· Optional request headers (one or more)
· An optional entity body
The request line contains a command, the name of the target resource, the protocol name
(HTTP), and protocol version. The request header and entity body contains additional
information and may or may not be present in the message. An example of a typical client
message:
Page 40 of 139
GET/Filename.html HTTP/1.0 Request line
Accept: text/html Request header 1
Accept: audio/x Request header 2
The GET command requests the server to retrieve a file. Filename.htm is the requested file,
and HTTP/1.0 is the protocol and version. Request header1 says that the client accepts text in
HTML format, and Request header 2 indicates the client accepts a particular audio
format. TCP/IP is responsible for transporting the message to the server.
The server response consists of three parts that are identical in structure to the client message:
a response header line, one or more response header fields, and an optional entity body.
Three-Tier Client Server Architecture
Experts often contrast a two-tier architecture to a three-tier architecture, where a third
application or business layer is added that acts as an intermediary between the client or
presentation layer and the data layer. This can increase the performance of the system and
help with scalability. It can also eliminate many kinds of problems with confusion, which can
be caused by multi-user access in two-tier architectures. However, the advanced complexity
of three-tier architecture may mean more cost and effort.
The three-tier builds on the two-tier approach. The first tier is the client, the second tier is the
server, and the third tier is typically a database application running in different computer.
The three-tier architecture emerged in the 1990s to overcome the limitations of the two-tier
architecture. In three-tier architecture, the user interface and the business application logic,
also known as business rules and data storage and access, are developed and maintained as
independent modules.
Three-tier architecture allows any one of the three tiers to be upgraded or replaced
independently. The user interface is implemented on a desktop PC and uses a standard
graphical user interface with different modules running on the application server. The
relational database management system on the database server contains the computer data
storage logic. The middle tiers are usually multitier.
In a three-tier or multi-tier environment, the client implements the presentation logic (the
client). The business logic is implemented on an application server(s) and the data resides on
database server(s).
Page 41 of 139
2. Application (Middle) Tier: Also called the middle tier, logic tier, or business logic. This
tier is pulled from the presentation tier. It controls application functionality by performing
detailed processing. It allows users to share and control business logic by isolating it from
the actual application. It provides process management services such as process
development, process monitoring and process resourcing that are shared by the multiple
applications.
3. Data (Back-end) Tier: Houses database servers where information is stored and
retrieved. Data in this tier is kept independent of application servers or business logic.
provides access to dedicated services, such as a database server. The third tier provides
database management functionality. The data management component ensures that the
data is consistent throughout the distributed environment; the centralized process logic in
this architecture, which makes administration easier by localizing the system
functionality, is placed on the middle tier.
Electronic commercial sites often require a three-tier system with its own hardware and
software to keep track of customer purchases/preferences; query inventory databases or
update their catalogue. The database services, which comprise the third tier, are often
referred to as the backend machines/programs.
When a client requests a Web page from the server, the interprets it, and if it is found that the
Web server needs to get services from a database, it accesses the database, collects necessary
data, and returns the data formatted in HTML to the client.
Common Gateway Interface (CGI): A CGI is a protocol, which is common way for Web
servers to communicate dynamically with clients. Web pages that contain forms filed with
text boxes, option buttons, and list boxes supply information that CGI programs (in the Web
server) can use to manipulate databases, store information, or retrieve data. CGI is also
known as a server-side solution, because all the processing occurs in the Web server, not in
the client computer.
CGI is a standard way of interfacing backend applications with Web servers. A CGI program
is executed when requested by a browser. The request is initiated when a Web server finds a
POST command of HTTP within a HTML document residing in the server. The server
processes the request (through interfacing with the database), and returns the result as an
HTML document to the browser.
Electronic commerce is enabled by the ability of CGI technology to retrieve and update
databases in tier three of the architecture. CGI hidden fields provide the ability to maintain
customer transaction information across a series of Web messages that pass back and forth
between a client and a server during a transmission.
Types of E-Commerce Servers
Web Server
A web server is a system that delivers content or services to end users over the internet. A
web server consists of a physical server, server operating system (OS) and software used to
facilitate HTTP communication.
The simplest definition is that a web server runs a website by returning HTML files over an
HTTP connection. This definition may have been true in the early days of the internet, but the
Page 42 of 139
line has blurred between websites, web applications and web services, etc. For example, a
server that delivers an XML document to another device can be a web server. A better
definition might be that a web server is any internet server that responds to HTTP requests to
deliver content and services
Database server
The term database server may refer to both hardware and software used to run a database,
according to the context. As software, a database server is the back-end portion of a database
application, following the traditional client-server model. This back-end portion is sometimes
called the instance. It may also refer to the physical computer used to host the database.
When mentioned in this context, the database server is typically a dedicated higher-end
computer that hosts the database.
Note that the database server is independent of the database architecture. Relational
databases, flat files, non-relational databases: all these architectures can be accommodated on
database servers.
In the client-server computing model, there is a dedicated host to run and serve up the
resources, typically one or more software applications. There are also several clients who can
connect to the server and use the resources offered and hosted by this server.
When considering databases in the client-server model, the database server may be the back-
end of the database application (the instance), or it may be the hardware computer that hosts
the instance. Sometimes, it may even refer to the combination of both hardware and software.
A database server is accessed either through a "front end" running on the user’s computer
which displays requested data or the "back end" which runs on the server and handles tasks
such as data analysis and storage.
Most of the Database servers work with the base of Query language. Each Database
understands its query language and converts it to Server readable form and executes it to
retrieve the results.
Transaction Server
A transaction server is a specialized type of server that manages the operations of software
based transactions or transaction processing. It manages application and database transactions
on a network or Internet, within a distributed computing environment.
Commerce Server
Page 43 of 139
A commerce server is a server that provides the basic components and functions of an online
storefront, such as a shopping cart, credit card processing and product displays. Commerce
servers also manage and maintain accounting and inventory data, also called back-end data.
Microsoft is one of the providers of commerce servers. Microsoft Commerce Server was first
released in 2000 and was used to create e-commerce systems. It uses Microsoft's .NET
technology. The latest release was in January 2009 and includes a comprehensive solution for
many business scenarios. The main features of Microsoft Commerce Server include:
Multichannel functionality
Service-oriented architecture
A default site with 30 Web parts and controls
What-you-see-is-what-you-get (WYSIWYG) editing
Catalog, order and inventory management
Management of ads and set rules for ads
Profile management
Data integration with third party systems
64-bit support
Aside from Microsoft, there are many other software and service companies that provide
commerce server products and services as well as the training to use them.
Page 44 of 139
Electronic Data Interchange (EDI)
EDI is the computer-to-computer exchange of business data in standard format between
trading partners.
EDI has played an important role in the automation of activities between vendors and
suppliers. EDI allows two computers in two different businesses to exchange textual data in
machine readable format. EDI is used in number of trade sectors for inter-organization,
regular, repeat transactions. These systems require EDI standards, EDI software, an EDI
network and trading community.
The conventional paper process requires someone to handle a printed computer generated
form and mail it. Then, the recipient re-keys the data back into another computer for their
internal processing. The EDI process is a computer transmitting the information directly to
another computer, eliminating the paperwork and human intervention. Considerable labour
and time is saved if the computer that issues the order can communicate directly with the
computer that processes the order.
While the communication channel can easily be established between two computers, it does
not mean they can understand each other. Companies adhere to different descriptions and
codes for their products which mean that the information provided in the purchase orders is
not identical across companies. Before the two computers can communicate, the companies
need to standardize product information, product codes, purchase order and shipping notice
formats. EDI provides such standardization in a variety of industries. Third party service
providers sell hardware and software that establish EDI linkages between parties in a
particular industry.
For settlement the supplier can use EDI to send the invoice and the customer can finish the
cycle with an electronic funds transfer via the bank and an EDI payment notification to the
supplier.
This whole cycle may be complex and other electronic messages can be included.
EDI can be used for Pre-Sales
Page 45 of 139
EDI can be used for After -Sales transactions but only if they were in a standardized
format and frequent enough to justify system costs, transactions such as dealer claiming
payment for warrantee work could be possible application.
X12 Standard
EDI is more than mere E-mail. It also refers specifically to a family of standards, including
the X12 series. ED1 also exhibits its pre-Internet roots, and the standards tend to focus on
ASCII-formatted single messages rather than the whole sequence of conditions and
exchanges that make up an inter-organization business process.
X12 is the cross industry standard designed by the American National Standards Institute
(ANSI) to support any business function in any industry. It provides a single standard with a
single architecture, producing a common, uniform language for electronic communications.
X12 was designed primarily as the standard for EDI transactions in North America.
EDIFACT, having emerged out of X12, is a global EDI standard supporting multi-country
and multi-industry exchange.
Today, many X12 transactions sets are used to handle most facets of B2B communications in
different industries including retail, government, transportation, and automotive. X12
standards are developed, maintained, published by the Accredited Standards Committee
(ASC).
Advantages of EDI
1. EDI replaces paper transactions with electronic transactions thus it saves times and speeds
up transactions.
2. It provides a legal record of business communications
Page 46 of 139
3. Value-added networks (VANs) were required in the past but EDI users are now able to
transmit their data encrypted over the Internet at the far lower Internet connection rates
via new standards for email, HTTP/HTTPS, and FTP.
4. Use of EDI reduces cost. These include the cost of stationery, postage etc.
5. Accurate invoicing can be done using EDI. EDI invoices can be automatically matched
against the original order and cleared for payment without any queries which usually arise
when paper invoices are matched with orders.
6. Quick response is achieved with EDI. For example, if a customer is to be informed that a
particular product is not available and if this is one using paper orders it takes lot of time
but with EDI a customer can be informed straight away so that he may go for the other
option. Therefore, quick response can easily be obtained from the customer using EDI.
Disadvantages
1. The X12 standard is so large and general
2. EDI variants define some optional EDI components as mandatory and others as
forbidden specify additional inter-component restrictions, identify a subset of codes
within used code sets that will be accepted and used, may add additional codes, and
restrict the transaction sets that will be used.
3. The lack of semantic rigor in the meanings of various components of EDI messages
4. Without being semantically-enabled, EDI messages are unable to be interfaced with
Semantic Web Services
5. EDI is too expensive: some companies are only doing business with others who use EDI.
If a company wants to do business with three organizations, they have to implement an
EDI program. This expense may be very costly for small companies.
Page 47 of 139
Electronic Data Interchange (EDI)
Introduction
Businesses have invested in technology such as Enterprise Resource Planning (ERP) systems
to automate internal business processes, including accounts payable and receivable, inventory
control, and intra-company communication. However, many of these same companies are
slow to automate their business-to-business transactions, such as the exchange of purchase
orders, invoices, and bills of lading.
Electronic commerce (e-commerce) is the exchange of information via electronic media, such
as the internet and private communications networks. There are various types of e-commerce
e.g. Business-to-Business (B2B) and Business-to-Consumer (B2C). Almost every day,
people experience B2C e-commerce, such as when we book airline tickets or hotel
reservations online and then receive an electronic confirmation.
In today’s business environment, EDI remains a game changer across all industries, including
retail, banking, manufacturing, high-tech, and services. For many companies, it has become
the lifeblood of their business, making them more efficient, driving down costs, and
increasing customer satisfaction. It is the means by which they can differentiate themselves
from their competitors. Using EDI, a manufacturer in Mombasa, Kenya can send a purchase
order to its supplier in Japan, receive an electronic document indicating that the item is out of
stock, and immediately react by sending the purchase order to an alternative supplier in
Malaysia — all in just minutes. This high level of visibility that is enabled by the use of EDI
is critical to business success.
Electronic communication has changed the way companies conduct business with each other.
Business-to-business (B2B) electronic commerce (e-commerce), which includes EDI, XML
(Extensible Markup Language), and online catalogues, has enabled the integration of
companies throughout the world into communities of business partners (often called trading
partners) with benefits for all.
Page 48 of 139
As you can see, this manual process involves a lot of paper, people, and time. Mail can be
slow and paper documents can be misplaced or lost. Once received, mailed and faxed
documents must be manually entered into a computer application, a process that frequently
results in errors. And even though an email is sent electronically, it too must be entered
manually, because the computer application has no way of knowing where each piece of data
needed is located within the email. Having people involved slows down the processing of the
documents and also introduces errors.
In the 1960s, the railroad industry, which needed to find a faster and more efficient way to
communicate information about goods being transported, began to send this data
electronically. Other businesses realized the value of electronically exchanging information
and so, beginning in the 1980s, many industries adopted EDI, the electronic exchange of
standard-formatted business documents between computers. At first, only those businesses
that could afford large mainframe computers were able to participate. But with the advent of
the personal computer and then the availability of the internet, use of EDI became available
to all companies regardless of size.
EDI Defined
Electronic Data Interchange (EDI) is the computer-to-computer exchange of business
documents, such as purchase orders and invoices, in a standard electronic format between
business partners, such as retailers and their suppliers, banks and their corporate clients, or
car-makers and their parts suppliers.
EDI has played an important role in the automation of activities between vendors and
suppliers. EDI allows two computers in two different businesses to exchange textual data in
Page 49 of 139
machine readable format. EDI is used in number of trade sectors for inter-organization,
regular, repeat transactions. These systems require EDI standards, EDI software, an EDI
network and trading community.
The most common documents exchanged via EDI are purchase orders, invoices, and advance
ship notices. But there are many others, such as bills of lading, customs documents, inventory
documents, shipping-status documents, and payment documents.
EDI is most commonly applied in the execution and settlement phases of the trade cycle. In
execution of a simple trade exchange, the customers’ orders can be sent by EDI and the
delivery notification from the supplier can be electronic.
For settlement the supplier can use EDI to send the invoice and the customer can finish the
cycle with an electronic funds transfer via the bank and an EDI payment notification to the
supplier.
This whole cycle may be complex and other electronic messages can be included.
EDI can be used for Pre-Sales
EDI can be used for After -Sales transactions but only if they were in a standardized
format and frequent enough to justify system costs, transactions such as dealer claiming
payment for warrantee work could be possible application.
Page 50 of 139
The EDI Process
Today, all types of business documents for industries such as retail, automotive, high tech,
logistics, and banking can be exchanged using EDI. These documents can flow from the
sender’s computer straight through to the appropriate application on the receiver’s computer
(e. g., the order management system), where processing can begin immediately.
With a fully integrated EDI system, the process can look like this—no paper, no people, and
almost no time.
As you can see, sending and receiving EDI documents can be a seamless and efficient way to
conduct business.
To send an EDI document, you need to identify the data, create an EDI document, and
transmit it.
Page 51 of 139
The sources of data and the methods available to generate the electronic document can
include:
1. Computer programs that extract data from system databases, such as from a retailer’s
purchasing system or a shipping company’s logistics system;
2. Computer programs that extract data from spreadsheets; and
3. People keying in the data via web form data entry screens.
Translation software is available to suit just about any computing environment and budget,
from large systems that handle thousands of transactions daily to PC-based software that need
only process a few hundred or fewer transactions per week.
Using a Provider is often the easiest and best approach when you have many business
partners, each using a different communication protocol (rules) that you would otherwise
need to accommodate.
Page 52 of 139
Receiving EDI Documents
Receiving an EDI document is basically the reverse of the sending process.
1. You receive the transmitted EDI document;
2. Your system converts the EDI data for your internal system; and
3. The data is fed into your internal system for processing, such as into a bank’s payment
origination system or a supplier’s order management system
The same specialized translation software that is used to create EDI documents for sending is
used in the receiving process.
Page 53 of 139
Step 3: Feed data into your internal system for processing
Your computer application can now automatically feed the translated data into your system,
such as your order management system, for immediate processing. Or, often for smaller
companies that haven’t fully integrated EDI with their internal systems, the incoming data is
made available either as a report or on the computer screen.
Note
Thus, there are several options available to you when configuring an EDI system for your
business. You can perform data conversion in-house or use the services of an EDI Network
Services Provider. You can transmit your documents directly to your business partners via
the internet or transmit via an EDI Network Services Provider. Or, you may use a
combination of these options in order to satisfy the requirements of your various trading
partners.
The Figure below provides an overview of an EDI process in which the sender and the
receiver each manages its own data conversion processes.
Page 54 of 139
With a fully integrated EDI system, the process involves no paper, no people,
and almost no time
EDI can help a company reduce the cost of personnel and office space, improve data quality,
speed up business cycles, improve efficiency, and provide strategic business benefits. Let’s
look at the benefits that businesses across all industries are realizing by using EDI.
Reduced costs
EDI reduces the costs of personnel, supplies, and office and storage space. Since paper
documents are replaced by EDI transactions, expenses associated with paper—printing,
reproduction, storage, filing, postage, and document retrieval— are all reduced or eliminated.
Moving from a manual to an EDI process frees up personnel to concentrate on other aspects
of the business.
The root of most data errors is the keying in of data from a paper document into your internal
system. First, if the paper document is handwritten rather than computer-generated, it may be
difficult to read, leading to input errors or phone tag to obtain clarification, both of which can
cause delays in the business cycle. Even when the document is typed or computer- generated
and thus legible, keying errors can still occur. In the order entry process, these errors can
result in shipping the wrong product, in the wrong quantity, at the wrong price, to the wrong
address.
The electronic capture of business documents enables critical business data to be fed directly
into your internal systems without relying on error prone, manual re-keying, which is required
when you use paper-based or email-based processes. Having more accurate data means that
the entire supply chain is more efficient.
In contrast, EDI transactions can be exchanged in minutes instead of the days or weeks
associated with postal mail. Furthermore, there is significant time saved by the elimination
of data re-keying and its high error rate, which results in time-consuming corrective actions.
For many companies that use EDI, transactions that used to take five days using paper can be
completed in under an hour. This reduced cycle time leads to faster payments and thus
Page 55 of 139
improved cash flow. Cash is no longer tied up in inventory or goods in transit and, therefore,
can be applied to other areas of the business.
Corporate auditing is made easier and faster since the EDI process eliminates many of the
discrepancies and problems that can creep into a paper-based system. Moreover, all the EDI
transactions can be made easily available to the auditor in reports, thereby improving
accuracy and reducing productivity loss during the auditing process.
In some industries, EDI enables businesses to adopt a demand-driven business model rather
than a supply- driven one, because it shortens the lead times for product enhancements and
new product delivery, streamlines the ability to enter new territories and markets, and
provides a common business language that facilitates the communication and collaboration
of businesses throughout the world.
Page 56 of 139
Moreover, EDI promotes corporate social responsibility and sustainability by eliminating
paper from the supply chain and replacing paper-based processes with “green” electronic
alternatives. This will both save you money and make your company part of the solution to
our overall “carbon footprint.”
As we have seen, the benefits of using EDI are many and have a far-reaching effect
throughout the company. Later, we will examine how EDI brings benefits to specific
business processes, such as ordering, invoicing, receiving, and payments.
EDI Standards
An EDI document is simply an electronic version of a paper document that adheres to the
rules of a standard format. When two companies use the same EDI standard format for their
business documents, their computers “speak” the same language. This enables the exchange
of documents between the computers without human intervention.
Because EDI documents are processed by computers, the computer’s program must know
where to find each piece of information in the incoming document and the format of that
data. For example, are the numbers included in the data integer (e.g.., 12) or decimal (e. g.,
12 .0)? Are the dates in the form mmddyy or mm/dd/yyyy?
Just as two speakers of different languages cannot hold a conversation, two business systems,
each with its own proprietary format rather than a common format, cannot exchange data
with each other. Thus, a common, standard format is the language by which businesses
communicate with each other via their computers.
Page 57 of 139
primarily used in Europe and Asia. In addition, there are standards for specific industries,
such as SWIFT for banking and RosettaNet for high-tech.
Many EDI standards are available, but ANSI X12 is most commonly used in North
America, while EDIFACT is most commonly used throughout the rest of world.
There continues to be confusion as to whether or not XML is an EDI standard. XML is
not actually a standard at all; it is a powerful language that gives a company a great deal
of flexibility in defining and constructing business documents, such as the documents
defined by ANSI and EDIFACT. A major structural difference between XML and EDI is
that whereas EDI is based upon strict rules governing the position of data within a file,
data in an XML file is not bound to a specific location and is instead identified by tags,
such as “<quantity>300 </quantity>” to indicate a quantity value of 300. This results in
XML files being much larger than their comparable EDI files. Some standards, such as
RosettaNet, are based on XML.
At one point, it was expected that XML would replace EDI. However, many businesses
that have invested heavily in EDI, which is efficient and works extremely well, see no
need to spend the money “to reinvent the wheel.” Thus, EDI will be a mainstay for
business into the foreseeable future.
The ANSI and EDIFACT standards can be applied across all industries. Subsets of these
standards, such as VICS and EANCOM, have been developed to meet the special
requirements of certain industries. These subsets define industry-specific documents,
data fields, and rules.
ANSI X12
In 1979, the American National Standards Institute (ANSI), which had been founded “to
oversee the creation, promulgation and use of norms and guideline to ensure
competitiveness of U.S. businesses,” formed the Accredited Standards Committee (ASC)
X12 to develop uniform standards for the inter-industry electronic exchange of business
transactions. From its inception, ANSI X12 was designed to support companies across
different industry sectors in North America. Today, there are hundreds of thousands of
companies worldwide using X12 EDI standards in daily business transactions.
UN/EDIFACT
The Electronic Data Interchange for Administration, Commerce and Transport
(EDIFACT) was developed with versions for individual European countries. Under the
auspices of the United Nations, and with input from the American National Standards
Institute (ANSI), a UN/EDIFACT standard was developed to address the international
business community. Today, this is the most common standard used by European
businesses.
Page 58 of 139
Two examples of EDIFACT subsets currently in use are:
• EANCOM: Developed in 1987 by GS1, a global standards body, EANCOM is a
subset of UN/ EDIFACT. The key benefit of this standard is that it incorporates the
European Article Number (EAN), a system of product codes to identify products
throughout the world. This greatly facilitates international trade, since a company can
easily order an item from a supplier anywhere in the world without knowing the
specific item code used by the internal system of that particular supplier. EANCOM
was originally developed for the retail sector and has subsequently grown to become
the most widely used UN/EDIFACT subset. It is now used in a variety of other
industry sectors such as health care, construction, and publishing.
• ODETTE: The ODETTE message standard was developed by the Organisation for
Data Exchange by Tele Transmission in Europe (ODETTE), specifically for the
automotive industry in Europe.
HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the
U.S Congress. A key component of HIPAA is the establishment of national standards for
electronic healthcare transactions and national identifiers for providers, health insurance
plans, and employers. The standards are meant to improve the efficiency and
effectiveness of the U.S. health care system by encouraging the widespread use of EDI.
The HIPAA EDI transaction sets are based on ANSI X12.
RosettaNet
The RosettaNet standard, based on XML, was developed by a consortium of major
computer, consumer electronics, semi-conductor manufacturers, and telecommunication
and logistics companies. It facilitates industry-wide global supply chain processes
SWIFT
The Society of Worldwide Interbank Financial Telecommunication (SWIFT) developed a
financial messaging network between banks and other financial institutions for a
standards-based exchange of financial information. The SWIFT document standard
governs aspects of financial activity: payments, trade services, and securities.
TRADACOMS
Introduced in 1982, TRADACOMS is an EDI standard primarily used in the UK retail
sector that utilizes the product code system developed by the UK Article Numbering
Association. Though superseded by EANCOM, it is still used by many businesses in the
UK today.
VDA
VDA is a standard developed by the German automobile association, Verband der
Automobilindustrie. VDA standards are used by companies such as VW, Audi, Bosch,
Continental, and Daimler AG
Page 59 of 139
most frequently used documents are listed below with their ANSI numerical and EDIFACT
six-letter name identifiers.
Invoice (810/INVOIC)
A request for payment for goods or services that communicates to a buyer the specific items,
prices, and quantities. Payment terms will usually accompany the billing information.
In addition, there is a special EDI document that is not a business document, but serves to
streamline the EDI process:
Page 60 of 139
EDI Communication Options
When your company exchanges business documents electronically with your business
partners your customers, suppliers, logistics providers, and/or banks, you need to make two
major communications- related decisions.
1. Firstly, what is your overall approach for connecting to all your partners?
2. Secondly, which of the various communications protocols will you need to implement?
Communications protocols are rules that govern the format and transmission of data between
computers
This approach is most commonly used by large corporations that have business partners with
whom they exchange a high volume of EDI documents. If you choose to implement the direct
connection model, you will need to purchase a software package that enables you to use all
the agreed upon protocols, such as AS2, SFTP, FTP. Then you will need to agree with each
of your partners on
1. which of these communications methods or protocols you and the trading partner will use
and
2. the specific protocol settings or options to be used when exchanging your files of EDI
documents.
This model can be very complex due to the wide variety of communications protocols that
must be used and supported. Very few businesses today connect directly to all their trading
partners.
Page 61 of 139
A Value Added Network (VAN) is a service provider that transmits EDI data to their
destinations. Value Added Networks simplify the communication process by reducing the
number of parties that you have to communicate with. VANs insert themselves between
trading partners.
In the network model you have just a single connection to your Provider for all your EDI
transactions and all your trading partners, using whatever protocol you prefer, such as AS2 or
one of the secure FTP protocols. You don’t have to worry about which protocols your
partners are using. At the same time, your business partners also connect to a Provider, either
the same one you are using or a different one. If different, most Providers will connect to
each other in order to complete the EDI file exchange.
In this way, each partner makes an independent decision regarding its preferred
communications protocol, relying on the Provider to mediate the differences between the
various trading partner protocols. There are additional benefits to using an EDI Network
Services Provider, such as ensuring data security, validating the identity of the sender (non-
repudiation), and providing audit information, reporting, backup, and recovery. Using a
Provider also relieves all community members of the resource intensive responsibilities for
resolving communications issues. The EDI Network Services Provider charges transaction
fees for these services, to a large extent based upon the volume of transactions handled.
Your business is still responsible for generating and processing all EDI documents
exchanged, which means you must have highly skilled EDI personnel. However, you do not
need the specialized communications resources required in the direct connection model.
The Figure above illustrates the EDI network model in which you and your business partners
each use own preferred communications protocol to exchange EDI documents using an EDI
Network Services Provider.
Use of the EDI network model for 100 percent of an EDI trading community was extremely
popular before the rise of the commercial internet. Today, many businesses use a
combination of the two approaches. In order to save on Provider transaction fees, they
connect directly via the internet to the trading partners with whom they exchange the highest
volume of transactions, using one or two preferred protocols. They will also leverage the EDI
Network Services Provider, with its benefits, for trading with their large number of lower-
Page 62 of 139
volume trading partners, as well as with those partners using a communications protocol they
cannot support.
Advocates of the direct connection approach argue that it is much cheaper than using an EDI
Network, particularly for high volumes of EDI documents. However, when calculating your
overall costs, you must factor in the cost of purchasing, managing, and maintaining the
additional communications software and the cost of highly skilled personnel with expertise in
secure internet communication, as well as in EDI. Furthermore, as the size of your
community grows, you will need additional resources to implement and support each new
trading partner.
You need to continually monitor communications, manage trading partner calls, and resolve
issues quickly. All these vital processes are resource and time intensive.
In order for two computers, whether within your company or across the internet, to exchange
files or documents, your system needs special file-handling software that follows certain
communications rules (protocols). If you communicate directly, both you and your partner
must use the same protocol. If you communicate directly with many partners, each of which
uses a different protocol, you will need software that supports each one of those protocols.
This is a major reason why many companies select the network model as it shields them from
this complexity.
There are five key factors you should consider when selecting the best communications
protocol for your company:
Data security
When you are dealing with documents that contain sensitive data, you must be sure that while
they are being transmitted across the internet, they are safe from others who may try to
intercept and read them. Each communications protocol takes a different approach to
securing information. Some protocols encrypt everything in the transmission (channel
encryption), whereas others encrypt only the actual data (payload encryption).
Non-repudiation
Repudiation refers to the ability to confirm that a document was actually sent by the sender
indicated within the file being exchanged. This also serves as proof when business partners
deny having sent you a document.
Interoperability
Many software vendors offer versions of each protocol. However, versions of the same
protocol provided by two different vendors may not always be able to communicate with
each other. So, when you and your partners select a protocol, you must be sure of
interoperability.
Page 63 of 139
Message management
When you exchange documents with your business partners, you need to know whether the
documents were successfully received and decrypted. For example, a major factor in
determining whether you get paid is whether your partner received the bill. Or, if you’re
trying to plan for the arrival of a shipment at your receiving dock, getting a shipment notice is
crucial. Thus, confirmation of receipt for EDI documents is extremely important for
businesses to operate efficiently.
Below is a list of the most commonly used communications protocols for the exchange of
EDI documents via the internet and how well each addresses the five key factors listed above.
Any of these can be used to connect to business partners directly (direct connection model) or
to connect to them via an EDI Network Services Provider (network model).
However, neither FTP by itself nor FTP with VPN provides non-repudiation or message
management. Moreover, interoperability may be an issue because there are many different
ways of implementing VPN on your system, as well as possible differences in versions of
VPN. Although FTP with VPN does not address all five factors, you can use it to connect to
an EDI Network Services Provider, which then provides the non-repudiation, message
management, and interoperability required.
SFTP (Secure File Transfer Protocol) and FTPS (File Transfer Protocol Secure)
Both SFTP and FTPS are secure internet protocols. The major difference is in how each
provides security and performs encryption. The security layer used by SFTP was developed
by the internet Engineering Task Force, while the security layer used by FTPS was developed
by the internet browser company Netscape.
Both protocols encrypt the data while in transit, keeping it safe while moving over the
internet, and then decrypt it upon arrival at its destination. However, neither provides non-
repudiation or message management. As with FTP with VPN above, interoperability is a
major issue, and again you can use either to connect to an EDI Network Services Provider,
which then provides the non-repudiation, message management, and interoperability
required.
Page 64 of 139
Walmart as the only acceptable communications protocol for suppliers wishing to do business
with them. Its usage soon spread to other major businesses.
In summary, you have several choices when selecting a secure communications protocol for
your EDI documents. AS2 best addresses all the key requirements, but requires a higher
level of commitment. Because of its full functionality, many companies opt to use AS2 for
exchanging EDI documents when connecting to both their direct connection partners and to
an EDI Network Services Provider for the rest of their partner community. If you use one of
the other secure protocols, then use of a Provider should be considered in order to address the
gaps in capabilities.
Page 65 of 139
In today’s highly competitive world, the use of B2B technology such as EDI may be the
difference between success and failure. We will now discuss how EDI can streamline three
common business processes: procurement, shipping and receiving, and invoicing and
payment.
Procurement
Procurement was the first business process for which the use of EDI was widely adopted
across industries.
System (ERP) or other back-office system automatically generates the purchase order. It is
also common to order goods from an electronic catalogue. In the latter process, after
negotiating specific terms and prices with a customer, the supplier creates an electronic
catalogue for that specific customer, which may be on the supplier’s system, hosted by an
EDI Network Services Provider, or sent to the customer for integration with its procurement
system. An employee or the procurement system accesses the catalogue and places the order,
which then automatically triggers the creation of the EDI Purchase Order. The basic EDI
document flow in the procurement process involves four key documents:
1. the Purchase Order
2. the Purchase Order Acknowledgment
3. the Purchase Order Change, and
4. the Purchase Order Change Acknowledgment
Use of the Purchase Order Change and Purchase Order Change Acknowledgement
documents simplifies a process that otherwise, when handled manually, can be very complex.
In fact, in some industries such as the general merchandising segment a purchase order is
often changed four or more times.
Page 66 of 139
Upon receipt of each document, the EDI system automatically sends a Functional
Acknowledgment to notify the sender that the document was successfully received.
Automating the exchange of purchase-order related documents provides numerous benefits:
• Faster, more accurate order-to-receipt process due to the elimination of slow, error-prone
manual ordering;
• Reduction or elimination of resource-intensive and time-consuming order status inquiries
by both buyer and seller due to the use of EDI status documents that provide you with
new visibility into your supply chain;
• Increased buyer flexibility due to the speed and accuracy of the EDI process. For
example, the buyer can quickly seek alternative suppliers when a purchase order cannot
be fulfilled;
• Higher levels of satisfaction by the seller, the buyer, and the buyer’s customers resulting
from the benefits above.
The critical document in support of all shipping processes is the Advance Ship Notice
(ASN), which lists the details of a shipment of goods due to arrive from a supplier, a third
party logistics provider (3PL), or a fulfilment agent.
S
Typically, the ASN includes much of the information that was included on the buyer’s
original purchase order. It also includes carton identifications, content descriptions, and
transportation details. New uses are continually found for the ASN. For example, some
companies use data in the ASN to help them generate the Customs 10+2 Importer Security
Filing for international shipments entering the United States.
Page 67 of 139
Invoicing and Payments
Finance teams are increasingly focusing on streamlining the accounts payable (AP)
department to achieve further cost efficiencies, improve visibility into financial
performance, and reduce the risk of both internal and external fraudulent activity.
Eliminating the mountains of paper invoices received from non-EDI suppliers is clearly an
important first step. Many countries have enacted legislation that permits an electronic
invoice (e-invoice) to serve as legal evidence during tax audits, removing the need to keep
paper originals. In order to more efficiently collect taxes and to prevent tax avoidance,
governments throughout the world, have mandated the use of e-invoicing for the public
sector.
Today, e-invoicing is becoming the way to do business for both governmental agencies and
the private sector, whether the company is small, medium, or large. While e-invoicing
regulations are often similar in purpose, the specific requirements frequently vary by
country. For example, EDI invoices must adhere to country-specific regulations for data
format, data storage, and data access requirements.
Some of the legal requirements for e-invoicing that differ from one European Union
member to another include:
1. Digital Signatures: Some countries, such as Spain, require EDI invoices to be digitally
signed (using an encrypted code) in order to guarantee their origin and integrity;
2. Archiving: Many countries require the archiving of EDI invoices for extended time
frames, e. g ., Germany requires data archiving for ten years and the UK requires six
years;
3. VAT Compliance: VAT (Value-Added Tax) rules vary widely by country.
Page 68 of 139
Many companies need to implement EDI in order to satisfy the requirements of valued
customers. For example, some companies mandate that their suppliers must either implement
a fully integrated EDI solution or, for smaller-volume suppliers, use web-based forms or a
service bureau that will generate EDI documents on their behalf. After complying with a
business partner’s EDI requirements, a company often sees the potential benefits of
instituting its own EDI program with its broader trading community.
If your company has decided to implement EDI as part of a strategic initiative to cut costs
and improve efficiency or in order to become easier for customers to do business with, you
need to determine whether to do it yourself, outsource it all to a B2B Managed Services
provider, or use a combination of the two approaches.
Do-It-Yourself Model
In order to make a decision as to which of the above three models best fits your company’s
needs, you need to appreciate the level of effort required to set up a do-it-yourself EDI
program. Some companies, such as Walmart, have decided upon the do-it-yourself approach
as part of their strategic decision to have complete control over every aspect of their business.
This is an overview of the major tasks that need to be completed for a successful EDI
implementation.
An important aspect of the role of the EDI coordinator is to regularly communicate with all sectors
of the company that will be affected by the EDI program in order to ensure their support and buy-
in . This ongoing communication is vital for educating the various organizations as to how the
EDI program will benefit them and affect their processes.
Page 69 of 139
Develop EDI system requirements
The result of the previous analysis step provides an organization with the knowledge to develop a
comprehensive specification for the EDI system. This includes:
1. the volume of expected EDI traffic and the IT infrastructure needed to support it;
2. the capacity of the internal network infrastructure to support EDI data;
3. the network connections needed to manage traffic with trading partners;
4. the programming required to ensure that internal systems comply with the data required by
trading partners and with EDI standards; and
5. the amount of customizing required to integrate the internal and EDI systems.
With this information, EDI system design can begin. A key element of this design is selecting the
communications model that best meets your needs. Although companies may choose to
implement the do-it-yourself approach, most still choose to use the services of an EDI Network
Services provider to connect to all or some of their business partners.
Some considerations for selecting the right EDI Network Services provider for your company
include:
1. Network Reach: How many of your trading partners already use that particular provider?
Does that Provider have a strong presence in your industry? Does that Provider have a global
presence, not only for the exchange of documents, but also for providing local customer
support?
2. Pricing Structure: EDI Network Services Providers offer various pricing structures,
including pay-as-you-go and monthly or annual subscriptions. Most Providers calculate the
charge based on the number of kilo(thousand)- characters (KCs) within a document. Other
factors that impact the price may include the number of trading partners to be implemented,
special requirements such as local language support for international partners, and the length
of the commitment period.
3. Network Viability: Does the Provider’s network have a proven track record and is it likely to
be around for the foreseeable future? Does it provide disaster recovery and the capacity to
handle peak loads without degradation of service?
4. Value-Added Services Offered: This includes services such as automatic rejection of
documents with bad data before they reach your system, the ability for your line-of-business
personnel to independently obtain data and reports on demand, and the ability to view the
status of your business transactions at all stages in the supply chain. Quite often, these value-
added services are a more important factor in your decision than is cost
Page 70 of 139
You need to select the EDI translator that is right for your business. And most important, you
must have the proper personnel resources to implement and maintain the system. This may
require the hiring of new personnel with expertise in communications and EDI.
Each of these processes can be very complex, particularly when you have many trading partners
each with its own requirements. That’s why a good, technically skilled staff is essential.
This includes:
1. surveying your community to understand each supplier’s level of EDI readiness;
2. developing and implementing a community communication plan to convey your program
goals and provide the education needed;
3. offering various EDI options such as web-based forms or Microsoft® Excel®-based forms for
those suppliers that are not ready to integrate EDI with their back-office systems; and
4. supporting each supplier through the start-up process
EDI programs must continually change to meet your evolving business requirements. You may
add EDI document types, add EDI partners, or change communications settings. Be prepared with
the skilled personnel required to handle these changes. You will need to invest in skilled
personnel for the ongoing management of your EDI program in order to:
• Monitor and troubleshoot communications and data issues to ensure documents continue to
flow;
• Respond to inquiries from trading partners 24x7 as issues arise;
• Report on trading partner activity and system usage and
• Make updates to translation maps and/or communications protocols as you or your partners
add new documents, make changes to current documents, or upgrade their communications
processes.
Page 71 of 139
B2B Managed Services Model
The alternative to the do-it-yourself approach is to use the services of a B2B Managed Services
Provider that provides expertise, technical infrastructure, and program and process support on your
behalf. With a B2B Managed Services approach you offload all the day-to-day operations of your
EDI program to a third party who provides all the services needed, including:
• Integration with your in-house systems;
• Connectivity and protocol mediation with all your trading partners (your customers, suppliers,
logistics providers, financial institutions);
• Data translation to and from your document format and the document format of your trading
partners;
• Working with each trading partner to fully integrate their processes with yours, including
setup, testing, communications monitoring, and 24x7 Help Desk support for you and your
trading partners;
• Community rollout and enablement services; and
• Reporting of trading partner activity and system usage.
With B2B Managed Services, you no longer need to manage and/or purchase upgrades to your
B2B hardware and software. In addition, if you already have an in-house EDI program in place,
then moving to a B2B Managed Services approach enables you to redeploy the personnel
currently assigned to the EDI program to support other business needs.
Typically, you pay an up-front implementation fee and then an ongoing monthly fee that is based
upon the volume of your EDI document transactions.
Of course, no two companies’ business needs are identical. A solution that meets the needs of one
company may not work for another. But one of these three general approaches can be tailored
precisely for the challenges that your company must meet in order to adapt, grow, and excel in
today’s ever- evolving business environment. All companies now have the opportunity to trade
electronically with
100 percent of their trading partners. Easy-to-use options are available that eliminate earlier
barriers to full participation by small and medium-size trading partners. These options include
customized web based forms and direct integration with Excel or other accounting software. All
companies, big and small, can now realize the benefits of using EDI as a core technology
component in streamlining their procurement, receiving, invoicing, and payment processes.
Moreover, these internet-based options are available worldwide. Therefore, companies that want
to leverage emerging markets can now utilize EDI to communicate electronically everywhere in
the world, despite the complexities of different time zones, regulations, and languages.
Page 72 of 139
Internet
The Internet is a worldwide, publicly accessible series of interconnected computer networks
that transmit data by packet switching using the standard Internet Protocol (IP). It is a
“network of networks” that consists of millions of smaller domestic, academic, business, and
government networks, which together carry various information and services, such as
electronic mail, online chat, file transfer, and the interlinked web pages and other resources of
the World Wide Web (WWW).
The Internet and the World Wide Web are not synonymous:
The Internet is a collection of interconnected computer networks, linked by copper wires,
fiber-optic cables, wireless connections, etc.
In contrast, the Web is a collection of interconnected documents and other resources,
linked by hyperlinks and URLs. The World Wide Web is one of the services accessible
via the Internet, along with various others including e-mail, file sharing, online gaming
etc.
America Online, Safaricom, etc. are examples of Internet service providers. They make it
physically possible for you to send and access data from the Internet. They allow you to send
and receive data to and from their computers or routers which are connected to the Internet.
The server software for the World Wide Web is called an HTTP server (or informally a Web
server). Examples are Apache and IIS. The client software for World Wide Web is called a
Web browser. Examples are: Netscape, Internet Explorer, Safari, Firefox, and
Mozilla. These examples are particular “brands” of software that have a similar function.
Internet Structure
The Internet is an international network of computers connected by wires such as telephone
lines. Businesses, government offices, learning institutions and homes use the Internet to
communicate with one another. You have access to the Internet when you work in one of this
university’s computer labs. You also may have access at home or in your residence hall. If
not, you can obtain access once you have three things.
First, you need a computer and a modem, a device that allows you to connect your
computer with the Internet. Many new computers have built-in modems.
Second, you need a browser, a piece of software that allows you to view information on
the Internet. Many new computers also come with a browser, usually Internet Explorer.
You also can download other browsers such as Firefox, Google Chrome, Netscape
Navigator, from the Internet for free.
Finally, you need to subscribe to an Internet Service Provider, or ISP, such as
Safaricom.
Page 73 of 139
One popular component of the Internet is electronic mail, or e-mail, which people at separate
locations can use to send messages to one another.
In addition to allowing people to send e-mail messages to one another, the Internet also
allows organizations and individuals to post information about themselves so that others can
see it. For example, many companies post pictures and descriptions on World Wide Web
sites. In fact, you can set up your own World Wide Web site by reserving space on a server.
The Internet is a dynamic and volatile system endowed with a number of traits. These are:
1. Technological neutrality. The Internet joins together computers of various sizes and
architectures. They may run on various operating systems and utilise a great variety of
communication links.
2. Built-in piecemeal change and evolution. The Internet is not a one-off development. It
is an energetic, polycentric, complex, growing, and self-refining system. It is a network
which is geared to expansion and growth. It is a system which scales up extremely well.
3. Robustness and reliability. All basic technical features of the Net such as the TCP/IP
(transfer control protocol/internet protocol), the multiplicity of routes followed by the
packet-switched data, and the robustness of related software are designed to eliminate
errors, to handle unexpected interruptions and interferences, to advise users of
encountered difficulties and to recover gracefully from any disasters and down-times.
4. Low cost. The Internet makes new uses of old technologies (standalone computers,
operating systems, telecommunication networks). Whenever possible, Internet operations
piggyback on already existing solutions. They rely on modularised, configurable, easy-to-
replace, and easy-to-upgrade off-the-shelf software and hardware.
5. Ubiquity. The robustness, modularisation and low cost of the system is coupled with the
growing densities of dedicated computer lines, network backbones, as well as wired and
wireless phone networks. This means that Internet-enabled tools are deployed in ever
growing numbers in an ever widening range of environments.
UNIX
Unix was one of the first operating systems which embodied the principle of multitasking
(time-sharing). In most general terms it means that several users could simultaneously
operate within a single environment and that the system as a whole coped well with this
Page 74 of 139
complicated situation. Unix was the first operating system which demonstrated in practical
terms robustness and tolerance for the variety of its users’ simultaneous activities.
Email
Email is the first of the Internet’s tools dedicated to the provision of fast, simple and global
communication between people. This revolutionary client/server software implied for the first
time that individuals (both as persons and roles) could have their unique electronic addresses.
Within this framework messages were now able to chase their individual recipients anywhere
in the world.
The initial format of email communication was that of a one-to-one exchange of electronic
messages. This simple function was subsequently augmented by email’s ability to handle
various attachments, such as documents with complex formatting, numbers and graphic files.
Later, with the use of multi-recipient mailing lists electronic mail could be used for simple
multicasting of messages in the form of one-to-many transmissions.
Usenet Newsgroups
Usenet (Unix Users Network), the wide-area array of sites collating and swapping UUCP-
based messages was pioneered in 1979. Usenet was originally conceived as a surrogate for
the Internet (then called ARPANET). It was to be used by people who did not have ready
access to the TCP/IP protocol and yet wanted to discuss their various Unix tools. It was only
in 1987 that the NNTP (Network News Transfer Protocol) was established in order to enable
Usenet to be carried on the Internet (i.e. TCP/IP) networks (Laursen 1997).
Telnet
The networking tool called Telnet was invented in 1980 (Postel 1980). It allowed people
(with adequate access rights) to login remotely into any networked computer in the world and
to employ the usual gamut of computer commands. Thereby files and directories could be
established, renamed and deleted; electronic mail read and dispatched; Usenet flame wars
indulged in; and statistical packages run against numeric data - all at a distance. Moreover,
results of all these and other operations could be remotely directed to a printer or via FTP to
another networked computer. In short, Telnet gave us the ability to engage in long distance
man-machine transactions, that is, ability to do the work as telecommuters.
Secondly, FTP archives promoted the use of anonymous login (i.e. limited public access)
techniques as a way of coping with the mounting general requests for access to the archived
information. That novel technique placed electronic visitors in a strictly circumscribed work
environment. There they could browse through data subdirectories, copy relevant files, as
well as deposit (within the context of a dedicated area) new digital material. However, the
FTP software would not let them wander across other parts of the host, nor did the visitors
have the right to change any component part of the accessed electronic archive.
Thirdly, the rapid proliferation in the number of public access FTP archives all over the world
necessitated techniques for keeping an authoritative, up-to-date catalogue of their contents.
This was accomplished through the Archie database (Deutsch et al. 1995) and its many
Page 75 of 139
mirrors. Archie used an automated process which periodically scanned the entire contents of
all known “anonymous FTP” sites and report findings back to its central database.
This approach, albeit encumbered by the need to give explicit instructions as to which of the
FTP systems need to be monitored, nevertheless integrated a motley collection of online
resources into a single, cohesive, distributed information system.
Gopher
Gopher client/server software was used for the first time in 1991 (La Tour; Liu, C. et al.
1994). It was a ground-breaking development on two accounts.
Firstly, it acted as a predictable, unified environment for handling an array of other
electronic tools, such as Telnet, FTP and WAIS.
Secondly, Gopher acted as electronic glue which seamlessly linked together archipelagos
of information tracked by and referenced by other gopher systems. In short, Gopher was
the first ever tool capable of the creation and mapping of a rich, large-scale, and infinitely
extendable information space.
The interlocking features of the hypertext, URLs and the Mark-up language, have laid
foundations for today’s global, blindingly fast and infinitely complex cyberspace. Moreover,
the World Wide Web, like gopher before it, was also a powerful electronic glue which
smoothly integrated not only most of the existing Internet tools (Email, Usenet, Telnet,
Listservs FTP, IRC, and Gopher (but, surprisingly, not WAIS), but also the whole body of
online information which could accessed by all those tools. However, the revolutionary
strengths of the Web have not been immediately obvious to the most of the Internet
Page 76 of 139
community, who initially regarded the WWW as a mere (and possibly clumsy) variant of the
then popular Gopher technology. This situation has changed only with the introduction of
PC-based Web browsers with user-friendly, graphics-interfaces.
These are:
a. an ability to handle multi-format, or multimedia (numbers, text, images, animations,
video, sound) data within the framework of a single online document;
b. the ability to configure and modify the appearance of received information in a manner
which best suits the preferences of the reader;
c. the ability to use the browser as a WYSIWYG (“what you see is what you get”) tool for
crafting and proofreading of the locally created HTML pages on a user’s PC;
d. ability to acquire, save and display the full HTML source code for any and all of the
published web documents.
Protocol Layering
To communicate using the Internet system, a host must implement the layered set of
protocols comprising the Internet protocol suite. A host typically must implement at least one
protocol from each layer.
Application Layer
The Application Layer is the top layer of the Internet protocol suite. The Internet suite does
not further subdivide the Application Layer, although some application layer protocols do
contain some internal sub-layering. The application layer of the Internet suite essentially
combines the functions of the top two layers - Presentation and Application – of the OSI
Reference Model. The Application Layer in the Internet protocol suite also includes some of
the function relegated to the Session Layer in the OSI Reference Model.
We distinguish two categories of application layer protocols: user protocols that provide
service directly to users, and support protocols that provide common system functions. The
most common
Page 77 of 139
There are a number of other standardized user protocols and many private user protocols.
Support protocols, used for host name mapping, booting, and management include SNMP,
BOOTP, TFTP, the Domain Name System (DNS) protocol, and a variety of routing
protocols.
Transport Layer
The Transport Layer provides end-to-end communication services. This layer is roughly
equivalent to the Transport Layer in the OSI Reference Model, except that it also
incorporates some of OSI’s Session Layer establishment and destruction functions.
Internet Layer
All Internet transport protocols use the Internet Protocol (IP) to carry data from source host to
destination host. IP is a connectionless or datagram internetwork service, providing no end-
to-end delivery guarantees. IP datagrams may arrive at the destination host damaged,
duplicated, out of order, or not at all. The layers above IP are responsible for reliable delivery
service when it is required. The IP protocol includes provision for addressing, type-of-service
specification, fragmentation and reassembly, and security.
The Internet Group Management Protocol (IGMP) is an Internet layer protocol used for
establishing dynamic host groups for IP multicasting.
Link Layer
To communicate on a directly connected network, a host must implement the communication
protocol used to interface to that network. We call this a Link Layer protocol. Some older
Internet documents refer to this layer as the Network Layer, but it is not the same as the
Network Layer in the OSI Reference Model.
This layer contains everything below the Internet Layer and above the Physical Layer (which
is the media connectivity, normally electrical or optical, which encodes and transports
messages). Its responsibility is the correct delivery of messages; among which it does not
differentiate.
Protocols in this Layer are generally outside the scope of Internet standardization; the Internet
(intentionally) uses existing standards whenever possible. Thus, Internet Link Layer
Page 78 of 139
standards usually address only address resolution and rules for transmitting IP packets over
specific Link Layer protocols.
Networks
The constituent networks of the Internet system are required to provide only packet
(connectionless) transport. According to the IP service specification, datagrams can be
delivered out of order, be lost or duplicated, and/or contain errors.
For reasonable performance of the protocols that use IP (e.g., TCP), the loss rate of the
network should be very low. In networks providing connection-oriented service, the extra
reliability provided by virtual circuits enhances the end-end robustness of the system, but is
not necessary for Internet operation.
Routers
In the Internet model, constituent networks are connected together by IP datagram forwarders
which are called routers or IP routers. In this document, every use of the term router is
equivalent to IP router. Many older Internet documents refer to routers as gateways.
Historically, routers have been realized with packet-switching software executing on a
general-purpose CPU. However, as custom hardware development becomes cheaper and as
higher throughput is required, special purpose hardware is becoming increasingly common.
This specification applies to routers regardless of how they are implemented.
The term “router” derives from the process of building this route database; routing protocols
and configuration interact in a process called routing. The routing database should be
maintained dynamically to reflect the current topology of the Internet system. A router
normally accomplishes this by participating in distributed routing and reachability algorithms
with other routers.
Routers provide datagram transport only, and they seek to minimize the state information
necessary to sustain this service in the interest of routing flexibility and robustness.
Page 79 of 139
Packet switching devices may also operate at the Link Layer; such devices are usually called
bridges. Network segments that are connected by bridges share the same IP network prefix
forming a single IP subnet. These other devices are outside the scope of this document.
The World Wide Web is a huge set of interlinked documents, images and other resources,
linked by hyperlinks and URLs. These hyperlinks and URLs allow the web servers and other
machines that store originals, and cached copies, of these resources to deliver them as
required using HTTP (Hypertext Transfer Protocol). HTTP is only one of the communication
protocols used on the Internet. Web services also use HTTP to allow software systems to
communicate in order to share and exchange business logic and data.
Software products that can access the resources of the Web are termed user agents. In normal
use, web browsers, such as Internet Explorer and Firefox, access web pages and allow users
to navigate from one to another via hyperlinks. Web documents may contain almost any
combination of computer data including photographs, graphics, sounds, text, video,
multimedia and interactive content including games, office applications and scientific
demonstrations.
Through keyword-driven Internet research using search engines like Yahoo! and Google,
millions of people worldwide have easy, instant access to a vast and diverse amount of online
information. Compared to encyclopaedias and traditional libraries, the World Wide Web has
enabled a sudden and extreme decentralization of information and data.
It is also easier, using the Web, than ever before for individuals and organizations to publish
ideas and information to an extremely large audience. Anyone can find ways to publish a web
page or build a website for very little initial cost. Publishing and maintaining large,
professional websites full of attractive, diverse and up-to-date information is still a difficult
and expensive proposition, however.
Many individuals and some companies and groups use “web logs” or blogs, which are largely
used as easily updatable online diaries. Some commercial organizations encourage staff to fill
them with advice on their areas of specialization in the hope that visitors will be impressed by
the expert knowledge and free information, and be attracted to the corporation as a result.
One example of this practice is Microsoft, whose product developers publish their personal
blogs in order to pique the public’s interest in their work.
Page 80 of 139
Collections of personal web pages published by large service providers remain popular, and
have become increasingly sophisticated. Advertising on popular web pages can be lucrative,
and e-commerce or the sale of products and services directly via the Web continues to grow.
Remote access
The Internet allows computer users to connect to other computers and information stores
easily, wherever they may be across the world. They may do this with or without the use of
security, authentication and encryption technologies, depending on the requirements. This is
encouraging new ways of working from home, collaboration and information sharing in
many industries. An accountant sitting at home can audit the books of a company based in
another country, on a server situated in a third country that is remotely maintained by IT
specialists in a fourth. These accounts could have been created by home-working
bookkeepers, in other remote locations, based on information e-mailed to them from offices
all over the world. Some of these things were possible before the widespread use of the
Internet, but the cost of private leased lines would have made many of them infeasible in
practice. An office worker away from his desk, perhaps on the other side of the world on a
business trip or a holiday, can open a remote desktop session into his normal office PC using
a secure Virtual Private Network (VPN) connection via the Internet. This gives the worker
complete access to all of his or her normal files and data, including e-mail and other
applications, while away from the office.
Collaboration
The low cost and nearly instantaneous sharing of ideas, knowledge, and skills has made
collaborative work dramatically easier. Not only can a group cheaply communicate and test,
but the wide reach of the Internet allows such groups to easily form in the first place, even
among niche interests.
Version control systems allow collaborating teams to work on shared sets of documents
without either accidentally overwriting each other’s work or having members wait until they
get “sent” documents to be able to add their thoughts and changes.
File sharing
A computer file can be e-mailed to customers, colleagues and friends as an attachment. It can
be uploaded to a website or FTP server for easy download by others. It can be put into a
“shared location” or onto a file server for instant use by colleagues. The load of bulk
downloads to many users can be eased by the use of “mirror” servers or peer-to-peer
networks.
In any of these cases, access to the file may be controlled by user authentication; the transit of
the file over the Internet may be obscured by encryption, and money may change hands
before or after access to the file is given.
Internet collaboration technology enables business and project teams to share documents,
calendars and other information. Such collaboration occurs in a wide variety of areas
including scientific research, software development, conference planning, political activism
and creative writing.
Page 81 of 139
Streaming media
Many existing radio and television broadcasters provide Internet “feeds” of their live audio
and video streams (for example, the BBC). They may also allow time-shift viewing or
listening such as Preview, Classic Clips and Listen Again features. These providers have
been joined by a range of pure Internet “broadcasters” who never had on-air licenses.
Internet access
Common methods of home access include dial-up, landline broadband (over coaxial cable,
fibre optic or copper wires), Wi-Fi, satellite and 3G technology cell phones. Public places to
use the Internet include libraries and Internet cafes, where computers with Internet
connections are available. There are also Internet access points in many public places such as
airport halls and coffee shops, in some cases just for brief use while standing. Many hotels
now also have public terminals, though these are usually fee-based. These terminals are
widely accessed for various usage like ticket booking, bank deposit, online payment etc. Wi-
Fi provides wireless access to computer networks, and therefore can do so to the Internet
itself.
Hotspots providing such access include Wi- Fi cafes, where would-be users need to bring
their own wireless-enabled devices such as a laptop or PDA. These services may be free to
all, free to customers only, or fee-based. A hotspot need not be limited to a confined location.
A whole campus or park, or even an entire city can be enabled. Grassroots efforts have led to
wireless community networks.
Marketing
The Internet has also become a large market for companies; some of the biggest companies
today have grown by taking advantage of the efficient nature of low-cost advertising and
commerce through the Internet, also known as e-commerce. It is the fastest way to spread
information to a vast number of people simultaneously. The Internet has also subsequently
revolutionized shopping, for example; a person can order a CD online and receive it in the
mail within a couple of days, or download it directly in some cases. The Internet has also
greatly facilitated personalized marketing which allows a company to market a product to a
specific person or a specific group of people more so than any other advertising medium.
Page 82 of 139
Intranet Commerce
The Internet has captured world attention in recent years. In reality, growth of internal
networks based on Internet technologies known as the Intranet is outpacing the growth of the
global Internet itself.
An Intranet is a company-specific network that uses software programs based on the Internet
TCP/IP protocol and common Internet user interfaces such as the web browser.
Page 83 of 139
TCP/IP exists as an open standard, anyone can use and develop new applications on top of
TCP/IP. It can manage almost all the network tasks on the Intranet and Internet. It is also the
only protocol required to ensure that the computer systems and communications and
networking software are interoperable.
Cross-platform
Many corporate computing environments use different computing platforms. The capability
to exchange information across platforms is crucial. The Intranet enables companies to unify
communication within a multi-platform environment. Hence, companies can mix and match
platforms as needed with no adverse effect on the overall environment. Within an Intranet,
universal browsers such as Google and Microsoft Internet Explorer enable the users to
perform the following tasks independent of the platforms used:
1. Create, view and revise documents
2. Participate in discussions and news groups
3. Interact with multimedia presentation
4. Gain access to the internet
Page 84 of 139
Putting manuals on-line is an example of how a company can reduce paper consumption and
hence costs. Most companies have found that hundreds of paper-based applications can be
eliminated using Intranets.
Immediate delivery
Information delivered using an Intranet becomes available almost instantaneously throughout
the entire organization. With HTML form-support, users may even fill out forms, post sign-
up sheets and schedules on the Intranet. Information can move much more quickly and
effectively by removing the need for human intervention. For example, an employee can
make a request for taking leave on an Intranet. The request form can be filled out and
submitted electronically and can reach the concerned parties in seconds.
Open standards
Internet technologies follow a set of open standards, which facilitate software developers to
develop cost effective and easy-to-implement Intranet solutions. Users can choose from a
number of vendors for software products. The growth of Internet technologies provides
companies with a greater pool of resources to develop their own Intranets. Conversely,
traditional GroupWare products have a more limited range of compatible products and fewer
specially trained consultants to install and administer them.
Scalability
Since Intranets are based on Internet technologies, size is not a limitation with Intranets.
Unlike traditional GroupWare products, which often charge on a per-client basis, Intranets
use open systems to distribute information. The only per-client cost associated with Intranets
is the cost of the browsers.
Page 85 of 139
Internet standard mail, web servers, providing access to information, databases,
scheduling, etc.
threaded discussion groups
Multimedia using mime type
Virtual private network over public Internet
Internet Firewall Intranet
Internet/Intranet Applications
From blue-chip companies to one-person start-ups, the Internet and its related technologies
have provided new opportunities and new ways of doing business. Web based systems have
enabled organizations to provide maintainable, secure global access to their data and
applications. The ease of deployment over the web has made such applications very attractive
for enterprise systems.
Any device which has a web browser can potentially utilize an internet/intranet application.
These applications are no longer restricted to the traditional PC user running Windows, but
are also available for PDAs and mobile phones. The introduction of Web Services has
widened the scope of web-based applications by allowing other systems to interact with them.
Extranet
An extranet is a private network that uses Internet protocols, network connectivity, and
possibly the public telecommunication system to securely share part of an organization’s
information or operations with suppliers, vendors, partners, customers or other businesses.
An extranet can be viewed as part of a company’s Intranet that is extended to users outside
the company (e.g.: normally over the Internet). It has also been described as a “state of mind”
in which the Internet is perceived as a way to do business with a pre-approved set of other
company’s business-to-business (B2B), in isolation from all other Internet users. In contrast,
business-to-consumer (B2C) involves known server(s) of one or more companies,
communicating with previously unknown consumer users.
An extranet can be understood as a private intranet mapped onto the Internet or some
other transmission system not accessible to the general public, but is managed by more than
one company’s administrator(s). For example, military networks of different security levels
may map onto a common military radio transmission system that never connects to the
Internet. Any private network mapped onto a public one is a virtual private network (VPN).
In contrast, an intranet is a VPN under the control of a single company’s administrator(s).
An argument has been made that “extranet” is just a buzzword for describing what
institutions have been doing for decades, that is, interconnecting to each other to create
private networks for sharing information. One of the differences that characterized an
extranet, however, is that its interconnections are over a shared network rather than through
dedicated physical lines. With respect to Internet Protocol networks, RFC 4364 states “If all
the sites in a VPN are owned by the same enterprise, the VPN is a corporate intranet.
If the various sites in a VPN are owned by different enterprises, the VPN is an extranet. A
site can be in more than one VPN; e.g., in an intranet and several extranets. We regard both
intranets and extranets as VPNs. In general, when we use the term VPN we will not be
distinguishing between intranets and extranets. Even if this argument is valid, the term
“extranet” is still applied and can be used to eliminate the use of the above description.”
Page 86 of 139
Features of Extranet
These are the broad attributes shared by most Extranets, Extranets vary dramatically in their
design and implementation. They can be employed in a wide variety of environments and for
very different purposes, like:
Sharing case information
Sharing of case-related documents—many Extranets contain document
repositories that can be searched and viewed by both lawyer and client online
Calendaring—key dates and scheduling of hearings and trials can be shared on-line
Providing firm contact information
Acting as a “work flow engine” for various suppliers
Providing access to firm resources remotely
Sharing time and expense information
Industry use
Companies can use an extranet to:
Exchange large volumes of data using Electronic Data Interchange (EDI)
Share product catalogs exclusively with wholesalers or those “in the trade”
Collaborate with other companies on joint development efforts
Jointly develop and use training programs with other companies
Provide or access services provided by one company to a group of other companies, such
as an online banking application managed by one company on behalf of affiliated banks
Share news of common interest exclusively with partner companies
Extranet applications
An extranet application is a software data application that provides limited access to your
company’s internal data by outside users such as customers and suppliers. The limited access
typically includes the ability to order products and services, check order status, request
customer service and much more.
Page 87 of 139
A properly developed extranet application provides the supply chain connection needed with
customers and suppliers to dramatically lessen routine and time consuming communications.
Doing so frees up resources to concentrate on customer service and expansion as opposed to
administrative office tasks such as data entry.
Disadvantages
1. Extranets can be expensive to implement and maintain within an organization (e.g.:
hardware, software, employee training costs) — if hosted internally instead of via an
ASP.
2. Security of extranets can be a big concern when dealing with valuable information.
System access needs to be carefully controlled to avoid sensitive information falling into
the wrong hands.
3. Extranets can reduce personal contact (face-to-face meetings) with customers and
business partners. This could cause a lack of connections made between people and a
company, which hurts the business when it comes to loyalty of its business partners and
customers
Page 88 of 139
Security Threats to E-Commerce
In person-to-person transactions, security is based on physical cues. Consumers accept the
risks of using credit cards in places such as department stores because they can see and touch
the merchandise and make judgments about the store. On the Internet, without those physical
cues, it is much more difficult for customers to assess the safety of a business. Security is
crucial for running an online business.
Cybersecurity is one of the most important ecommerce features. Without the proper
protocols, online store owners put themselves and their customers at risk for payment fraud.
Not only is hacking a huge risk for online retailers, but accepting a fraudulent payment is
dangerous as well because owners will have to refund the charges.
Outside of financial consequences, data breaches harm an online store's reputation. Loyal
customers are reluctant to continue shopping at an online store that put their information at
risk in the past.
There are many types of online fraud, but they can be broadly categorized into two
categories:
Account takeover: Most ecommerce stores provide customers with accounts that store
personal information, financial data and purchase history. Perpetrators often hack into
these accounts through phishing schemes. In one of the most common tactics, fraudsters
send emails to trick customers into revealing usernames and passwords. They then log
into your customers’ accounts, change the passwords and make unauthorized purchases.
Identity theft: Although most businesses take many precautions to secure customer data,
fraudsters still manage to hack into databases and steal usernames, passwords, credit card
numbers and other personal information. Hackers often sell credit card numbers to other
scammers, who then open accounts with online retailers.
Security Threats
1. Spoofing: The low cost of Web site creation and the ease of copying existing ones makes
it all too easy to create illegitimate sites that appear to be operated by established
organizations. Con artists have illegally obtained credit card numbers by setting up-
professiona1-Iooking Web sites that mimic legitimate businesses.
2. Phishing: Phishing is an attempt by a third party to solicit confidential information from
an individual, group, or organization by mimicking, or spoofing, a specific, usually well-
known brand, usually for financial gain. Phishers attempt to trick users into disclosing
personal data, such as credit card numbers, online banking credentials, and other sensitive
information, which they may then use to commit fraudulent acts.
3. Unauthorized disclosure: When purchasing information is transmitted “in the clear,”
without proper security and encryption, hackers can intercept the transmissions to obtain
customers’ sensitive information such ‘as credit card numbers.
4. Unauthorized action: A competitor or disgruntled customer can alter a Web site so that
it malfunctions or refuses service to potential clients.
Page 89 of 139
5. Eavesdropping: The private content of a transaction, if unprotected, can be intercepted
en route over the Internet.
6. Data alteration: The content of a transaction can be not only intercepted, but also altered
en-route, either maliciously or accidentally. User names, credit card numbers, and dollar
amounts sent without proper security and encryption are all vulnerable to such alteration.
The process of addressing the general security issues narrows down to the following goals:
1. Authentication: Customers must be able to assure themselves that they are in fact doing
business with you and not a “spoof’ site masquerading as a genuine site.
2. Confidentiality: Sensitive information and transactions on a Web site, such as the
transmission of credit card information, must be kept private and secure.
3. Data integrity: Communication between merchants and customers must be protected
from alteration by third parties on transmission on the Internet.
4. Proof of communication: A person must not be able to deny that he/she sent a secured
communication or made an online purchase.
Page 90 of 139
passwords with at least one special character and a capitalization are more secure. If
implementing stricter password standards, let customers know it's for their protection.
8. Conduct a risk assessment: There are security areas online store owners don't think
about every day. Store owners need to understand which types of data are at the most risk
and the kinds of systems they can implement to prevent online fraud.
9. Choose a secure ecommerce platform. Put your ecommerce site on a platform that uses
sophisticated tools.
10. Don't store sensitive data: There is no reason to store thousands of records on your
customers, especially credit card numbers, expiration dates and CVV (card verification
value) codes
11. Set up system alerts for suspicious activity: Set an alert notice for multiple and
suspicious transactions coming through from the same IP address
Page 91 of 139
Secure Payment Protocols
SSL is a protocol (piece of network software) that allows secure connections to be made
between computers across a network such as the Internet. SSL is a global standard security
technology developed by Netscape in 1994. It creates an encrypted link between a web server
and a web browser. The link ensures that all data passed between the web server and browser
remains private and secure and is recognised by millions of consumers through a secure
padlock icon which appears in their browser.
The SSL protocol is used by millions of e-business providers to protect their customers
ensuring their online transactions remain confidential. In order to be able to use the SSL
protocol, a web server requires the use of an SSL certificate. Certificates are provided
by Certification Authorities (CA) who in most cases also offers additional products and
services to aid e-businesses to demonstrate that they are trustworthy.
Consumers have come to associate the 'golden padlock' that appears within their browser
display, with trust in a website. This simple fact gives e-business providers an opportunity to
influence that increased trust level to turn visitors into paying customers.
SSL provides a secure channel to between the consumer and the merchant for exchanging
payment information. This means any data sent through this channel is encrypted, so that no
one other than these two parties will be able to read it.
When your web browser switches to a secure connection the 'HTTP' in the address bar will
change to 'HTTPS'.
In addition to encryption, SSL connections can use digital certificates to authenticate both
computers to eliminate 'spoofing' (an unauthorised server pretending to impersonate a secure
server). SSL Certificates are issued to either companies or legally accountable individuals.
Typically a SSL Certificate will contain your domain name, your company name, your
address, your city, your state and your country. It will also contain the expiry date of the
Certificate and details of the Certification Authority responsible for the issuance of the
Certificate.
Only certificates issued by High Assurance certification authorities will actually display those
company details that your customers will reply upon when making a purchase
The SSL protocol, widely deployed today on the Internet, has helped create a basic level of
security sufficient for many people to begin conducting business over the Web.
SSL is implemented in most major Web browsers used by consumers, as well as in merchant
server software, which supports the seller's virtual storefront in cyberspace. Hundreds of
millions of dollars are already changing hands when cybershoppers enter their credit card
numbers on Web pages secured with SSL technology.
Page 92 of 139
Expiry Date
When a browser connects to a secure site it will retrieve the site's SSL Certificate and check
that it has not expired, has been issued by a Certification Authority the browser trusts, and is
being used by the website for which it has been issued.
Vendors should purchase a multi-year certificate to minimise set-up costs and demonstrate to
their customers that the business will be around in the years to come.
As much as SSL can give us confidential communications, it also introduces huge risks:
The cardholder is protected from eavesdroppers but not from the merchant. Some
merchants are dishonest: pornographers have charged more than advertised price,
expecting their customers to be too embarrassed to complain. Some others are just
hackers who put up a flashy illegal Web site and profess to be the XYZ Corp., or
impersonate the XYZ Corp. and collecting credit card numbers for personal use.
The merchant is not protected from dishonest customers who supply an invalid credit card
number or who claim a refund from their bank without cause. Contrary to popular belief,
it is not the cardholder but the merchant who has the most to lose from fraud. Legislation
in most countries protects the consumer.
Page 93 of 139
With SET, a user is given an 'electronic wallet' (digital certificate) and a transaction is
conducted and verified using a combination of digital certificates and digital signatures
among the purchaser, the vendor, and the purchaser's bank in a way that ensures privacy and
confidentiality. SET uses SSL.
Cryptography includes techniques such as microdots, merging words with images, and other
ways to hide information in storage or transit. However, in today's computer-centric world,
cryptography is most often associated with scrambling plaintext (ordinary text, sometimes
referred to as clear text) into ciphertext (a process called encryption), then back again (known
as decryption).
Page 94 of 139
4) Authentication (the sender and receiver can confirm each other’s identity and the
origin/destination of the information)
Private keys play important roles in both symmetric and asymmetric cryptography.
Most cryptographic processes use symmetric encryption to encrypt data transmissions but use
asymmetric encryption to encrypt and exchange the secret key.
Symmetric encryption, also known as private key encryption, uses the same private key for
both encryption and decryption.
The risk in this system is that if either party loses the key or the key is intercepted, the system
is broken and messages cannot be exchanged securely.
Asymmetric cryptography, also known as public key encryption, uses two different but
mathematically linked keys. The complexity and length of the private key determine how
feasible it is for an interloper to carry out a brute force attack and try out different keys until
the right one is found.
The challenge for this system is that significant computing resources are required to create
long, strong private keys.
Public Key
In cryptography, a public key is a value provided by a designated authority as
an encryption key. A system for using public keys is called a public key infrastructure (PKI).
The Public-Key Cryptography Standards (PKCS) are a set of inter-vendor standard protocols
for making possible secure information exchange on the Internet using a public key
infrastructure (PKI).
When combined with a private key that is mathematically linked to the public key, messages
and digital signatures can be effectively encrypted. The use of combined public and private
keys is known as asymmetric cryptography.
Digital Certificate
A digital certificate is an electronic "passport" that allows a person, computer or organization
to exchange information securely over the Internet using the public key infrastructure (PKI).
A digital certificate may also be referred to as a public key certificate.
Page 95 of 139
To provide evidence that a certificate is genuine and valid, it is digitally signed by a root
certificate belonging to a trusted certificate authority. Operating systems and browsers
maintain lists of trusted CA root certificates so they can easily verify certificates that the CAs
have issued and signed. When PKI is deployed internally, digital certificates can be self-
signed.
Digital Signature
A digital is a mathematical technique used to validate the authenticity and integrity of a
message, software or digital document.
The digital equivalent of a handwritten signature or stamped seal, but offering far more
inherent security. A digital signature is intended to solve the problem of tampering and
impersonation in digital communications.
Digital signatures can provide the added assurances of evidence to origin, identity and status
of an electronic document, transaction or message, as well as acknowledging informed
consent by the signer.
In many countries digital signatures have the same legal significance as the more traditional
forms of signed documents.
To create a digital signature, signing software (such as an email program) creates a one-way
hash of the electronic data to be signed. The private key is then used to encrypt the hash. The
encrypted hash along with other information, such as the hashing algorithm is the digital
signature.
The reason for encrypting the hash instead of the entire message or document is that a hash
function can convert an arbitrary input into a fixed length value, which is usually much
shorter. This saves time since hashing is much faster than signing.
Digital Switch
A digital switch is a device that handles digital signals generated at or passed through a
telephone company central office and forwards them across the company's backbone
network. It receives the digital signals from the office's channel banks that have been
converted from users' analog signals and switches them with other incoming signals out to
the wide area network.
Strengths of SET
SET is safe since it addresses all the parties involved in typical credit card transactions:
consumers, merchants, and the banks.
Page 96 of 139
In order to process SET transactions, the merchants have to spend several million dollars
in equipment and services when they already have what are arguably sufficient security
provisions in SSL.
SET is a very comprehensive and very complicated security protocol. It has to be
simplified to be adopted.
Page 97 of 139
Electronic (Online) Payment Systems
One of the fundamental issues that any business, whether traditional or online, faces is that it
must ensure it is able to take payments from customers with the least amount of fuss. It is no
accident that retailers in the high street offer customers every available means of paying for
the goods they have chosen. On the Internet this is no different. Any business wishing to
make the most of E-Commerce and the move to a virtual market place must also offer
convenient payments methods for visitors to the virtual shop.
In order to be able to transact online there must be some system in place which allows
customers to input their order and payment details, and also allows the e-business to check
authentication (the person's identity), as well as actually receiving the payment. For any
payment processing to take place, the e-business must have a merchant bank account. A
merchant account is a bank account which allows businesses to accept credit card payments,
and as most e-businesses wish to accept credit card payments online, they will need
an Internet Merchant Account. There are different types of merchant accounts. Some
demand that the customer's signature must be collected while others don't.
There are two types of payment systems that an e-business (or traditional business for that
matter) must consider:
payments in - payments received from customers
payments out - payments made to suppliers
Payments In
These payments mainly come from retail customers and wholesale customers. In traditional
business these payments would be received in cash or cheque and physically deposited in the
merchant's bank. However, 1970s technology made it possible for these funds to be
transferred electronically from one account to another (in the same bank) and later, from one
bank to another. Using PCs and modems, businesses could directly access bank systems and
transfer funds through electronic funds transfer (EFT) and could also use computer
technology to handle invoices and payments for goods and services using electronic data
interchange (EDI).
By the end of the 70's, systems were in place which allowed payments to be received from
customers using direct debit and automatic teller machines. These systems have developed
and now allow a wide range of payment options including the most popular - credit card
payments.
Initially online payment by credit card was extremely risky for consumers since the personal
data was transmitted over the Internet with no great security. However, systems now exist to
ensure this data is invisible to other users and is sent only to bona fide businesses.
Payments Out
These are payments made to suppliers and also include payment for labour and to the
Government. Payment for labour is usually paid directly into employee bank accounts with
little difficulty or risk involved. However, payments to suppliers involve invoices, shipments
and are more difficult to control and monitor both traditionally and online.
Page 98 of 139
Using EDI together with EFT significantly reduces the expense of checking invoices and
paying suppliers. Payments can now be made using online banking services such as e-
cheques, and remittance information can be e-mailed at the same time.
Current electronic payment systems make use of:
Credit Cards
Digital Cash
Electronic Cheques
Electronic Funds Transfer (EFT)
Credit Cards
A credit card is a card issued by a financial company giving the holder an option to borrow
funds, usually at point of sale. Credit cards charge interest and are primarily used for short-
term financing.
Credit cards are linked to a bank account and when a customer uses a credit card to pay
online the vendor charges the goods to the linked bank account and the bank debits the
account.
Credit cards have become important sources of identification. When used wisely, a credit
card can provide convenience.
A simple E-Commerce site could simply include a form on its web site that customers can fill
in which would capture the customer's credit or debit card number as well as their order
details. This 'order' is then e-mailed to the organisation's server/ordering department. E-mails
are then checked regularly for incoming orders.
A full E-Commerce web site processes orders completely online - whereby the card is
verified and the funds are transferred automatically. Major credit card companies use
the Secure Electronic Transfer (SET) security system as a method to secure online
transactions.
An e-business must also consider whether it expects to have an international client base as the
credit/debit card system chosen must then be able to support multiple currencies.
All the current Internet browsers have built-in encryption to help make the process more
secure for the customer. Both Netscape's Navigator and Microsoft's Internet Explorer allow
any user to e-mail sensitive information such as credit card details, over the Internet.
Page 99 of 139
month by the due date on the balance. If the full balance for purchases is not paid off, interest
charges are applied. Interest charges will be applied from the date of the transaction for
balance transfers and/or cash advances.
Debit cards offer you a convenient way to withdraw money directly from your checking
account. This money is not a loan, and no interest is charged. You will not have to make any
minimum monthly payments. However, you must be careful not to charge more money than
you have available in your checking account.
Most debit cards do not charge annual fees; they may carry overdraft fees if there are
insufficient funds in the associated checking account. What makes debit cards convenient is
that there are no monthly payments on a balance and consequently, no late fees.
Digital Cash
Digital Cash (also known as e-currency, e-money, electronic cash, electronic currency, digital
money, digital currency, cyber currency) refers to a system in which a person can securely
pay for goods or services electronically without necessarily involving a bank to mediate the
transaction.
Users need specific software on their PC to enable them to download money from their bank
account into their cash wallet on their PC. When buying, consumers exchange the
downloaded money with the merchant for the product they want to buy. The merchant then
redeems this money at a bank that accepts e-cash deposits.
Online systems require that merchants must contact the bank's system with each sale. The
bank stores information on all digital cash that it has handled and can therefore indicate
whether a piece of digital cash is still 'good'. If the bank finds that the digital cash has already
been spent it will alert the merchant who can then refuse the sale. This system has similarities
to credit card verification systems.
There are currently two ways in which offline digital cash systems can help prevent
duplication of the e-cash. The first is to produce a tamper-proof smart card which keeps track
of the digital cash spent and will detect any attempt to duplicate digital cash and not allow it.
If this smart card is tampered with, it would permanently damage the card. The second way is
to encrypt the digital cash duplicated to identify the individual by the time the digital cash
reaches the bank.
The difference between offline anonymous digital cash and offline identified digital cash is
that the anonymous digital cash can only be traced if the digital cash is duplicated and spent.
If this is not the case then the original spender cannot be determined. However, with
identified offline digital cash, the trail can always be traced and the bank will always know
who bought what, where, and when. And if the bank knows - the tax man does too.
Issues
Although Digital Cash provides a host of features like ease-of-use, anonymity, efficiency
there are potential issues with its use like tax evasion, money laundering, and instability in
exchange rates and so on.
Electronic Cheques
An electronic cheque is an electronic copy (scanned image) of a real cheque, which is then
transferred by email. In addition to the cheque's 'real' signature, the transfer must be digitally
signed using the sender's private key to authenticate the transfer.
Micropayments
Micropayments (also known as Wallet systems) are extremely small payments made online
which are too small to be handled by credit card. Fractions of a penny or cent can be used to
buy, for example, a news item from an online newspaper, a stock market quote or a graphic
or cartoon.
To justify a large bill, consumers are often required to purchase multiple products or a bundle
with unwanted products. Information brokers of these low cost items have in the past suffered
from inadequate payment systems and high overhead costs of processing credit card
transactions, but micropayment systems have been created to overcome these problems
Smart Cards
Smart cards look just like traditional credit cards. However, they differ in that they have a
microchip embedded in their surface that can be used to store a wide range of information
about the holder of the card, or be used as a means of carrying electronic cash. They offer the
advantages of paying by cash, but with the convenience of paying by card.
Customers can load their card with cash and then use this to pay for goods in a merchant's
retail outlet, or on the merchant's web site. Card readers are available for retail outlets as well
as an attachment for PCs. This convenience gives a great advantage to smart cards.
Every business must ensure adequate levels of security for itself, as well as for its clients and
customers. The Internet can provide higher levels of customer security than the traditional
retail outlets in the high street. Nevertheless, it is still a matter of great concern to the vast
majority of would be online consumers.
Any business that is contemplating an E-Commerce move to the Internet, or one that already
has a presence, can enhance its security features to enable it to increase its own confidence
and, as a consequence, extend that security confidence to its customers. The main factors for
consideration are:
The means of ensuring security when payments are being made
The available forms of encryption that can be employed on the website
How websites can be protected from attack.
The bottom of traditional IT security has been about keeping company data safe from
outsiders but with e-business this is not the case - it's now about enticing outsiders in - and
this is where the security becomes more complex!
If a system is too secure then this could actually have a harmful effect as the system will be
slow and perhaps obstruct authorised users, but if it is not secure enough then anyone could
have access to it. The most logical solution is to have various layers of security depending on
user access. For example, a web browser needs only to read the information which must be
easily accessed, however a B2B relationship online will call for much stricter security
measures enabling parties to view confidential material such as stock levels or legal
documentation.
Therefore, an organisation must look at the whole supply chain with which it comes into
contact electronically. The table below shows different layers of security and possible
solutions.
Security Risks
In order to ensure security for your business and your customers, you need:
Privacy
To be able to clearly identify all parties in a transaction
To have complete integrity in that the information sent should not be altered in any way
Confidentiality - once the transaction has taken place, it should be erased from the
system.
There are many techniques used to overcome fraudulent activity such as data encryption and
password protection. E-Commerce businesses must weigh up the cost of such security
systems against the perceived risk to their business.
With the increase in online trading and corresponding payments comes an increase in
criminal activity. There are many ways in which financial information can be obtained and
used illegally. For example:
Operational Obtaining goods and services without paying
Loss or corruption of important data
Legal Impersonating messages
Vandalising of websites with offensive material
Copyright Theft
Financial Fraud
Corruption of financial data to divert payments or sell information
to others
Spoofing - mimicking a legitimate website to get bank account or
credit card details
Once you have a domain name, you will need a web hosting company that has the ability to
store your web pages on a server and to display your web pages on the Internet. You will
receive a user name and password so that you can modify, add and delete pages whenever
you like.
You can use also use an Internet Service Provider (ISP) i.e. AOL, Safaricom who
will provide you with free space for your web pages.
If you use your current ISP for your web pages the space is free. They will allow you to save
your web pages on their server (computer). There is no additional monthly charge. The free
web space is one of the features that are included in the monthly fee that you pay to them for
giving you the ability to access the Internet.
Keep in mind that if you use your current ISP's web space - your web address may be
"www.ISPname.com/yourname"
However, if you should decide to change ISP companies you will not be able to maintain the
same web address that they gave you because you would no longer have access to their
server.
The advantage to putting your web pages on an independent server is that they are
independent of your current ISP and therefore no matter who you use for your ISP service
(the company that provides you the ability to access the Internet), your web pages and web
address will not change. Once you get your own domain name (web address), you can have
anyone host your web site.
Creating a web page
There are two options of creating a web site
1. Create Your Own Web Site. The option saves web site designer costs and maintenance
costs as you can maintain it yourself. However you will need to get familiar with HTML
(language used to design web pages) or learn a software platform like WordPress or use a
WebSite Builder (plug and play) that will generate a web page for you automatically. You
will spend time looking for graphics and creating the page.
There are a variety of web site creation or web page editor (HTML - HyperText Markup
Language) programs available that allow you to create your own web pages. A few of the
2. Have a Web Site Designer Create Your Web Site for You. This option saves you lots of
time in learning HTML and frustration. However the costs of designing the web site are
higher.
Factors impacting Web site design, and how do they affect a site’s operation
The eight most important factors impacting Web site design are:
(a) Functionality: The site must have pages that load quickly, perform correctly, and send the
user to the requested information about the product offerings.
(b) Informational: The site must have links that the customer can find easily in order to
obtain information about the company and the products it offers.
(c) Ease of use: The site must have a simple foolproof navigation scheme.
(d) Redundant navigation: The site must have alternative paths to reach the same content.
(e) Ease of purchase: There should be no more than one or two clicks required for the
purchasing procedure.
(f) Multi-browser functionality: The site should work with the popular browsers.
(g) Simple graphics: The site should not use distracting graphics and/or sounds that the user
cannot control.
(h) Legible text: The site should avoid the use of backgrounds that distort text or make it
difficult to read.
InterNIC is responsible for the registration and the maintenance of com, net and org top-level
domain names in the World Wide Web. Therefore in order to get a domain name for your
business you must register with InterNIC.
Website testing
A website must be tested before going live. Complete testing of a website before going live
can help address issues before the system is revealed to the public. Issues such as the security
of the web application, the basic functionality of the site, its accessibility to handicapped
users and fully able users, its ability to adapt to the multitude of desktops, devices, and
operating systems, as well as readiness for expected traffic and number of users and the
ability to survive a massive spike in user traffic, both of which are related to load testing.
Metrics
Latency and throughput at the server are the two most important performance metrics that
Web Monitor measures. The rate at which HTTP requests are serviced represents the
connection throughput. However, because the size of objects varies significantly, throughput
is also measured in terms of bits (or bytes) per second. The time required to complete a
request is the latency at the server, which is one component of client response time. The
average latency at the server is the average execution time for handling the requests.
However, client response time also includes time spent communicating over the network, and
processing on the client machine (e.g., formatting the response). Thus, client-perceived
As an example, say you’re a business owner who sells jackets online. Your organizational
goal is to generate revenue through jacket sales, so one goal of your website is to get visitors
to buy jackets (a specific website visitor action). Your goal might be to sell 1000 jackets per
month through your website (which is both measurable and constrained by a specific time
frame), up from the 800 you sold last month (which is challenging, yet realistic).
Website Metrics
Website metrics are a way to measure how people are interacting with your website. When
you keep track of web metrics, you’ll be able to see what’s working on your site and what
needs improvement as far as web traffic and conversions go. Here are some metrics that you
should be tracking – no matter the purpose of your website:
Conversion Rate: This metric measures how many people are performing your website
visitor action. Conversion rate is given as a percentage, and is based on the number of
people who convert versus the number who leave your website without taking the desired
visitor action.
Exit Pages: This statistic lets you know what pages your visitors are exiting your website
from. This data, along with the conversion rate metric, can help you to optimize your
sales funnel. Know what pages within your sales funnel people are exiting on and
improve on those pages in order to maximize conversions (although, keep in mind that
some pages – like your “Thank You” page – are natural exits).
Unique Visitors: This numbers tells you the number of individual people who visit your
website in a given time period, usually daily. This is more significant than just measuring
When you measure your website metrics, you gain valuable information that will help you to
achieve the goals you’ve set.
Measuring Metrics
Given the importance of a website’s metrics, there are plenty of tools to choose from when it
comes to measurement. Google Analytics is free and perhaps the most popular tool for
measuring website metrics. Google Analytics not only lets you measure the success of your
website, but also lets you perform split testing, helping you to turn your analytics data into
actionable steps towards improvement.
Piwik is another free tool that can be hosted on your own web server. It offers many of the
same features as Google Analytics, but since it’s hosted on your server, you’re the only one
that sees the stats.
Several companies offer monitoring systems that can remotely check a website from several
geographic monitoring stations at selected intervals. If the monitoring system is unable to
reach the site, an email, cell phone or pager alert is sent to notify the site owner of the
problem. Monitoring services available include: Availability Monitoring, Performance
Monitoring, Link and Image Checking and Transaction Monitoring.
Many companies offer a free trial of their services, or even a free entry-level service. These
services are not always distinct - many companies offer more than one type of monitoring
service.
Availability Monitoring
When an e-commerce company is dependent on its Web Site, downtime is unacceptable, but
unfortunately it sometimes happens. It is essential that if it does happen, website owners are
informed and can take action before customers are affected and business is lost.
Performance Monitoring
Performance monitoring services can watch a web server 24 x 7 x 365 at an interval chosen
by the site owner, ensuring that the site is always available. They can also check that the site
is performing reliably and delivering content in full at a reasonable speed. The loading time
of each individual page element (e.g. text, images etc.) can be measured, giving the total
download time. This helps site owners understand of how their web site performs over time
and assists webmasters in assessing and improving the quality and speed of their site.
Secure web servers using the encrypted Secure Socket Layer (SSL) protocol can also be
accessed to ensure that users can use the secure data collection or payment areas of secure
sites. FTP and SMTP mail servers can also be monitored, so if a web site links to an FTP
server for downloading documents, or to a mail server for sending confirmation emails, then
these operations can be monitored.
Transaction Monitoring
Transaction and web application monitoring services check the availability and performance
of web transactions and the supporting web applications to ensure they are functioning
properly. These services provide realistic insight into what end-users are experiencing when
carrying out e-business transaction on a website.
Customer Behaviour
Website owners may also wish to monitor aspects of customer behaviour, for example,
the entry points where customers arrived at a site, the pages they looked at, including how
long they spent there and the keywords used when searching the site.
One popular application for monitoring customer behaviour is Google Analytics, a free
service offered by Google that generates detailed statistics about the visitors to a website.
Google Analytics is aimed at marketers rather than webmasters and technologists.
Website Usability
Usability is about ensuring that when users access your website they can find the information
they are looking for quickly and efficiently.
Your website must be easy to navigate
Pages should download quickly
Information should be easy to retrieve
No restrictions should be placed on users
Accessibility
Accessibility is about ensuring that all users can access your website, irrespective of any
disabilities they may have or what technology they are using. There are a number of things
you can do to make a website more accessible:
Your website must be able to function with all the different browser technologies
available
Forms must be accessible to all users
Users should be able to process content quickly and easily
Structure and presentation should be separated
The user should be able to control your website
To access a financial institution's online banking facility, a customer with internet access
would need to register with the institution for the service, and set up a password and
other credentials for customer verification. The credentials for online banking are normally
not the same as for telephone or mobile banking. Financial institutions now routinely allocate
customers numbers, whether or not customers have indicated an intention to access their
online banking facility. Customer numbers are normally not the same as account numbers,
because a number of customer accounts can be linked to the one customer number.
Technically, the customer number can be linked to any account with the financial institution
that the customer controls, though the financial institution may limit the range of accounts
that may be accessed to, say, cheque, savings, loan, credit card and similar accounts.
The customer visits the financial institution's secure website, and enters the online banking
facility using the customer number and credentials previously set up. The types of financial
transactions which a customer may transact through online banking are determined by the
financial institution, but usually includes obtaining account balances, a list of the recent
transactions, electronic bill payments and funds transfers between a customer's or
another's accounts. Most banks also enable a customer to download copies of bank
statements, which can be printed at the customer's premises (some banks charge a fee for
mailing hard copies of bank statements). Some banks also enable customers to download
transactions directly into the customer's accounting software. The facility may also enable the
customer to order a cheque book, statements, report loss of credit cards, stop payment on a
cheque, advice change of address and other routine actions.
Implementation
Online banking facilities typically have many features and capabilities in common, but also
have some that are application specific. The common features fall broadly into several
categories:
A bank customer can perform non-transactional tasks through online banking, including;
Viewing account balances
Viewing recent transactions
Downloading bank statements, for example in PDF format
Viewing images of paid cheques
Ordering cheque books
Download periodic account statements
Downloading applications for M-banking, E-banking etc.
Bank customers can transact banking tasks through online banking, including;
Funds transfers between the customer's linked accounts
Some financial institutions offer special internet banking services, for example:
Personal financial management support, such as importing data into personal accounting
software. Some online banking platforms support account aggregation to allow the
customers to monitor all of their accounts in one place whether they are with their main
bank or with other institutions.
Advantages
It's generally secure. But make sure that the website you're using has a valid security
certificate. This lets you know that the site is protected from cyber-thieves looking to
steal your personal and financial information.
You have twenty-four-hour access. When your neighbourhood bank closes, you can still
access your account and make transactions online. It's a very convenient alternative for
those that can't get to the bank during normal hours because of their work schedule,
health or any other reason.
You can access your account from virtually anywhere. If you're on a business trip or
vacationing away from home, you can still keep a watchful on your money and financial
transactions - regardless of your location.
Conducting business online is generally faster than going to the bank. Long teller lines
can be time-consuming, especially on a Pay Day. But online, there are no lines to
contend with. You can access your account instantly and at your leisure.
Many features and services are typically available online. For example, with just a few
clicks you can apply for loans, check the progress of your investments, review interest
rates and gather other important information that may be spread out over several
different brochures in the local bank.
Disadvantages
Online banking is generally secure, but it certainly isn't always secure. Identity theft is
running rampant, and banks are by no means immune. And once your information is
compromised, it can take months or even years to correct the damage, not to mention
possibly costing you thousands of dollars, as well.
Some online banks are more stable than others. Not all online setups are an extension of a
brick-and-mortar bank. Some operate completely in cyberspace, without the benefit of a
2. Define e-commerce?
The term ‘electronic commerce’ has evolved from electronic shopping, to imply all
aspects of business and market processes enabled by the Internet and World Wide Web
technologies.
3. Increased Profitability
4. Innovation
E-commerce enables business organization to create new products or services.
6. Tangible advantages:
From the buyer’s perspective e-commerce provides a lot of tangible advantages:
(i) Reduction in buyers sorting out time
(ii) Better buyer decisions.
(iii) Less time spent in resolving invoice and order discrepancies.
(iv)Increased opportunities for buying alternative products.
7. Strategic Benefits:
It helps to reduce delivery time, labour cost and also the cost incurred in the following
areas:
i) Document prep ration.
ii) Error detection and correction.
iii) Reconciliation.
iv) Mail Preparation.
v) Telephone calling.
vi) Data Entry.
vii) Overtime.
viii) Supervision Expenses.
9. What is a marketspace?
A marketspace is a marketplace that is extended beyond traditional boundaries because it
is removed from the restrictions of geography and time. The ubiquity of e-commerce
technologies liberates the market from these limitations.
After 2000, e-commerce entered its second stage of development: consolidation. In this
stage, more traditional firms began to use the Web to enhance their existing businesses.
Less emphasis was placed on creating new brands.
14. What are the major limitations on the growth of e-commerce? Which is potentially
the toughest to overcome?
One major limitation to the growth of e-commerce is the price of personal computers.
The need for many people to learn complicated operating systems, at least in
comparison to other technologies such as the television or the telephone. People must
also learn a set of sophisticated skills to make effective use of the Internet and e-
commerce capabilities.
The unlikelihood that the digital shopping experience will ever replace the social and
cultural experience that many seek from the traditional shopping environment.
Persistent global income inequality will exclude most of the world’s population, who
do not and probably will not in the foreseeable future, have access to telephones or
PCs.
Social and cultural limitations are likely to be tougher to overcome than technological
limitations.
15. What are three of the factors that will contribute to greater Internet penetration in
Kenya households?
Factors that will contribute to greater Internet penetration into Kenyan households in the
next decade include:
The price of an entry-level PC such as a netbook and smartphones with Internet
access has fallen.
Enhanced capabilities, such as integration with television and access to film libraries
on a pay-per-view basis, will draw in more consumers.
The PC operating system is likely to evolve into a simpler platform with simpler
choice panels.
The use of wireless Web technology is increasing.
16. Define disintermediation and explain the benefits to Internet users of such a
phenomenon. How does disintermediation impact friction-free commerce?
Disintermediation means the removal of the market middlemen; the distributors,
wholesalers, and other intermediaries between producers and consumers.
20. What factors will help define the future of e-commerce over the next five years?
The factors that will help define the future of e-commerce over the next five years include:
The technology of e-commerce—the Internet, the Web, and the number of wireless
appliances—will continue to proliferate through all commercial activity; overall
revenues will continue to rise rapidly; and the numbers of both visitors and products
and services sold will continue to grow.
Prices will rise to cover the real costs of doing business on the Web and to pay
investors a reasonable rate of return on their capital.
E-commerce margins and profits will rise to the level of traditional retailers. (The
difference between revenues from sales and cost of goods sold will be equal to that of
traditional firms.)
The top e-commerce sites will increasingly obtain very well known brands from
strong, older firms.
The number of successful purely online companies will further decline. The most
successful e-commerce firms will use both traditional marketing channels such as
physical stores, printed catalogs, and e-commerce Web sites.
23. What are the eight key components of an effective business model?
The eight key components of an effective business model are:
The advertising model derives its profit by displaying paid advertisements on a Web site.
The goal is to convince advertisers that the site has the ability to attract a sizeable
viewership, or a viewership that meets a marketing niche sought by the advertiser. Firms
that use the subscription model offer users access to some or all of their content or
services for a subscription fee. Firms that use the transaction fee model derive profit from
enabling or executing transactions. For instance, transaction fees are paid to eBay when a
seller is successful in auctioning off a product, and E*Trade receives a transaction fee
when it executes a stock transaction for a customer. In the sales revenue model,
companies draw profit directly from the sale of goods, information, or services to
consumers. In the affiliate model, sites receive referral fees or a percentage of the revenue
from any sales that result from steering business to the affiliate.
For settlement the supplier can use EDI to send the invoice and the customer can finish
the cycle with an electronic funds transfer via the bank and an EDI payment notification
to the supplier.
This whole cycle may be complex and other electronic messages can be included.
EDI can be used for Pre-Sales transactions; there have been EDI messages for
transactions such as contract but are not wisely implemented.
26. Why is targeting a market niche generally smarter for a community provider than
targeting a large market segment?
Targeting a market niche is generally a smarter strategy for a community provider than
targeting a large market segment because targeting large market segments will only pit a
company against bigger and more established competitors. Small sub segments of larger
markets have a greater potential for growth without the intense competitive pressure.
Communities that place a strong emphasis on the advertising revenue model will find
marketers more interested in placing ads on a site that targets a specific niche.
27. Besides music, what other forms of information could be shared via peer-to-peer
sites? Are there legitimate commercial uses for P2P commerce?
Some other forms of information that could be shared through peer-to-peer sites using
shareware are organizational materials and digital video. You can use P2P software to
efficiently distribute massive amounts of information across an organization, and also
make it searchable. P2P software can be used to transmit movies over the Internet as
encrypted files. Furthermore, it can be used to search other computers for the sorts of
information found on Web sites. For example, it can establish a direct peer-to-peer
exchange where buyers could gather information, check out suppliers, and collect prices
not from a centralized server hub, but directly from each of the supplier’s client server
computers.
28. Besides advertising and product sampling, what are some other market strategies a
company might pursue?
One market strategy is to form strategic alliances with business partners who will help
you to attract new customers and extend your market reach. Another market strategy is to
use product name, packaging, and advertising to create a distinct mood or feeling about
each of your product lines, and carefully target each line to a specific audience. Some
30. Besides news and articles, what other forms of information or content do content
providers offer?
Besides news and articles, content providers may also supply music, photos, video,
artwork, educational materials, or games.
31. What is a reverse auction? What company is an example of this type of business?
A reverse auction is one in which a consumer offers to pay a certain price for a product or
service and the bid is either accepted or not. The premier example of this type of business
is Priceline, in which the consumer makes an offer for airline tickets, hotel rooms, car
rentals, and other travel accommodations.
32. How have the unique features of e-commerce technology changed industry structure
in the travel business?
The ubiquity of e-commerce has created new marketing channels and expanded the size
of the overall market. The global reach of e-commerce has changed industry structure by
lowering barriers to entry, but at the same time expanding the market. The costs of
industry and firm operations have decreased, enabling global competition. The universal
standards of e-commerce have also lowered barriers to entry and intensified competition.
However, firms have cheaper costs for computing and communication enabling broad-
scope business strategies.
33. What are the three basic building blocks of the Internet?
Network architecture restrictions also limit the performance of the Internet. A thousand
requests for the same file result in a server having to download the file one thousand
times rather than being able to transmit it once to all one thousand computers at the same
time. This significantly slows down network performance. Finally, HTML, the language
Failure to pay attention to these factors will adversely affect the operation of a site because
users will find the site frustrating to navigate and view, they will have difficulty obtaining
information about the products, and they will determine that making a purchase will be far
too complicated.
52. Name and describe three tools used to treat customers individually. Why are they
significant to e-commerce?
The primary method for treating customers individually through personalization and
customization is the placement of cookie files on the user’s client machine. Cookies can
be used to store information about the customer such as their customer ID, a campaign
ID, and their prior purchases from the site. When a user returns to a site, the prior viewing
and purchasing behavior can be accessed from a database, and the customer can be
greeted by name and related products can be recommended.
Other tools that enable personalization and customization include tools for interactivity
and active content, such as CGI scripts, Active Server Pages, and Java Server Pages.
Personalization and customization are significant to e-commerce because they can
potentially make it nearly as powerful as a traditional marketplace and perhaps even more
powerful than direct mail or shopping at an anonymous suburban shopping mall.
Speaking directly to a customer and tailoring a product to that customer are potentially
powerful marketing tools that could help to increase sales and revenues.
53. What are some of the policies e-commerce businesses must develop before launching
a site and why?
Some of the policies that an e-commerce business site must develop prior to launching are
a privacy policy, accessibility rules, and financial reporting policies. The privacy policy is
a public statement detailing to customers how the personal information that is gathered at
the site will be treated. Accessibility rules are a set of design objectives that ensure
disabled users can effectively access a site.
54. Why is it less risky to steal online? Explain some of the ways criminals deceive
consumers and merchants.
The potential for anonymity on the Internet can allow criminals to assume identities that
look legitimate and at the same time, shield them from law enforcement agencies. Using
these assumed identities, criminals can place fraudulent orders with online merchants,
intercept e-mail, steal customer information, and shut down e-commerce sites using
software viruses.
55. Explain why an e-commerce site might not want to report being the target of
cybercriminals.
E-commerce sites are often hesitant to report that they have been the target of
cybercriminals because companies fear losing the trust of consumers. The actual amount
of crime is difficult to estimate because of these fears. Companies fear that if they reveal
65. How do biometric devices help improve security? What particular type of security
breach do they particularly reduce?
Biometric devices help improve security by working in conjunction with digital
signatures to ensure the authenticity of messages. They guarantee nonrepudiation by
verifying the physical attributes of an individual. Fingerprints, retina scans, or speech
recognition systems can be used to identify individuals before they are allowed to access
a Web site or pay for merchandise with a credit card. Biometrics devices also make a
spoofing security breach less likely by making it more difficult for hackers to break into a
site.
66. Compare and contrast stored value payment systems and checking transfers.
Stored value payment systems are created by depositing funds into accounts from which
funds can be withdrawn as needed. They are similar to checking transfers in that funds are
stored and withdrawn, but a paper check need not be written. Stored value payment
systems include prepaid phone cards, debit cards, gift certificates, and smart cards. Both
stored value payment systems and checking transfers are dependent upon funds being
available in an account. Neither is convertible without intermediation, and both involve
only a small transaction fee for large purchases. However, stored value systems do not
give the consumer any float time, and they are more expensive for the merchant because
special hardware is required to read and process the stored numbers on the cards.
69. Describe the relationship between credit card associations and issuing banks.
Credit card associations such as Visa and MasterCard are nonprofit organizations that set
the standards for the banks that issue the credit cards. The banks are the institutions that
actually issue the cards, process the transactions, receive and calculate the payments, and
charge and receive the interest. Third party processing centers or clearinghouses usually
handle verification of accounts and balances.
70. Name four improvements Web merchants could make to encourage more browsers
to become buyers.
Improvements that Web merchants could make to encourage more browsers to become
buyers are:
• Target the goal-oriented, intentional shoppers with communications directed at them.
• Design Web sites to provide easy-to-access and simple-to-use product information.
• Make it easier to comparison shop.
• Make it easier to return merchandise.
• Create policies for better credit card and personal information security.
• Make it easier to locate items on the Web site.
• Create customer service facilities where users can get the answers to their questions
and product advice.
72. List and describe some Web site design features that impact online purchasing.
Some Web site design features that impact online purchasing are:
Compelling experience: Sites that offer entertainment and interactivity along with
commerce or that are perceived as “fun” to use, are more successful in attracting and
retaining visitors.
Short download times: Sites that take too long to download will experience higher
abandonment rates, although this can be diminished somewhat by providing online
amusement to distract the consumer.
Simplicity of design: The most important aspects of site design for generating sales are
product list navigation and choice features that save consumers time.
Interactive consumer decision aids: Recommendation agents (programs) that are used to
recommend a product based on the consumer completing a survey, a review of the
consumer’s profile, or based on the purchases of other consumers who have bought the
same product can also drive sales.
Responsiveness to consumer inquiries: Prompt and complete responses through
automated customer response systems or online customer service centres can also
positively affect return visits and purchases.
73. Why did most communities in the early days of e-commerce fail? What factors
enable some online social networks to prosper today?
Most communities in the early years of e-commerce failed because non-commercial could
not survive or grow based on subscription fees alone and most for-profit communities
experienced great difficulty in generating profits. The costs of content, technology, and
customer acquisition as well as the marketing required to achieve a large audience,
typically overwhelmed the weak stream of revenues from advertising,
tenancy/sponsorship, and subscriptions for premium content. The availability of venture
capital finance and Internet technology resulted in many sites serving the same interest
and affinity groups, splitting the market into fragments, making it impossible for any one
of them to become profitable.