E Commerce Notes

BIT 412 E-COMMERCE
ACADEMIC YEAR: 2020/2021
SEMSTER: I
LECTURER: DR. ROSELIDA MAROKO ONGARE
CONTACT: 0721597710
Email Address: rongare@kibu.ac.ke
AIM/PURPOSE: This course focuses on e-commerce and e-commerce application. It

introduces the students to business infrastructure and well as e-commerce framework.
PRE-REQUISITE
BIT222 Web Systems and Technologies I
BIT226 Business Application Software
BIT312 Web Systems and Technologies II
Course Hours per Week: Class 3. Semester Hours Credit 3.
EXPECTED LEARNING OUTCOMES

By the end of this course, the student will be able to:
1. Categorize ecommerce into various classification
2. Describe EDI
3. Determine suitable internet service for business application
4. Evaluate security measures available for online transactions
5. Choose a banking and ecommerce, implementation, personal finance software, using
online services
COURSE OUTLINE
Week Activity Assessment
1 E-commerce
 Categories
 Comparison with traditional methods
Applications
 On-line shopping
 Business to business transactions
2 Business to business infrastructure

 Network infrastructure
 Value added networks (VAN)
 SDN
 X.400
 xDSL
3 E-commerce framework
Page 1 of 139
 Server infrastructure
 Architecture
 Web server
 Commerce servers
 Database servers
 Transaction servers
 Client considerations
o Hardware and software requirements.
4 Electronic Data Interchange (EDI)
 Requirements
 Standards
 Internet
 VAN based EDI
5 Intranet commerce
 Benefits
 Drawbacks
 Applications.
6 CAT 1
7 Secure payment protocols
 SET
 DigiCash
 CyberCash
 Other protocols
The SET protocol
 Securing electronic transactions.
8 Online payments
 digital cash
 electronic cheques
 credit card systems
Business to business security
 traditional EDI
 EDI on the Internet.
Consumer payment protocol
 Payment systems requirements.
Home banking
 Banking and ecommerce
 Implementation
 Personal finance software
 Using online services.
9 Internet Business strategy

 Placing a business on the web
 Creating a web page
 Registering with interNIC
 Website testing
 Evaluating web server statistics
Page 2 of 139
 Measuring web site success.
Business processes
 Internet applications
 EDI
 hybrid EDI
 interactive EDI
 Business application tools.
10 Corporate finance
 Intranets in financial management
 HR strategy
 Finance software market.
11 CAT 2
12 Case Study
13 Case Study
14 Revision
Mode of Delivery
Lectures, demonstration, Group/class discussions and practical exercise, case study
Assessment
CATs …………………………………………………………………………….. 30%
Final Semester examination ……...……………………………………………….. 70%
Core References
Chaudhury, A. & Jean-Pierre, K. (2002). e-Business and e-Commerce Infrastructure:
Technologies Supporting the e-Business Initiative, McGraw-Hill Inc.
Saloner, G.A., Spence, M. (2001). Creating and Capturing Value: Perspectives and Cases on
Electronic Commerce
Turban, Efraim, King& David (2008). Introduction to Electronic Commerce.
Other References
Strauss, Judy, Frost, Raymond, El-Ansary, & Adel(2008); E-Marketing
Electronic Material
International Journal of Information Technology and Computer Science (IJITCS) eISSN:
2074-9015 http://www.mecs-press.org/ijitcs/
International Journal of Information Technology and Management eISSN: 1741-5179
www.inderscience.com/ijitm
Approval
--------------------------------------------------------------- -------------
------
Lecturer/Instructor Date
Page 3 of 139
--------------------------------------------------------------- -------------
------
COD Information Technology Date
Introduction to E-Commerce
E-commerce (Electronic Commerce)

This is trading in products or services using computer networks, such as the Internet.
Electronic commerce draws on technologies such as mobile commerce, electronic funds

transfer, supply chain management, Internet marketing, online transaction
processing, electronic data interchange (EDI), inventory management systems, and
automated data collection systems.
Modern electronic commerce typically uses the World Wide Web for at least one part of the
transaction's life cycle, although it may also use other technologies such as e-mail.
Mobile Commerce
The phrase mobile commerce was originally coined in 1997 by Kevin Duffey at the launch
of the Global Mobile Commerce Forum, to mean "the delivery of electronic commerce
capabilities directly into the consumer’s hand, anywhere, via wireless technology.
Many define mobile commerce as a retail outlet in your customer’s pocket.
E-Business
This is the digital enablement of transactions and processes within a firm, involving
information systems under the control of the firm.
Differences between e-commerce and e-business

The following are the major differences between e-commerce and e-business:
1. Buying and Selling of goods and services through the internet is known as E-commerce.
E-business is an electronic presence of a business, by which all the business activities are
conducted through the internet.
2. E-commerce is a major component of E-business.
3. E-commerce includes transactions which are related to money, but E-business, includes
monetary as well as related activities.
4. E-commerce has an open approach that covers customers, suppliers, distributors, etc. On
the other hand, E-business has an approach that covers internal as well as external
processes.
5. E-commerce requires a website that can represent the business. Conversely, E-business
requires a website, Customer Relationship Management and Enterprise Resource
Planning for running business over the internet.
6. E-commerce uses the internet to connect with the rest of the world. In contrast to E-
business, internet, intranet and extranet are used for connecting with the parties.
Why study e-commerce?

E-commerce is different and more powerful than any of the other technologies we have seen
in the past century. While these other technologies transformed economic life in the twentieth
Page 4 of 139
century, the evolving Internet and other information technologies will shape the twenty-first
century.
Prior to the development of e-commerce, the process of marketing and selling goods was a
mass marketing and sales force-driven process. Consumers were viewed as passive targets of
advertising “campaigns” and branding blitzes intended to influence their long-term product
perceptions and immediate purchasing behaviour.
 Selling was conducted in well-insulated “channels.”
 Consumers were considered to be trapped by geographical and social boundaries, unable
to search widely for the best price and quality.
 Information about prices, costs, and fees could be hidden from the consumer, creating
profitable “information asymmetries” for the selling firm.
o Information asymmetry refers to any disparity in relevant market information
among parties in a transaction.
 It was so expensive to change national or regional prices in traditional retailing (what are
called menu costs) that “one national price” was the norm, and dynamic pricing to the
marketplace and changing prices in real time was unheard of.
 E-commerce has challenged much of this traditional business thinking
The nature of e-commerce

Three core concepts underpin the nature of e-commerce:
 The management of transactions and transaction costs through the use of online
technologies and computerised networks.
 The re-engineering of business processes into logical, related and sequential activities that
ensure businesses engage in transactions in the most efficient and effective manner
through the use of online technologies and computerised networks.
 The use of information technologies and computerised networks to facilitate
telecommuting or tele-working. Such activities enable flexible working, distributed
workforces and efficient productivity paths.
Seven Unique Features of E-Commerce Technology

Below are seven unique features of e-commerce technology that both challenge traditional
business thinking and explain why we have so much interest in e-commerce.
Ubiquity
In traditional commerce, a marketplace is a physical place you visit in order to transact. For
example, television and radio typically motivate the consumer to go someplace to make a
purchase. E-commerce, in contrast, is characterized by its ubiquity: it is available just about
everywhere, at all times. It liberates the market from being restricted to a physical space and
makes it possible to shop from your desktop, at home, at work, or even from your car, using
mobile commerce. The result is called a marketspace - a marketplace extended beyond
traditional boundaries and removed from a temporal and geographic location.
From a consumer point of view, ubiquity reduces transaction costs—the costs of

participating in a market. To transact, it is no longer necessary that you spend time and
money travelling to a market.
The ubiquity of e-commerce lowers the cognitive energy required to transact in a market-
space. Cognitive energy refers to the mental effort required to complete a task. Humans
Page 5 of 139
generally seek to reduce cognitive energy outlays. When given a choice, humans will choose
the path requiring the least effort—the most convenient path.
Global Reach
E-commerce technology permits commercial transactions to cross cultural and national
boundaries far more conveniently and cost-effectively than is true in traditional commerce.
As a result, the potential market size for e-commerce merchants is roughly equal to the size
of the world’s online population. The total number of users or customers an e-commerce
business can obtain is a measure of its reach.
In contrast, most traditional commerce is local or regional; it involves local merchants or

national merchants with local outlets. Television and radio stations, and newspapers, for
instance, are primarily local and regional institutions with limited but powerful national
networks that can attract a national audience. In contrast to e-commerce technology, these
older commerce technologies do not easily cross national boundaries to a global audience.
Universal Standards
One strikingly unusual feature of e-commerce technologies is that the technical standards of
the Internet, and therefore the technical standards for conducting e-commerce, are universal
standards; they are shared by all nations around the world. In contrast, most traditional
commerce technologies differ from one nation to the next. For instance, television and radio
standards differ around the world, as does cell telephone technology.
The universal technical standards of the Internet and e-commerce greatly lower market entry
costs; the cost merchants must pay just to bring their goods to market.
For consumers, universal standards reduce search costs; the effort required to find suitable
products.
By creating a single, one-world marketspace, where prices and product descriptions can be
inexpensively displayed for all to see, price discovery becomes simpler, faster, and more
accurate.
Users of the Internet, both businesses and individuals, experience network externalities;
benefits that arise because everyone uses the same technology. With e-commerce
technologies, it is possible for the first time in history to easily find many of the suppliers,
prices, and delivery terms of a specific product anywhere in the world, and to view them in a
coherent, comparative environment. Although this is not necessarily realistic today for all or
many products, it is a potential that will be exploited in the future.
Richness
Information richness refers to the complexity and content of a message. Traditional markets,
national sales forces, and small retail stores have great richness: they are able to provide
personal, face-to-face service using aural and visual cues when making a sale. The richness of
traditional markets makes them a powerful selling or commercial environment. Prior to the
development of the Web, there was a trade-off between richness and reach: the larger the
audience reached the less rich the message.
Page 6 of 139
Interactivity
Unlike any of the commercial technologies of the twentieth century, with the possible
exception of the telephone, e-commerce technologies allow for interactivity, meaning they
enable two-way communication between merchant and consumer.
Television, for instance, cannot ask viewers any questions or enter into conversations with
them, and it cannot request that customer information be entered into a form. In contrast, all
of these activities are possible on an e-commerce Web site.
Interactivity allows an online merchant to engage a consumer in ways similar to a face-to-

face experience, but on a much more massive, global scale.
Information Density
The Internet and the Web vastly increase information density; the total amount and quality
of information available to all market participants, consumers, and merchants alike. E-
commerce technologies reduce information collection, storage, processing, and
communication costs. At the same time, these technologies increase greatly the currency,
accuracy, and timeliness of information making information more useful and important than
ever. As a result, information becomes more plentiful, less expensive, and of higher quality.
A number of business consequences result from the growth in information density. In e-

commerce markets, prices and costs become more transparent.
 Price transparency refers to the ease with which consumers can find out the variety of
prices in a market
 cost transparency refers to the ability of consumers to discover the actual costs merchants
pay for products.
There are advantages for merchants as well.

 Online merchants can discover much more about consumers; this allows merchants to
segment the market into groups willing to pay different prices and permits them to engage
in price discrimination; selling the same goods, or nearly the same goods, to different
targeted groups at different prices. For instance, an online merchant can discover a
consumer’s avid interest in expensive exotic vacations, and then pitch expensive exotic
vacation plans to that consumer at a premium price, knowing this person is willing to pay
extra for such a vacation. At the same time, the online merchant can pitch the same
vacation plan at a lower price to more price-sensitive consumers.
 Merchants also have enhanced abilities to differentiate their products in terms of cost,
brand, and quality.
Personalization/Customization
E-commerce technologies permit personalization: merchants can target their marketing
messages to specific individuals by adjusting the message to a person’s name, interests, and
past purchases.
The technology also permits customization - changing the delivered product or service based
on a user’s preferences or prior behaviour.
Given the interactive nature of e-commerce technology, much information about the
consumer can be gathered in the marketplace at the moment of purchase.
Page 7 of 139
With the increase in information density, a great deal of information about the consumer’s
past purchases and behaviour can be stored and used by online merchants. The result is a
level of personalization and customization unthinkable with existing commerce technologies.
Differences between E-Commerce and Traditional Commerce

Due to the exponential growth of Internet, nature and structure of competition in traditional
way of doing business and e-commerce has been changed dramatically. In traditional way of
doing commerce, most businesses had to compete within a single industry and often within a
specific limited geographical area, but the internet is breaking all these boundaries.
For example, Amazon.com began as an online bookstore but quickly expanded

into new products and markets such as music, videos, and home improvement supplies.
The traditional Commerce is based on the following rules.

 It needs to hire sales executive, sales managers, accountants, and other staffs.
 Operates at business hours within a certain period of time.
 Requires location renting/purchasing, staff employment, advertising, inventory shipping
and handling all sums up the high-cost equation which makes many people negate from
starting a business entirely.
 No sharing of the information with the competitors.
 The basis of a traditional business depends on the frequency of new and old customers
buying from them to keep the business running.
In today's fast-paced world, in order to stay in contention and thrive in the business world, it
is very important to break-through these conventional rules and adapt the information
technology ways of doing business.
E-Commerce has important phases:

 It is related with advertising of the products electronically and enabling the customers to
browse through the available offers.
 It involves an agreement between the involved parties to continue with the
succeeding phases.
 Order is made for the goods after an agreement is concluded
 E-payment systems on the internet are used for receiving payments
 Goods are delivered to the customers. If it is a tangible product, it is sent by
transportation.
The main points of difference between traditional commerce and E-Commerce are as follows:
In E-commerce:
 Everything is digital.
 Less overhead costs
 Elimination of the middleman (disintermediation)
 Financial transactions on the internet can actually be more secure than in traditional retail
environments.
 Speed.
 Empowerment.
 Personalization.
Page 8 of 139
Advantages of E-Commerce
E-commerce uses the technology of digital information processing and electronic
communications through internet in business transactions that helps in facilitating and
redefining the relationships between or among organizations, and between organizations and
individuals for value creation. Multiple benefits are provided by E-commerce to the
consumers in form of availability of goods at lower cost, wider choice and saves time.
Internet is treated as a functional and operational medium for consumers, business owners,
information seekers, and entrepreneurs. E-Commerce sales would rise in the years to come
with the increasing availability of broadband Internet services combined with new
applications.
1. Being able to conduct business 24 x 7: E-Commerce can operate all day every day.
Physical storefront does not need to be open for customers and suppliers for doing
business electronically.
2. Reduce cost to buyers: Electronically open market places will increase competition and
reduce buyers cost.
3. Reduced cost to the suppliers: The ability to access online databases of bid opportunities, to
submit bids electronically and to review awards online will reduce supplier's costs.
4. Create New markets: The ability to reach potential customers easily and cheaply will
create new markets.
5. Easy market entry: Market entry will be easier when geographic limits are no longer
relevant.
6. Increase in variety of goods: As the market will expand; the variety of goods available will
also expand. Wide variety of goods are available than ever before.
7. Reduce inventories: Electronically linking the demand for goods and services through just-
in-time inventory and integrated manufacturing techniques will allow companies to
maintain reduce inventories.
8. No Middlemen: There is a direct contact with customers in e-commerce through internet
without any intermediation. Companies can now focus more on specific customers by
adopting different one-to-one marketing strategy.
9. Improved and better customer service: Since there is a direct contact with the customers, it
is possible to solve their queries regarding price, quality, additional features of the
product, etc and thus resulting in a better improved customer service. Response time is
reduced more quickly between the seller and the buyer.
10. Teamwork: The output of the E-Commerce is the teamwork that helps organizations
work together. Email is one of the examples of how people collaborate to exchange
information and work on solutions. It has changed the way organizations interact with the
suppliers, vendors, and customers.
11. Information sharing with the customers: It is possible for the buyers to keep in touch
with the seller's site through the real time information and can make quick purchase
decisions. Knowledge of the customer is increased about the product and its varied
features. Thus web is a source of dissemination of information for its customers.
12. Customized products: On the basis of the demand from the customers for their
requirements about the product, it is possible to differentiate the product for them. There
are many websites that helps in reorganizing, revising or editing the digital products.
13. Swapping of goods and services: Swapping is to exchange or using a barter system for
goods and services on the websites between the business firms. Here one firm offers
something for a want of something from another firm for its services. The popular sites
performing these functions are webswap, ubarter, etc.(For example instead of accepting
Page 9 of 139
cash for a consultancy service from a firm, a person or another firm can buy products in
exchange from that firm).
14. Information sharing: It takes only few seconds to share information over the internet. A
firm can e-mail its customers about any new product and can solve their product related
queries and welcome suggestions. This is a major advantage overcoming the limitation of
traditional methods of doing business.
15. Global reach: Just by creating a web site and uploading it on the server, a firm is able to
reach millions of customer worldwide. E-commerce creates the whole world as a global
village from where anyone can buy anything at anytime from anywhere.
16. Advertising of goods and services: A business firm can easily promote its product on
the website by giving the complete required information over the internet. One of the
tools of E-Commerce is sales promotion from where not only the firm gains but also the
customers are benefited.
17. Higher profits: A very great amount of reduction in cost is measured in doing e-
commerce in terms of various kinds of commercial transactions i.e. no manual handling
of the transactions, paperless exchange, easy payments from customers, no transportation
except in the case of tangible products and higher profit margins from higher sales
volume. Also business over the internet attracts every customer from all over the world
and exposure in the new markets enhances the profits of the business firm.
18. E-Payment system: The electronic payment system on the internet is facilitated by
payment gateways (an intermediary) between the business firms and customers and
between business firms for assuring the payments from the customers. E-Payments are
made without any loss of time but security is to be insured when using this system
because customers are sending their personal detail related to credit card numbers.
19. Ensure secrecy: The various security measures that are in- built are used in e-commerce
transactions to prevent any unauthorized access to information on the internet. These are
encoding, encryption, passwords, etc.
20. Computer platform: Independent-Customers are not limited by existing hardware
systems. Computers have the ability to communicate via the internet, independent of
operating systems and hardware.
Benefits to Organization
E-commerce provides the following benefits to the organization:
1. Reduced cost on paper based information used for creating, processing, distributing,
storing and retrieving the information.
2. Reduced inventories and overhead cost.
3. Supply chain management with a view to provide the customers the right product at right
time, at right price and right place.
4. Reduced time lag between capital outlay and the receipt of goods and services.
5. A BPR (Business Process Re-engineering) project that involves rethinking of the
organizations business processes and functions in doing E-Commerce, increases the
productivity of sales people, knowledge and trained workers, provides integrated
department, increased flexibility improved business performance and more satisfied
customers by 100 percent.
6. E-commerce lowers telecommunication cost.
7. Access to international markets thereby increasing market share.
8. Other benefits include improved image, improves customer service, simplified and fast
processes, eliminating paper work, ease of networking, cost saving, etc.
9. E-Commerce minimizes Supply Chain inefficiencies, reduces inventories, reduces
delivery delays.
Page 10 of 139
10. Enables efficient e-procurement.
11. Low barriers to entry. Anyone can start up a company on the internet. Equal footing is
being given to the small organizations, with the large international firms.
Limitations of E-commerce
 Huge cost is involved in E-commerce. Such as, advertising cost, high start-up cost that
may be related to hardware/software, setup cost, connection cost, maintenance and
enhancement cost of the website.
 Lack of trust and key public infrastructure. A primary concern without which it is
difficult to sustain in e-market is e-security. It aims at preventing unauthorized access to
the data/information travelling on the internet. The protection needs to be taken- from the
hacker, viruses, data transfer and transaction risk, client and server risk. Internet provides
universal access but companies must protect their assets from accidental or malicious use.
Customer information needs to be protected from internal and external misuse.
 High risk of buying unsatisfactory products.
The Historical Development of E-Commerce

The use of networks to exchange money and transfers began in the late 1950s with the
development of electronic fund transfers (EFTs). EFTs or wire transfers were the electronic
transmission of account information over private communication networks. Such activity
may be thought of as electronic trading, since businesses and individuals could update
accounts and trade via EFTs.
Electronic Data Interchange

Electronic data interchange (EDI), whereby businesses and individuals exchange computer
readable data in a standard format to other businesses, was the earliest form of e-commerce.
In the late 1960s, electronic data interchange was used to reduce the amount of time and
effort inputting data such as invoices, purchase orders and bills. Since this type of
information often had a regular format, computer systems were designed to read these
documents electronically. Formats had to be agreed, and for many industries, such as
transport and shipping, which are global in nature, such a unified approach was important.
Businesses that engage in EDI are referred to as Trading Partners. The biggest users of e-
commerce were traditionally government agencies and large corporations. This was due to
the high cost of implementation.
Until the late 1990s, EDI meant the buying of expensive computer software and hardware,
and establishing of direct network connections with all trading partners. Although some
companies did offer value-added networks (VANs) as systems to conduct EDI, subscribing to
such VANs came at a high cost.
The dot-com boom, bust and rebirth (E-Commerce I)

The business phenomenon that we now call electronic commerce has an interesting history.
From humble beginnings in the mid-1990s, electronic commerce grew rapidly until 2000,
when a major downturn occurred. Many companies went bust, due to not having sufficiently
robust revenue models to generate enough income to sustain their business. As more and
more businesses competed for a fixed number of good ideas, Internet businesses became
overvalued and many bad ideas were also implemented. By 2000, the internet business had
Page 11 of 139
started to see a decline. Thousands of businesses became obsolete as a lack of advertising
revenue meant they could not sustain their early promise.
Limitations that define the first wave of e-commerce:

1. The first wave of e-commerce was limited to a large degree to US businesses and was not
global in nature. Large international organisations felt that the language of the internet
would be English, and that consumers would naturally use US businesses who already
had a presence on the WWW.
2. Most of the early e-businesses used English as their language of choice. They created one
e-commerce site, in English, and expected consumers from other countries to use this site.
This meant that many users who did not speak English, or who did not feel confident
enough to buy goods and services in English, did not conduct e-commerce.
3. Many of the original e-commerce businesses were started with outside investor money
backing good ideas. Although investors could see how the internet could be used to refine
business processes and reduce transaction costs, less care was taken with understanding
how these businesses could produce revenue. Often, businesses were based on the belief
that advertising revenue would flood in to support their activities. In reality, the limited
budgets of advertising departments and their caution in relation to the use of these
budgets online meant that perceived revenue was often not realised.
4. Email has traditionally been unstructured in terms of how it was used by businesses.
Although businesses used email for communications, they had no formal structure and
could not be read by machines and therefore were still associated with the high cost of
employing people to read them. Email has also been associated with the ever increasing
amounts of spam and other unsolicited content.
5. During the late 1990s, the expected reliance on advertising as a revenue source was a
major mistake by many e-businesses. The lack of alternative revenue models or an
understanding of what online advertising actually yielded in terms of returns meant that
many e-businesses were left with no revenue streams.
The second wave (E-Commerce II)

Electronic commerce is now in what can be described as a second or mature wave. This wave
is characterised by the international nature in which e-commerce is being conducted and the
reliance on revenue models as opposed to ‘good internet ideas’.
The ‘dot-com’ bubble that burst at the end of the late 1990s has led to a revision of the
approaches to establishing e-commerce initiatives. Whilst the first wave of e-commerce was
dominated by US businesses and was primarily in English, it is now far more common to find
e-commerce shoppers interacting with websites in their own languages.
The key characteristics of the second wave of e-commerce can be understood to be based on
internationalisation and widening participation.
1. Many businesses have realised that the internet is a global marketplace and have begun to
provide global e-commerce presences. Businesses have begun to produce websites in
local languages which are customised to local markets in terms of the content they
provide.
2. Online businesses are now more often established with their own funds and capital. Great
effort and care is taken in devising revenue models and identifying appropriate revenue
streams. There is an emphasis not on who will supply us with revenue, but how are we
going to generate revenue.
Page 12 of 139
3. Businesses are willing to be flexible in terms of how revenue is generated, and believe
that reacting to current trends is the key to establishing a successful online presence.
4. There has been an explosion in the number of internet users worldwide, and it is fair to
say that most countries in the world now have internet access, if not always at the same
level of quality. However, many internet users worldwide now have access to broadband
connections, and these have meant that digital content such as video and music can be
sold and exchanged online.
5. There is a much greater emphasis on the use of customised email strategies. Businesses
now use email for formulating deep relationships with consumers and ensuring that
consumers are contacted in a timely manner.
6. Businesses today use a multitude of sophisticated advertising approaches that are
integrated with their e-business activities. They have developed new strategies for the sale
of distributed products with advertising attached.
The three stages of E-commerce Evolution

The three stages in the evolution of e-commerce are innovation, consolidation, and
reinvention.
 Innovation took place from 1995–2000 and was characterized by excitement and
idealistic visions of markets in which quality information was equally available to both
buyers and merchants. However, e-commerce did not fulfil these visions during its early
years.
 After 2000, e-commerce entered its second stage of development: consolidation. In this
stage, more traditional firms began to use the Web to enhance their existing businesses.
Less emphasis was placed on creating new brands.
 In 2006, e-commerce entered its current stage, reinvention, as social networking and
Web 2.0 and Web 3.0 applications revived e-commerce and encouraged the development
of new business models.
Page 13 of 139
Categories of E-commerce
E-commerce types fall into various categories namely B2C, B2B, C2C
Business‐to‐Consumer (B2C) E-Commerce

This category of e-commerce involves businesses selling products and services to consumers
via Internet technologies. This includes companies selling software and hardware through the
internet, taking orders for products that are subsequently delivered to the consumer, and
providing digital services such as online magazines and search engines. In this case, the seller
is a business organization whereas the buyer is a consumer. This emulates the situation of
physical retailing and so it is commonly called electronic retailing. Typically, electronic
stores are set up on the Internet to sell goods to the consumers.
Business‐to‐Business (B2B)
This is the largest category of e-commerce. It involves companies conducting e-procurement,
supply chain management, network alliances, and negotiating purchase transactions over the
internet. In this case, both the buyer and the seller are business organizations. Unlike B2C e‐
commerce, it is buyer‐driven rather than seller‐driven. That means, a buyer submits a request
to the system and then respective sellers respond to the request.
Businesses use e-commerce to lower transaction costs of conducting business and to make
savings in terms of time and effort when conducting business.
Consumer‐to‐Consumer (C2C)
Consumer-to-consumer (C2C) e-commerce is concerned with the use of e-commerce by
individuals to trade and exchange information with other individuals. There has been a huge
growth in consumer-to-consumer auctions sites such as e-Bay and sites enabling consumers
to offer goods and services to other consumers on an individual basis.
With the advent of e‐commerce, on‐line auctions provide an effective means for supporting
C2C e‐commerce. For example, eBay (www.eBay.com) provides the world’s largest online
trading service by means of online auctions. Basically, a user places an item on the eBay Web
site for bidding. Other interested members then bid for it before the deadline. Where the
English auction system is used, the highest bid wins. By means of online auctions, they
participate in the buying and selling of a wide range of items, including books, stamps,
music, etc. In addition to auctions, eBay creates a virtual community for its users to “talk” at
the eBay Live Chat (a chat room) and to communicate with other users via the bulletin
boards.
Consumer‐to‐Business (C2B)
This is a new form of commerce in which a consumer specifies the requirements to a
business, which provides a product that meets these requirements. These requirements could
be as simple as an acceptable price, or could involve considerable customization of an
existing standard product, or creation of a new product. An example of this in the traditional
commerce setting is a “made to measure” tailor. The key distinction is related to who is
driving the specification of the product being purchased.
Unlike B2C, there is a strong element of customization. For example, Priceline

(www.priceline.com) introduces a novel e‐commerce application called the “demand
Page 14 of 139
collection system”. It allows consumers to “name the price” and hence it is consumer driven
not seller driven. Suppose you want to buy an air‐ticket. You can provide Priceline with your
travel requirements (e.g. how many tickets you want to buy, departure return date,
departure/arrival city, etc.), the desirable price, and your credit card number. Then Priceline
will try to find an airline that can meet your requirements. After finding a match, Priceline
will buy the ticket(s) for you with your credit card. As you can “name the price”, the deal is
final (i.e. no alteration is allowed). Besides air‐tickets, Priceline also handles the purchase of
many other products/services such as cars, hotel rooms, long‐distance calls and even
mortgage.
Business-to-Government e-commerce
Business-to-government (B2G) e-commerce is concerned with the need for business to sell
goods or services to governments or government agencies. Such activities include supplying
the army, police force, hospitals and schools with products and services. Furthermore,
businesses will often compete in an online environment for contracts to provide services to
the public on behalf of the government. Such services may include the collection of taxes,
and the supply of public services.
Mobile Commerce (M-commerce)

This refers to the use of wireless digital devices to enable transactions on the Web. M-
commerce involves the use of wireless networks to connect cell phones, handheld devices
such Blackberries, and personal computers to the Web. Once connected, mobile consumers
can conduct transactions, including stock trades, in-store price comparisons, banking, travel
reservations, and more.
Peer-to-Peer (P2P) E-commerce

Peer-to-peer technology enables Internet users to share files and computer resources directly
without having to go through a central Web server. In peer-to-peer’s purest form, no
intermediary is required, although in fact, most P2P networks make use of intermediary
“super servers” to speed operations. Since 1999, entrepreneurs and venture capitalists have
attempted to adapt various aspects of peer-to-peer technology into Peer-to-Peer (P2P) e-
commerce.
To date there have been very few successful commercial applications of P2P e-commerce
with the notable exception of illegal downloading of copyrighted music. Napster.com, which
was established to aid Internet users in finding and sharing online music files, was the most
well-known example of peer-to-peer e-commerce until it was put out of business in 2001 by a
series of negative court decisions. However, other file-sharing networks, such as Kazaa and
Grokster, quickly emerged to take Napster’s place. These networks have also been subjected
to legal challenge.
Application of e-commerce
Online shopping (e-tail from "electronic retail" or e-shopping)

This is a form of electronic commerce which allows consumers to directly buy goods
or services from a seller over the Internet using a web browser. Alternative names are e-web-
store, e-shop, e-store, Internet shop, web-shop, web-store, online store, online storefront and
virtual store.
Mobile commerce (or m-commerce) describes purchasing from an online retailer's mobile

optimized online site or app.
Page 15 of 139
An online shop evokes the physical analogy of buying products or services at a bricks-and-
mortar retailer or shopping centre; the process is called business-to-consumer (B2C) online
shopping. In the case where a business buys from another business, the process is called
business-to-business (B2B) online shopping. The largest of these online retailing corporations
are Alibaba, Amazon.com, and eBay.
Business-to-business (B2B) transactions
This refers to a situation where one business makes a commercial transaction with another.
This typically occurs when:
 A business is sourcing materials for their production process, e.g. a food manufacturer
purchasing salt
 A business needs the services of another for operational reasons, e.g. a food manufacturer
employing an accountancy firm to audit their finances
 A business re-sells goods and services produced by others, e.g. a retailer buying the end
product from the food manufacturer
Supply chain management (SCM)

SCM is the management of the flow of goods and services. It includes the movement and
storage of raw materials, work-in-process inventory, and finished goods from point of origin
to point of consumption. Interconnected or interlinked networks, channels and
node businesses are involved in the provision of products and services required by end
customers in a supply chain.
Supply chain management has been defined as the "design, planning, execution, control, and
monitoring of supply chain activities with the objective of creating net value, building a
competitive infrastructure, leveraging worldwide logistics, synchronizing supply with
demand and measuring performance globally.
Electronic funds transfer (EFT)

EFT is the electronic transfer of money from one bank account to another, either within a
single financial institution or across multiple institutions, through computer-based systems
and without the direct intervention of bank staff. EFTs are known by a number of names.
The term covers a number of different payment systems, for example:

 Cardholder-initiated transactions, using a payment card such as a credit or debit card
 Direct deposit payment initiated by the payer
 Direct debit payments for which a business debits the consumer's bank accounts for
Payment For Goods Or Services
 Wire transfer via an international banking network such as swift
 Electronic bill payment in online banking, which may be delivered by eft or paper check
 Transactions involving stored value of electronic money, possibly in a private currency
Online advertising (online marketing or Internet advertising)

This is a form of marketing and advertising which uses the Internet to
deliver promotional marketing messages to consumers. It includes email marketing, search
engine marketing (SEM), social media marketing, many types of display
advertising (including web banner advertising), and mobile advertising.
Page 16 of 139
Like other advertising media, online advertising frequently involves both a publisher, who
integrates advertisements into its online content, and an advertiser, who provides the
advertisements to be displayed on the publisher's content. Other potential participants include
advertising agencies who help generate and place the ad copy, on ad server which
technologically delivers the ad and tracks statistics, and advertising affiliates who do
independent promotional work for the advertiser.
Online transaction processing (OLTP)

OLTP in this context refers to processing in which the system responds immediately to user
requests. An automated teller machine (ATM) for a bank is an example of a commercial
transaction processing application.
Electronic data interchange (EDI)

EDI is an electronic communication method that provides standards for exchanging data via
any electronic means. By adhering to the same standard, two different companies or
organizations, even in two different countries, can electronically exchange documents (such
as purchase orders, invoices, shipping notices, and many others).
Inventory management
This is a computer-based system for tracking inventory levels, orders, sales and deliveries. It
can also be used in the manufacturing industry to create a work order, bill of materials and
other production-related documents. Companies use inventory management software to avoid
product overstock and outages. It is a tool for organizing inventory data that before was
generally stored in hard-copy form or in spreadsheets. It is often associated with and is
similar to distribution software, as distributors that can compete with less cash tied up in
inventories have a distinct advantage over their competitors
Business models, revenue models, and business processes

A business model can be thought of as a set of business processes that are combined to yield
a profit. In the first wave of e-commerce, it was thought that a good business model would
yield significant sales and market dominance. However, the idea that the key to success was
simply to copy the business model of a successful dot-com business led to many business
failures.
Traditional commerce and business processes

Traditional commerce can broadly be defined as the exchange of valuable objects or services
between at least two parties. Such activity includes all of the processes that each party
undertakes to complete the transaction. The earliest form of traditional commerce is the barter
system.
The activities which most businesses engage in as they conduct commerce are called business
processes.
Classic business processes include:

 transferring money and information
 placing of orders for products
 sending of invoices to consumers
 delivery of goods
Page 17 of 139
It is clear today that some products are more suited to the internet than others. This is because
the merchandising skills related to these products transfer more easily to the web. Products
that are well suited are books, CDs, and DVDs, software which can be downloaded easily via
the web, and the sale and purchase of services such as tickets and travel services.
Business Processes
Business process refers to the use of e-commerce to tailor the internal activities of a business
in order to maximise their efficiency and effectiveness. Through the use of e-commerce,
businesses can fine-tune supply chains, provide advanced consumer relations management
systems, and reduce transaction costs.
Revenue Models
Revenue models are the various models used by web businesses today to generate revenue.
Such models include web catalogue, advertising-supported, advertising-subscription mixed,
and fee-based.
These approaches can work for both business-to-consumer (B2C) and business-to-business
(B2B) electronic commerce. Many companies create one website to handle both B2C and
B2B sales. Some businesses use the same revenue model for both types of sales, despite
creating separate sites (or separate pages within one site) for B2C and B2B e-commerce.
A useful way to think about electronic commerce implementations is to consider how they
can generate revenue. However, it is important to remember that not all electronic commerce
initiatives have the goal of providing revenue; some are undertaken to reduce costs or
improve customer service.
Web catalogue revenue models

In this revenue model, the seller establishes a brand image, and then uses the strength of that
image to sell through printed catalogues mailed to prospective buyers. Buyers place orders by
mail or by calling a telephone number provided. This revenue model, which is often called
the mail order or catalogue model, has proven to be successful for a wide variety of consumer
items, including clothing, computers, electronics, household goods, and gifts.
When a company of this type wishes to enter the e-commerce market, they transfer or
supplement their catalogue with an online version. When the catalogue model is expanded in
this way, it is often called the web catalogue revenue model.
Digital content revenue models

The web is a new and highly efficient distribution mechanism for firms that own written
information (words or numbers) or rights to that information. For example, LexisNexis began
as a legal research tool, and it has been available as an online product for years. Today,
LexisNexis offers a variety of information services, including legal information, corporate
information, government information, news, and resources for academic libraries.
One of the first academic organizations to make the transition to electronic distribution on the
web was the Association for Computer Machinery (ACM). The ACM Digital Library offers
subscriptions to electronic versions of its journals to its members and to library and
institutional subscribers. Academic publishing has always been a difficult business in which
to make a profit because the base of potential subscribers is so small. Even the most highly
regarded academic journals often have fewer than 2000 subscribers. To break even, academic
journals must often charge each subscriber hundreds or even thousands of dollars per year.
Page 18 of 139
Electronic publishing eliminates the high costs of paper, printing, and delivery, and makes
dissemination of research results more efficient and less expensive.
Advertising-supported revenue models

Most television channel output is enabled by an advertising-supported revenue model.
Broadcasters provide free programming to an audience along with advertising messages. The
advertising revenue is sufficient to support the operations of the network and the creation or
purchase of the programs.
The overall success of online advertising has been hampered by two major problems.
1. First, no consensus has emerged on how to measure and charge for site visitor views. It
has been difficult for web advertisers to develop a standard for advertising charges
because interaction with the web can be measured in a multiple of complex ways.
Interaction with a website may be measured in terms of number of visitors, number of
unique visitors, number of click-throughs, and other attributes of visitor behaviour. In
addition to the number of visitors or page views, stickiness is a critical element in creating
a presence that attracts advertisers. If a website is sticky, people will spend more time on
it, visit it often and bookmark it (add it to their list of favourite websites).
2. As most successful advertising on the web is targeted at very specific groups, the second
problem is that very few websites have a sufficient number of visitors to interest large
advertisers. The set of characteristics that marketers use to group visitors is called
demographic information. This includes personal information such as address, age,
gender, income level, type of job held, hobbies and religion.
Advertising-subscription mixed revenue models

In an advertising-subscription mixed revenue model, which has been used for many years by
traditional print newspapers and magazines, subscribers pay a fee and accept some level of
advertising. On websites that use the advertising-subscription revenue model, subscribers are
typically subjected to much less advertising than they are on advertising-supported sites.
Fee-for-transaction revenue models

In the fee-for-transaction revenue model, businesses offer services and charge a fee based on
the number or size of transactions they process. Some of these services lend themselves well
to operating on the web since companies can offer much of the personal service formerly
provided by human agents, as the website can offer visitors similar information they would
have previously heard from one of the company’s phone operatives. If consumers are willing
to enter transaction information into website forms, these sites can provide options and
execute transactions much less expensively than traditional transaction service providers.
The removal of an intermediary, such as a human agent, from a value chain is called
disintermediation. The introduction of a new intermediary, such as a fee-for-transaction
website, into a value chain is called re-intermediation.
Fee-for-service revenue models

Companies are offering an increasing variety of services on the web for which they charge a
fee. These are neither broker services nor services for which the charge is based on the
number or size of transactions processed. The fee is based on the value of the service
provided. These fee-for-service revenue models range from games and entertainment to
financial advice and the professional services of accountants, lawyers, and physicians.
Page 19 of 139
Revenue Models in Transition
Success on the web depends upon being willing and able to change and develop business
structures as both technology and attitudes develop. Many companies have gone through
transitions in their revenue models as they learn how to do business successfully on the web.
As more people use the web to buy goods and services, and as the behaviour of those web
users changes, companies often find that they must change their revenue models to meet the
needs of those new and changing web users. Here are some examples:
Subscription to advertising-supported model

Microsoft founded its Slate magazine website as an upscale news and current events
publication. Although Slate drew a wide readership and received acclaim for its incisive
reporting and excellent writing, it was unable to draw a sufficient number of paid subscribers.
At its peak, Slate had about 27,000 subscribers generating annual revenue of $500,000, which
was far less than the cost of creating the content and maintaining the website. Slate is now
operated as an advertising-supported site.
Advertising-supported to advertising-subscription mixed model

After operating for several years as an advertising-supported site, Salon.com now offers an
optional subscription version of its site. The subscription offering was motivated by the
company’s inability to raise the additional money from investors that it needed to continue
operations.
Advertising-supported to fee-for-services model

Xdrive Technologies opened its original advertising-supported website in 1999. Xdrive
offered free disk storage space online to users. The users saw advertising on each page and
had to provide personal information that allowed Xdrive to send targeted e-mail advertising
to them. Its offering was very attractive to web users who had begun to accumulate large
files, such as MP3 music files, and wanted to access those files from several computers in
different locations.
After two years of offering free disk storage space, Xdrive found that it was unable to pay the
costs of providing the service with the advertising revenue it had been able to generate. It
switched to a subscription-supported model and began selling the service to business users as
well as individuals.
Advertising-supported to subscription model

Northern Light was founded in August 1997 as a search engine with a twist. In addition to
searching the web, it searched its own database of journal articles and other publications to
which it had acquired reproduction rights. Northern Light’s revenue model was a
combination of the advertising-supported model used by most other web search engines plus
a fee-based information access service.
In January 2002, Northern Light decided that the advertising revenue it was earning from the
ads it sold on search results pages was insufficient to justify continuing to offer that service.
It stopped offering public access to its search engine and converted to a new revenue model
that was primarily subscription supported. Northern Light’s main revenue source in its new
model is from annual subscriptions sold to large corporate clients.
Page 20 of 139
Multiple Transitions
Encyclopaedia Britannica began its online expansion with two web-based offerings. The
Britannica Internet Guide was a free web navigation aid that classified and rated information-
laden websites. It featured reviews written by Britannica editors who also selected and
indexed the sites. The company’s other website, Encyclopædia Britannica Online, was
available for a subscription fee or as part of the Encyclopædia Britannica CD package.
Britannica used the free site to attract users to the paid subscription site.
By 1999, disappointed by low subscription sales, Britannica converted to a free, advertiser-

supported site at no cost to the public. However, on the first day, the new site,
Britannica.com, had over 15 million visitors, forcing Britannica to shut down for two weeks
to upgrade its servers.
The Britannica.com site then offered the full content of the print edition in searchable form,
plus access to the Merriam-Webster’s Collegiate Dictionary and the Britannica Book of the
Year. After two years of trying to generate a profit using this advertising-supported model,
Britannica faced declining advertising revenues. In 2001, Britannica returned to a mixed
model in which it offered free summaries of encyclopaedia articles and free access to the
Merriam-Webster’s Collegiate Dictionary on the web, with the full text of the encyclopaedia
available for a subscription fee.
Revenue Strategy Issues

Some issues arise when companies implement the various revenue models described, and
how companies deal with those issues as they arise.
Channel conflict and cannibalisation

Companies that have existing sales outlets and distribution networks often worry that their
websites will take away sales from those outlets and networks. For example, Levi Strauss &
Company sells its Levi’s jeans and other clothing products through department stores and
other retail outlets. The company began selling jeans to consumers on its website in mid-
1998. Many of the department stores and retail outlets that had been loyally selling Levi’s
products for many years and generating guaranteed revenue from their sale complained to the
company that the website was now competing with them. In January 2000, Levi Strauss
decided to stop selling products on its own website.
Such a channel conflict can occur whenever sales activities on a company’s website interfere
with its existing sales outlets. The problem is also called cannibalisation because the
website’s sales consume sales that would be made in the company’s other sales channels.
Strategic alliances and channel distribution management

When two or more companies join forces to undertake an activity over a long period of time,
they are said to create a strategic alliance. Companies form strategic alliances for many
purposes. An increasing number of businesses are forming strategic alliances to sell on the
web.
Page 21 of 139
Business to Business Infrastructure
Business to businesses buyers factor response time into their purchasing choices because it is
a critical part of any competitive situation. This requires a good infrastructure. However,
creating a B2B e-Commerce infrastructure that can handle the demands in numerous fast-
paced industries is not easy, especially with ever-evolving technology.
Consider the relevance of B2B e-commerce infrastructure in the case of making a sale to a
customer. If you ask a vendor to supply you with a quote for a product or service, but they
take two weeks to get back to you, chances are you will have moved on and pursued another
opportunity with a competitor that got back to you much faster. On the other hand, if a seller
provides a good quote quickly, you’re far more likely to buy what they’re offering because
your business moves fast and therefore, your purchasing decisions should too.
That pressure to provide instant pricing for quicker sales cycles is causing considerable stress
on antiquated vendor pricing infrastructure. The tech stack at many companies isn’t built to
support the kind of real-time, digital selling environment that business must now operate in.
Many organisations are potentially losing ground, and increasingly face a need to update their
systems to deliver greater agility and keep pace in evolving industries.
The ability to deliver a personalised, accurate quote quickly has become a steadily more
important competitive advantage for businesses. It’s not just the price itself that buyers care
about; they’re also looking for a timely, agile quote that matches their fast-paced business
needs.
Network Infrastructure for E-Commerce

Network infrastructure is a category of hardware and software resources of an entire network
that enable network connectivity, communication, operations and management of an
enterprise network. Network infrastructure provides the communication path and services
between users, processes, applications, services and external networks/the Internet.
Electronic commerce needs a network infrastructure to transport the content; data, audio,
visual, text, animation and so on. This network infrastructure is provided by what is known as
the I-way or information super highway.
The information super highway may be defined as a high capacity, electronic pipeline to a
consumer or business premises that is capable of simultaneously supporting a large number
of E-commerce applications and providing interactive connectivity between users and
services and between users and other users.
I-way has emerged as the basic network infrastructure for all types of E-commerce activities
due to its capability to provide integrated voice, data and video services.
 I-way has changed the way businesses advertise, market or sell their products and
services.
 It has changed the relationships between business and customers, and between business
and their collaborators.
 It has greatly affected the information sharing between various parts of the organisation
and has had a considerable impact on the individual productivity and efficiency.
Page 22 of 139
The entire network infrastructure is interconnected, and can be used for internal
communications, external communications or both.
The following are common examples of network infrastructure:
Routers
A router is a device that forwards data packets along networks. A router is connected to at
least two networks, commonly two LANs or WANs or a LAN and its ISP's network. Routers
are located at gateways, the places where two or more networks connect
Wireless routers
A wireless router is a device that performs the functions of a router and also includes the
functions of a wireless access point. It is used to provide access to the Internet or a private
computer network.
Network Switches
Switch is a device in networks that filters and forwards packets between Local Area Network
(LAN) segments. In computer networking, hub is a small, simple, inexpensive device that
joins multiple computers together.
A network switch is a hardware device that channels incoming data from multiple input ports
to a specific output port that will take it toward its intended destination. It is a small device
that transfers data packets between multiple network devices such as computers, routers,
servers or other switches.
In a local area network (LAN) using Ethernet, a network switch determines where to send
each incoming message frame by looking at the physical device address (also known as the
Media Access Control address or MAC address). Switches maintain tables that match each
MAC address to the port which the MAC address is received.
A network switch operates on the network layer, called layer 2 of the OSI model.
Hub
A hub is the most basic networking device that connects multiple computers or other network
devices together. Unlike a network switch or router, a network hub has no routing tables or
intelligence on where to send information and broadcasts all network data across each
connection. Most hubs can detect basic network errors such as collisions, but having all
information broadcast to multiple ports can be a security risk and cause bottlenecks. In the
past, network hubs were popular because they were cheaper than a switch or router. Today,
switches do not cost much more than a hub and are a much better solution for any network.
Gateway
This is a node in a network that serves as an entrance to another net Web site. In homes, the
gateway is the ISP that connects the user and fire wall.
Bridge
If a router connects two different types of networks, then a bridge connects two subnetworks
as a part of the same network. You can think of two different labs or two different floors
connected by a bridge.
Page 23 of 139
Network Repeaters
Repeater is a powerful network device which is used to regenerate the signals, when they
travel over a longer distance, so that the strength of the signal remains the same. Repeaters
are used to establish Ethernet network. A repeater exists as the first layer of the OSI layer that
is physical layer. Repeaters are used for cables which cover the needs of the 100 meters long
cable. Repeaters are used to get signals from optical fibres, copper cables and coaxial cables.
The repeaters have been developed to perform more important uses such as to regenerate the
microwaves from a satellite; such repeaters are named as transponders. Hence repeaters are
capable of carrying electric as well as light signals.
Proxies
Proxies are devices that make requests on behalf of clients. Proxies monitor, filter and log
traffic on a corporate network.
Server
A server is a computer that provides data to other computers. It may serve data to systems on
a local area network (LAN) or a wide area network (WAN) over the Internet.
Many types of servers exist, including web servers, mail servers, and file servers. Each type
runs software specific to the purpose of the server. For example, a Web server may run
Apache HTTP Server or Microsoft IIS, which both provide access to websites over the
Internet. A mail server may run a program like Gmail, which provides SMTP services for
sending and receiving email. A file server might use the operating system's built-in file
sharing services to share files over a network.
Reverse Proxy
A reverse proxy is a server that sits in front of web servers and forwards client (e.g. web
browser) requests to those web servers. Reverse proxies are typically implemented to help
increase security, performance, and reliability. In order to better understand how a reverse
proxy works and the benefits it can provide, let’s first define what a proxy server is.
Proxy Server
A forward proxy, often called a proxy, proxy server, or web proxy, is a server that sits in
front of a group of client machines. When those computers make requests to sites and
services on the Internet, the proxy server intercepts those requests and then communicates
with web servers on behalf of those clients, like a middleman
For example, let’s name 3 computers involved in a typical forward proxy communication:
 A: This is a user’s home computer
 B: This is a forward proxy server
 C: This is a website’s origin server (where the website data is stored)
In a standard Internet communication, computer A would reach out directly to computer C,

with the client sending requests to the origin server and the origin server responding to the
client. When a forward proxy is in place, A will instead send requests to B, which will then
forward the request to C. C will then send a response to B, which will forward the response
back to A.
Page 24 of 139
Why would anyone add this extra middleman to their Internet activity? There are a few
reasons one might want to use a forward proxy:
 To avoid state or institutional browsing restrictions - Some governments, schools, and
other organizations use firewalls to give their users access to a limited version of the
Internet. A forward proxy can be used to get around these restrictions, as they let the user
connect to the proxy rather than directly to the sites they are visiting.
 To block access to certain content - Conversely, proxies can also be set up to block a
group of users from accessing certain sites. For example, a school network might be
configured to connect to the web through a proxy which enables content filtering rules,
refusing to forward responses from Facebook and other social media sites.
 To protect their identity online - In some cases, regular Internet users simply desire
increased anonymity online, but in other cases, Internet users live in places where the
government can impose serious consequences to political dissidents. Criticizing the
government in a web forum or on social media can lead to fines or imprisonment for these
users. If one of these dissidents uses a forward proxy to connect to a website where they
post politically sensitive comments, the IP address used to post the comments will be
harder to trace back to the dissident. Only the IP address of the proxy server will be
visible.
How is a reverse proxy different?

A reverse proxy is a server that sits in front of one or more web servers, intercepting requests
from clients. This is different from a forward proxy, where the proxy sits in front of the
clients. With a reverse proxy, when clients send requests to the origin server of a website,
those requests are intercepted at the network edge by the reverse proxy server. The reverse
proxy server will then send requests to and receive responses from the origin server.
The difference between a forward and reverse proxy is understated but important. A
simplified way to sum it up would be to say that a forward proxy sits in front of a client and
ensures that no origin server ever communicates directly with that specific client. On the
other hand, a reverse proxy sits in front of an origin server and ensures that no client ever
communicates directly with that origin server.
Once again, let’s illustrate by naming the computers involved:

 D: Any number of users’ home computers
 E: This is a reverse proxy server
 F: One or more origin servers
Typically, all requests from D would go directly to F, and F would send responses directly to
D. With a reverse proxy, all requests from D will go directly to E, and E will send its requests
to and receive responses from F. E will then pass along the appropriate responses to D.
The benefits of a reverse proxy

 Load balancing - A popular website that gets millions of users every day may not be able
to handle all of its incoming site traffic with a single origin server. Instead, the site can be
distributed among a pool of different servers, all handling requests for the same site. In
this case, a reverse proxy can provide a load balancing solution which will distribute the
incoming traffic evenly among the different servers to prevent any single server from
becoming overloaded. In the event that a server fails completely, other servers can step up
to handle the traffic.
Page 25 of 139
 Protection from attacks - With a reverse proxy in place, a web site or service never
needs to reveal the IP address of their origin server(s). This makes it much harder for
attackers to leverage a targeted attack against them, such as a DDoS attack. Instead the
attackers will only be able to target the reverse proxy, such as Cloudflare’s CDN, which
will have tighter security and more resources to fend off a cyber-attack.
 Global Server Load Balancing (GSLB) - In this form of load balancing, a website can
be distributed on several servers around the globe and the reverse proxy will send clients
to the server that’s geographically closest to them. This decreases the distances that
requests and responses need to travel, minimizing load times.
 Caching - A reverse proxy can also cache content, resulting in faster performance. For
example, if a user in Paris visits a reverse-proxied website with web servers in Los
Angeles, the user might actually connect to a local reverse proxy server in Paris, which
will then have to communicate with an origin server in L.A. The proxy server can then
cache (or temporarily save) the response data. Subsequent Parisian users who browse the
site will then get the locally cached version from the Parisian reverse proxy server,
resulting in much faster performance.
 SSL encryption - Encrypting and decrypting SSL (or TLS) communications for each
client can be computationally expensive for an origin server. A reverse proxy can be
configured to decrypt all incoming requests and encrypt all outgoing responses, freeing
up valuable resources on the origin server.
Load Balancer
A load balancer is a device that acts as a reverse proxy and distributes network or application
traffic across a number of servers. Load balancers are used to increase capacity (concurrent
users) and reliability of applications.
Wireless Access Point (WAP)

Wireless access points (APs or WAPs) are networking devices that allow Wi-Fi devices to
connect to a wired network. They form wireless local-area networks (WLANs). An access
point acts as a central transmitter and receiver of wireless radio signals. Mainstream wireless
APs support Wi-Fi and are used in homes, public internet hotspots, and business networks to
accommodate wireless mobile devices. The access point can be incorporated into the wired
router or stand-alone router.
Ethernet
Ethernet is the technology that is most commonly used in wired local area networks (LANs).
A LAN is a network of computers and other electronic devices that covers a small area such
as a room, office, or building. It is used in contrast to a wide area network (WAN), which
spans much larger geographical areas. Ethernet is a network protocol that controls how data
is transmitted over a LAN. Technically it is referred to as the IEEE 802.3 protocol. The
protocol has evolved and improved over time to transfer data at the speed of a gigabit per
second.
Many people have used Ethernet technology their whole lives without knowing it. It is most
likely that any wired network in your office, at the bank, and at home is an Ethernet LAN.
Most desktop and laptop computers come with an integrated Ethernet card inside so they are
ready to connect to an Ethernet LAN.
Domain Name System (DNS)
Page 26 of 139
The Domain Name System (DNS) is one of the foundations of the internet, yet most people
outside of networking probably don’t realize they use it every day to do their jobs, check their
email or waste time on their smartphones.
At its most basic, DNS is a directory of names that match with numbers. The numbers, in this
case are IP addresses, which computers use to communicate with each other.
Dynamic Host Configuration Protocol (DHCP)

DHCP is responsible for the assignment of dynamic IP addresses. When it first connects to
the network, a device asks for an IP address to be assigned to it, and a DHCP server responds
with an IP address assignment. A router connected to your ISP-provided internet connection
will ask your ISP’s server for an IP address; this will be your IP address on the internet. Your
local computers, on the other hand, will ask the router for an IP address, and these addresses
are local to your network.
Simple Mail Transfer Protocol (SMTP)

SMTP is one of the most common and popular protocols for email communication over the
Internet and it provides intermediary network services between the remote email provider or
organizational email server and the local user accessing it.
SMTP is generally integrated within an email client application and is composed of four key
components:
1. Local user or client-end utility known as the mail user agent (MUA)
2. Server known as mail submission agent (MSA)
3. Mail transfer agent (MTA)
4. Mail delivery agent (MDA)
SMTP works by initiating a session between the user and server, whereas MTA and MDA
provide domain searching and local delivery services.
VoIP
Voice over Internet Protocol (VoIP) is a technology used for delivering different kinds of
data from a source to a destination using IP (Internet Protocol). The data may be in many
forms, including files, voice communication, pictures, fax or multimedia messages. VoIP is
most often used for telephone calls, which are almost free of charge.
Data is more secure and faster with private networks, but the costs are much higher. For the
purpose of a communication system with very low cost, VoIP was introduced. This
technology provides fast and high quality voice communication all over the world.
VPN
A virtual private network (VPN) is a private network that is built over a public infrastructure.
Security mechanisms, such as encryption, allow VPN users to securely access a network from
different locations via a public telecommunications network, most frequently the Internet.
VPN data security remains constant through encrypted data and tunnelling protocols. The key
VPN advantage is that it is less expensive than a private wide area network (WAN) buildout.
As with any network, an organization's goal is to provide cost-effective business
communication.
Page 27 of 139
In a remote-access VPN, an organization uses an outside enterprise service provider (ESP) to
establish a network access server (NAS). Remote users then receive VPN desktop software
and connect to the NAS via a toll-free number, which accesses the organization's network. In
a site-to-site VPN, many sites use secure data encryption to connect over a network (usually
the Internet).
Edge Computing
Edge computing is the deployment of data-handling activities or other network operations
away from centralized and always-connected network segments, and toward individual
sources of data capture, such as endpoints like laptops, tablets or smartphones. Through this
type of network engineering, IT professionals hope to improve network security and enhance
other network outcomes.
Generally, the term "edge computing" is used as a kind of catch-all for various networking
technologies including peer-to-peer networking or ad hoc networking, as well as various
types of cloud setups and other distributed systems. One other predominant type of edge
networking is mobile edge networking or computing, an architecture that utilizes the edge of
the cellular network for operations.
One of the major uses of edge computing is to improve network security. There is a lot of
concern about security architecture in the internet of things age, where more and more
diverse devices are getting different kinds of access to a network. One strategy is to pursue
edge computing to aggregate data further out, and encrypt it as it passes further in, for
example, through firewalls and perimeters.
Network Management Systems

A network management system (NMS) is an application or set of applications that lets
network administrators manage a network's independent components inside a bigger network
management framework. NMS may be used to monitor both software and hardware
components in a network. It usually records data from a network's remote points to carry out
central reporting to a system administrator.
The key benefit to NMS is that it permits users to monitor or manage their entire business
operations using a central computer.
A network management system is useful in:

 Network device discovery
 Network device monitoring
 Network performance analysis
 Network device management
 Intelligent notifications, or customizable alerts
Quality network management systems include the following features:

 Saves money: Only one system admin is required at a single location to monitor and
manage the entire network, which cuts hiring expenditures.
 Saves time: Each IT provider gets direct access to any data when required. All team
members can simply enter or retrieve data using their own workstations. At the same
time, their access may be controlled by the network manager.
Page 28 of 139
 Increases productivity: Helps manage every aspect of the office network, which
includes software, hardware and other peripherals. The NMS identifies an issue as soon
as it occurs it to ensure that there is no productivity slowdown or data loss.
Firewalls
A firewall is software used to maintain the security of a private network. Firewalls block
unauthorized access to or from private networks and are often employed to prevent
unauthorized Web users or illicit software from gaining access to private networks connected
to the Internet. A firewall may be implemented using hardware, software, or a combination of
both.
A firewall is recognized as the first line of defence in securing sensitive information. For
better safety, the data can be encrypted.
Firewalls generally use two or more of the following methods:

 Packet Filtering: Firewalls filter packets that attempt to enter or leave a network and
either accept or reject them depending on the predefined set of filter rules.
 Application Gateway: The application gateway technique employs security methods
applied to certain applications such as Telnet and File Transfer Protocol servers.
 Circuit-Level Gateway: A circuit-level gateway applies these methods when a
connection such as Transmission Control Protocol is established and packets start to
move.
 Proxy Servers: Proxy servers can mask real network addresses and intercept every
message that enters or leaves a network.
 Stateful Inspection or Dynamic Packet Filtering: This method compares not just the
header information, but also a packet’s most important inbound and outbound data parts.
These are then compared to a trusted information database for characteristic matches.
This determines whether the information is authorized to cross the firewall into the
network
Intrusion Detection Systems

An intrusion detection system (IDS) is a type of security software designed to automatically
alert administrators when someone or something is trying to compromise information system
through malicious activities or through security policy violations.
An IDS works by monitoring system activity through examining vulnerabilities in the system,
the integrity of files and conducting an analysis of patterns based on already known attacks. It
also automatically monitors the Internet to search for any of the latest threats which could
result in a future attack.
There are a multiple ways detection is performed by an IDS. In signature-based detection, a

pattern or signature is compared to previous events to discover current threats. This is useful
for finding already known threats, but does not help in finding unknown threats, variants of
threats or hidden threats.
Another type of detection is anomaly-based detection, which compares the definition or traits
of a normal action against characteristics marking the event as abnormal.
There are three primary components of an IDS:
Page 29 of 139
 Network Intrusion Detection System (NIDS): This does analysis for traffic on a whole
subnet and will make a match to the traffic passing by to the attacks already known in a
library of known attacks.
 Network Node Intrusion Detection System (NNIDS): This is similar to NIDS, but the
traffic is only monitored on a single host, not a whole subnet.
 Host Intrusion Detection System (HIDS): This takes a “picture” of an entire system’s
file set and compares it to a previous picture. If there are significant differences, such as
missing files, it alerts the administrator.
Intrusion Prevention Systems

An intrusion prevention system (IPS) is a system that monitors a network for malicious
activities such as security threats or policy violations. The main function of an IPS is to
identify suspicious activity, and then log information, attempt to block the activity, and then
finally to report it.
Intrusion prevention systems are also known as intrusion detection prevention systems
(IDPS). An IPS can be either implemented as a hardware device or software. Ideally (or
theoretically) and IPS is based on a simple principle that dirty traffic goes in and clean traffic
comes out.
Intrusion prevention systems are basically extensions of intrusion detection systems. The
major difference lies in the fact that, unlike intrusion detection systems, intrusion prevention
systems are installed are able to actively block or prevent intrusions that are detected. For
example, an IPS can drop malicious packets, blocking the traffic an offending IP address, etc.
Identity and Access Management

Identity and access management (IAM) is the process used in businesses and organizations to
grant or deny employees and others authorization to secure systems. IAM is an integration of
work flow systems that involves organizational think tanks who analyse and make security
systems work effectively. Policies, procedures, protocols and processes are all linked to IAM.
Identity and security applications are also important considerations.
IAM verifies user access requests and either grants or denies permission to protected
company materials. It also deals with various administrative functions including password
problems, and helps oversees employee identity management. Standards and applications of
IAM include the maintenance of user life cycles, various application accesses and singular
logons.
There are several advantages of IAM including business value and security enhancements,
increased work productivity and a reduction in the IT staff's workload. Businesses use IAM
in order to comply with best practice standards, whether in healthcare, finance or other
sectors. Best practice standards throughout several organizational arenas require record
protection, which becomes increasingly important as more organizations adopt
interoperability in confidential records systems.
Key Management
Key management is the process of administering or managing cryptographic keys for a
cryptosystem. It involves the generation, creation, protection, storage, exchange, replacement
and use of said keys and with another type of security system built into large cryptosystems,
enables selective restriction for certain keys.
Page 30 of 139
In addition to access restriction, key management also involves the monitoring and recording
of each key's access, use and context.
A critical cryptosystem component. key management is also one of the most challenging
aspects of cryptography because it deals with many types of security liabilities beyond
encryption, such as people and flawed policies. It also involves creating a corresponding
system policy, user training, interdepartmental interactions and proper coordination.
For a multicast group, security is a large issue, as all group members have the ability to
receive the multicast message. The solution is a multicast group key management system, in
which specific keys are securely provided to each member. In this manner, an encryption
using a specific member’s key means that the message can only be accessed and read by that
group member.
Certificate Authority
A certificate authority (CA) is a trusted entity that manages and issues security certificates
and public keys that are used for secure communication in a public network. The CA is part
of the public key infrastructure (PKI) along with the registration authority (RA) who verifies
the information provided by a requester of a digital certificate. If the information is verified
as correct, the certificate authority can then issue a certificate.
Certificate authorities are trusted third-party entities who provide digital certificates to
organizations that have the need to ensure that their users are provided with secure
authentication and connection. Certificates given by CAs build trust between the users and
the providers because they can ensure the validity of each other’s identities and authorities.
CAs provide the most basic security and business process principles in a public key
infrastructure by creating trust relationships between enterprise and entities. Defined trust can
be used to enable certain types of connections while limiting others, including:
 Applying consistent issuance policies for certificates
 Applying consistent formatting for names in issued certificates
 Preventing issued certificates from being used in some applications
 Preventing implementation of certain unauthorized subordinate CAs
Value-Added Network (VAN)

A Value-Added Network (VAN) is a hosted service used for sharing received, stored and
forwarded messages. A VAN may also add audit data and modify data for automatic error
detection, correction or conversion between communication protocols.
In the 1970s, private organizations managing large network services competed with state
government-controlled telecommunications services. To differentiate from state services,
private organizations recognized a driving need to add communication value. This proved
complicated and led to the concept of user-defined networks, which preceded Internet service
providers (ISPs).
As the Internet developed, many companies found it more cost-effective to transport data via
the Internet, rather than incurring minimum monthly fees or per-character charges typical to
VAN contracts. VAN providers countered by offering additional services, including secure
Page 31 of 139
email, encryption, management reporting and Electronic Data Interchange (EDI) translation
between organizations.
VANs are now used in the absence of state-controlled telecommunications. However, the
VAN term primarily describes business-to-business (B2B) communications, especially EDI
for Administration Commerce and Transport (EDIFACT), which is an international U.N.
standard that competes with Extensible Markup Language (XML). VANs continue evolving
into more specific industry processes with particular emphasis on retail and high-tech
manufacturing.
Integrated Services Digital Network (ISDN)

First defined in 1988, Integrated Services Digital Network (ISDN) is a set of communication
standards for digital telephone connection and the transmission of voice and data over a
digital line. These digital lines are commonly telephone lines and exchanges established by
the government. Before ISDN, it was not possible for ordinary telephone lines to provide fast
transportation over a single line.
ISDN was designed to run on digital telephone systems that were already in place. As such, it
meets telecom's digital voice network specifications. However, it took so long for ISDN to be
standardized that it was never fully deployed in the telecommunications networks it was
intended for.
ISDN takes all kinds of data over a single telephone line at the same time. As such, voice and
data are no longer separated as they were in earlier technologies, which used separate lines
for different services. ISDN is a circuit-switched telephone network system, but it also allows
access to packet-switched networks.
ISDN is also used with specific protocols, such as Q.931, where it acts as the network, data
link and physical layers in the OSI model. Therefore, in broad terms, ISDN is actually a suite
of transmission services on the first, second and third layers of the OSI model.
X.400
X.400 is a suite of protocols defining standards for email messaging systems. It was defined
by the ITU-TS (International Telecommunications Union—Telecommunications Sector) in
1984 and again in 1988. Used as an alternative to the more common email protocol called
Simple Mail Transfer Protocol (SMTP), X.400 is more widely used in Europe and Canada
than in the U.S and other countries.
X.400 is more complex than SMTP. However, it is familiar to many email server
administrators who use Microsoft’s Exchange email server. Exchange also supports SMTP
because Exchange is used globally and must support as many standards as possible.
An X.400 address consists of several elements:

1. C: Country name
2. ADMD: Administration Management Domain
3. PRMD: Private Management Domain
4. O: Organization name
5. OU: Organization Unit name
6. G: given name
7. I: Initials
Page 32 of 139
8. S: surname
An email address in SMTP looks like this: samuel.ngala@kibu.ac.ke. The equivalent in

X.400 would be: G=samuel, S=ngala, O=kibu, OU= ac and C=ke, so GS@OU.O.C.
An X.400 setup consists of several components:

1. User Agents (UA): These are the components users interact with to compose, submit and
receive email messages.
2. Message Transfer Agents (MTA): These perform all the routing and delivery of the
message.
3. Message Stores: These actually store the message. This is especially useful where the
UA is physically separated by the MTA.
Digital Subscriber Line (DSL)

Digital subscriber line (DSL) is a technology that transports high-bandwidth data over a
simple telephone line that is directly connected to a modem. This allows for file-sharing, and
the transmission of pictures and graphics, multimedia data, audio and video conferencing and
much more. DSL uses the analog medium, which is reliable and prevents interruptions and
heavy packet loss. DSL is fast and provides low user subscription rates.
DSL was originally part of the Integrated Services Digital Network (ISD) specification
introduced in 1984. In the beginning, ISDN was being used for point-to-point connections for
different kinds of data sharing. With the passage of time and the increasing size of networks,
ISDN gave a low data speed because of various issues, from interruptions in telephone lines
to natural factors like fog and rain. After the failure of ISDN, DSL emerged and started
providing broadband connections over an analog medium with an efficient network
environment. DSL mainly uses copper wires and fiber optic cables as its transmission
medium.
Page 33 of 139
E-Commerce Technology Infrastructure
In order for electronic commerce to exist, a number of technologies must first be in place.
Both the internet and the WWW require support from database software, network switches
and hubs, encryption hardware and software, multimedia structures and a way to integrate
each of these technologies.
The Internet and the World Wide Web
The Internet
A computer network is any technology that allows people to connect computers to each other.
The internet is a global computer network, to which new computers are connected on a daily
basis. This computer network - the internet - is the basic technology structure underlying all
electronic commerce.
Of the millions of people who use the internet every day, only a small percentage of them
really understand how it works. The internet is a large system of interconnected computer
networks that span the globe.
The World Wide Web

The part of the internet known as the World Wide Web, or, simply, the web, is a subset of the
computers on the internet that are connected to each other in a specific way, that makes them
and their contents easily accessible to each other. The web is operated by an easy-to-use
standard interface.
This is its most important asset, as it is this which renders it accessible to the majority of
users who are not computer experts.
The WWW is software that runs on computers that are connected to the internet. The network
traffic generated by web software is currently the largest single category of traffic on the
internet, outpacing email, file transfers, and other data transmission traffic.
Packet-switching networks
A local area network (LAN) is network of computers located close together (for example, in
the same building). Networks of computers that are connected over greater distances are
called wide area networks (WANs).
Packet-switching describes the type of network in which relatively small units of data
called packets are routed through a network based on the destination address contained within
each packet. Breaking communication down into packets allows the same data path to be
shared among many users in the network.
An individual packet of information travels from one network to another through routing
computers. The computers through which the packet travels determine the best route for
getting the packet to its destination. Routing computers, routers, or gateway computers act as
the gateway from a LAN or WAN to the internet. They decide how best to forward each
packet, as they are located at the border between the organization and the internet. The
programs on router computers that determine the best path on which to send each packet
Page 34 of 139
contain rules called routing algorithms. The programs apply their routing algorithms to
information they have stored in routing tables or configuration tables.
The internet also has routers which handles packet traffic along the internet’s main
connecting points. These routers and the telecommunications lines connecting them are
collectively referred to as the internet backbone. These routers are very large computers that
can each handle more than 50 million packets per second. They are often known as backbone
routers.
How Packet Switching Works

Packet switching entails packaging data in specially formatted units (called packets) that are
typically routed from source to destination using network switches and routers. Each packet
contains address information that identifies the sending computer and intended recipient.
Using these addresses, network switches and routers determine how best to transfer the
packet between hops on the path to its destination.
Note: A hop represents one portion of the full path between source and destination.
Transmission control protocol/internetworking protocol (TCP/IP)

The collection of rules for formatting, ordering, and error-checking data sent across a
network is called a protocol. This open architecture philosophy was developed for the
evolving ARPANET (which later became the core of the internet) and included the use of a
common protocol for all computers connected to the internet.
The set of communication protocols and applications used to communicate between

computers on the internet is called TCP/IP. This set of protocols defines the rules by which
packets are created, connections are made and information is transported between computers
on the internet. This set of protocols was first developed by Vincent Cerf and Robert Kahn in
the early 1970s.
TCP is the protocol that defines how each message is de-assembled into packets before
transmission and also specifies how such packets are re-assembled into a message or file once
they arrive. IP is the protocol that specifies the rules that govern how packets are routed from
their source computer across the internet to a destination computer.
IP addresses and domain names

The version of IP that has been in use for the past 20 years on the internet is Internet
Protocol version 4, abbreviated IPv4. It uses a 32-bit number to identify the computers
connected to the internet. This address is called an IP address. Computers do all of their
internal calculations using a base 2 (binary) number system in which each digit is either a 0
or a 1, corresponding to a condition of either off or on.
When a router breaks a message into packets before sending it onto the internet, the router
marks each packet with both the source IP address and the destination IP address of the
message. To make them easier to read, IP numbers (addresses) appear as four numbers
separated by periods. This notation system is called dotted decimal notation. An IPv4 address
is a 32-bit number, so each of the four numbers is an 8-bit. In most computer applications, an
8-bit number is called a byte; however, in networking applications, an 8-bit number is often
called an octet. In binary, an octet can have values respectively.
Page 35 of 139
The Internet Engineering Task Force (IETF) worked on several new protocols that could
solve the limited addressing capacity of IPv4, and in 1997, approved Internet Protocol
version 6 (IPv6) as the protocol that will replace IPv4. The new IP is being implemented
gradually because the two protocols are not directly compatible.
Due to concern that users might find the dotted decimal notation difficult to remember, the
founders of the internet created an alternative addressing method that uses words. In this
system, an address such as www.kibu.ac.ke is called a domain name. Domain names are sets
of words that are assigned to specific IP addresses and can contain two or more word groups
separated by periods. The rightmost part of a domain name is the most general, as you move
to the left; each part of the domain name becomes more specific.
Webpage request and delivery protocols

Web client computers run software called web client or web browser software, which sends
requests for webpage files to other computers, called web servers. A web server computer
runs software called web server software. Web server software receives requests from many
different web clients and responds by sending files back to those web client computers. Now
the web client computer’s web client software renders those files into a webpage. Thus, the
purpose of a web server is to respond to requests for web pages from web clients. Thus
client/server architecture is when client computers running web client software combine with
server computers running web server software.
Other internet protocols

Electronic mail (e-mail) sent across the internet must also be formatted according to a
common set of rules. Most organizations use a client/server structure to handle e-mail. The
organization has a computer called an e-mail server and its software is devoted to storing,
forwarding and general handling of e-mail. People in the organization might use a variety of
e-mail client software programs, to read and send e-mail. These programs include Microsoft
Outlook, Netscape Messenger, Gmail etc. The e-mail client software communicates with the
e-mail server software on the e-mail server computer to send and receive e-mail messages.
The various types of email protocols include:

• Simple Mail Transfer Protocol (SMTP) which specifies the format of e-mail messages
• Post Office Protocol (POP) which is responsible for the retrieval of e-mail and
attachments from mail server computers (special computers responsible for storing
electronic mail connected to the internet).
• Interactive Mail Access Protocol (IMAP) which defines how an e-mail client program
requests mail from a mail server and determines which messages are selected for
download. IMAP also allows users to create and manipulate mail boxes on mail servers.
Markup languages
Web pages can include many elements, such as graphics, photographs, sound clips, and even
small programs that run in the web browser. These elements are stored on the web server as
separate files.
The most important parts of a webpage, however, are the structure of the page and the text
that makes up the main part of the page. The page structure and text are stored in a text file
that is formatted, or marked up, using a text markup language. A text markup language
specifies a set of tags that are inserted into the text. These markup tags, also called tags,
provide formatting instructions that web client software can understand. The web client
Page 36 of 139
software utilises the instructions as it renders the text and page elements contained in the
other files into the webpage that appears on the screen of the client computer.
 Standard Generalized Markup Language (SGML): Used for many years by the
publishing industry to create documents that needed to be printed in various formats and
that were revised frequently. In addition, SGML is also a meta language - a language that
can be used to define other languages. SGML offers user-defined tags, is non-proprietary
and platform independent.
 Hypertext Markup Language (HTML): HTML includes tags in an electronic document
that define the format and style of text elements. The tags in an HTML document are
interpreted and used by the web browser to format the display of the text enclosed by the
tags. The web organizes interlinked pages of information residing on sites around the
world. Hyperlinks on web pages form a “web” of those pages. Versions of HTML
released by the W3C after 1997 include an HTML tag called the object tag and also
include support for Cascading Style Sheets. Web designers can embed scripting language
code on HTML pages by using the object tag.
 Extensible Markup Language (XML): XML is referred to as a meta language since
users can create their own markup elements, thus extending its usefulness. Note that
XML includes data management capabilities that HTML cannot provide. XML differs
from HTML in two important respects. First, XML is not a markup language with defined
tags. It is a framework within which individuals, companies, and other organizations can
create their own sets of tags. Second, XML tags convey the meaning (the semantics) of
the information included within them without specifying how text appears on a webpage.
 HTML and XML Editors: Web designers can create HTML documents in any general-
purpose word processor or text editor. However, by using one of the special-purpose
HTML editors, web designers may be able to create web pages much more easily. There
are many freeware, shareware, and commercial HTML editors available for download on
the internet. XML files, like HTML files, can be created in any text editor.
Page 37 of 139
E-Commerce Framework
Every computer in the Internet runs a TCP/IP protocol. To an end user, the lower level
protocols like TCP/IP on which the Internet is built is transparent. A user interacts with the
Internet through one of several client/server applications. An application (client) running in
one computer (client) requests a service from another application (server) running in another
computer. In this architecture, there are two major classes of software that work together:
 Client Software: It usually resides on an end user’s computer and typically requests
services such as a Web page, database access, e-mail, and FTP to the server. It does very
little work.
 Server Software: It usually resides on another computer that interprets requests from the
client, processes them, access services from other computers if needed, and returns the
result to the client.
In Web-based client-server application, the client is the Web browser (Internet Explorer,
Netscape) and the server is the Web server software (Internet Information Server, Apache
Server).
E-Commerce Architecture
E-commerce is based on client/ server architecture; Client processes requesting service from
server processes. This model was first used in 1980s. The model improves to be e-commerce
usability, flexibility, interoperability and scalability.
Client/server architecture is a computing model in which the server hosts, delivers and
manages most of the resources and services to be consumed by the client. This type of
architecture has one or more client computers connected to a central server over a network or
internet connection. This system shares computing resources.
Client/server architecture is also known as a networking computing model or client/server

network because all the requests and services are delivered over a network.
Client/server architecture is a producer/consumer computing architecture where the server

acts as the producer and the client as a consumer. The server houses and provides high-end,
computing-intensive services to the client on demand. These services can include application
access, storage, file sharing, printer access and/or direct access to the server’s raw computing
power.
Client/server architecture works when the client computer sends a resource or process request
to the server over the network connection, which is then processed and delivered to the client.
A server computer can manage several clients simultaneously, whereas one client can be
connected to several servers at a time, each providing a different set of services. In its
simplest form, the internet is also based on client/server architecture where web servers serve
many simultaneous users with website data.
In e-commerce the client is defined as the requestor of a service and a server is the provider
of the service. Browser is the client and the customer, the computer that sends the HTML
files is the server. The server can also be a computer program that provides services to other
computer programs. Thus a web server serves requested HTML pages or files.
Page 38 of 139
Advantages of Client/server architecture
• The client/ server architecture reduces network traffic by providing a query response to
the user rather than transferring total files.
• The client/ server model improves multi-user updating through a graphical user interface
(GUI) front end to the shared database.
• In client/ server architectures client and server typically communicate through statements
made in structured query language (SQL).
There are different types of client server architecture

1. One-tier
2. two-tier
3. three-tier
One-tier (Single) Architecture

One-tier architecture involves putting all of the required components for a software
application or technology on a single server or platform. This kind of architecture is often
contrasted with multi-tiered architecture or the three-tier architecture that's used for some
Web applications and other technologies where various presentation, business and data access
layers are housed separately.
Basically, a one-tier architecture keeps all of the elements of an application, including the
interface, middleware and back-end data, in one place. Developers see these types of systems
as the simplest and most direct. Some experts describe them as applications that could be
installed and run on a single computer. The need for distributed models for Web applications
and cloud hosting solutions has created many situations where one-tier architectures are not
sufficient. That caused three-tier or multi-tier architecture to become more popular.
The benefits of a multi-tier solution are often evident. Then can provide:
1. better security
2. better performance and
3. Are more scalability
However, the appeal of a single-tier architecture can relate to the costs that are involved,
where it might make more sense to keep simpler applications contained in one easy platform.
Two-Tier Client/Server Architecture

A two-tier client/server is a type of multi-tier computing architecture in which an entire
application is distributed as two distinct layers or tiers. It divides the application logic, data
and processing between client and server devices.
 A presentation layer or interface runs on a client, and
 a data layer or data structure gets stored on a server.
Separating these two components into different locations represents a two-tier architecture, as
opposed to a single-tier architecture.
In two-tier architecture the client is tier 1 and the server is tier 2. A two-tier system directs
communications between the client on the Internet such as a Web browser and the Web
server on the other end.
Page 39 of 139
In two-tier client-server architecture the user interface runs on the client and the database is
stored on the server. The business application logic can either run on the client or the server.
The user application logic can either run on the client or the server. It allows the client
processes to run separately from the server processes on different computers.
 The client processes provide an interface for the customer that gather and present the data
on the computer of the customer. This part of the application is known as presentation
layer.
 The server processes provide an interface with the data store of the business. This part of
the application is known as data layer.
 The business logic, which validates data, monitors security and permissions and performs
other business rules, can be kept either on the client or the server.
In this architecture, typically a user types a URL in the browser’s address line (and hits
return) or clicks a link on a Web page. The browser then formats the request into a proper
HTTP message and passes to the Internet.

A Web server always listens to a particular port (port 80) for any incoming HTTP
message. When it receives a request, it establishes a connection with the client computer. It
locates the requested Web page and formats it into an HTTP message, and sends it back to
the browser. The connection is then broken.

When the client receives the message, it recognizes that the page is written in HTML-
something it can interpret, and displays the formatted page. If the page contains any
graphics, another connection is made between the client and the server.

Hypertext Transfer Protocol (HTTP): HTTP is a lightweight, stateless protocol that
browsers and servers use to converse with each other. There are only seven commands in the
protocol. Two of these commands are: GET and POST. When a browser requests for a page
from the Web server, it uses the GET command.

The HTTP is stateless because every request that a browser makes opens a new connection
that is immediately closed after the document is returned. This means that the server cannot
maintain state information about successive requests in a straightforward fashion.

This statelessness represents a substantial problem for electronic commerce applications,
because an individual user is likely to have a series of related interactions (browsing catalog,
select items, enter a payment information) within the application. The problem is worsened
because the shopping mall is likely to have several buyers.
A typical HTTP request from the client to a server consists of three major parts:
· A request line
· Optional request headers (one or more)
· An optional entity body

The request line contains a command, the name of the target resource, the protocol name
(HTTP), and protocol version. The request header and entity body contains additional
information and may or may not be present in the message. An example of a typical client
message:

Page 40 of 139
GET/Filename.html HTTP/1.0 Request line
Accept: text/html Request header 1
Accept: audio/x Request header 2

The GET command requests the server to retrieve a file. Filename.htm is the requested file,
and HTTP/1.0 is the protocol and version. Request header1 says that the client accepts text in
HTML format, and Request header 2 indicates the client accepts a particular audio
format. TCP/IP is responsible for transporting the message to the server.

The server response consists of three parts that are identical in structure to the client message:
a response header line, one or more response header fields, and an optional entity body.

Three-Tier Client Server Architecture
Experts often contrast a two-tier architecture to a three-tier architecture, where a third
application or business layer is added that acts as an intermediary between the client or
presentation layer and the data layer. This can increase the performance of the system and
help with scalability. It can also eliminate many kinds of problems with confusion, which can
be caused by multi-user access in two-tier architectures. However, the advanced complexity
of three-tier architecture may mean more cost and effort.
The three-tier builds on the two-tier approach. The first tier is the client, the second tier is the
server, and the third tier is typically a database application running in different computer.
The three-tier architecture emerged in the 1990s to overcome the limitations of the two-tier
architecture. In three-tier architecture, the user interface and the business application logic,
also known as business rules and data storage and access, are developed and maintained as
independent modules.
A three-tier architecture is a client-server architecture in which the functional process logic,

data access, computer data storage and user interface are developed and maintained as
independent modules on separate platforms. Three-tier architecture is a software design
pattern and a well-established software architecture.
Three-tier architecture allows any one of the three tiers to be upgraded or replaced
independently. The user interface is implemented on a desktop PC and uses a standard
graphical user interface with different modules running on the application server. The
relational database management system on the database server contains the computer data
storage logic. The middle tiers are usually multitier.
In a three-tier or multi-tier environment, the client implements the presentation logic (the
client). The business logic is implemented on an application server(s) and the data resides on
database server(s).
The three tiers in a three-tier architecture are:

1. Presentation (Top) Tier: Occupies the top level and is responsible for providing
presentation logic. The tier displays information related to services available on a website.
It communicates with other tiers by sending results to the browser and other tiers in the
network. This tier includes a user interface where user services such as session, text input,
and dialog and display management reside.
Page 41 of 139
2. Application (Middle) Tier: Also called the middle tier, logic tier, or business logic. This
tier is pulled from the presentation tier. It controls application functionality by performing
detailed processing. It allows users to share and control business logic by isolating it from
the actual application. It provides process management services such as process
development, process monitoring and process resourcing that are shared by the multiple
applications.
3. Data (Back-end) Tier: Houses database servers where information is stored and
retrieved. Data in this tier is kept independent of application servers or business logic.
provides access to dedicated services, such as a database server. The third tier provides
database management functionality. The data management component ensures that the
data is consistent throughout the distributed environment; the centralized process logic in
this architecture, which makes administration easier by localizing the system
functionality, is placed on the middle tier.
Electronic commercial sites often require a three-tier system with its own hardware and
software to keep track of customer purchases/preferences; query inventory databases or
update their catalogue. The database services, which comprise the third tier, are often
referred to as the backend machines/programs.
When a client requests a Web page from the server, the interprets it, and if it is found that the
Web server needs to get services from a database, it accesses the database, collects necessary
data, and returns the data formatted in HTML to the client.

Common Gateway Interface (CGI): A CGI is a protocol, which is common way for Web
servers to communicate dynamically with clients. Web pages that contain forms filed with
text boxes, option buttons, and list boxes supply information that CGI programs (in the Web
server) can use to manipulate databases, store information, or retrieve data. CGI is also
known as a server-side solution, because all the processing occurs in the Web server, not in
the client computer.

CGI is a standard way of interfacing backend applications with Web servers. A CGI program
is executed when requested by a browser. The request is initiated when a Web server finds a
POST command of HTTP within a HTML document residing in the server. The server
processes the request (through interfacing with the database), and returns the result as an
HTML document to the browser.

Electronic commerce is enabled by the ability of CGI technology to retrieve and update
databases in tier three of the architecture. CGI hidden fields provide the ability to maintain
customer transaction information across a series of Web messages that pass back and forth
between a client and a server during a transmission.

Types of E-Commerce Servers
Web Server
A web server is a system that delivers content or services to end users over the internet. A
web server consists of a physical server, server operating system (OS) and software used to
facilitate HTTP communication.
The simplest definition is that a web server runs a website by returning HTML files over an
HTTP connection. This definition may have been true in the early days of the internet, but the
Page 42 of 139
line has blurred between websites, web applications and web services, etc. For example, a
server that delivers an XML document to another device can be a web server. A better
definition might be that a web server is any internet server that responds to HTTP requests to
deliver content and services
Database server
The term database server may refer to both hardware and software used to run a database,
according to the context. As software, a database server is the back-end portion of a database
application, following the traditional client-server model. This back-end portion is sometimes
called the instance. It may also refer to the physical computer used to host the database.
When mentioned in this context, the database server is typically a dedicated higher-end
computer that hosts the database.
Note that the database server is independent of the database architecture. Relational
databases, flat files, non-relational databases: all these architectures can be accommodated on
database servers.
In the client-server computing model, there is a dedicated host to run and serve up the
resources, typically one or more software applications. There are also several clients who can
connect to the server and use the resources offered and hosted by this server.
When considering databases in the client-server model, the database server may be the back-
end of the database application (the instance), or it may be the hardware computer that hosts
the instance. Sometimes, it may even refer to the combination of both hardware and software.
A database server is accessed either through a "front end" running on the user’s computer
which displays requested data or the "back end" which runs on the server and handles tasks
such as data analysis and storage.
Most of the Database servers work with the base of Query language. Each Database
understands its query language and converts it to Server readable form and executes it to
retrieve the results.
Transaction Server
A transaction server is a specialized type of server that manages the operations of software
based transactions or transaction processing. It manages application and database transactions
on a network or Internet, within a distributed computing environment.
A transaction server may also be referred to as a transaction processing system (TPS) or as a

part of one composite TPS solution.
A transaction server primarily enables transactions to be processed within distributed

computing applications. Typically, a transaction server is a combination of hardware,
software and network components that altogether ensures completion of each transaction. A
transaction server works when an application or application server requests for a specific data
object residing on a database or database server on the network or Internet. The transaction
server acts as an intermediary server that can ensure that the application or user receives the
requested data from the database or the completion of that transaction.
Commerce Server
Page 43 of 139
A commerce server is a server that provides the basic components and functions of an online
storefront, such as a shopping cart, credit card processing and product displays. Commerce
servers also manage and maintain accounting and inventory data, also called back-end data.
A commerce server is a product intended for e-commerce websites or e-commerce

applications.
Microsoft is one of the providers of commerce servers. Microsoft Commerce Server was first
released in 2000 and was used to create e-commerce systems. It uses Microsoft's .NET
technology. The latest release was in January 2009 and includes a comprehensive solution for
many business scenarios. The main features of Microsoft Commerce Server include:
 Multichannel functionality
 Service-oriented architecture
 A default site with 30 Web parts and controls
 What-you-see-is-what-you-get (WYSIWYG) editing
 Catalog, order and inventory management
 Management of ads and set rules for ads
 Profile management
 Data integration with third party systems
 64-bit support
Aside from Microsoft, there are many other software and service companies that provide
commerce server products and services as well as the training to use them.
Page 44 of 139
Electronic Data Interchange (EDI)
EDI is the computer-to-computer exchange of business data in standard format between
trading partners.
This definition contains three key concepts about EDI:

1. Computer-to-computer: EDI in its most efficient form travels directly out of a sender’s
computer system directly into a receiver’s computer system without any human
intervention.
2. Routine business data: EDI is used for routine business documents that are exchanged
frequently between trading partners like purchase orders and invoices. Non-routine
business documents, such as contracts or information meant for humans to read, review,
and analyze, do not travel via EDI.
3. Standard data formats: A standard definition of the location and structure of the data is
provided.
EDI has played an important role in the automation of activities between vendors and
suppliers. EDI allows two computers in two different businesses to exchange textual data in
machine readable format. EDI is used in number of trade sectors for inter-organization,
regular, repeat transactions. These systems require EDI standards, EDI software, an EDI
network and trading community.
The conventional paper process requires someone to handle a printed computer generated
form and mail it. Then, the recipient re-keys the data back into another computer for their
internal processing. The EDI process is a computer transmitting the information directly to
another computer, eliminating the paperwork and human intervention. Considerable labour
and time is saved if the computer that issues the order can communicate directly with the
computer that processes the order.
While the communication channel can easily be established between two computers, it does
not mean they can understand each other. Companies adhere to different descriptions and
codes for their products which mean that the information provided in the purchase orders is
not identical across companies. Before the two computers can communicate, the companies
need to standardize product information, product codes, purchase order and shipping notice
formats. EDI provides such standardization in a variety of industries. Third party service
providers sell hardware and software that establish EDI linkages between parties in a
particular industry.
Layered Architecture of EDI

EDI is most commonly applied in the execution and settlement phases of the trade cycle.
In execution of a simple trade exchange, the customers’ orders can be sent by EDI and the
delivery notification from the supplier can be electronic.
For settlement the supplier can use EDI to send the invoice and the customer can finish the
cycle with an electronic funds transfer via the bank and an EDI payment notification to the
supplier.
This whole cycle may be complex and other electronic messages can be included.
 EDI can be used for Pre-Sales
Page 45 of 139
 EDI can be used for After -Sales transactions but only if they were in a standardized
format and frequent enough to justify system costs, transactions such as dealer claiming
payment for warrantee work could be possible application.
X12 Standard
EDI is more than mere E-mail. It also refers specifically to a family of standards, including
the X12 series. ED1 also exhibits its pre-Internet roots, and the standards tend to focus on
ASCII-formatted single messages rather than the whole sequence of conditions and
exchanges that make up an inter-organization business process.
X12 is the cross industry standard designed by the American National Standards Institute
(ANSI) to support any business function in any industry. It provides a single standard with a
single architecture, producing a common, uniform language for electronic communications.
X12 was designed primarily as the standard for EDI transactions in North America.
EDIFACT, having emerged out of X12, is a global EDI standard supporting multi-country
and multi-industry exchange.
Today, many X12 transactions sets are used to handle most facets of B2B communications in
different industries including retail, government, transportation, and automotive. X12
standards are developed, maintained, published by the Accredited Standards Committee
(ASC).
Advantages of EDI
1. EDI replaces paper transactions with electronic transactions thus it saves times and speeds
up transactions.
2. It provides a legal record of business communications
Page 46 of 139
3. Value-added networks (VANs) were required in the past but EDI users are now able to
transmit their data encrypted over the Internet at the far lower Internet connection rates
via new standards for email, HTTP/HTTPS, and FTP.
4. Use of EDI reduces cost. These include the cost of stationery, postage etc.
5. Accurate invoicing can be done using EDI. EDI invoices can be automatically matched
against the original order and cleared for payment without any queries which usually arise
when paper invoices are matched with orders.
6. Quick response is achieved with EDI. For example, if a customer is to be informed that a
particular product is not available and if this is one using paper orders it takes lot of time
but with EDI a customer can be informed straight away so that he may go for the other
option. Therefore, quick response can easily be obtained from the customer using EDI.
Disadvantages
1. The X12 standard is so large and general
2. EDI variants define some optional EDI components as mandatory and others as
forbidden specify additional inter-component restrictions, identify a subset of codes
within used code sets that will be accepted and used, may add additional codes, and
restrict the transaction sets that will be used.
3. The lack of semantic rigor in the meanings of various components of EDI messages
4. Without being semantically-enabled, EDI messages are unable to be interfaced with
Semantic Web Services
5. EDI is too expensive: some companies are only doing business with others who use EDI.
If a company wants to do business with three organizations, they have to implement an
EDI program. This expense may be very costly for small companies.
Different EDI components and services

Three main components including services in EDI System are as follows:
1. Application Service: Provides the means of integrating existing or new applications into
the EDI System.
2. Translation Service: Converts data from internal format standards to an external format
and translates data from an external format to an internal format standard.
3. Communication Service: Passes documents onto a network via the agreed communication
protocol.
Value Added Network (VAN)

A Value Added Network (VAN) is a service provider that transmits EDI data to their
destinations. Value Added Networks simplify the communication process by reducing the
number of parties that you have to communicate with. VANs insert themselves between
trading partners. They typically operate as a mailbox scenario where a company would send a
transaction to a VAN and the VAN would then place the transaction in the mailbox of the
receiver. The receiver would then contact the VAN to pick up and send its transactions. It is
similar to e-mail, but rather than being unstructured text, it is used for structured standardized
data.
Page 47 of 139
Electronic Data Interchange (EDI)
Introduction
Businesses have invested in technology such as Enterprise Resource Planning (ERP) systems
to automate internal business processes, including accounts payable and receivable, inventory
control, and intra-company communication. However, many of these same companies are
slow to automate their business-to-business transactions, such as the exchange of purchase
orders, invoices, and bills of lading.
Electronic commerce (e-commerce) is the exchange of information via electronic media, such
as the internet and private communications networks. There are various types of e-commerce
e.g. Business-to-Business (B2B) and Business-to-Consumer (B2C). Almost every day,
people experience B2C e-commerce, such as when we book airline tickets or hotel
reservations online and then receive an electronic confirmation.
In today’s business environment, EDI remains a game changer across all industries, including
retail, banking, manufacturing, high-tech, and services. For many companies, it has become
the lifeblood of their business, making them more efficient, driving down costs, and
increasing customer satisfaction. It is the means by which they can differentiate themselves
from their competitors. Using EDI, a manufacturer in Mombasa, Kenya can send a purchase
order to its supplier in Japan, receive an electronic document indicating that the item is out of
stock, and immediately react by sending the purchase order to an alternative supplier in
Malaysia — all in just minutes. This high level of visibility that is enabled by the use of EDI
is critical to business success.
Electronic communication has changed the way companies conduct business with each other.
Business-to-business (B2B) electronic commerce (e-commerce), which includes EDI, XML
(Extensible Markup Language), and online catalogues, has enabled the integration of
companies throughout the world into communities of business partners (often called trading
partners) with benefits for all.
In today’s business environment, B2B integration is a key to success; in fact, many

companies
will no longer do business with you if you can’t do business electronically. While many
businesses have incorporated emails and faxes into their B2B communication, these
processes still involve human handling and are thus slow and prone to error. Although they
provide improvements over postal mail-based processes, they lack the power and
functionality of e-commerce. In the Figure below, a simplified scenario in which a buyer
faxes or mails an order to a supplier, who then faxes or mails an invoice back to the buyer.
Page 48 of 139
As you can see, this manual process involves a lot of paper, people, and time. Mail can be
slow and paper documents can be misplaced or lost. Once received, mailed and faxed
documents must be manually entered into a computer application, a process that frequently
results in errors. And even though an email is sent electronically, it too must be entered
manually, because the computer application has no way of knowing where each piece of data
needed is located within the email. Having people involved slows down the processing of the
documents and also introduces errors.
In the 1960s, the railroad industry, which needed to find a faster and more efficient way to
communicate information about goods being transported, began to send this data
electronically. Other businesses realized the value of electronically exchanging information
and so, beginning in the 1980s, many industries adopted EDI, the electronic exchange of
standard-formatted business documents between computers. At first, only those businesses
that could afford large mainframe computers were able to participate. But with the advent of
the personal computer and then the availability of the internet, use of EDI became available
to all companies regardless of size.
EDI Defined
Electronic Data Interchange (EDI) is the computer-to-computer exchange of business
documents, such as purchase orders and invoices, in a standard electronic format between
business partners, such as retailers and their suppliers, banks and their corporate clients, or
car-makers and their parts suppliers.
From the definitions we find three key concepts about EDI:

1. Computer-to-computer: EDI in its most efficient form travels directly out of a sender’s
computer system directly into a receiver’s computer system without any human
intervention.
2. Routine business data: EDI is used for routine business documents that are exchanged
frequently between trading partners like purchase orders and invoices. Non-routine
business documents, such as contracts or information meant for humans to read, review,
and analyse, do not travel via ED
3. Standard data formats: A standard definition of the location and structure of the data is
provided.
EDI has played an important role in the automation of activities between vendors and
suppliers. EDI allows two computers in two different businesses to exchange textual data in
Page 49 of 139
machine readable format. EDI is used in number of trade sectors for inter-organization,
regular, repeat transactions. These systems require EDI standards, EDI software, an EDI
network and trading community.
EDI is considered to be a technical representation of a business conversation between two

entities, either internal or external. The EDI standards were designed to be independent of
communication and software technologies. EDI can be transmitted using any methodology
agreed to by the sender and recipient.
The most common documents exchanged via EDI are purchase orders, invoices, and advance
ship notices. But there are many others, such as bills of lading, customs documents, inventory
documents, shipping-status documents, and payment documents.
EDI is used in such diverse business-to-business relationships as:

 Interchanges between health care providers and insurers
 Travel and hotel bookings
 Education
 Supply chain management
 Administration
 Tax reporting
Layered Architecture of EDI

Three main components including services in EDI System are as follows:
1. Application Service: Provides the means of integrating existing or new applications into
the EDI System.
2. Translation Service: Converts data from internal format standards to an external format
and translates data from an external format to an internal format standard.
3. Communication Service: Passes documents onto a network via the agreed
communication protocol.
EDI is most commonly applied in the execution and settlement phases of the trade cycle. In
execution of a simple trade exchange, the customers’ orders can be sent by EDI and the
For settlement the supplier can use EDI to send the invoice and the customer can finish the
cycle with an electronic funds transfer via the bank and an EDI payment notification to the
supplier.
 EDI can be used for Pre-Sales
 EDI can be used for After -Sales transactions but only if they were in a standardized
Page 50 of 139
The EDI Process
Today, all types of business documents for industries such as retail, automotive, high tech,
logistics, and banking can be exchanged using EDI. These documents can flow from the
sender’s computer straight through to the appropriate application on the receiver’s computer
(e. g., the order management system), where processing can begin immediately.
With a fully integrated EDI system, the process can look like this—no paper, no people, and
almost no time.
As you can see, sending and receiving EDI documents can be a seamless and efficient way to
conduct business.
Sending an EDI Document
To send an EDI document, you need to identify the data, create an EDI document, and
transmit it.
Step 1: Identify the data

The first step is to identify the data you want to include in the purchase order, invoice,
advance ship notice, etc.
Page 51 of 139
The sources of data and the methods available to generate the electronic document can
include:
1. Computer programs that extract data from system databases, such as from a retailer’s
purchasing system or a shipping company’s logistics system;
2. Computer programs that extract data from spreadsheets; and
3. People keying in the data via web form data entry screens.
Step 2: Create the EDI document

In the next step, software converts your internal data into the EDI standard format. This
requires specialized translation software that defines how your internal data is to be mapped
(i. e. correlated) to the EDI format.
Translation software is available to suit just about any computing environment and budget,
from large systems that handle thousands of transactions daily to PC-based software that need
only process a few hundred or fewer transactions per week.
Step 3: Transmit the EDI document

There are two basic ways to transmit an EDI document.
1. The first option is to send it directly to your business partner, usually via the internet.
2. The other option is to use the services of an EDI Network Services Provider, in which
case you send the EDI document to the Provider, who then makes it available to your
business partner.
Using a Provider is often the easiest and best approach when you have many business
partners, each using a different communication protocol (rules) that you would otherwise
need to accommodate.
Page 52 of 139
Receiving EDI Documents
Receiving an EDI document is basically the reverse of the sending process.
1. You receive the transmitted EDI document;
2. Your system converts the EDI data for your internal system; and
3. The data is fed into your internal system for processing, such as into a bank’s payment
origination system or a supplier’s order management system
Step 1: Receive the transmitted EDI document

As with sending a document, there are two basic options. You can receive the EDI document
directly from your business partner or you can use the services of an EDI Network Services
Provider, in which case your Provider receives the EDI document from the sender and then
makes it available to your internal system.
Step 2: Convert the EDI document for your internal system

Software now converts the data from the incoming EDI document into the format used by
your internal system. This requires specialized translation software that defines how the EDI
data is to be mapped (i. e. correlated) to your internal data format.
The same specialized translation software that is used to create EDI documents for sending is
used in the receiving process.
Page 53 of 139
Step 3: Feed data into your internal system for processing
Your computer application can now automatically feed the translated data into your system,
such as your order management system, for immediate processing. Or, often for smaller
companies that haven’t fully integrated EDI with their internal systems, the incoming data is
made available either as a report or on the computer screen.
Note
Thus, there are several options available to you when configuring an EDI system for your
business. You can perform data conversion in-house or use the services of an EDI Network
Services Provider. You can transmit your documents directly to your business partners via
the internet or transmit via an EDI Network Services Provider. Or, you may use a
combination of these options in order to satisfy the requirements of your various trading
partners.
The Figure below provides an overview of an EDI process in which the sender and the
receiver each manages its own data conversion processes.
Page 54 of 139
With a fully integrated EDI system, the process involves no paper, no people,
and almost no time
The Benefits of EDI

EDI has helped simplify and improve commerce between trading partners for more than 30
years and its benefits continue to expand as it improves business processes such as electronic
procurement, automated receiving, electronic invoicing, and electronic payments.
EDI can help a company reduce the cost of personnel and office space, improve data quality,
speed up business cycles, improve efficiency, and provide strategic business benefits. Let’s
look at the benefits that businesses across all industries are realizing by using EDI.
Reduced costs
EDI reduces the costs of personnel, supplies, and office and storage space. Since paper
documents are replaced by EDI transactions, expenses associated with paper—printing,
reproduction, storage, filing, postage, and document retrieval— are all reduced or eliminated.
Moving from a manual to an EDI process frees up personnel to concentrate on other aspects
of the business.
Improved data quality

When bad data makes its way into your internal systems, such as your accounts payable or
transportation management systems, the results have a negative impact on your business.
This includes overpayments, late or underpayments resulting in additional fees, lost revenue
due to delays, and poor customer service.
The root of most data errors is the keying in of data from a paper document into your internal
system. First, if the paper document is handwritten rather than computer-generated, it may be
difficult to read, leading to input errors or phone tag to obtain clarification, both of which can
cause delays in the business cycle. Even when the document is typed or computer- generated
and thus legible, keying errors can still occur. In the order entry process, these errors can
result in shipping the wrong product, in the wrong quantity, at the wrong price, to the wrong
address.
The electronic capture of business documents enables critical business data to be fed directly
into your internal systems without relying on error prone, manual re-keying, which is required
when you use paper-based or email-based processes. Having more accurate data means that
the entire supply chain is more efficient.
Shorter business cycle

We have just discussed how manual data entry can greatly slow the business cycle. In
addition, when using postal mail, your documents will take days to arrive. Sometimes, it may
be weeks before you discover that the mail has been lost. Delivery services such as UPS and
FedEx are very reliable but quite costly. And even with faxes, documents can remain at the
fax machine
or sit on someone’s desk before any action is taken.
In contrast, EDI transactions can be exchanged in minutes instead of the days or weeks
associated with postal mail. Furthermore, there is significant time saved by the elimination
of data re-keying and its high error rate, which results in time-consuming corrective actions.
For many companies that use EDI, transactions that used to take five days using paper can be
completed in under an hour. This reduced cycle time leads to faster payments and thus
Page 55 of 139
improved cash flow. Cash is no longer tied up in inventory or goods in transit and, therefore,
can be applied to other areas of the business.
Improved business efficiency

The benefits of streamlining processes with EDI can have a ripple effect throughout many of
the operations of a business. Automating paper-based tasks frees staff to concentrate on
higher-value tasks and provides them with the tools to be more productive. For example, the
use of EDI leads to less reworking of orders and invoices resulting from the elimination of
errors due to manual data entry, invalid data, or missing data. EDI ordering and shipping
provide greater visibility into the supply chain, leading to fewer stock- outs and resulting lost
sales. EDI invoicing enables buyers to process and approve invoice payments faster. This
allows buyers to take full advantage of timely payment discounts, which in turn means
improved cash flow for the suppliers. The use of EDI reduces order processing and delivery
times, enabling organizations to reduce their inventory levels. In the automotive industry,
which relies heavily on Just-in-Time manufacturing, the exchange of EDI documents is an
absolute necessity. Its speed and accuracy are at the heart of a Just-in-Time environment.
Improved data security and ease of auditing

In this highly competitive, international world of business, data security is paramount to the
success of a company. Documents that circulate in an office or that can be changed by
several people may not be secure. With fully integrated EDI, in which data flows directly
from computer to computer, data can be exchanged in a highly secure environment. In
addition to keys and passwords to protect the data, encryption and decryption programs are
used, so that even during the few seconds it takes to transmit the data from sender to
receiver the data is secure. Even when an EDI Network Services Provider is used to
perform translation, there can be “encryption at rest” programs, so no one at the Provider’s
data centre can see or violate the data. Of course, in today’s environment, it is necessary
for companies to install firewalls in their own data centres to prevent hackers from stealing
data. But this is true of internal systems, whether you use EDI or not.
Corporate auditing is made easier and faster since the EDI process eliminates many of the
discrepancies and problems that can creep into a paper-based system. Moreover, all the EDI
transactions can be made easily available to the auditor in reports, thereby improving
accuracy and reducing productivity loss during the auditing process.
Strategic business benefits

Beyond the direct cost and time-saving benefits of EDI described above, it provides the
foundational technology that, when combined with other collaborative commerce capabilities
available today, enables dramatic strategic benefits. For example, in today’s fast-paced
business environment, electronic transactions enable real-time visibility into transaction
status. This, in turn, enables faster decision-making and improved responsiveness to
changing customer and market demands.
In some industries, EDI enables businesses to adopt a demand-driven business model rather
than a supply- driven one, because it shortens the lead times for product enhancements and
new product delivery, streamlines the ability to enter new territories and markets, and
provides a common business language that facilitates the communication and collaboration
of businesses throughout the world.
Page 56 of 139
Moreover, EDI promotes corporate social responsibility and sustainability by eliminating
paper from the supply chain and replacing paper-based processes with “green” electronic
alternatives. This will both save you money and make your company part of the solution to
our overall “carbon footprint.”
As we have seen, the benefits of using EDI are many and have a far-reaching effect
throughout the company. Later, we will examine how EDI brings benefits to specific
business processes, such as ordering, invoicing, receiving, and payments.
EDI Standards
An EDI document is simply an electronic version of a paper document that adheres to the
rules of a standard format. When two companies use the same EDI standard format for their
business documents, their computers “speak” the same language. This enables the exchange
of documents between the computers without human intervention.
Because EDI documents are processed by computers, the computer’s program must know
where to find each piece of information in the incoming document and the format of that
data. For example, are the numbers included in the data integer (e.g.., 12) or decimal (e. g.,
12 .0)? Are the dates in the form mmddyy or mm/dd/yyyy?
Just as two speakers of different languages cannot hold a conversation, two business systems,
each with its own proprietary format rather than a common format, cannot exchange data
with each other. Thus, a common, standard format is the language by which businesses
communicate with each other via their computers.
EDI standards have been developed by organizations of concerned businesses to identify

needs, create plans to meet those needs, and come to an agreement on the proposed standards.
Subcommittees continually meet to propose new standards or changes in response to evolving
business requirements. There are several EDI standards in use today. The most common
cross-industry standards are ANSI, primarily used in the United States, and EDIFACT,
Page 57 of 139
primarily used in Europe and Asia. In addition, there are standards for specific industries,
such as SWIFT for banking and RosettaNet for high-tech.
Many EDI standards are available, but ANSI X12 is most commonly used in North
America, while EDIFACT is most commonly used throughout the rest of world.
There continues to be confusion as to whether or not XML is an EDI standard. XML is
not actually a standard at all; it is a powerful language that gives a company a great deal
of flexibility in defining and constructing business documents, such as the documents
defined by ANSI and EDIFACT. A major structural difference between XML and EDI is
that whereas EDI is based upon strict rules governing the position of data within a file,
data in an XML file is not bound to a specific location and is instead identified by tags,
such as “<quantity>300 </quantity>” to indicate a quantity value of 300. This results in
XML files being much larger than their comparable EDI files. Some standards, such as
RosettaNet, are based on XML.
At one point, it was expected that XML would replace EDI. However, many businesses
that have invested heavily in EDI, which is efficient and works extremely well, see no
need to spend the money “to reinvent the wheel.” Thus, EDI will be a mainstay for
business into the foreseeable future.
The ANSI and EDIFACT standards can be applied across all industries. Subsets of these
standards, such as VICS and EANCOM, have been developed to meet the special
requirements of certain industries. These subsets define industry-specific documents,
data fields, and rules.
ANSI X12
In 1979, the American National Standards Institute (ANSI), which had been founded “to
oversee the creation, promulgation and use of norms and guideline to ensure
competitiveness of U.S. businesses,” formed the Accredited Standards Committee (ASC)
X12 to develop uniform standards for the inter-industry electronic exchange of business
transactions. From its inception, ANSI X12 was designed to support companies across
different industry sectors in North America. Today, there are hundreds of thousands of
companies worldwide using X12 EDI standards in daily business transactions.
Two examples of ANSI subsets currently in use are:

• AIAG: The AIAG standard was developed by the Automotive Industry Action Group
(AIAG) for the North American automotive industry.
• VICS: The Voluntary Inter Industry Commerce Standard (VICS) is used by the
general merchandise retail industry in North America, including thousands of
department and speciality retail stores, mass merchandisers, and their respective
suppliers
UN/EDIFACT
The Electronic Data Interchange for Administration, Commerce and Transport
(EDIFACT) was developed with versions for individual European countries. Under the
auspices of the United Nations, and with input from the American National Standards
Institute (ANSI), a UN/EDIFACT standard was developed to address the international
business community. Today, this is the most common standard used by European
businesses.
Page 58 of 139
Two examples of EDIFACT subsets currently in use are:
• EANCOM: Developed in 1987 by GS1, a global standards body, EANCOM is a
subset of UN/ EDIFACT. The key benefit of this standard is that it incorporates the
European Article Number (EAN), a system of product codes to identify products
throughout the world. This greatly facilitates international trade, since a company can
easily order an item from a supplier anywhere in the world without knowing the
specific item code used by the internal system of that particular supplier. EANCOM
was originally developed for the retail sector and has subsequently grown to become
the most widely used UN/EDIFACT subset. It is now used in a variety of other
industry sectors such as health care, construction, and publishing.
• ODETTE: The ODETTE message standard was developed by the Organisation for
Data Exchange by Tele Transmission in Europe (ODETTE), specifically for the
automotive industry in Europe.
HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the
U.S Congress. A key component of HIPAA is the establishment of national standards for
electronic healthcare transactions and national identifiers for providers, health insurance
plans, and employers. The standards are meant to improve the efficiency and
effectiveness of the U.S. health care system by encouraging the widespread use of EDI.
The HIPAA EDI transaction sets are based on ANSI X12.
RosettaNet
The RosettaNet standard, based on XML, was developed by a consortium of major
computer, consumer electronics, semi-conductor manufacturers, and telecommunication
and logistics companies. It facilitates industry-wide global supply chain processes
SWIFT
The Society of Worldwide Interbank Financial Telecommunication (SWIFT) developed a
financial messaging network between banks and other financial institutions for a
standards-based exchange of financial information. The SWIFT document standard
governs aspects of financial activity: payments, trade services, and securities.
TRADACOMS
Introduced in 1982, TRADACOMS is an EDI standard primarily used in the UK retail
sector that utilizes the product code system developed by the UK Article Numbering
Association. Though superseded by EANCOM, it is still used by many businesses in the
UK today.
VDA
VDA is a standard developed by the German automobile association, Verband der
Automobilindustrie. VDA standards are used by companies such as VW, Audi, Bosch,
Continental, and Daimler AG
Common Business Documents

The document standards discussed above define hundreds of business documents from which
different industry groups select those that pertain to their business. The documents used most
commonly, however, deal with the procure-to-pay and order-to- cash processes. Some of the
Page 59 of 139
most frequently used documents are listed below with their ANSI numerical and EDIFACT
six-letter name identifiers.
Product Catalog (832/PRICAT)

A document provided by a supplier to its customers, containing a list of products and services
available, including information such as description, pricing, quantities available, and unit of
measure. The buyer can then directly issue a purchase order for items in the product
catalogue. This document is extremely popular in the retail industry.
Purchase Order (850/Orders)

A document issued by a buyer to a seller that defines the terms of sale under which the buyer
will purchase the seller’s goods. This document can also be used as a blanket purchase order
against which the buyer can issue an EDI Material Release (830/DELFOR) for partial
deliveries as needed throughout the life of the purchase order.
Purchase Order Acknowledgment (855/ORDRSP)

Confirmation to the buyer that the supplier will be filling the purchase order as requested.
Advance Ship Notice (856/DESADV)

An electronic version of a printed packing slip that tells a buyer that goods have been
shipped, how they have been packed, and the estimated arrival time. The Advance Ship
Notice document is also referred to as a Delivery Notice or Despatch Advice. This extremely
important document is at the core of many automated business processes, such as Evaluated
Receipt Settlement, drop shipping, and Just-in-Time delivery.
Invoice (810/INVOIC)
A request for payment for goods or services that communicates to a buyer the specific items,
prices, and quantities. Payment terms will usually accompany the billing information.
Remittance Advice (820/REMADV)

A notification from a buyer to a supplier that payment has been made, usually via electronic
funds transfer. Receipt of this document enables suppliers to reconcile which invoices have
been satisfied by any given payment.
In addition, there is a special EDI document that is not a business document, but serves to
streamline the EDI process:
Functional Acknowledgment (997/CONTRL)

Often referenced as an FA, this is an electronic “receipt” from the receiver of an EDI
transmission to its sender to indicate simply that the EDI document was successfully received
and read by the computer. It does not indicate that the receiver is acting upon the contents of
the document. Other documents acknowledge that the contents are being acted upon, such as
the Purchase Order Acknowledgment and the Purchase Order Change Acknowledgment.
Most commonly used EDI documents:

• Purchase Order
• Advance Ship Notice
• Invoice
• Product Catalog
• Purchase Order Acknowledgment
• Remittance Advice
Page 60 of 139
EDI Communication Options
When your company exchanges business documents electronically with your business
partners your customers, suppliers, logistics providers, and/or banks, you need to make two
major communications- related decisions.
1. Firstly, what is your overall approach for connecting to all your partners?
2. Secondly, which of the various communications protocols will you need to implement?
Communications protocols are rules that govern the format and transmission of data between
computers
Direct Connection Model

In the direct connection approach, you and your trading partner connect directly via the
internet using the same communications method or protocol. However, this approach can
become very complex and resource intensive if your other trading partners are using different
communications protocols. Your system must then be able to support each of these
protocols.
This approach is most commonly used by large corporations that have business partners with
whom they exchange a high volume of EDI documents. If you choose to implement the direct
connection model, you will need to purchase a software package that enables you to use all
the agreed upon protocols, such as AS2, SFTP, FTP. Then you will need to agree with each
of your partners on
1. which of these communications methods or protocols you and the trading partner will use
and
2. the specific protocol settings or options to be used when exchanging your files of EDI
documents.
This model can be very complex due to the wide variety of communications protocols that
must be used and supported. Very few businesses today connect directly to all their trading
partners.
Network Model (Value-Added Networks Based EDI)

An alternative to the direct connection model is to work exclusively through an EDI Network
Services Provider, which, in the days prior to the internet, was referred to as a Value-Added
Network (VAN). Many businesses use the network model to shield themselves from the
complexities of supporting varying communications protocols required by different business
partners.
Page 61 of 139
A Value Added Network (VAN) is a service provider that transmits EDI data to their
destinations. Value Added Networks simplify the communication process by reducing the
number of parties that you have to communicate with. VANs insert themselves between
trading partners.
In the network model you have just a single connection to your Provider for all your EDI
transactions and all your trading partners, using whatever protocol you prefer, such as AS2 or
one of the secure FTP protocols. You don’t have to worry about which protocols your
partners are using. At the same time, your business partners also connect to a Provider, either
the same one you are using or a different one. If different, most Providers will connect to
each other in order to complete the EDI file exchange.
In this way, each partner makes an independent decision regarding its preferred
communications protocol, relying on the Provider to mediate the differences between the
various trading partner protocols. There are additional benefits to using an EDI Network
Services Provider, such as ensuring data security, validating the identity of the sender (non-
repudiation), and providing audit information, reporting, backup, and recovery. Using a
Provider also relieves all community members of the resource intensive responsibilities for
resolving communications issues. The EDI Network Services Provider charges transaction
fees for these services, to a large extent based upon the volume of transactions handled.
Your business is still responsible for generating and processing all EDI documents
exchanged, which means you must have highly skilled EDI personnel. However, you do not
need the specialized communications resources required in the direct connection model.
The Figure above illustrates the EDI network model in which you and your business partners
each use own preferred communications protocol to exchange EDI documents using an EDI
Network Services Provider.
Use of the EDI network model for 100 percent of an EDI trading community was extremely
popular before the rise of the commercial internet. Today, many businesses use a
combination of the two approaches. In order to save on Provider transaction fees, they
connect directly via the internet to the trading partners with whom they exchange the highest
volume of transactions, using one or two preferred protocols. They will also leverage the EDI
Network Services Provider, with its benefits, for trading with their large number of lower-
Page 62 of 139
volume trading partners, as well as with those partners using a communications protocol they
cannot support.
Advocates of the direct connection approach argue that it is much cheaper than using an EDI
Network, particularly for high volumes of EDI documents. However, when calculating your
overall costs, you must factor in the cost of purchasing, managing, and maintaining the
additional communications software and the cost of highly skilled personnel with expertise in
secure internet communication, as well as in EDI. Furthermore, as the size of your
community grows, you will need additional resources to implement and support each new
trading partner.
You need to continually monitor communications, manage trading partner calls, and resolve
issues quickly. All these vital processes are resource and time intensive.
Most Commonly Used Communications Protocols

The rapid growth of the internet to the point of near universal connectivity is now enabling
business partners to communicate and exchange files more easily than ever before, although
sometimes at the expense of other requirements, such as security, privacy, and manageability.
Therefore, when you choose a communications protocol such as AS2 or FTP for exchanging
business documents via the internet, you need to choose carefully.
In order for two computers, whether within your company or across the internet, to exchange
files or documents, your system needs special file-handling software that follows certain
communications rules (protocols). If you communicate directly, both you and your partner
must use the same protocol. If you communicate directly with many partners, each of which
uses a different protocol, you will need software that supports each one of those protocols.
This is a major reason why many companies select the network model as it shields them from
this complexity.
There are five key factors you should consider when selecting the best communications
protocol for your company:
Data security
When you are dealing with documents that contain sensitive data, you must be sure that while
they are being transmitted across the internet, they are safe from others who may try to
intercept and read them. Each communications protocol takes a different approach to
securing information. Some protocols encrypt everything in the transmission (channel
encryption), whereas others encrypt only the actual data (payload encryption).
Non-repudiation
Repudiation refers to the ability to confirm that a document was actually sent by the sender
indicated within the file being exchanged. This also serves as proof when business partners
deny having sent you a document.
Interoperability
Many software vendors offer versions of each protocol. However, versions of the same
protocol provided by two different vendors may not always be able to communicate with
each other. So, when you and your partners select a protocol, you must be sure of
interoperability.
Page 63 of 139
Message management
When you exchange documents with your business partners, you need to know whether the
documents were successfully received and decrypted. For example, a major factor in
determining whether you get paid is whether your partner received the bill. Or, if you’re
trying to plan for the arrival of a shipment at your receiving dock, getting a shipment notice is
crucial. Thus, confirmation of receipt for EDI documents is extremely important for
businesses to operate efficiently.
Ease of setup and use

Different protocols may necessitate different levels of resources to install and monitor its
operation on a day-to-day basis.
Below is a list of the most commonly used communications protocols for the exchange of
EDI documents via the internet and how well each addresses the five key factors listed above.
Any of these can be used to connect to business partners directly (direct connection model) or
to connect to them via an EDI Network Services Provider (network model).
FTP (File Transfer Protocol) with VPN (Virtual Private Network)

FTP was the first robust, reliable file transfer protocol developed and is still used today by
many businesses, particularly for file exchange within a company. However, FTP by itself
does not provide the security needed for documents exchanged with other companies over the
internet. For this reason, businesses that use FTP use it in conjunction with VPN software to
provide the security layer needed.
However, neither FTP by itself nor FTP with VPN provides non-repudiation or message
management. Moreover, interoperability may be an issue because there are many different
ways of implementing VPN on your system, as well as possible differences in versions of
VPN. Although FTP with VPN does not address all five factors, you can use it to connect to
an EDI Network Services Provider, which then provides the non-repudiation, message
management, and interoperability required.
SFTP (Secure File Transfer Protocol) and FTPS (File Transfer Protocol Secure)
Both SFTP and FTPS are secure internet protocols. The major difference is in how each
provides security and performs encryption. The security layer used by SFTP was developed
by the internet Engineering Task Force, while the security layer used by FTPS was developed
by the internet browser company Netscape.
Both protocols encrypt the data while in transit, keeping it safe while moving over the
internet, and then decrypt it upon arrival at its destination. However, neither provides non-
repudiation or message management. As with FTP with VPN above, interoperability is a
major issue, and again you can use either to connect to an EDI Network Services Provider,
which then provides the non-repudiation, message management, and interoperability
required.
AS2 (Applicability Statement 2)

AS2 was developed specifically to overcome the limitations of the other security protocols
discussed above. In addition to providing a high level of data security, it addresses non-
repudiation, message management, and interoperability. It was developed by the internet
Engineering Task Force (IETF). The major boost to its usage was when it was mandated by
Page 64 of 139
Walmart as the only acceptable communications protocol for suppliers wishing to do business
with them. Its usage soon spread to other major businesses.
How AS2 addresses non-repudiation, message management, and interoperability.

• Non-Repudiation: AS2 uses a system of keys to ensure non-repudiation. A private key
is used by one business to encrypt its digital signature (a special identity code) on a file
being transmitted. That company’s public key is provided to all its business partners for
use in decrypting the digital signature. No other key will work, thus verifying the identity
of the sender.
• Interoperability: AS2 is backed by the Drummond Group, an organization that certifies
that versions from different vendors are compatible. Thus, you are guaranteed that if you
buy any two products from the list of Drummond-certified products, they will work
together well.
• Message Management: AS2 provides a status message called the Message Disposition
Notification (MDN), which informs you that the transmission was successfully received,
decrypted, and verified.
There are several challenges to successfully implementing AS2.

1. AS2 is a “push” protocol, meaning documents are sent as soon as they are available and
the business partner must be ready to receive them. The recipient’s server must be up and
running 24x7, with personnel ready to troubleshoot any communications issues.
2. In addition, management of the private and public encryption keys used for non-
repudiation and security adds another layer of complexity to its operation.
3. Moreover, because AS2 is much more sophisticated than the other protocols, a highly
skilled staff will be needed to support it.
In summary, you have several choices when selecting a secure communications protocol for
your EDI documents. AS2 best addresses all the key requirements, but requires a higher
level of commitment. Because of its full functionality, many companies opt to use AS2 for
exchanging EDI documents when connecting to both their direct connection partners and to
an EDI Network Services Provider for the rest of their partner community. If you use one of
the other secure protocols, then use of a Provider should be considered in order to address the
gaps in capabilities.
Five factors to consider when choosing a communications protocol:

1. Will it keep data safe from hackers?
2. Can you be confident that the sender is legitimate?
3. Does it let you know whether your partner has successfully received your
transaction?
4. Does it require a lot of resources to install and maintain?
5. Will your version work with your partner’s version?
Types of Businesses that use EDI

As we have seen, EDI enables organizations to reduce cost and inefficiency resulting from
manual, transaction based processes. By automating the exchange of data between
applications across a supply chain, EDI can ensure that business-critical data is sent on time,
every time; is securely sent to or received from trusted trading partners; can be tracked in
real-time; and can be audited after the event.
Page 65 of 139
In today’s highly competitive world, the use of B2B technology such as EDI may be the
difference between success and failure. We will now discuss how EDI can streamline three
common business processes: procurement, shipping and receiving, and invoicing and
payment.
Procurement
Procurement was the first business process for which the use of EDI was widely adopted
across industries.
System (ERP) or other back-office system automatically generates the purchase order. It is
also common to order goods from an electronic catalogue. In the latter process, after
negotiating specific terms and prices with a customer, the supplier creates an electronic
catalogue for that specific customer, which may be on the supplier’s system, hosted by an
EDI Network Services Provider, or sent to the customer for integration with its procurement
system. An employee or the procurement system accesses the catalogue and places the order,
which then automatically triggers the creation of the EDI Purchase Order. The basic EDI
document flow in the procurement process involves four key documents:
1. the Purchase Order
2. the Purchase Order Acknowledgment
3. the Purchase Order Change, and
4. the Purchase Order Change Acknowledgment
From the Figure above:

1. The buyer transmits an EDI Purchase Order to the supplier.
2. A supplier can then send a Purchase Order Acknowledgment back to the buyer, in
which the supplier agrees to fulfil the order according to the terms of the purchase order.
3. If the supplier is unable to meet all the purchase order requirements, the Purchase Order
Acknowledgment can provide information as to which portions of the order can be
fulfilled
4. The buyer can then transmit a Purchase Order Change document when there is a need
to change the original purchase order, due either to a change in the buyer’s needs or
because the supplier cannot meet all the requirements in the original purchase order.
5. The supplier then sends a Purchase Order Change Acknowledgment back to the buyer.
Use of the Purchase Order Change and Purchase Order Change Acknowledgement
documents simplifies a process that otherwise, when handled manually, can be very complex.
In fact, in some industries such as the general merchandising segment a purchase order is
often changed four or more times.
Page 66 of 139
Upon receipt of each document, the EDI system automatically sends a Functional
Acknowledgment to notify the sender that the document was successfully received.
Automating the exchange of purchase-order related documents provides numerous benefits:
• Faster, more accurate order-to-receipt process due to the elimination of slow, error-prone
manual ordering;
• Reduction or elimination of resource-intensive and time-consuming order status inquiries
by both buyer and seller due to the use of EDI status documents that provide you with
new visibility into your supply chain;
• Increased buyer flexibility due to the speed and accuracy of the EDI process. For
example, the buyer can quickly seek alternative suppliers when a purchase order cannot
be fulfilled;
• Higher levels of satisfaction by the seller, the buyer, and the buyer’s customers resulting
from the benefits above.
Shipping and Receiving

EDI enables goods to be shipped in a timely and accurate manner according to ever-
changing buyer- specific requirements. This is vital to a manufacturer operating in a Just-
in-Time (JIT) environment and to a retailer with a continuous replenishment program
(CRP) for its inventory.
The critical document in support of all shipping processes is the Advance Ship Notice
(ASN), which lists the details of a shipment of goods due to arrive from a supplier, a third
party logistics provider (3PL), or a fulfilment agent.
S
Typically, the ASN includes much of the information that was included on the buyer’s
original purchase order. It also includes carton identifications, content descriptions, and
transportation details. New uses are continually found for the ASN. For example, some
companies use data in the ASN to help them generate the Customs 10+2 Importer Security
Filing for international shipments entering the United States.
Basic EDI Document and Goods Flow in the Shipping Process
Page 67 of 139
Invoicing and Payments
Finance teams are increasingly focusing on streamlining the accounts payable (AP)
department to achieve further cost efficiencies, improve visibility into financial
performance, and reduce the risk of both internal and external fraudulent activity.
Eliminating the mountains of paper invoices received from non-EDI suppliers is clearly an
important first step. Many countries have enacted legislation that permits an electronic
invoice (e-invoice) to serve as legal evidence during tax audits, removing the need to keep
paper originals. In order to more efficiently collect taxes and to prevent tax avoidance,
governments throughout the world, have mandated the use of e-invoicing for the public
sector.
Today, e-invoicing is becoming the way to do business for both governmental agencies and
the private sector, whether the company is small, medium, or large. While e-invoicing
regulations are often similar in purpose, the specific requirements frequently vary by
country. For example, EDI invoices must adhere to country-specific regulations for data
format, data storage, and data access requirements.
Some of the legal requirements for e-invoicing that differ from one European Union
member to another include:
1. Digital Signatures: Some countries, such as Spain, require EDI invoices to be digitally
signed (using an encrypted code) in order to guarantee their origin and integrity;
2. Archiving: Many countries require the archiving of EDI invoices for extended time
frames, e. g ., Germany requires data archiving for ten years and the UK requires six
years;
3. VAT Compliance: VAT (Value-Added Tax) rules vary widely by country.
Basic Invoice and Payment Process
How to Implement EDI Infrastructure

EDI infrastructure requirements may include dedicated server, communications software,
EDI translation software, personnel with EDI and communications expertise.
Page 68 of 139
Many companies need to implement EDI in order to satisfy the requirements of valued
customers. For example, some companies mandate that their suppliers must either implement
a fully integrated EDI solution or, for smaller-volume suppliers, use web-based forms or a
service bureau that will generate EDI documents on their behalf. After complying with a
business partner’s EDI requirements, a company often sees the potential benefits of
instituting its own EDI program with its broader trading community.
If your company has decided to implement EDI as part of a strategic initiative to cut costs
and improve efficiency or in order to become easier for customers to do business with, you
need to determine whether to do it yourself, outsource it all to a B2B Managed Services
provider, or use a combination of the two approaches.
Do-It-Yourself Model
In order to make a decision as to which of the above three models best fits your company’s
needs, you need to appreciate the level of effort required to set up a do-it-yourself EDI
program. Some companies, such as Walmart, have decided upon the do-it-yourself approach
as part of their strategic decision to have complete control over every aspect of their business.
This is an overview of the major tasks that need to be completed for a successful EDI
implementation.
Develop the organizational structure

EDI is a significant investment and developing the correct organizational structure from the
outset will pay dividends as the program evolves. Some of the key elements of the
structure include:
• EDI Coordinator: An IT professional with in-depth experience in delivering EDI. The
coordinator may come from in-house or be hired externally depending on the EDI resources of
the organization.
• Steering Committee: Headed by the EDI Coordinator, this committee typically consists of the
department heads of affected business units, the head of IT, and legal representatives.
• Senior Management Sponsor: As with any major IT program, senior management
commitment is critical if the EDI implementation is to be a success.
• Dedicated EDI Team: The EDI team will be responsible for the actual implementation of the
system
An important aspect of the role of the EDI coordinator is to regularly communicate with all sectors
of the company that will be affected by the EDI program in order to ensure their support and buy-
in . This ongoing communication is vital for educating the various organizations as to how the
EDI program will benefit them and affect their processes.
Conduct in-depth analysis

This analysis identifies the most likely corporate applications and documents for EDI deployment
and sets priorities for conversion to EDI. To this end, factors to be considered include the number
of suppliers, customers, or other trading partners, and the volume and type of transactions to be
exchanged. It includes a description of the present systems in each functional area and an
explanation of how EDI will improve them.
The generation and receipt of each type of business document is based on a system of human and
machine procedures, all of which must be documented and analysed for EDI efficiencies. For best
results, the goal should be to improve the business cycle, rather than simply automate it.
Page 69 of 139
Develop EDI system requirements
The result of the previous analysis step provides an organization with the knowledge to develop a
comprehensive specification for the EDI system. This includes:
1. the volume of expected EDI traffic and the IT infrastructure needed to support it;
2. the capacity of the internal network infrastructure to support EDI data;
3. the network connections needed to manage traffic with trading partners;
4. the programming required to ensure that internal systems comply with the data required by
trading partners and with EDI standards; and
5. the amount of customizing required to integrate the internal and EDI systems.
With this information, EDI system design can begin. A key element of this design is selecting the
communications model that best meets your needs. Although companies may choose to
implement the do-it-yourself approach, most still choose to use the services of an EDI Network
Services provider to connect to all or some of their business partners.
Some considerations for selecting the right EDI Network Services provider for your company
include:
1. Network Reach: How many of your trading partners already use that particular provider?
Does that Provider have a strong presence in your industry? Does that Provider have a global
presence, not only for the exchange of documents, but also for providing local customer
support?
2. Pricing Structure: EDI Network Services Providers offer various pricing structures,
including pay-as-you-go and monthly or annual subscriptions. Most Providers calculate the
charge based on the number of kilo(thousand)- characters (KCs) within a document. Other
factors that impact the price may include the number of trading partners to be implemented,
special requirements such as local language support for international partners, and the length
of the commitment period.
3. Network Viability: Does the Provider’s network have a proven track record and is it likely to
be around for the foreseeable future? Does it provide disaster recovery and the capacity to
handle peak loads without degradation of service?
4. Value-Added Services Offered: This includes services such as automatic rejection of
documents with bad data before they reach your system, the ability for your line-of-business
personnel to independently obtain data and reports on demand, and the ability to view the
status of your business transactions at all stages in the supply chain. Quite often, these value-
added services are a more important factor in your decision than is cost
Acquire the EDI infrastructure

Now that your requirements have been defined, it will be necessary to purchase any hardware or
software needed to support your EDI solution. This often entails the purchase of a dedicated
server, particularly if you will be using the AS2 communications protocol. You will also need to
acquire the communications software and the EDI translation software. The translation software
creates an EDI document from your internal data and also converts incoming EDI documents into
your internal data format.
When selecting an EDI translator, you should be aware that features vary in terms of efficiency in
handling large volumes of documents, reporting capabilities, mapping tools for the correlation of
your in-house data formats to the EDI format, ERP integration features, and others.
Page 70 of 139
You need to select the EDI translator that is right for your business. And most important, you
must have the proper personnel resources to implement and maintain the system. This may
require the hiring of new personnel with expertise in communications and EDI.
Implement the technical solution

After purchasing the necessary hardware and/or software to support your EDI solution, a skilled
EDI programming staff must next convert the requirements into reality. The staff must be fully
knowledgeable of EDI standards, in-house systems, and communications protocols. The basic
tasks that need to be performed include:
1. integrating EDI with your in-house business systems, which means extracting and loading
data;
2. creating the EDI documents by mapping (correlating) the extracted data to the proper
segments and data elements of the EDI transaction set, as well as providing the enveloping and
other necessary data; and
3. installing and configuring the communications software for sending and receiving documents.
Each of these processes can be very complex, particularly when you have many trading partners
each with its own requirements. That’s why a good, technically skilled staff is essential.
Roll out the program to your trading partner community

If you are the initiator of the program with your business partners—for example, you want all your
suppliers to be able to receive your purchase orders via EDI and to return EDI Invoices—you must
have the skilled resources to develop, manage, and maintain an EDI rollout program to your
supplier community.
This includes:
1. surveying your community to understand each supplier’s level of EDI readiness;
2. developing and implementing a community communication plan to convey your program
goals and provide the education needed;
3. offering various EDI options such as web-based forms or Microsoft® Excel®-based forms for
those suppliers that are not ready to integrate EDI with their back-office systems; and
4. supporting each supplier through the start-up process
EDI programs must continually change to meet your evolving business requirements. You may
add EDI document types, add EDI partners, or change communications settings. Be prepared with
the skilled personnel required to handle these changes. You will need to invest in skilled
personnel for the ongoing management of your EDI program in order to:
• Monitor and troubleshoot communications and data issues to ensure documents continue to
flow;
• Respond to inquiries from trading partners 24x7 as issues arise;
• Report on trading partner activity and system usage and
• Make updates to translation maps and/or communications protocols as you or your partners
add new documents, make changes to current documents, or upgrade their communications
processes.
Page 71 of 139
B2B Managed Services Model
The alternative to the do-it-yourself approach is to use the services of a B2B Managed Services
Provider that provides expertise, technical infrastructure, and program and process support on your
behalf. With a B2B Managed Services approach you offload all the day-to-day operations of your
EDI program to a third party who provides all the services needed, including:
• Integration with your in-house systems;
• Connectivity and protocol mediation with all your trading partners (your customers, suppliers,
logistics providers, financial institutions);
• Data translation to and from your document format and the document format of your trading
partners;
• Working with each trading partner to fully integrate their processes with yours, including
setup, testing, communications monitoring, and 24x7 Help Desk support for you and your
trading partners;
• Community rollout and enablement services; and
• Reporting of trading partner activity and system usage.
With B2B Managed Services, you no longer need to manage and/or purchase upgrades to your
B2B hardware and software. In addition, if you already have an in-house EDI program in place,
then moving to a B2B Managed Services approach enables you to redeploy the personnel
currently assigned to the EDI program to support other business needs.
Typically, you pay an up-front implementation fee and then an ongoing monthly fee that is based
upon the volume of your EDI document transactions.
Of course, no two companies’ business needs are identical. A solution that meets the needs of one
company may not work for another. But one of these three general approaches can be tailored
precisely for the challenges that your company must meet in order to adapt, grow, and excel in
today’s ever- evolving business environment. All companies now have the opportunity to trade
electronically with
100 percent of their trading partners. Easy-to-use options are available that eliminate earlier
barriers to full participation by small and medium-size trading partners. These options include
customized web based forms and direct integration with Excel or other accounting software. All
companies, big and small, can now realize the benefits of using EDI as a core technology
component in streamlining their procurement, receiving, invoicing, and payment processes.
Moreover, these internet-based options are available worldwide. Therefore, companies that want
to leverage emerging markets can now utilize EDI to communicate electronically everywhere in
the world, despite the complexities of different time zones, regulations, and languages.
Page 72 of 139
Internet
The Internet is a worldwide, publicly accessible series of interconnected computer networks
that transmit data by packet switching using the standard Internet Protocol (IP). It is a
“network of networks” that consists of millions of smaller domestic, academic, business, and
government networks, which together carry various information and services, such as
electronic mail, online chat, file transfer, and the interlinked web pages and other resources of
the World Wide Web (WWW).
The Internet and the World Wide Web are not synonymous:
 The Internet is a collection of interconnected computer networks, linked by copper wires,
fiber-optic cables, wireless connections, etc.
 In contrast, the Web is a collection of interconnected documents and other resources,
linked by hyperlinks and URLs. The World Wide Web is one of the services accessible
via the Internet, along with various others including e-mail, file sharing, online gaming
etc.
America Online, Safaricom, etc. are examples of Internet service providers. They make it
physically possible for you to send and access data from the Internet. They allow you to send
and receive data to and from their computers or routers which are connected to the Internet.
World Wide Web is an example of an information protocol/service that can be used to

send and receive information over the Internet. It supports:
 Multimedia Information (text, movies, pictures, sound, programs).
 Hypertext Information (information that contains links to other information
resources)
 Graphic User Interface (so users can point and click to request information instead
of typing in text commands).
The server software for the World Wide Web is called an HTTP server (or informally a Web
server). Examples are Apache and IIS. The client software for World Wide Web is called a
Web browser. Examples are: Netscape, Internet Explorer, Safari, Firefox, and
Mozilla. These examples are particular “brands” of software that have a similar function.
Internet Structure
The Internet is an international network of computers connected by wires such as telephone
lines. Businesses, government offices, learning institutions and homes use the Internet to
communicate with one another. You have access to the Internet when you work in one of this
university’s computer labs. You also may have access at home or in your residence hall. If
not, you can obtain access once you have three things.
 First, you need a computer and a modem, a device that allows you to connect your
computer with the Internet. Many new computers have built-in modems.
 Second, you need a browser, a piece of software that allows you to view information on
the Internet. Many new computers also come with a browser, usually Internet Explorer.
You also can download other browsers such as Firefox, Google Chrome, Netscape
Navigator, from the Internet for free.
 Finally, you need to subscribe to an Internet Service Provider, or ISP, such as
Safaricom.
Page 73 of 139
One popular component of the Internet is electronic mail, or e-mail, which people at separate
locations can use to send messages to one another.
In addition to allowing people to send e-mail messages to one another, the Internet also
allows organizations and individuals to post information about themselves so that others can
see it. For example, many companies post pictures and descriptions on World Wide Web
sites. In fact, you can set up your own World Wide Web site by reserving space on a server.
The Internet and its Characteristics

The Internet by the late 1990s has evolved into a complex environment. Originally a military
communications network it is now routinely used for five types of operations:
1. long-distance transactions (e.g. e-commerce, form-filling, remote work, entertainment);
2. interpersonal communication;
3. data storage;
4. research (i.e. data finding);
5. remote data access and downloading.
The Internet is a dynamic and volatile system endowed with a number of traits. These are:
1. Technological neutrality. The Internet joins together computers of various sizes and
architectures. They may run on various operating systems and utilise a great variety of
communication links.
2. Built-in piecemeal change and evolution. The Internet is not a one-off development. It
is an energetic, polycentric, complex, growing, and self-refining system. It is a network
which is geared to expansion and growth. It is a system which scales up extremely well.
3. Robustness and reliability. All basic technical features of the Net such as the TCP/IP
(transfer control protocol/internet protocol), the multiplicity of routes followed by the
packet-switched data, and the robustness of related software are designed to eliminate
errors, to handle unexpected interruptions and interferences, to advise users of
encountered difficulties and to recover gracefully from any disasters and down-times.
4. Low cost. The Internet makes new uses of old technologies (standalone computers,
operating systems, telecommunication networks). Whenever possible, Internet operations
piggyback on already existing solutions. They rely on modularised, configurable, easy-to-
replace, and easy-to-upgrade off-the-shelf software and hardware.
5. Ubiquity. The robustness, modularisation and low cost of the system is coupled with the
growing densities of dedicated computer lines, network backbones, as well as wired and
wireless phone networks. This means that Internet-enabled tools are deployed in ever
growing numbers in an ever widening range of environments.
The Internet Tools and their Characteristics

The evolution of the Internet is punctuated by the introduction and mass acceptance of such
key resources and tools as Unix, Email, Usenet newsgroups, Telnet, Listserv Mailing List
Software, File Transfer Protocol, Internet Relay Chat, Gopher, WWW.
UNIX
Unix was one of the first operating systems which embodied the principle of multitasking
(time-sharing). In most general terms it means that several users could simultaneously
operate within a single environment and that the system as a whole coped well with this
Page 74 of 139
complicated situation. Unix was the first operating system which demonstrated in practical
terms robustness and tolerance for the variety of its users’ simultaneous activities.
Email
Email is the first of the Internet’s tools dedicated to the provision of fast, simple and global
communication between people. This revolutionary client/server software implied for the first
time that individuals (both as persons and roles) could have their unique electronic addresses.
Within this framework messages were now able to chase their individual recipients anywhere
in the world.
The initial format of email communication was that of a one-to-one exchange of electronic
messages. This simple function was subsequently augmented by email’s ability to handle
various attachments, such as documents with complex formatting, numbers and graphic files.
Later, with the use of multi-recipient mailing lists electronic mail could be used for simple
multicasting of messages in the form of one-to-many transmissions.
Usenet Newsgroups
Usenet (Unix Users Network), the wide-area array of sites collating and swapping UUCP-
based messages was pioneered in 1979. Usenet was originally conceived as a surrogate for
the Internet (then called ARPANET). It was to be used by people who did not have ready
access to the TCP/IP protocol and yet wanted to discuss their various Unix tools. It was only
in 1987 that the NNTP (Network News Transfer Protocol) was established in order to enable
Usenet to be carried on the Internet (i.e. TCP/IP) networks (Laursen 1997).
Telnet
The networking tool called Telnet was invented in 1980 (Postel 1980). It allowed people
(with adequate access rights) to login remotely into any networked computer in the world and
to employ the usual gamut of computer commands. Thereby files and directories could be
established, renamed and deleted; electronic mail read and dispatched; Usenet flame wars
indulged in; and statistical packages run against numeric data - all at a distance. Moreover,
results of all these and other operations could be remotely directed to a printer or via FTP to
another networked computer. In short, Telnet gave us the ability to engage in long distance
man-machine transactions, that is, ability to do the work as telecommuters.
File Transfer Protocol

The FTP client/server technology was first introduced in 1985 (Barnes 1997). Its usefulness
to Internet culture is three-fold. Firstly, the FTP was a first widely-accepted tool for
systematic permanent storage and world-wide transmission of substantial electronic
information (e.g. programs, text files, image files).
Secondly, FTP archives promoted the use of anonymous login (i.e. limited public access)
techniques as a way of coping with the mounting general requests for access to the archived
information. That novel technique placed electronic visitors in a strictly circumscribed work
environment. There they could browse through data subdirectories, copy relevant files, as
well as deposit (within the context of a dedicated area) new digital material. However, the
FTP software would not let them wander across other parts of the host, nor did the visitors
have the right to change any component part of the accessed electronic archive.
Thirdly, the rapid proliferation in the number of public access FTP archives all over the world
necessitated techniques for keeping an authoritative, up-to-date catalogue of their contents.
This was accomplished through the Archie database (Deutsch et al. 1995) and its many
Page 75 of 139
mirrors. Archie used an automated process which periodically scanned the entire contents of
all known “anonymous FTP” sites and report findings back to its central database.
This approach, albeit encumbered by the need to give explicit instructions as to which of the
FTP systems need to be monitored, nevertheless integrated a motley collection of online
resources into a single, cohesive, distributed information system.
Web based Client/Server
Gopher
Gopher client/server software was used for the first time in 1991 (La Tour; Liu, C. et al.
1994). It was a ground-breaking development on two accounts.
 Firstly, it acted as a predictable, unified environment for handling an array of other
electronic tools, such as Telnet, FTP and WAIS.
 Secondly, Gopher acted as electronic glue which seamlessly linked together archipelagos
of information tracked by and referenced by other gopher systems. In short, Gopher was
the first ever tool capable of the creation and mapping of a rich, large-scale, and infinitely
extendable information space.
World Wide Web Server

The first prototype of the WWW server was built in 1991 (Cailliau 1995, Berners-Lee;
Berners-Lee 1998). The WWW server is an invention which has redefined the way the
Internet is visualized by its users.
 Firstly, the WWW server introduced to the Internet the powerful point-and-click
hypertext capabilities. The hypertext notions of a home page and links spanning the entire
body of data was first successfully employed on a small, standalone scale in 1986 in the
Macintosh software called Hypercard (Goodman 1987). The WWW however, was the
first hypertext technology applied to distributed online information. The hypertext
principle as employed by the WWW server meant that any part of any text (and
subsequently, image) document could act as a portal leading directly to any other
nominated segment of any other document anywhere in the world.
 Secondly, the WWW server introduced an explicit address for subsets of information.
Common and simple addressing methodology (Universal Resource Locater [URL]
scheme) enabled users to uniquely identify AND access any piece of networked
information anywhere in the document, or anywhere on one’s computer, or - with the
same ease - anywhere in the world.
 Thirdly, the WWW provided a common, simple, effective and extendable language for
document Markup. The HTML language could be used in three different yet
complementary ways: (a) as a tool for establishing the logical structure of a document; (b)
as a tool for shaping the size, appearance and layout of lines of text on the page; (c) as a
tool for building the internal (i.e. within the same document) and external (to a different
document residing on the same or totally different server) hypertext connections.
The interlocking features of the hypertext, URLs and the Mark-up language, have laid
foundations for today’s global, blindingly fast and infinitely complex cyberspace. Moreover,
the World Wide Web, like gopher before it, was also a powerful electronic glue which
smoothly integrated not only most of the existing Internet tools (Email, Usenet, Telnet,
Listservs FTP, IRC, and Gopher (but, surprisingly, not WAIS), but also the whole body of
online information which could accessed by all those tools. However, the revolutionary
strengths of the Web have not been immediately obvious to the most of the Internet
Page 76 of 139
community, who initially regarded the WWW as a mere (and possibly clumsy) variant of the
then popular Gopher technology. This situation has changed only with the introduction of
PC-based Web browsers with user-friendly, graphics-interfaces.
World Wide Web Browsers

The principle of a client/server division of labour was put to work yet again in the form of a
series of WWW browsers such as Mosaic (built in 1993).
These are:
a. an ability to handle multi-format, or multimedia (numbers, text, images, animations,
video, sound) data within the framework of a single online document;
b. the ability to configure and modify the appearance of received information in a manner
which best suits the preferences of the reader;
c. the ability to use the browser as a WYSIWYG (“what you see is what you get”) tool for
crafting and proofreading of the locally created HTML pages on a user’s PC;
d. ability to acquire, save and display the full HTML source code for any and all of the
published web documents.
Elements of Internet Architecture

 Protocol Layering
 Networks
 Routers
 Addressing Architecture
Protocol Layering
To communicate using the Internet system, a host must implement the layered set of
protocols comprising the Internet protocol suite. A host typically must implement at least one
protocol from each layer.
The protocol layers used in the Internet architecture are as follows:
Application Layer
The Application Layer is the top layer of the Internet protocol suite. The Internet suite does
not further subdivide the Application Layer, although some application layer protocols do
contain some internal sub-layering. The application layer of the Internet suite essentially
combines the functions of the top two layers - Presentation and Application – of the OSI
Reference Model. The Application Layer in the Internet protocol suite also includes some of
the function relegated to the Session Layer in the OSI Reference Model.
We distinguish two categories of application layer protocols: user protocols that provide
service directly to users, and support protocols that provide common system functions. The
most common
Internet user protocols are:

 Telnet (remote login)
 FTP (file transfer)
 SMTP (electronic mail delivery)
Page 77 of 139
There are a number of other standardized user protocols and many private user protocols.
Support protocols, used for host name mapping, booting, and management include SNMP,
BOOTP, TFTP, the Domain Name System (DNS) protocol, and a variety of routing
protocols.
Transport Layer
The Transport Layer provides end-to-end communication services. This layer is roughly
equivalent to the Transport Layer in the OSI Reference Model, except that it also
incorporates some of OSI’s Session Layer establishment and destruction functions.
There are two primary Transport Layer protocols at present:

 Transmission Control Protocol (TCP)
 User Datagram Protocol (UDP)
TCP is a reliable connection-oriented transport service that provides end-to-end reliability,

resequencing, and flow control. UDP is a connectionless (datagram) transport service. Other
transport protocols have been developed by the research community, and the set of official
Internet transport protocols may be expanded in the future.
Internet Layer
All Internet transport protocols use the Internet Protocol (IP) to carry data from source host to
destination host. IP is a connectionless or datagram internetwork service, providing no end-
to-end delivery guarantees. IP datagrams may arrive at the destination host damaged,
duplicated, out of order, or not at all. The layers above IP are responsible for reliable delivery
service when it is required. The IP protocol includes provision for addressing, type-of-service
specification, fragmentation and reassembly, and security.
The datagram or connectionless nature of IP is a fundamental and characteristic feature of the

Internet architecture. The Internet Control Message Protocol (ICMP) is a control protocol that
is considered to be an integral part of IP, although it is architecturally layered upon IP - it
uses IP to carry its data end-to-end. ICMP provides error reporting, congestion reporting, and
first-hop router redirection.
The Internet Group Management Protocol (IGMP) is an Internet layer protocol used for
establishing dynamic host groups for IP multicasting.
Link Layer
To communicate on a directly connected network, a host must implement the communication
protocol used to interface to that network. We call this a Link Layer protocol. Some older
Internet documents refer to this layer as the Network Layer, but it is not the same as the
Network Layer in the OSI Reference Model.
This layer contains everything below the Internet Layer and above the Physical Layer (which
is the media connectivity, normally electrical or optical, which encodes and transports
messages). Its responsibility is the correct delivery of messages; among which it does not
differentiate.
Protocols in this Layer are generally outside the scope of Internet standardization; the Internet
(intentionally) uses existing standards whenever possible. Thus, Internet Link Layer
Page 78 of 139
standards usually address only address resolution and rules for transmitting IP packets over
specific Link Layer protocols.
Networks
The constituent networks of the Internet system are required to provide only packet
(connectionless) transport. According to the IP service specification, datagrams can be
delivered out of order, be lost or duplicated, and/or contain errors.
For reasonable performance of the protocols that use IP (e.g., TCP), the loss rate of the
network should be very low. In networks providing connection-oriented service, the extra
reliability provided by virtual circuits enhances the end-end robustness of the system, but is
not necessary for Internet operation.
Constituent networks may generally be divided into two classes:

 Local-Area Networks (LANs) LANs may have a variety of designs. LANs normally
cover a small geographical area (e.g., a single building or plant site) and provide high
bandwidth with low delays. LANs may be passive (similar to Ethernet) or they may be
active (such as ATM).
 Wide-Area Networks (WANs) Geographically dispersed hosts and LANs are
interconnected by wide-area networks, also called long-haul networks.
 These networks may have a complex internal structure of lines and packet switches, or
they may be as simple as point-to-point lines.
Routers
In the Internet model, constituent networks are connected together by IP datagram forwarders
which are called routers or IP routers. In this document, every use of the term router is
equivalent to IP router. Many older Internet documents refer to routers as gateways.
Historically, routers have been realized with packet-switching software executing on a
general-purpose CPU. However, as custom hardware development becomes cheaper and as
higher throughput is required, special purpose hardware is becoming increasingly common.
This specification applies to routers regardless of how they are implemented.
A router connects to two or more logical interfaces, represented by IP subnets or unnumbered

point to point lines. Thus, it has at least one physical interface. Forwarding an IP datagram
generally requires the router to choose the address and relevant interface of the next-hop
router or (for the final hop) the destination host. This choice, called relaying or forwarding
depends upon a route database within the router. The route database is also called a routing
table or forwarding table.
The term “router” derives from the process of building this route database; routing protocols
and configuration interact in a process called routing. The routing database should be
maintained dynamically to reflect the current topology of the Internet system. A router
normally accomplishes this by participating in distributed routing and reachability algorithms
with other routers.
Routers provide datagram transport only, and they seek to minimize the state information
necessary to sustain this service in the interest of routing flexibility and robustness.
Page 79 of 139
Packet switching devices may also operate at the Link Layer; such devices are usually called
bridges. Network segments that are connected by bridges share the same IP network prefix
forming a single IP subnet. These other devices are outside the scope of this document.
Common uses of the Internet

E-mail
The concept of sending electronic text messages between parties in a way analogous to
mailing letters or memos predates the creation of the Internet. Even today it can be important
to distinguish between Internet and internal e-mail systems. Internet e-mail may travel and be
stored unencrypted on many other networks and machines out of both the sender’s and the
recipient’s control.
The World Wide Web

Many people use the terms Internet and World Wide Web (or just the Web) interchangeably,
but, as discussed above, the two terms are not synonymous.
The World Wide Web is a huge set of interlinked documents, images and other resources,
linked by hyperlinks and URLs. These hyperlinks and URLs allow the web servers and other
machines that store originals, and cached copies, of these resources to deliver them as
required using HTTP (Hypertext Transfer Protocol). HTTP is only one of the communication
protocols used on the Internet. Web services also use HTTP to allow software systems to
communicate in order to share and exchange business logic and data.
Software products that can access the resources of the Web are termed user agents. In normal
use, web browsers, such as Internet Explorer and Firefox, access web pages and allow users
to navigate from one to another via hyperlinks. Web documents may contain almost any
combination of computer data including photographs, graphics, sounds, text, video,
multimedia and interactive content including games, office applications and scientific
demonstrations.
Through keyword-driven Internet research using search engines like Yahoo! and Google,
millions of people worldwide have easy, instant access to a vast and diverse amount of online
information. Compared to encyclopaedias and traditional libraries, the World Wide Web has
enabled a sudden and extreme decentralization of information and data.
It is also easier, using the Web, than ever before for individuals and organizations to publish
ideas and information to an extremely large audience. Anyone can find ways to publish a web
page or build a website for very little initial cost. Publishing and maintaining large,
professional websites full of attractive, diverse and up-to-date information is still a difficult
and expensive proposition, however.
Many individuals and some companies and groups use “web logs” or blogs, which are largely
used as easily updatable online diaries. Some commercial organizations encourage staff to fill
them with advice on their areas of specialization in the hope that visitors will be impressed by
the expert knowledge and free information, and be attracted to the corporation as a result.
One example of this practice is Microsoft, whose product developers publish their personal
blogs in order to pique the public’s interest in their work.
Page 80 of 139
Collections of personal web pages published by large service providers remain popular, and
have become increasingly sophisticated. Advertising on popular web pages can be lucrative,
and e-commerce or the sale of products and services directly via the Web continues to grow.
Remote access
The Internet allows computer users to connect to other computers and information stores
easily, wherever they may be across the world. They may do this with or without the use of
security, authentication and encryption technologies, depending on the requirements. This is
encouraging new ways of working from home, collaboration and information sharing in
many industries. An accountant sitting at home can audit the books of a company based in
another country, on a server situated in a third country that is remotely maintained by IT
specialists in a fourth. These accounts could have been created by home-working
bookkeepers, in other remote locations, based on information e-mailed to them from offices
all over the world. Some of these things were possible before the widespread use of the
Internet, but the cost of private leased lines would have made many of them infeasible in
practice. An office worker away from his desk, perhaps on the other side of the world on a
business trip or a holiday, can open a remote desktop session into his normal office PC using
a secure Virtual Private Network (VPN) connection via the Internet. This gives the worker
complete access to all of his or her normal files and data, including e-mail and other
applications, while away from the office.
Collaboration
The low cost and nearly instantaneous sharing of ideas, knowledge, and skills has made
collaborative work dramatically easier. Not only can a group cheaply communicate and test,
but the wide reach of the Internet allows such groups to easily form in the first place, even
among niche interests.
Version control systems allow collaborating teams to work on shared sets of documents
without either accidentally overwriting each other’s work or having members wait until they
get “sent” documents to be able to add their thoughts and changes.
File sharing
A computer file can be e-mailed to customers, colleagues and friends as an attachment. It can
be uploaded to a website or FTP server for easy download by others. It can be put into a
“shared location” or onto a file server for instant use by colleagues. The load of bulk
downloads to many users can be eased by the use of “mirror” servers or peer-to-peer
networks.
In any of these cases, access to the file may be controlled by user authentication; the transit of
the file over the Internet may be obscured by encryption, and money may change hands
before or after access to the file is given.
Internet collaboration technology enables business and project teams to share documents,
calendars and other information. Such collaboration occurs in a wide variety of areas
including scientific research, software development, conference planning, political activism
and creative writing.
Page 81 of 139
Streaming media
Many existing radio and television broadcasters provide Internet “feeds” of their live audio
and video streams (for example, the BBC). They may also allow time-shift viewing or
listening such as Preview, Classic Clips and Listen Again features. These providers have
been joined by a range of pure Internet “broadcasters” who never had on-air licenses.
Voice telephony (VoIP)

VoIP stands for Voice over IP, where IP refers to the Internet Protocol that underlies all
Internet communication. This phenomenon began as an optional two-way voice extension to
some of the instant messaging systems that took off around the year 2000. In recent years
many VoIP systems have become as easy to use and as convenient as a normal telephone.
The benefit is that, as the Internet carries the actual voice traffic, VoIP can be free or cost
much less than a normal telephone call, especially over long distances and especially for
those with always-on Internet connections such as cable or ADSL.
Thus, VoIP is maturing into a viable alternative to traditional telephones. Interoperability

between different providers has improved and the ability to call or receive a call from a
traditional telephone is available. Simple, inexpensive VoIP modems are now available that
eliminate the need for a PC.
Voice quality can still vary from call to call but is often equal to and can even exceed that of
traditional calls.
Internet access
Common methods of home access include dial-up, landline broadband (over coaxial cable,
fibre optic or copper wires), Wi-Fi, satellite and 3G technology cell phones. Public places to
use the Internet include libraries and Internet cafes, where computers with Internet
connections are available. There are also Internet access points in many public places such as
airport halls and coffee shops, in some cases just for brief use while standing. Many hotels
now also have public terminals, though these are usually fee-based. These terminals are
widely accessed for various usage like ticket booking, bank deposit, online payment etc. Wi-
Fi provides wireless access to computer networks, and therefore can do so to the Internet
itself.
Hotspots providing such access include Wi- Fi cafes, where would-be users need to bring
their own wireless-enabled devices such as a laptop or PDA. These services may be free to
all, free to customers only, or fee-based. A hotspot need not be limited to a confined location.
A whole campus or park, or even an entire city can be enabled. Grassroots efforts have led to
wireless community networks.
Marketing
The Internet has also become a large market for companies; some of the biggest companies
today have grown by taking advantage of the efficient nature of low-cost advertising and
commerce through the Internet, also known as e-commerce. It is the fastest way to spread
information to a vast number of people simultaneously. The Internet has also subsequently
revolutionized shopping, for example; a person can order a CD online and receive it in the
mail within a couple of days, or download it directly in some cases. The Internet has also
greatly facilitated personalized marketing which allows a company to market a product to a
specific person or a specific group of people more so than any other advertising medium.
Page 82 of 139
Intranet Commerce
The Internet has captured world attention in recent years. In reality, growth of internal
networks based on Internet technologies known as the Intranet is outpacing the growth of the
global Internet itself.
An Intranet is a company-specific network that uses software programs based on the Internet
TCP/IP protocol and common Internet user interfaces such as the web browser.
An Intranet is the application of Internet technologies within an organization private LAN or

WAN network. The Intranet environment is completely owned by the enterprise and is
generally not accessible from the Internet at large. Today, many Intranets are built around
Web servers delivering HTML pages.
An Intranet is a company-wide network that is based on Internet technologies.
TCP/IP protocol suite

The TCP/IP protocol suite includes the Transport Control Protocol, the Internet Protocol and
other protocols. The protocol suite manages all the information that moves across the Intranet
and Internet and each protocol transferring data across the network uses a different format.
These protocols work together to transfer information across the network.
Common used TCP/IP protocol
Page 83 of 139
TCP/IP exists as an open standard, anyone can use and develop new applications on top of
TCP/IP. It can manage almost all the network tasks on the Intranet and Internet. It is also the
only protocol required to ensure that the computer systems and communications and
networking software are interoperable.
The benefits of Intranets
Cross-platform
Many corporate computing environments use different computing platforms. The capability
to exchange information across platforms is crucial. The Intranet enables companies to unify
communication within a multi-platform environment. Hence, companies can mix and match
platforms as needed with no adverse effect on the overall environment. Within an Intranet,
universal browsers such as Google and Microsoft Internet Explorer enable the users to
perform the following tasks independent of the platforms used:
1. Create, view and revise documents
2. Participate in discussions and news groups
3. Interact with multimedia presentation
4. Gain access to the internet
Breaking down the barriers

Intranets dissolve the barriers of communication that are created by department walls,
geographical location and decentralized resources. Intranets create global accessibility by
bringing together individuals and resources from a distributed environment. Employees,
customers and vendors are able to access information stored in multiple locations
simultaneously.
Reducing distribution cost

By combining computing and communication in the same system, Intranets reduce
distribution costs by eliminating the traditional paper-based internal corporate
communication media, such as printed pages, pamphlets, booklets and flyers. Instead, they
are published electronically on the company’s Intranet, saving the resources needed to print,
distribute and update them.
Page 84 of 139
Putting manuals on-line is an example of how a company can reduce paper consumption and
hence costs. Most companies have found that hundreds of paper-based applications can be
eliminated using Intranets.
Immediate delivery
Information delivered using an Intranet becomes available almost instantaneously throughout
the entire organization. With HTML form-support, users may even fill out forms, post sign-
up sheets and schedules on the Intranet. Information can move much more quickly and
effectively by removing the need for human intervention. For example, an employee can
make a request for taking leave on an Intranet. The request form can be filled out and
submitted electronically and can reach the concerned parties in seconds.
Increase internal communication

Intranets greatly facilitate communication among employees, especially when they are
located in different buildings, cities or countries. Individuals and groups can distribute their
ideas to those who need it without having to go through the department traditionally
responsible for the distribution of information.
Minimal learning curve

With the increase in popularity of the Internet and the World Wide Web, training users to use
the Intranet is easy as many people are already familiar with the Web interface and can
translate that experience to Intranet use quickly. Many companies have designed their
Intranet pages to look as similar to the Web pages as possible.
Getting the customers involved

Involving the customers with a company’s Intranet will help that company’s focus move
from being product driven to being more customer driven. Customers are no longer required
to go through various layers of organizational hierarchies to reach those who build the
products or provide the service. Companies are able to build a long-lasting relationship with
their customers. Employees can learn first-hand on how customers feel about the company’s
products and services. At Sun Microsystems, for example, different departments are setting
up their own servers to serve their customers directly.
Open standards
Internet technologies follow a set of open standards, which facilitate software developers to
develop cost effective and easy-to-implement Intranet solutions. Users can choose from a
number of vendors for software products. The growth of Internet technologies provides
companies with a greater pool of resources to develop their own Intranets. Conversely,
traditional GroupWare products have a more limited range of compatible products and fewer
specially trained consultants to install and administer them.
Scalability
Since Intranets are based on Internet technologies, size is not a limitation with Intranets.
Unlike traditional GroupWare products, which often charge on a per-client basis, Intranets
use open systems to distribute information. The only per-client cost associated with Intranets
is the cost of the browsers.
Basic intranet structure

 Internet technologies used behind the corporate firewall or in private environment
Page 85 of 139
 Internet standard mail, web servers, providing access to information, databases,
scheduling, etc.
 threaded discussion groups
 Multimedia using mime type
 Virtual private network over public Internet
 Internet Firewall Intranet
Internet/Intranet Applications
From blue-chip companies to one-person start-ups, the Internet and its related technologies
have provided new opportunities and new ways of doing business. Web based systems have
enabled organizations to provide maintainable, secure global access to their data and
applications. The ease of deployment over the web has made such applications very attractive
for enterprise systems.
Any device which has a web browser can potentially utilize an internet/intranet application.
These applications are no longer restricted to the traditional PC user running Windows, but
are also available for PDAs and mobile phones. The introduction of Web Services has
widened the scope of web-based applications by allowing other systems to interact with them.
Extranet
An extranet is a private network that uses Internet protocols, network connectivity, and
possibly the public telecommunication system to securely share part of an organization’s
information or operations with suppliers, vendors, partners, customers or other businesses.
An extranet can be viewed as part of a company’s Intranet that is extended to users outside
the company (e.g.: normally over the Internet). It has also been described as a “state of mind”
in which the Internet is perceived as a way to do business with a pre-approved set of other
company’s business-to-business (B2B), in isolation from all other Internet users. In contrast,
business-to-consumer (B2C) involves known server(s) of one or more companies,
communicating with previously unknown consumer users.
An extranet can be understood as a private intranet mapped onto the Internet or some
other transmission system not accessible to the general public, but is managed by more than
one company’s administrator(s). For example, military networks of different security levels
may map onto a common military radio transmission system that never connects to the
Internet. Any private network mapped onto a public one is a virtual private network (VPN).
In contrast, an intranet is a VPN under the control of a single company’s administrator(s).
An argument has been made that “extranet” is just a buzzword for describing what
institutions have been doing for decades, that is, interconnecting to each other to create
private networks for sharing information. One of the differences that characterized an
extranet, however, is that its interconnections are over a shared network rather than through
dedicated physical lines. With respect to Internet Protocol networks, RFC 4364 states “If all
the sites in a VPN are owned by the same enterprise, the VPN is a corporate intranet.
If the various sites in a VPN are owned by different enterprises, the VPN is an extranet. A
site can be in more than one VPN; e.g., in an intranet and several extranets. We regard both
intranets and extranets as VPNs. In general, when we use the term VPN we will not be
distinguishing between intranets and extranets. Even if this argument is valid, the term
“extranet” is still applied and can be used to eliminate the use of the above description.”
Page 86 of 139
Features of Extranet
Extranets generally have the following features:

 The use of Internet technologies and standards. These include the standardized
techniques for transmitting and sharing information and the methods for encrypting and
storing information, otherwise known as the Internet Protocol, or IP.
 The use of Web browsers. Users access Extranet information using a web browser like
Microsoft Internet Explorer, Netscape Navigator or, more recently, Mozilla’s Firefox.
Browser software uses relatively small amounts of memory and resources on a computer.
The great thing about browsers is that an application written for a browser can be read on
almost any computer without regard to operating system or manufacturer. That makes an
application developed for a browser a snap to deploy. A browser on a user’s machine is
all the software he or she needs to take full advantage of the Extranet application. No
messy and confounding installation disks; fewer clogged hard drives.
 Security. By their very nature, Extranets are embroiled in concerns about security. To
protect the privacy of the information that is being transmitted, most Extranets use either
secure communication lines or proven security and encryption technologies that have
been developed for the Internet.
 Central Server/Repository. Extranets usually have a central server where documents or
data reside. Members can access this information from any computer that has Internet
access.
These are the broad attributes shared by most Extranets, Extranets vary dramatically in their
design and implementation. They can be employed in a wide variety of environments and for
very different purposes, like:
 Sharing case information
 Sharing of case-related documents—many Extranets contain document
 repositories that can be searched and viewed by both lawyer and client online
 Calendaring—key dates and scheduling of hearings and trials can be shared on-line
 Providing firm contact information
 Acting as a “work flow engine” for various suppliers
 Providing access to firm resources remotely
 Sharing time and expense information
Industry use
Companies can use an extranet to:
 Exchange large volumes of data using Electronic Data Interchange (EDI)
 Share product catalogs exclusively with wholesalers or those “in the trade”
 Collaborate with other companies on joint development efforts
 Jointly develop and use training programs with other companies
 Provide or access services provided by one company to a group of other companies, such
as an online banking application managed by one company on behalf of affiliated banks
Share news of common interest exclusively with partner companies
Extranet applications
An extranet application is a software data application that provides limited access to your
company’s internal data by outside users such as customers and suppliers. The limited access
typically includes the ability to order products and services, check order status, request
customer service and much more.
Page 87 of 139
A properly developed extranet application provides the supply chain connection needed with
customers and suppliers to dramatically lessen routine and time consuming communications.
Doing so frees up resources to concentrate on customer service and expansion as opposed to
administrative office tasks such as data entry.
Just as intranets provide increased internal collaboration, extranets provide increased

efficiencies between your company and its customers and/or suppliers. Developing and
implementing an extranet application can provide you the competitive edge to stay ahead of
the competition in the eyes of your customers and a better ability to negotiate prices with
your suppliers.
Disadvantages
1. Extranets can be expensive to implement and maintain within an organization (e.g.:
hardware, software, employee training costs) — if hosted internally instead of via an
ASP.
2. Security of extranets can be a big concern when dealing with valuable information.
System access needs to be carefully controlled to avoid sensitive information falling into
the wrong hands.
3. Extranets can reduce personal contact (face-to-face meetings) with customers and
business partners. This could cause a lack of connections made between people and a
company, which hurts the business when it comes to loyalty of its business partners and
customers
Page 88 of 139
Security Threats to E-Commerce
In person-to-person transactions, security is based on physical cues. Consumers accept the
risks of using credit cards in places such as department stores because they can see and touch
the merchandise and make judgments about the store. On the Internet, without those physical
cues, it is much more difficult for customers to assess the safety of a business. Security is
crucial for running an online business.
Cybersecurity is one of the most important ecommerce features. Without the proper
protocols, online store owners put themselves and their customers at risk for payment fraud.
Not only is hacking a huge risk for online retailers, but accepting a fraudulent payment is
dangerous as well because owners will have to refund the charges.
Outside of financial consequences, data breaches harm an online store's reputation. Loyal
customers are reluctant to continue shopping at an online store that put their information at
risk in the past.
Types of Online Store Fraud

According to the Association of Certified Fraud Examiners, many businesses fall victim to
fraud at some point in their business lifecycle.
There are many types of online fraud, but they can be broadly categorized into two
categories:
 Account takeover: Most ecommerce stores provide customers with accounts that store
personal information, financial data and purchase history. Perpetrators often hack into
these accounts through phishing schemes. In one of the most common tactics, fraudsters
send emails to trick customers into revealing usernames and passwords. They then log
into your customers’ accounts, change the passwords and make unauthorized purchases.
 Identity theft: Although most businesses take many precautions to secure customer data,
fraudsters still manage to hack into databases and steal usernames, passwords, credit card
numbers and other personal information. Hackers often sell credit card numbers to other
scammers, who then open accounts with online retailers.
Security Threats
1. Spoofing: The low cost of Web site creation and the ease of copying existing ones makes
it all too easy to create illegitimate sites that appear to be operated by established
organizations. Con artists have illegally obtained credit card numbers by setting up-
professiona1-Iooking Web sites that mimic legitimate businesses.
2. Phishing: Phishing is an attempt by a third party to solicit confidential information from
an individual, group, or organization by mimicking, or spoofing, a specific, usually well-
known brand, usually for financial gain. Phishers attempt to trick users into disclosing
personal data, such as credit card numbers, online banking credentials, and other sensitive
information, which they may then use to commit fraudulent acts.
3. Unauthorized disclosure: When purchasing information is transmitted “in the clear,”
without proper security and encryption, hackers can intercept the transmissions to obtain
customers’ sensitive information such ‘as credit card numbers.
4. Unauthorized action: A competitor or disgruntled customer can alter a Web site so that
it malfunctions or refuses service to potential clients.
Page 89 of 139
5. Eavesdropping: The private content of a transaction, if unprotected, can be intercepted
en route over the Internet.
6. Data alteration: The content of a transaction can be not only intercepted, but also altered
en-route, either maliciously or accidentally. User names, credit card numbers, and dollar
amounts sent without proper security and encryption are all vulnerable to such alteration.
The process of addressing the general security issues narrows down to the following goals:
1. Authentication: Customers must be able to assure themselves that they are in fact doing
business with you and not a “spoof’ site masquerading as a genuine site.
2. Confidentiality: Sensitive information and transactions on a Web site, such as the
transmission of credit card information, must be kept private and secure.
3. Data integrity: Communication between merchants and customers must be protected
from alteration by third parties on transmission on the Internet.
4. Proof of communication: A person must not be able to deny that he/she sent a secured
communication or made an online purchase.
Solutions to Online Security Threats

1. The Trust Solution: Use of digital certificates for authentication and encryption. Digital
certificates for a Web site are the answer for the preceding security questions. Installed on
a Web server, a certificate is a digital credential that enables customers to verify a site’s
authenticity and to securely communicate with it. Digital certificates allow e-business to
provide customers with the world’s highest level of trust. A certificate assures them that a
Web site is legitimate, that they are really doing business with a genuine vendor, and that
confidential information (such as credit card numbers) transmitted online is protected.
2. Set limits: Depending on your individual business and target customers, setting a
payment limit from one account is useful. This prevents merchants from processing
potentially fraudulent transactions.
3. Monitor all transactions: Owners have a strong knowledge of their stores. Billing and
shipping addresses that don't match is often a warning sign of fraudulent activity.
Physical location of customers provides an indication of whether the transaction is
legitimate. Ecommerce software offers IP address tracking so merchants are able to block
transactions from risky countries. There is a higher incidence of fraud from consumers
with emails issued by free service providers as well.
4. Update ecommerce software regularly: Software providers issue frequent updates that
fix any holes in their platforms. Store owners need to install these to close vulnerabilities
from new viruses and malware. Ecommerce stores should utilize business-grade anti-
malware software to protect themselves. Hosted platforms often issue automatic updates
to prevent new vulnerabilities.
5. Utilize the Address Verification System (AVS): AVS compares the billing address the
customer entered with the one the credit card issuer has on file. Most payment processors
offer this feature. It separates legitimate transactions from fraudulent ones.
6. Require Card Verification Value (CVV): Card Verification Value is the three- or four-
digit code on the back of a credit card. Retailers are not allowed to store this number,
even if they record customers' names, addresses and credit card numbers for future
transactions. Additionally, many cybercriminals have a credit card number, but not the
physical card. A CVV requirement makes it much more difficult for a fraudulent
transaction to go through.
7. Require stronger passwords: Hackers use algorithms that generate customers'
passwords. These programs run through all the possible combinations for a four-digit
password, so it would not take long to find the right alpha-numeric password. Longer
Page 90 of 139
passwords with at least one special character and a capitalization are more secure. If
implementing stricter password standards, let customers know it's for their protection.
8. Conduct a risk assessment: There are security areas online store owners don't think
about every day. Store owners need to understand which types of data are at the most risk
and the kinds of systems they can implement to prevent online fraud.
9. Choose a secure ecommerce platform. Put your ecommerce site on a platform that uses
sophisticated tools.
10. Don't store sensitive data: There is no reason to store thousands of records on your
customers, especially credit card numbers, expiration dates and CVV (card verification
value) codes
11. Set up system alerts for suspicious activity: Set an alert notice for multiple and
suspicious transactions coming through from the same IP address
Page 91 of 139
Secure Payment Protocols
Secure Sockets Layer (SSL) Protocol

Electronic commerce is going to have an enormous impact on the financial services industry.
No financial institution will be left unaffected by the explosion of electronic commerce.
SSL is a protocol (piece of network software) that allows secure connections to be made
between computers across a network such as the Internet. SSL is a global standard security
technology developed by Netscape in 1994. It creates an encrypted link between a web server
and a web browser. The link ensures that all data passed between the web server and browser
remains private and secure and is recognised by millions of consumers through a secure
padlock icon which appears in their browser.
The SSL protocol is used by millions of e-business providers to protect their customers
ensuring their online transactions remain confidential. In order to be able to use the SSL
protocol, a web server requires the use of an SSL certificate. Certificates are provided
by Certification Authorities (CA) who in most cases also offers additional products and
services to aid e-businesses to demonstrate that they are trustworthy.
Consumers have come to associate the 'golden padlock' that appears within their browser
display, with trust in a website. This simple fact gives e-business providers an opportunity to
influence that increased trust level to turn visitors into paying customers.
SSL provides a secure channel to between the consumer and the merchant for exchanging
payment information. This means any data sent through this channel is encrypted, so that no
one other than these two parties will be able to read it.
When your web browser switches to a secure connection the 'HTTP' in the address bar will
change to 'HTTPS'.
In addition to encryption, SSL connections can use digital certificates to authenticate both
computers to eliminate 'spoofing' (an unauthorised server pretending to impersonate a secure
server). SSL Certificates are issued to either companies or legally accountable individuals.
Typically a SSL Certificate will contain your domain name, your company name, your
address, your city, your state and your country. It will also contain the expiry date of the
Certificate and details of the Certification Authority responsible for the issuance of the
Certificate.
Only certificates issued by High Assurance certification authorities will actually display those
company details that your customers will reply upon when making a purchase
The SSL protocol, widely deployed today on the Internet, has helped create a basic level of
security sufficient for many people to begin conducting business over the Web.
SSL is implemented in most major Web browsers used by consumers, as well as in merchant
server software, which supports the seller's virtual storefront in cyberspace. Hundreds of
millions of dollars are already changing hands when cybershoppers enter their credit card
numbers on Web pages secured with SSL technology.
Page 92 of 139
Expiry Date
When a browser connects to a secure site it will retrieve the site's SSL Certificate and check
that it has not expired, has been issued by a Certification Authority the browser trusts, and is
being used by the website for which it has been issued.
Vendors should purchase a multi-year certificate to minimise set-up costs and demonstrate to
their customers that the business will be around in the years to come.
Problems with SSL

Even though SSL is extremely effective and widely accepted as the online payment standard,
it requires the customer and merchant to trust each other: an undesirable requirement even in
face-to-face transactions, and across the Internet it admits unacceptable risks.
As much as SSL can give us confidential communications, it also introduces huge risks:
 The cardholder is protected from eavesdroppers but not from the merchant. Some
merchants are dishonest: pornographers have charged more than advertised price,
expecting their customers to be too embarrassed to complain. Some others are just
hackers who put up a flashy illegal Web site and profess to be the XYZ Corp., or
impersonate the XYZ Corp. and collecting credit card numbers for personal use.
 The merchant is not protected from dishonest customers who supply an invalid credit card
number or who claim a refund from their bank without cause. Contrary to popular belief,
it is not the cardholder but the merchant who has the most to lose from fraud. Legislation
in most countries protects the consumer.
Secure Electronic Transaction (SET) Protocol

Visa, MasterCard and a consortium of 11 technology companies made a promise to banks,
merchants, and consumers that they would make the Internet safe for credit card transactions
and send electronic commerce revenues skyward. They introduced the Secure Electronic
Transaction protocol for processing online credit card purchases.
The purpose of the SET protocol is to establish payment transactions that

 provide confidentiality of information;
 ensure the integrity of payment instructions for goods and services order data;
 authenticate both the cardholder and the merchant
There are four main entities in SET:

 Cardholder (customer)
 Merchant (web server)
 Merchant’s Bank (payment gateway, acquirer): payment gateway is a device operated by
an acquirer.
 Issuer (cardholder’s bank). Both cardholders and merchants must register with CA
(certificate authority) before they can buy or sell on the Internet. Once registration is
done, cardholder and merchant can do transactions, which involve steps.
SET is a very comprehensive security protocol, which utilizes cryptography to provide

confidentiality of information, ensure payment integrity, and enable identity authentication. It
is a system for ensuring the security of financial transactions on the Internet.
Page 93 of 139
With SET, a user is given an 'electronic wallet' (digital certificate) and a transaction is
conducted and verified using a combination of digital certificates and digital signatures
among the purchaser, the vendor, and the purchaser's bank in a way that ensures privacy and
confidentiality. SET uses SSL.
The following steps outline what happens when using SET:

1. The customer opens a MasterCard or Visa bank account. Any issuer of a credit card is a
bank.
2. The customer receives a digital certificate. This 'electronic file' functions as a credit card
for online purchases or other transactions. It includes a public key with an expiration date.
It has been through a digital switch to the bank to ensure its validity.
3. Third-party vendors also receive certificates from the bank. These certificates include the
vendor's public key and the bank's public key.
4. The customer places an order over a Web page, by phone or some other means.
5. The customer's browser receives and confirms from the vendor's certificate that the
vendor is valid.
6. The browser sends the order information. This message is encrypted with the vendor's
public key, the payment information, which is encrypted with the bank's public key
(which can't be read by the vendor) and information that ensures the payment can only be
used with this particular order.
7. The vendor verifies the customer by checking the digital signature on the customer's
certificate.
8. The vendor sends the order message to the bank. This includes the bank's public key, the
customer's payment information (which the vendor can't decode), and the vendor's
certificate.
9. The bank verifies the vendor and the message. The bank uses the digital signature on the
certificate with the message and verifies the payment part of the message.
10. The bank digitally signs and sends authorisation to the vendor, who can then fill the
order.
11. Merchant captures the transaction from their bank
12. Issuer prints credit card bill (invoice) to customer
Cryptography
Cryptography is a method of storing and transmitting data in a particular form so that only
those for whom it is intended can read and process it.
Cryptography includes techniques such as microdots, merging words with images, and other
ways to hide information in storage or transit. However, in today's computer-centric world,
cryptography is most often associated with scrambling plaintext (ordinary text, sometimes
referred to as clear text) into ciphertext (a process called encryption), then back again (known
as decryption).
Cryptography concerns itself with the following four objectives:

1) Confidentiality (the information cannot be understood by anyone for whom it was
unintended)
2) Integrity (the information cannot be altered in storage or transit between sender and
intended receiver without the alteration being detected)
3) Non-repudiation (the creator/sender of the information cannot deny at a later stage his or
her intentions in the creation or transmission of the information)
Page 94 of 139
4) Authentication (the sender and receiver can confirm each other’s identity and the
origin/destination of the information)
Private Key (Secret Key)

In cryptography, a private key (secret key) is a variable that is used with an algorithm to
encrypt and decrypt code. Quality encryption always follows a fundamental rule: the
algorithm doesn't need to be kept secret, but the key does.
Private keys play important roles in both symmetric and asymmetric cryptography.
Most cryptographic processes use symmetric encryption to encrypt data transmissions but use
asymmetric encryption to encrypt and exchange the secret key.
Symmetric encryption, also known as private key encryption, uses the same private key for
both encryption and decryption.
The risk in this system is that if either party loses the key or the key is intercepted, the system
is broken and messages cannot be exchanged securely.
Asymmetric cryptography, also known as public key encryption, uses two different but
mathematically linked keys. The complexity and length of the private key determine how
feasible it is for an interloper to carry out a brute force attack and try out different keys until
the right one is found.
The challenge for this system is that significant computing resources are required to create
long, strong private keys.
Public Key
In cryptography, a public key is a value provided by a designated authority as
an encryption key. A system for using public keys is called a public key infrastructure (PKI).
The Public-Key Cryptography Standards (PKCS) are a set of inter-vendor standard protocols
for making possible secure information exchange on the Internet using a public key
infrastructure (PKI).
When combined with a private key that is mathematically linked to the public key, messages
and digital signatures can be effectively encrypted. The use of combined public and private
keys is known as asymmetric cryptography.
Digital Certificate
A digital certificate is an electronic "passport" that allows a person, computer or organization
to exchange information securely over the Internet using the public key infrastructure (PKI).
A digital certificate may also be referred to as a public key certificate.
Just like a passport, a digital certificate provides identifying information. It is forgery

resistant and can be verified because it was issued by an official, trusted agency. The
certificate contains the name of the certificate holder, a serial number, expiration dates, a
copy of the certificate holder's public key (used for encrypting messages and digital
signatures) and the digital signature of the certificate-issuing authority (CA) so that a
recipient can verify that the certificate is real.
Page 95 of 139
To provide evidence that a certificate is genuine and valid, it is digitally signed by a root
certificate belonging to a trusted certificate authority. Operating systems and browsers
maintain lists of trusted CA root certificates so they can easily verify certificates that the CAs
have issued and signed. When PKI is deployed internally, digital certificates can be self-
signed.
Digital Signature
A digital is a mathematical technique used to validate the authenticity and integrity of a
message, software or digital document.
The digital equivalent of a handwritten signature or stamped seal, but offering far more
inherent security. A digital signature is intended to solve the problem of tampering and
impersonation in digital communications.
Digital signatures can provide the added assurances of evidence to origin, identity and status
of an electronic document, transaction or message, as well as acknowledging informed
consent by the signer.
In many countries digital signatures have the same legal significance as the more traditional
forms of signed documents.
How digital signatures work

Digital signatures are based on public key cryptography, also known as asymmetric
cryptography. Using a public key algorithm, one can generate two keys that are
mathematically linked: one private and one public.
To create a digital signature, signing software (such as an email program) creates a one-way
hash of the electronic data to be signed. The private key is then used to encrypt the hash. The
encrypted hash along with other information, such as the hashing algorithm is the digital
signature.
The reason for encrypting the hash instead of the entire message or document is that a hash
function can convert an arbitrary input into a fixed length value, which is usually much
shorter. This saves time since hashing is much faster than signing.
Digital Switch
A digital switch is a device that handles digital signals generated at or passed through a
telephone company central office and forwards them across the company's backbone
network. It receives the digital signals from the office's channel banks that have been
converted from users' analog signals and switches them with other incoming signals out to
the wide area network.
Strengths of SET
 SET is safe since it addresses all the parties involved in typical credit card transactions:
consumers, merchants, and the banks.
Problems with SET

 It has difficulties to spread since it needs all the participants to have some part of the
software, even very expensive hardware.
Page 96 of 139
 In order to process SET transactions, the merchants have to spend several million dollars
in equipment and services when they already have what are arguably sufficient security
provisions in SSL.
 SET is a very comprehensive and very complicated security protocol. It has to be
simplified to be adopted.
Page 97 of 139
Electronic (Online) Payment Systems
One of the fundamental issues that any business, whether traditional or online, faces is that it
must ensure it is able to take payments from customers with the least amount of fuss. It is no
accident that retailers in the high street offer customers every available means of paying for
the goods they have chosen. On the Internet this is no different. Any business wishing to
make the most of E-Commerce and the move to a virtual market place must also offer
convenient payments methods for visitors to the virtual shop.
In order to be able to transact online there must be some system in place which allows
customers to input their order and payment details, and also allows the e-business to check
authentication (the person's identity), as well as actually receiving the payment. For any
payment processing to take place, the e-business must have a merchant bank account. A
merchant account is a bank account which allows businesses to accept credit card payments,
and as most e-businesses wish to accept credit card payments online, they will need
an Internet Merchant Account. There are different types of merchant accounts. Some
demand that the customer's signature must be collected while others don't.
There are two types of payment systems that an e-business (or traditional business for that
matter) must consider:
 payments in - payments received from customers
 payments out - payments made to suppliers
Payments In
These payments mainly come from retail customers and wholesale customers. In traditional
business these payments would be received in cash or cheque and physically deposited in the
merchant's bank. However, 1970s technology made it possible for these funds to be
transferred electronically from one account to another (in the same bank) and later, from one
bank to another. Using PCs and modems, businesses could directly access bank systems and
transfer funds through electronic funds transfer (EFT) and could also use computer
technology to handle invoices and payments for goods and services using electronic data
interchange (EDI).
By the end of the 70's, systems were in place which allowed payments to be received from
customers using direct debit and automatic teller machines. These systems have developed
and now allow a wide range of payment options including the most popular - credit card
payments.
Initially online payment by credit card was extremely risky for consumers since the personal
data was transmitted over the Internet with no great security. However, systems now exist to
ensure this data is invisible to other users and is sent only to bona fide businesses.
Payments Out
These are payments made to suppliers and also include payment for labour and to the
Government. Payment for labour is usually paid directly into employee bank accounts with
little difficulty or risk involved. However, payments to suppliers involve invoices, shipments
and are more difficult to control and monitor both traditionally and online.
Page 98 of 139
Using EDI together with EFT significantly reduces the expense of checking invoices and
paying suppliers. Payments can now be made using online banking services such as e-
cheques, and remittance information can be e-mailed at the same time.
Current electronic payment systems make use of:
 Credit Cards
 Digital Cash
 Electronic Cheques
 Electronic Funds Transfer (EFT)
Credit Cards
A credit card is a card issued by a financial company giving the holder an option to borrow
funds, usually at point of sale. Credit cards charge interest and are primarily used for short-
term financing.
Credit cards are linked to a bank account and when a customer uses a credit card to pay
online the vendor charges the goods to the linked bank account and the bank debits the
account.
Credit cards have become important sources of identification. When used wisely, a credit
card can provide convenience.
A simple E-Commerce site could simply include a form on its web site that customers can fill
in which would capture the customer's credit or debit card number as well as their order
details. This 'order' is then e-mailed to the organisation's server/ordering department. E-mails
are then checked regularly for incoming orders.
A full E-Commerce web site processes orders completely online - whereby the card is
verified and the funds are transferred automatically. Major credit card companies use
the Secure Electronic Transfer (SET) security system as a method to secure online
transactions.
By employing digital signatures (A digital code that can be attached to an electronically

transmitted message that uniquely identifies the sender), SET will enable merchants to verify
that buyers are who they claim to be. And it will protect buyers by providing a mechanism for
their credit card number to be transferred directly to the credit card issuer for verification and
billing without the merchant being able to see the number."
An e-business must also consider whether it expects to have an international client base as the
credit/debit card system chosen must then be able to support multiple currencies.
All the current Internet browsers have built-in encryption to help make the process more
secure for the customer. Both Netscape's Navigator and Microsoft's Internet Explorer allow
any user to e-mail sensitive information such as credit card details, over the Internet.
Credit Cards vs. Debit Cards

Core Differences
Credit cards offer customers a line of credit that can be used to make purchases, balance
transfers and/or cash advances and requires that the customer pays back the loan amount in
the future. When using a credit card, one needs to make at least the minimum payment every
Page 99 of 139
month by the due date on the balance. If the full balance for purchases is not paid off, interest
charges are applied. Interest charges will be applied from the date of the transaction for
balance transfers and/or cash advances.
Debit cards offer you a convenient way to withdraw money directly from your checking
account. This money is not a loan, and no interest is charged. You will not have to make any
minimum monthly payments. However, you must be careful not to charge more money than
you have available in your checking account.
Transactional and Fee Differences

Credit cards may have an annual fee or an introductory annual fee associated with it. The fee
amount depends on the card and can vary after an introductory period. If you make a late
payment, you may be charged a late fee. Certain credit cards may also have other fees
associated with them depending on the activity. These may include cash advance fees,
balance transfer fees, and foreign transaction fees.
Most debit cards do not charge annual fees; they may carry overdraft fees if there are
insufficient funds in the associated checking account. What makes debit cards convenient is
that there are no monthly payments on a balance and consequently, no late fees.
Improving Your Credit Score

Unlike debit cards, credit cards can be used to improve your credit score. A credit card issuer
will report each monthly payment that you make to the three credit reporting agencies. With
every monthly bill that you pay, you will be contributing to the successful rating of your
credit score. Regularly using credit cards responsibly allows you to build credit because it
shows lenders that you can manage credit.
Managing Your Finances with Credit Cards

Making credit card payments on time to lower the credit-debt ratio that you currently have
will work to reduce your debt and improve your credit score. In managing your monthly
credit card bill, it is vital to make at least the minimum monthly payment on or before the due
date.
Digital Cash
Digital Cash (also known as e-currency, e-money, electronic cash, electronic currency, digital
money, digital currency, cyber currency) refers to a system in which a person can securely
pay for goods or services electronically without necessarily involving a bank to mediate the
transaction.
Users need specific software on their PC to enable them to download money from their bank
account into their cash wallet on their PC. When buying, consumers exchange the
downloaded money with the merchant for the product they want to buy. The merchant then
redeems this money at a bank that accepts e-cash deposits.
There are 2 different types of digital cash:

 Identified Digital Cash identifies the individual whose money it is. Therefore this money
can be tracked, much like a credit card payment.
 Anonymous Digital Cash works just like real money. Once it has been withdrawn, it can
be spent and not traced.
Page 100 of 139

Digital cash is possible through what is called 'public key encryption'. The general idea is that
banks and consumers have public encryption keys. These public encryption keys come in
pairs - a private key for the consumer and a public key available for everyone. Anything the
private key encrypts, the public key can decrypt and vice versa.
A Digital Cash transaction usually involves three types of users:
 a Payer (P) or consumer
 a Payee (R), such as a merchant
 a financial network like a Bank with whom both Payer and Payee have accounts
Digital cash usually involves three transactions:

 Withdrawal, the Payer (P) transfer some money (token) from his/her account to her wallet
(which could be a computer or smart case)
 Payment, the Payer (P) transfer the withdrawn money (token) to the Payee's (R) wallet
 Deposit, the Payee (R) transfers the received money (token) to his/her account.
Online vs Offline Digital Cash

Online digital cash means interacting with a bank, either via a modem or network, in order
to transact with a third party. Offline digital cash lets consumers complete a transaction
without involving a bank directly. Offline anonymous digital cash is therefore the most
complicated type of digital cash as it may be very easy to copy, and then spend both the
original and the copy. Real digital cash systems must prevent this duplication; otherwise we
could all get rich quickly!!
Online systems require that merchants must contact the bank's system with each sale. The
bank stores information on all digital cash that it has handled and can therefore indicate
whether a piece of digital cash is still 'good'. If the bank finds that the digital cash has already
been spent it will alert the merchant who can then refuse the sale. This system has similarities
to credit card verification systems.
There are currently two ways in which offline digital cash systems can help prevent
duplication of the e-cash. The first is to produce a tamper-proof smart card which keeps track
of the digital cash spent and will detect any attempt to duplicate digital cash and not allow it.
If this smart card is tampered with, it would permanently damage the card. The second way is
to encrypt the digital cash duplicated to identify the individual by the time the digital cash
reaches the bank.
The difference between offline anonymous digital cash and offline identified digital cash is
that the anonymous digital cash can only be traced if the digital cash is duplicated and spent.
If this is not the case then the original spender cannot be determined. However, with
identified offline digital cash, the trail can always be traced and the bank will always know
who bought what, where, and when. And if the bank knows - the tax man does too.
Important properties of a Digital Cash system

 Security: Digital Cash system should ensure a high-level of security through
sophisticated authentication techniques; it should not be copied or reused by the payer,
the payee or anyone else.
 Anonymity: It should be able to maintain the anonymity of the person, i.e. the transaction
carried out should not be traceable.
Page 101 of 139

 Portability: The use of such a system should be independent of the location. The
transactions can be carried over computer networks and into storage devices and vice
versa.
 Transferability: The user can spend the money received in payment without having to
contact a bank for authentication
 Divisibility: This allows the digital cash to be sub-divided into smaller denominations
and the customer can choose to spend only a part of it.
 User friendly: Both the payer and payee should be able to use it with ease which would
make it widely acceptable.
Issues
Although Digital Cash provides a host of features like ease-of-use, anonymity, efficiency
there are potential issues with its use like tax evasion, money laundering, and instability in
exchange rates and so on.
Electronic Cheques
An electronic cheque is an electronic copy (scanned image) of a real cheque, which is then
transferred by email. In addition to the cheque's 'real' signature, the transfer must be digitally
signed using the sender's private key to authenticate the transfer.
Electronic Funds Transfer

This is the transfer of money from one account to another electronically. This can be done:
 over the phone (telephone banking)
 via online banking
 using an automated teller machine (ATM)
Micropayments
Micropayments (also known as Wallet systems) are extremely small payments made online
which are too small to be handled by credit card. Fractions of a penny or cent can be used to
buy, for example, a news item from an online newspaper, a stock market quote or a graphic
or cartoon.
To justify a large bill, consumers are often required to purchase multiple products or a bundle
with unwanted products. Information brokers of these low cost items have in the past suffered
from inadequate payment systems and high overhead costs of processing credit card
transactions, but micropayment systems have been created to overcome these problems
Smart Cards
Smart cards look just like traditional credit cards. However, they differ in that they have a
microchip embedded in their surface that can be used to store a wide range of information
about the holder of the card, or be used as a means of carrying electronic cash. They offer the
advantages of paying by cash, but with the convenience of paying by card.
Customers can load their card with cash and then use this to pay for goods in a merchant's
retail outlet, or on the merchant's web site. Card readers are available for retail outlets as well
as an attachment for PCs. This convenience gives a great advantage to smart cards.
Page 102 of 139

Electronic Security Systems
Any business that wishes to trade on the Internet must be able to convince consumers and
other businesses that there are benefits to online trading. These benefits could be lower
prices, guarantees of quality products or services, and low consumer risks. E-Commerce
businesses, in particular, have to be especially careful about these issues since consumers
have major concerns about online trading and about sending credit card details over the
Internet to unfamiliar companies.
Every business must ensure adequate levels of security for itself, as well as for its clients and
customers. The Internet can provide higher levels of customer security than the traditional
retail outlets in the high street. Nevertheless, it is still a matter of great concern to the vast
majority of would be online consumers.
Any business that is contemplating an E-Commerce move to the Internet, or one that already
has a presence, can enhance its security features to enable it to increase its own confidence
and, as a consequence, extend that security confidence to its customers. The main factors for
consideration are:
 The means of ensuring security when payments are being made
 The available forms of encryption that can be employed on the website
 How websites can be protected from attack.
The bottom of traditional IT security has been about keeping company data safe from
outsiders but with e-business this is not the case - it's now about enticing outsiders in - and
this is where the security becomes more complex!
If a system is too secure then this could actually have a harmful effect as the system will be
slow and perhaps obstruct authorised users, but if it is not secure enough then anyone could
have access to it. The most logical solution is to have various layers of security depending on
user access. For example, a web browser needs only to read the information which must be
easily accessed, however a B2B relationship online will call for much stricter security
measures enabling parties to view confidential material such as stock levels or legal
documentation.
Therefore, an organisation must look at the whole supply chain with which it comes into
contact electronically. The table below shows different layers of security and possible
solutions.
Type of Security Problem Solution

Access Security Who is able to use the Authorisation, Public Key Infrastructure (PKI),
system Firewalls
Communication Securing messages such as Encryption, Virtual Private Network (VPN)
Security file transfers and e-mail
Content Security Securing processes on an Virus detection, content filtering. Restricting
application Internet access for employees, checking
outgoing messages
Security Management Managing the entire security Security assessment and management and
policy against intrusion, intrusion detection
Page 103 of 139

denial of service attacks
Security Risks
In order to ensure security for your business and your customers, you need:
 Privacy
 To be able to clearly identify all parties in a transaction
 To have complete integrity in that the information sent should not be altered in any way
 Confidentiality - once the transaction has taken place, it should be erased from the
system.
Securing e-business information systems is complicated. Before implementing a security

system, an e-business needs to understand the business information that it has, who will need
to access what information, where, why and how often. It is also vital to assess the level of
access that will be required by whom as well as looking at what the e-business hopes to
achieve from the network. If an e-business does not address these points then security will be
ineffective.
There are many techniques used to overcome fraudulent activity such as data encryption and
password protection. E-Commerce businesses must weigh up the cost of such security
systems against the perceived risk to their business.
Main Security Issues

The main security issues that an organisation must address are:
 The Hacker: Many hacker attacks originate within an organisation's employees. Beware
of the nosey insider who can compromise more information than an external hacker.
 Review Security Regularly: Complacency is one of the biggest threats to security. All e-
businesses need to have a security policy which is regularly reviewed - it is not a one off
exercise. Security can give an organisation a competitive edge.
 Employees: Threats can be posed by employees who have compromising information on
their work PCs as mundane as copyright theft, viruses or rude e-mails - all of which could
result in civil or criminal litigation.
With the increase in online trading and corresponding payments comes an increase in
criminal activity. There are many ways in which financial information can be obtained and
used illegally. For example:
Operational Obtaining goods and services without paying
Loss or corruption of important data
Legal Impersonating messages
Vandalising of websites with offensive material
Copyright Theft
Financial Fraud
Corruption of financial data to divert payments or sell information
to others
Spoofing - mimicking a legitimate website to get bank account or
credit card details
Page 104 of 139

Internet Business strategy
Placing a business on the web

To place a business on the web you must get a domain name (web address -
www.yourname.com) for the business web site. A domain name on the internet means a
"web" address where your website is located and can be found. When one asks you what is
your web address and/or if you want one to visit your location on the internet, you provide
them with the web address, also known as, a domain name. A domain name is the address
you provide so that internet surfers can visit your website on the internet. An example of how
one might quote their domain name is by using the following
format: "http://www.yourdomainname.com" or "www.yourdomainname.com"
Once you have a domain name, you will need a web hosting company that has the ability to
store your web pages on a server and to display your web pages on the Internet. You will
receive a user name and password so that you can modify, add and delete pages whenever
you like.

You can use also use an Internet Service Provider (ISP) i.e. AOL, Safaricom who
will provide you with free space for your web pages.

If you use your current ISP for your web pages the space is free. They will allow you to save
your web pages on their server (computer). There is no additional monthly charge. The free
web space is one of the features that are included in the monthly fee that you pay to them for
giving you the ability to access the Internet.
Keep in mind that if you use your current ISP's web space - your web address may be
"www.ISPname.com/yourname"
However, if you should decide to change ISP companies you will not be able to maintain the
same web address that they gave you because you would no longer have access to their
server.
The advantage to putting your web pages on an independent server is that they are
independent of your current ISP and therefore no matter who you use for your ISP service
(the company that provides you the ability to access the Internet), your web pages and web
address will not change. Once you get your own domain name (web address), you can have
anyone host your web site.

Creating a web page
There are two options of creating a web site
1. Create Your Own Web Site. The option saves web site designer costs and maintenance
costs as you can maintain it yourself. However you will need to get familiar with HTML
(language used to design web pages) or learn a software platform like WordPress or use a
WebSite Builder (plug and play) that will generate a web page for you automatically. You
will spend time looking for graphics and creating the page.
There are a variety of web site creation or web page editor (HTML - HyperText Markup
Language) programs available that allow you to create your own web pages. A few of the
Page 105 of 139

popular ones are: Microsoft Frontpage, Coffee Cup, Dreamweaver, etc. (Note: If you
have Microsoft Word, you can create a web page by saving the file you create as an
"html" file). With any of the web page editor programs that you decide to purchase, you
will need to spend some time learning the program. Most of the programs have
templates already developed and all you have to do is select a template for your business
and fill in your information. You can also use your Notepad program that comes with
Windows Operating Systems, however, if you go this route, you will need to become very
familiar with the HTML (Hypertext Markup Language) coding.

The difference between using a program like Frontpage vs. Notepad is that with the
Frontpage program, the html coding is put in for you automatically. All you have to do is
type your information as if you were typing a document. The popular web design
program can be purchased at local computer stores or any store that sells software
products.

For pictures/graphics, you will need to have a scanner to put pictures of your own
products, logos, etc. on your web pages or get a Clipart/Graphics CD or a Digital
Camera. You will also find there are a number of sites on the internet where one can
download graphics or clipart.

To create custom graphics, or your own buttons, dividers, etc., you will need to use and
learn some type of a graphics program, like Gimp - Open Source or Adobe Photoshop.
These programs are also used to resize your graphics.

You will create the web pages offline on your own computer and then upload (copy) them
to the server of your chosen Web Hosting Company using a FTP (file transfer protocol)
program. Some of the web page editor programs, however, will have their own
publishing feature that will automatically upload your files to the server. For the
programs that do not have this feature, you can use the third party FTP (file transfer
protocol) program.
2. Have a Web Site Designer Create Your Web Site for You. This option saves you lots of
time in learning HTML and frustration. However the costs of designing the web site are
higher.
Factors impacting Web site design, and how do they affect a site’s operation
The eight most important factors impacting Web site design are:
(a) Functionality: The site must have pages that load quickly, perform correctly, and send the
user to the requested information about the product offerings.
(b) Informational: The site must have links that the customer can find easily in order to
obtain information about the company and the products it offers.
(c) Ease of use: The site must have a simple foolproof navigation scheme.
(d) Redundant navigation: The site must have alternative paths to reach the same content.
(e) Ease of purchase: There should be no more than one or two clicks required for the
purchasing procedure.
(f) Multi-browser functionality: The site should work with the popular browsers.
(g) Simple graphics: The site should not use distracting graphics and/or sounds that the user
cannot control.
(h) Legible text: The site should avoid the use of backgrounds that distort text or make it
difficult to read.
Page 106 of 139

Failure to pay attention to these factors will adversely affect the operation of a site because
users will find the site frustrating to navigate and view, they will have difficulty obtaining
information about the products, and they will determine that making a purchase will be far
too complicated.
Registering with interNIC

InterNIC for Internet Network Information Centre is the internet governing body that is
responsible primarily for the allocation of domain names and X.500 (a series of computer
networking standards covering electronic directory services) directory services. InterNIC is
run by the Internet Corporation for Assigned Name and Numbers (ICANN).
InterNIC is an informational website that provides the public details and information about
domain name registration.
InterNIC is responsible for the registration and the maintenance of com, net and org top-level
domain names in the World Wide Web. Therefore in order to get a domain name for your
business you must register with InterNIC.
Website testing
A website must be tested before going live. Complete testing of a website before going live
can help address issues before the system is revealed to the public. Issues such as the security
of the web application, the basic functionality of the site, its accessibility to handicapped
users and fully able users, its ability to adapt to the multitude of desktops, devices, and
operating systems, as well as readiness for expected traffic and number of users and the
ability to survive a massive spike in user traffic, both of which are related to load testing.
Evaluating web server statistics

Web server performance can be analyzed from different viewpoints. For instance, a Web
user's perception of performance has to do with fast response time and no connections
refused. On the other hand, a Webmaster's perception of performance is oriented towards
high connection throughput and high availability.
Web server performance depends upon several factors:

 hardware platform
 operating system
 server software
 network bandwidth and
 workload
Metrics
Latency and throughput at the server are the two most important performance metrics that
Web Monitor measures. The rate at which HTTP requests are serviced represents the
connection throughput. However, because the size of objects varies significantly, throughput
is also measured in terms of bits (or bytes) per second. The time required to complete a
request is the latency at the server, which is one component of client response time. The
average latency at the server is the average execution time for handling the requests.
However, client response time also includes time spent communicating over the network, and
processing on the client machine (e.g., formatting the response). Thus, client-perceived
Page 107 of 139

performance depends on the server capacity, the network load and bandwidth, as well as on
the client machine.
Measuring web site success

Every website is different. What might be considered successful results for one website may
not be for another. To measure your own site’s success, you must first define what success
means to you and develop a clear picture of how your website is performing according to
these metrics.

Purpose of Your Website
To start, ask yourself about the purpose of your site. Was it created to sell products? To boost
fundraising efforts? To engage consumers in a particular niche? Defining the purpose of your
website is essential to defining its success.

Setting Good Goals
Next, you need to set some clear goals that coincide with your website’s purpose. When
devising goals, consider the following questions:
 Are your website goals tied in to the overall goals of your organization?
 Are your goals measurable?
 Are they challenging, yet realistic?
 Are they set in a specific time frame?
 Do your goals depend on specific website visitor actions? (Signing up for a newsletter,
buying a product, etc.)
As an example, say you’re a business owner who sells jackets online. Your organizational
goal is to generate revenue through jacket sales, so one goal of your website is to get visitors
to buy jackets (a specific website visitor action). Your goal might be to sell 1000 jackets per
month through your website (which is both measurable and constrained by a specific time
frame), up from the 800 you sold last month (which is challenging, yet realistic).

Website Metrics
Website metrics are a way to measure how people are interacting with your website. When
you keep track of web metrics, you’ll be able to see what’s working on your site and what
needs improvement as far as web traffic and conversions go. Here are some metrics that you
should be tracking – no matter the purpose of your website:
 Conversion Rate: This metric measures how many people are performing your website
visitor action. Conversion rate is given as a percentage, and is based on the number of
people who convert versus the number who leave your website without taking the desired
visitor action.
 Exit Pages: This statistic lets you know what pages your visitors are exiting your website
from. This data, along with the conversion rate metric, can help you to optimize your
sales funnel. Know what pages within your sales funnel people are exiting on and
improve on those pages in order to maximize conversions (although, keep in mind that
some pages – like your “Thank You” page – are natural exits).
 Unique Visitors: This numbers tells you the number of individual people who visit your
website in a given time period, usually daily. This is more significant than just measuring
Page 108 of 139

page views. Page views can tell you that you had three visits to your website in a day, but
not if it was the same person visiting three separate times.
 Referrers: This data tells you where your visitors are coming from and can be extremely
helpful in measuring and strategizing your marketing efforts.
 Top Keywords: This important metric tells you what search engine keywords are leading
people to your website.
 Top Internal Search Keywords: Don’t confuse this with top search engine keywords. This
data tells you what people are using the search box on your website to search for. This
could be helpful in determining what content on your website is most popular, or if
there’s something you’re missing on your site that people are expecting to find.
 Top Search Engines: This metric tells you what search engines people are visiting your
website from, which can be useful when it comes to prioritizing activities.
 Average Time Spent: This number lets you know how much time people are spending on
your website and individual pages, and it’s a good way to measure the quality of your
website.
 Bounce Rate: Your bounce rate is a measurement of how many people visit your website
and then leave after only viewing the page they landed on. In other words, it tells you if
your website is driving traffic away before engagement can occur.
When you measure your website metrics, you gain valuable information that will help you to
achieve the goals you’ve set.
Measuring Metrics
Given the importance of a website’s metrics, there are plenty of tools to choose from when it
comes to measurement. Google Analytics is free and perhaps the most popular tool for
measuring website metrics. Google Analytics not only lets you measure the success of your
website, but also lets you perform split testing, helping you to turn your analytics data into
actionable steps towards improvement.
Piwik is another free tool that can be hosted on your own web server. It offers many of the
same features as Google Analytics, but since it’s hosted on your server, you’re the only one
that sees the stats.
Page 109 of 139

Monitoring and Maintaining a Site
It's not enough to simply set up an e-commerce website and hope that everything will run
smoothly afterwards. Sites must be monitored to ensure that they continue to function
correctly and they must be maintained, both to correct any errors that may arise and to add
or change content.
Several companies offer monitoring systems that can remotely check a website from several
geographic monitoring stations at selected intervals. If the monitoring system is unable to
reach the site, an email, cell phone or pager alert is sent to notify the site owner of the
problem. Monitoring services available include: Availability Monitoring, Performance
Monitoring, Link and Image Checking and Transaction Monitoring.
Many companies offer a free trial of their services, or even a free entry-level service. These
services are not always distinct - many companies offer more than one type of monitoring
service.
Availability Monitoring
When an e-commerce company is dependent on its Web Site, downtime is unacceptable, but
unfortunately it sometimes happens. It is essential that if it does happen, website owners are
informed and can take action before customers are affected and business is lost.
Several companies run worldwide monitoring stations which conduct accessibility tests on

websites, servers, network services, ports and hardware devices like routers, etc. At each
check interval (anything from 1 to 60 minutes depending on the service selected) a series of
geographically dispersed monitoring stations check your server. If more than one location
detects a connection failure, an email alert is sent to the website owner. Owners are also
notified when the website becomes accessible again.
Performance Monitoring
Performance monitoring services can watch a web server 24 x 7 x 365 at an interval chosen
by the site owner, ensuring that the site is always available. They can also check that the site
is performing reliably and delivering content in full at a reasonable speed. The loading time
of each individual page element (e.g. text, images etc.) can be measured, giving the total
download time. This helps site owners understand of how their web site performs over time
and assists webmasters in assessing and improving the quality and speed of their site.
Secure web servers using the encrypted Secure Socket Layer (SSL) protocol can also be
accessed to ensure that users can use the secure data collection or payment areas of secure
sites. FTP and SMTP mail servers can also be monitored, so if a web site links to an FTP
server for downloading documents, or to a mail server for sending confirmation emails, then
these operations can be monitored.
Link and Image Checking

Nothing frustrates customers more than website links that don't work, so there are a number
of services available that can check an entire site and find broken links.
Link analysis software can be used to check various types of links, including:

 HTML: check for missing images and broken links
Page 110 of 139

 CSS: check for missing background graphics and broken @import statements
 Flash: check for missing movie files and find broken links inside movie files
Some services can also check sites for accessibility, usability, HTML standards and search
engine guideline violations.
Transaction Monitoring
Transaction and web application monitoring services check the availability and performance
of web transactions and the supporting web applications to ensure they are functioning
properly. These services provide realistic insight into what end-users are experiencing when
carrying out e-business transaction on a website.
Monitored transactions typically include customer logins, purchase order fulfilment,

submitting different types of web forms and other user interactions. This allows site owners
to maximise web applications uptime and avoid losing sales due to abandoned e-business
transactions.
Customer Behaviour
Website owners may also wish to monitor aspects of customer behaviour, for example,
the entry points where customers arrived at a site, the pages they looked at, including how
long they spent there and the keywords used when searching the site.
One popular application for monitoring customer behaviour is Google Analytics, a free
service offered by Google that generates detailed statistics about the visitors to a website.
Google Analytics is aimed at marketers rather than webmasters and technologists.
Website Usability
Usability is about ensuring that when users access your website they can find the information
they are looking for quickly and efficiently.
 Your website must be easy to navigate
 Pages should download quickly
 Information should be easy to retrieve
 No restrictions should be placed on users
Accessibility
Accessibility is about ensuring that all users can access your website, irrespective of any
disabilities they may have or what technology they are using. There are a number of things
you can do to make a website more accessible:
 Your website must be able to function with all the different browser technologies
available
 Forms must be accessible to all users
 Users should be able to process content quickly and easily
 Structure and presentation should be separated
 The user should be able to control your website
Why Website are costly to maintain

Web sites are so costly to maintain because code must be debugged, hyperlinks must be
tested and repaired continually; emergencies must be handled; and reports, data files, and
links to backend databases must be maintained and updated as necessary. General
administrative tasks of the site require attention including updating the products and prices.
Page 111 of 139

Changes and enhancements to the system are also continually being made so that the site is
always adapting to changing market conditions. All of this requires a Web team that includes
programmers, designers, and business managers from the marketing, sales support, and
production departments. This will ensure timely response to customer feedback and that the
site is adequately monitored for correct prices and links with updated page display.
Page 112 of 139

Home (Online) banking
Banking and ecommerce

Online banking, also known as internet banking, e-banking or virtual banking, is
an electronic payment system that enables customers of a bank or other financial institution to
conduct a range of financial transactions through the financial institution's website. The
online banking system will typically connect to or be part of the core banking system
operated by a bank and is in contrast to branch banking which was the traditional way
customers accessed banking services.
To access a financial institution's online banking facility, a customer with internet access
would need to register with the institution for the service, and set up a password and
other credentials for customer verification. The credentials for online banking are normally
not the same as for telephone or mobile banking. Financial institutions now routinely allocate
customers numbers, whether or not customers have indicated an intention to access their
online banking facility. Customer numbers are normally not the same as account numbers,
because a number of customer accounts can be linked to the one customer number.
Technically, the customer number can be linked to any account with the financial institution
that the customer controls, though the financial institution may limit the range of accounts
that may be accessed to, say, cheque, savings, loan, credit card and similar accounts.
The customer visits the financial institution's secure website, and enters the online banking
facility using the customer number and credentials previously set up. The types of financial
transactions which a customer may transact through online banking are determined by the
financial institution, but usually includes obtaining account balances, a list of the recent
transactions, electronic bill payments and funds transfers between a customer's or
another's accounts. Most banks also enable a customer to download copies of bank
statements, which can be printed at the customer's premises (some banks charge a fee for
mailing hard copies of bank statements). Some banks also enable customers to download
transactions directly into the customer's accounting software. The facility may also enable the
customer to order a cheque book, statements, report loss of credit cards, stop payment on a
cheque, advice change of address and other routine actions.
Implementation
Online banking facilities typically have many features and capabilities in common, but also
have some that are application specific. The common features fall broadly into several
categories:
 A bank customer can perform non-transactional tasks through online banking, including;
 Viewing account balances
 Viewing recent transactions
 Downloading bank statements, for example in PDF format
 Viewing images of paid cheques
 Ordering cheque books
 Download periodic account statements
 Downloading applications for M-banking, E-banking etc.
 Bank customers can transact banking tasks through online banking, including;
 Funds transfers between the customer's linked accounts
Page 113 of 139

 Paying third parties, including bill payments (see, e.g., BPAY) and third party fund
transfers (see, e.g., FAST)
 Investment purchase or sale
 Loan applications and transactions, such as repayments of enrollments
 Credit card applications
 Register utility billers and make bill payments
 Financial institution administration
 Management of multiple users having varying levels of authority
 Transaction approval process
Some financial institutions offer special internet banking services, for example:
 Personal financial management support, such as importing data into personal accounting
software. Some online banking platforms support account aggregation to allow the
customers to monitor all of their accounts in one place whether they are with their main
bank or with other institutions.
Using online services

The World Wide Web has permeated virtually every aspect of modern life. If you have access
to a computer with an Internet connection, an almost limitless amount of goods, services and
entertainment choices are at your fingertips. You can do just about anything online, including
your banking and financial transactions. Just how comfortable are you conducting your
banking business in cyberspace? After all, online banking has both advantages and
disadvantages, namely:
Advantages
 It's generally secure. But make sure that the website you're using has a valid security
certificate. This lets you know that the site is protected from cyber-thieves looking to
steal your personal and financial information.
 You have twenty-four-hour access. When your neighbourhood bank closes, you can still
access your account and make transactions online. It's a very convenient alternative for
those that can't get to the bank during normal hours because of their work schedule,
health or any other reason.
 You can access your account from virtually anywhere. If you're on a business trip or
vacationing away from home, you can still keep a watchful on your money and financial
transactions - regardless of your location.
 Conducting business online is generally faster than going to the bank. Long teller lines
can be time-consuming, especially on a Pay Day. But online, there are no lines to
contend with. You can access your account instantly and at your leisure.
 Many features and services are typically available online. For example, with just a few
clicks you can apply for loans, check the progress of your investments, review interest
rates and gather other important information that may be spread out over several
different brochures in the local bank.
Disadvantages
 Online banking is generally secure, but it certainly isn't always secure. Identity theft is
running rampant, and banks are by no means immune. And once your information is
compromised, it can take months or even years to correct the damage, not to mention
possibly costing you thousands of dollars, as well.
 Some online banks are more stable than others. Not all online setups are an extension of a
brick-and-mortar bank. Some operate completely in cyberspace, without the benefit of a
Page 114 of 139

branch that you can actually visit if need be. With no way to physically check out the
operation, you must be sure to thoroughly do your homework about the bank's
background before giving them any of your money.
 Customer service can be below the quality that you're used to. Some people simply take
comfort in being able to talk to another human being face-to-face if they experience a
problem. Although most major banks employ a dedicated customer service department
specifically for online users, going through the dreaded telephone menu can still be quite
irritating to many. Again, some are considerably better (or worse) than others.
 Not all online transactions are immediate. Online banking is subject to the same business-
day parameters as traditional banking. Therefore, printing out and keeping receipts is still
very important, even when banking online.
Page 115 of 139

Revision Questions
1. Define the following terms.
i. E-commerce
ii. I-way Electronic
iii. E-business
iv. Data Interchange (EDI)
v. Electronic-cash
vi. Digital cash
vii. Digital signature
viii. Electronic Fund Transfer (EFT)
ix. electronic payment system
x. Information asymmetry
xi. Marketplace
2. Distinguish between e-commerce and e-business.
3. Compare and contrast e-commerce and e-business.
4. Describe seven unique features of e-commerce technology.
5. Discuss two benefits of universal standards.
6. Compare e-commerce and traditional transactions in terms of richness.
7. State four benefits of e-commerce to the customer.
8. State four benefits of e-commerce to the business.
9. Discuss three applications of e-commerce.
10. Discuss four of the business consequences that can result from growth in information
density.
11. Discuss the history of E-Commerce.
12. Describe the following types of e-commerce.
(a) B2C
(b) B2B
(c) C2C
(d) P2P
13. Using suitable local examples, explain the difference between B2B and B2C e-commerce
14. Describe eight key components of an effective business model.
15. Identify any four revenue models used by e-commerce firms.
16. Describe the five primary revenue models used by e-commerce firms.
17. State two factors that led to the failure of early years of e-commerce
18. Identify the three basic building blocks of the Internet
19. Distinguish between digital signature and digital certificate.
20. Describe the various components in an Electronic Payment System.
21. Describe any three methods of payment for online consumers.
22. Identify the types of security features used in client server types of network.
23. Describe the components of Information Super Highway Infrastructure.
24. Compare and contrast the Internet and the Web with other technologies that have changed
commerce in the past.
25. Discuss the ways in which the early years of e-commerce can be considered both a
success and a failure.
26. What are five of the major differences between the early years of e-commerce and today’s
e-commerce?
27. Describe the three different stages in the evolution of e-commerce.
28. (a) Explain four major limitations on the growth of e-commerce.
Page 116 of 139

(b) Which of the limitations is potentially the toughest to overcome?
29. Identify three of the factors that will contribute to greater Internet penetration in Kenya
households?
30. (a) Define disintermediation.
(b) Explain the benefits of disintermediation to Internet users.
31. Discuss how World Wide Web has had a significant role in the field of e-commerce.
32. Explain the use of following devices used in networking.
(a) Switches
(b) Routers
(c) Ramps
33. Identify the technological innovation that made client/server computing possible.
34. Discuss the impact client/server computing has had on the Internet.
35. Explain any two advantages of client/server architecture.
36. Identify the essential components of a 3-tier client server architecture.
37. Compare and contrast two-tier and three-tier client/server architecture.
38. Explain how packet switching works.
39. How is the TCP/IP protocol related to information transfer on the Internet?
40. What technological innovation made client/server computing possible? What impact has
client/server computing had on the Internet?
41. i. Explain network security.
ii. Discuss the types of security features used in client server networks.
42. Explain the differences between terms intranet and extranet
43. Explain the role the internet, intranet and extranet each plays in e-business.
44. Compare and contrast intranets, extranets, and the Internet.
45. What is non-repudiation?
46. Explain how non-repudiation can be achieved in designing e-cash based system.
47. Discuss the risks involved in Electronic Payment Systems.
48. Identify two ways of obtaining digital certificates
49. Describe three types of electronic payment systems.
50. Discuss two advantages of electronic payment system.
51. Discuss the use of digital signature during E-Commerce transaction.
52. Explain how SSL and S-HTTP provide security to WWW.
53. Explain the difficulties encountered in the application of digital signatures.
54. Identify the risks involved in Electronic Payment Systems.
55. Describe Secure Electronic Transaction (SET).
56. Explain the use of Secure Sockets Layer (SSL) to secure the network.
57. Explain how SSL works.
58. State two advantages and two disadvantages of a Smart Card.
59. Explain how e-commerce is used in home banking.
60. Discuss the advantages of home banking.
61. Explain two factors to consider in designing a successful website.
62. Describe the various steps involved in creating an e-commerce site.
63. Distinguish between a logical and physical Web site design.
64. Discuss the basic functionalities a Web server should provide.
Page 117 of 139

Sample Questions and Answers
1. What is e-commerce? How does it differ from e-business? Where does it intersect
with e-business?
E-commerce, in the popular sense, can be defined as: the use of the Internet and the Web
to conduct business transactions. A more technical definition would be: e-commerce
involves digitally enabled commercial transactions between and among organizations and
individuals. E-commerce differs from e-business in that no commercial transaction, an
exchange of value across organizational or individual boundaries, takes place in e-
business. E-business is the digital enablement of transactions and processes within a firm
and therefore does not include any exchange in value. E-commerce and e-business
intersect at the business firm boundary at the point where internal business systems link
up with suppliers. For instance, e-business turns into e-commerce when an exchange of
value occurs across firm boundaries.
2. Define e-commerce?
The term ‘electronic commerce’ has evolved from electronic shopping, to imply all
aspects of business and market processes enabled by the Internet and World Wide Web
technologies.
According to Philip Kotler :

E-commerce can be defined as a general term for buying and selling process that is
supported by electronic means.
Electronic commerce, is a term for all kinds of business that are established electronically
especially over the Internet. This includes both electronic sale (internet shops) and B2B
transactions, i.e. business between two companies. It is any online transaction of buying
and selling where business is done via Electronic Data Interchange (EDI).
3. What are the benefits of using e-commerce?

Basic Benefits of E-Commerce
The major benefits are increasing sales and decreasing costs. The other benefits are as
follows:
Increased accessibility to customers

(i) Allows people to carry out operations without barriers of time i.e. 24 hours a
day, seven days a week.
(ii) To reach out to global consumers easily and is also cost effective.
(iii) It helps business to reach out new markets.
(iv) Consumers and suppliers can be directly approached over the Internet.
(v) Acquisition of new consumers over the internet is considerably cheaper.
2. Convenience of making comparisons

E-commerce helps consumers to make comparisons while shopping. Automated
online shopping assistants called hopbots score are available to find deals on anything
from flowers to perfume
3. Increased Profitability
Page 118 of 139

i) The direct cost to sale for an order taken from an web site is lower as compared to
traditional means. Moreover processing errors are virtually eliminated in e-selling
besides being faster and more convenient to visitor.
ii) It provides the solution by decimating the costs, which are incurred.
4. Innovation
E-commerce enables business organization to create new products or services.
5. Improvement in consumer service:

There is a direct benefit in improvement of consumer service. High levels of customer
satisfaction generate increased sales and increased profits.
6. Tangible advantages:
From the buyer’s perspective e-commerce provides a lot of tangible advantages:
(i) Reduction in buyers sorting out time
(ii) Better buyer decisions.
(iii) Less time spent in resolving invoice and order discrepancies.
(iv)Increased opportunities for buying alternative products.
7. Strategic Benefits:
It helps to reduce delivery time, labour cost and also the cost incurred in the following
areas:
i) Document prep ration.
ii) Error detection and correction.
iii) Reconciliation.
iv) Mail Preparation.
v) Telephone calling.
vi) Data Entry.
vii) Overtime.
viii) Supervision Expenses.
4. Describe the following types of e-commerce.

i) B2B (Business to Business) ii) B2C (Business to Customer)
(i) B2B - Business to Business

It is a mode of conducting business between two or more companies over the Internet,
rather than more traditional modes such as telephone, mail, and face to face. In the
past EDI was conducted on a direct link of some form between the two businesses
whereas today the most popular connection is the Internet. The two businesses pass
information electronically to each other. B2B e-commerce currently makes up about
94% of all e-commerce transactions.
Some of the advantages of B2B are:

 Improved customer satisfaction
 Improved inventory system
 Easy and cost effective marketing
 Coordination between manufacturers, distributors and dealers.
 Better management of business
(ii) B2C -Business to Consumer
Page 119 of 139

This is where the consumer accesses the system of the supplier. It is still a two-way
function but is usually done solely through the Internet.
In B2C e-commerce companies sell goods to consumers online in a dynamic
environment. Each transaction under B2C represents an individual buying online.
5. List some common applications of e-commerce
 E-mail and messaging
 Content Management Systems
 Documents, spreadsheets, database
 Accounting and finance systems
 Orders and shipment information
 Enterprise and client information reporting
 Domestic and international payment systems
 Newsgroup
 On-line Shopping
 Messaging
 Conferencing
6. List at least five potential benefits of B2B e-commerce.

B2B e-commerce promises many strategic benefits for participating firms, both the
buyers and the sellers including:
• lower administrative costs
• lower search costs for buyers
• reduced inventory costs due to increased competition among the suppliers (which
increases price transparency) and reducing inventory to a bare minimum
• lower transaction costs due to the elimination of paperwork and the partial automation
of the procurement process
• increased production flexibility by ensuring delivery of parts “just-in-time”
• improved quality of products due to increased cooperation among buyers and sellers,
reducing quality issues
• decreased product cycle time due to the sharing of designs and production schedules
with suppliers
• increased opportunities for collaborating with suppliers and distributors
• increased price transparency
7. What is information asymmetry?

Information asymmetry refers to any disparity in relevant market information among the
parties involved in a transaction. It generally applies to information about price, cost, and
hidden fees.
8. What are some of the unique features of e-commerce technology?

The unique features of e-commerce technology include:
• Ubiquity: It is available just about everywhere and at all times.
• Global Reach: the potential market size is roughly equal to the size of the online
population of the world.
• Universal standards: The technical standards of the Internet, and therefore of
conducting e-commerce, are shared by all of the nations in the world.
• Richness: Information that is complex and content rich can be delivered without
sacrificing reach.
Page 120 of 139

• Interactivity: E-commerce technologies allow two-way communication between
the merchant and the consumer.
• Information density: The total amount and quality of information available to all
market participants is vastly increased and is cheaper to deliver.
• Personalization/Customization: E-commerce technologies enable merchants to
target their marketing messages to a person’s name, interests, and past purchases.
They allow a merchant to change the product or service to suit the purchasing
behavior and preferences of a consumer.
• Social technology: User content generation and social networking technologies
9. What is a marketspace?
A marketspace is a marketplace that is extended beyond traditional boundaries because it
is removed from the restrictions of geography and time. The ubiquity of e-commerce
technologies liberates the market from these limitations.
10. What are three benefits of universal standards?

The benefits of universal standards are:
• reduced search costs for consumers
• becomes simpler, faster, with more accurate price discovery
• lower market entry costs for merchants
11. Compare online and traditional transactions in terms of richness.
Traditional transactions can provide more richness in terms of face-to-face service
including visual and aural cues. However, traditional transactions are limited in terms of
how many people can be reached at a single time. Online transactions, which can be
global in reach, can provide content that is both complex and rich, overcoming the
traditional trade-off between reach and richness.
12. Name three of the business consequences that can result from growth in information
density.
Growth in information density could result in:
• Greater price transparency: Consumers can easily find out the variety of prices in a
market.
• Greater cost transparency: Consumers can discover the actual costs merchants pay for
products.
• Greater opportunities for marketers to practice price discrimination: since marketers are
able to gather much more information about their customers, they can segment the market
into groups based on willingness to pay different prices for the same or nearly the same
goods.
13. Describe the three different stages in the evolution of e-commerce.

The three stages in the evolution of e-commerce are innovation, consolidation, and
reinvention. Innovation took place from 1995–2000 and was characterized by excitement
and idealistic visions of markets in which quality information was equally available to
both buyers and merchants. However, e-commerce did not fulfil these visions during its
early years.
After 2000, e-commerce entered its second stage of development: consolidation. In this
stage, more traditional firms began to use the Web to enhance their existing businesses.
Less emphasis was placed on creating new brands.
Page 121 of 139

In 2006, though, e-commerce entered its current stage, reinvention, as social networking
and Web 2.0 applications reinvigorated e-commerce and encouraged the development of
new business models.
14. What are the major limitations on the growth of e-commerce? Which is potentially
the toughest to overcome?
 One major limitation to the growth of e-commerce is the price of personal computers.
 The need for many people to learn complicated operating systems, at least in
comparison to other technologies such as the television or the telephone. People must
also learn a set of sophisticated skills to make effective use of the Internet and e-
commerce capabilities.
 The unlikelihood that the digital shopping experience will ever replace the social and
cultural experience that many seek from the traditional shopping environment.
 Persistent global income inequality will exclude most of the world’s population, who
do not and probably will not in the foreseeable future, have access to telephones or
PCs.
Social and cultural limitations are likely to be tougher to overcome than technological
limitations.
15. What are three of the factors that will contribute to greater Internet penetration in
Kenya households?
Factors that will contribute to greater Internet penetration into Kenyan households in the
next decade include:
 The price of an entry-level PC such as a netbook and smartphones with Internet
access has fallen.
 Enhanced capabilities, such as integration with television and access to film libraries
on a pay-per-view basis, will draw in more consumers.
 The PC operating system is likely to evolve into a simpler platform with simpler
choice panels.
 The use of wireless Web technology is increasing.
16. Define disintermediation and explain the benefits to Internet users of such a
phenomenon. How does disintermediation impact friction-free commerce?
Disintermediation means the removal of the market middlemen; the distributors,
wholesalers, and other intermediaries between producers and consumers.
The predicted benefits to Internet users include:

 The decline of prices for products and services as manufacturers and content
originators develop a direct relationship with their customers, and
 The elimination of payments to these middlemen.
 Disintermediation of markets would create intense competition. This, along with
lowered transaction costs, would eliminate product brands, eventually resulting in the
elimination of unfair competitive advantages and extraordinary returns on capital: the
vision of friction-free commerce.
17. What are some of the major advantages and disadvantages of being a first mover?
The major advantages of being a first mover are the ability to build a brand name early on
and establish a large customer base before followers enter the market, and the ability to
build switching costs into the technology or services offered so that customers will find it
Page 122 of 139

discomfiting to change to a late entering competitor. The major disadvantage is that
historically, many first movers have not succeeded and are instead replaced by the fast
follower, larger firms with the financial, marketing, legal, and production assets necessary
to develop mature markets. Generally, only a handful of first mover firms become
successful long-term businesses as the start-up costs and time it takes to build a profitable
business are often underestimated.
18. Discuss the ways in which the early years of e-commerce can be considered both a
success and a failure.
The early years of e-commerce can be considered a success because of the technological
success that occurred as Web-enabled transactions grew from thousands to billions. The
digital infrastructure proved to be a solid foundation on which to build a viable marketing
channel. From a business perspective, the early years of e-commerce were a mixed
success with just a tiny percentage of dot-com companies surviving. However, the
survivors have benefited from the continued growth in B2C revenues. The early years of
e-commerce can also be considered a success in that the transfer of information has been
a huge accomplishment as consumers learned to use the Web to procure information
about products they wanted to purchase (Internet-influenced commerce).
19. What are five of the major differences between the early years of e-commerce and
today’s e-commerce?
The major differences between the early years of e-commerce (the Innovation stage), the
period between 2001–2006 (the Consolidation stage), and today’s e-commerce (the
Reinvention stage) are:
• During the Innovation stage, e-commerce was primarily technology-driven. During
the Consolidation stage, it was primarily business-driven. Today’s e-commerce, while
still business-driven, is also audience, customer, and community-driven.
• During the Innovation stage, firms placed an emphasis on revenue growth, quickly
achieving high market visibility/market share. During the Consolidation stage, the
emphasis was on building profitable firms. Today, audience and social network
growth are being emphasized.
• Start-ups during the Innovation stage were financed by venture capitalists, whereas
those in the Consolidation stage were primarily financed by traditional methods.
Today, startups are once again being financed by venture capitalists, albeit with
smaller investments. In addition, many large online firms are now entering the market,
and acquiring early stage firms via buy-outs.
• During the Innovation stage, e-commerce was, for the most part, ungoverned. In the
Consolidation stage, there was a rise in the amount of regulation and governmental
controls by governments worldwide. Today, there is extensive government regulation
and surveillance.
• The Innovation stage of e-commerce was characterized by the young entrepreneurial
spirit. During the Consolidation stage, e-commerce was primarily dominated by the
retail giants. Today, large purely Web-based firms are playing a major role.
• The Innovation phase was characterized by an emphasis on deconstructing traditional
distribution channels and disintermediating existing channels. During the
Consolidation stage, intermediaries strengthened. Today, there is a proliferation of
small online intermediaries that are renting the business processes of larger firms.
• “Perfect markets” in which direct market relationships with consumers, the decline of
intermediaries, and lower transaction costs resulted in intense competition and the
elimination of brands, are being replaced by imperfect markets. Imperfect markets are
characterized by a strengthening of brand name importance, increasing information
asymmetries, price discrimination, and network effects.
Page 123 of 139

• The early years of e-commerce saw an infusion of pure online businesses that thought
they could achieve unassailable first mover advantages. During the Consolidation
stage, successful firms used a mixed “bricks-and-clicks” strategy, combining
traditional sales channels such as physical stores and printed catalogs with online
efforts. Today, there is a return of pure online strategies in new markets, as well as
continuing extension of the “bricks-and-clicks” strategy in traditional retail markets.
• The early years of e-commerce were dominated by the first movers. In the
Consolidation stage, e-commerce was dominated by the well-endowed and
experienced Fortune 500 and other traditional firms. Today, first-mover advantages
are returning in new markets as traditional Web players catch up.
20. What factors will help define the future of e-commerce over the next five years?
The factors that will help define the future of e-commerce over the next five years include:
 The technology of e-commerce—the Internet, the Web, and the number of wireless
appliances—will continue to proliferate through all commercial activity; overall
revenues will continue to rise rapidly; and the numbers of both visitors and products
and services sold will continue to grow.
 Prices will rise to cover the real costs of doing business on the Web and to pay
investors a reasonable rate of return on their capital.
 E-commerce margins and profits will rise to the level of traditional retailers. (The
difference between revenues from sales and cost of goods sold will be equal to that of
traditional firms.)
 The top e-commerce sites will increasingly obtain very well known brands from
strong, older firms.
 The number of successful purely online companies will further decline. The most
successful e-commerce firms will use both traditional marketing channels such as
physical stores, printed catalogs, and e-commerce Web sites.
21. Why is a multidisciplinary approach necessary if one hopes to understand e-

commerce?
A multidisciplinary approach is necessary in order to understand e-commerce because no
single academic discipline covers all facets of the e-commerce phenomenon. E-commerce
is primarily a technologically driven occurrence, including information technologies
developed over the past 50 years, with the Internet and the Web at the core. However,
beyond the infrastructure are the business purposes that drive the phenomenon: the
changing business models and strategies that will transform old companies and spawn
new ones. To understand e-commerce, one must understand some basic business concepts
such as: industry structures, business models, firm and industry value chains, and
consumer behaviour. They must also comprehend the nature of electronic markets and
information goods. Finally, the impact on society must be considered: global e-commerce
can have consequences for individuals concerning their intellectual property and privacy
rights. Public policy issues such as equal access, equity, content control, and taxation will
need to be addressed.
22. What is a business model?

A business model is a set of planned activities (business processes) that are designed to
result in a profit in the marketplace.
23. What are the eight key components of an effective business model?
The eight key components of an effective business model are:
Page 124 of 139

 value proposition
 revenue model
 market opportunity for the firm (the marketspace and how big it is)
 competitive environment for the firm (who the competitors are in the marketspace)
Page 125 of 139

 competitive advantage the firm brings to the marketspace (the unique qualities that set
the firm apart from others in the marketspace)
 market strategy the firm will use to promote its products and services
 organizational development of the firm that will enable it to carry out its business plan
 capabilities of the management team to guide the firm in its endeavors
24. Describe the five primary revenue models used by e-commerce firms.
The five primary revenue models used by e-commerce firms are:
 the advertising revenue model
 the subscription revenue model
 the transaction fee revenue model
 the sale revenue model
 the affiliate revenue model
The advertising model derives its profit by displaying paid advertisements on a Web site.
The goal is to convince advertisers that the site has the ability to attract a sizeable
viewership, or a viewership that meets a marketing niche sought by the advertiser. Firms
that use the subscription model offer users access to some or all of their content or
services for a subscription fee. Firms that use the transaction fee model derive profit from
enabling or executing transactions. For instance, transaction fees are paid to eBay when a
seller is successful in auctioning off a product, and E*Trade receives a transaction fee
when it executes a stock transaction for a customer. In the sales revenue model,
companies draw profit directly from the sale of goods, information, or services to
consumers. In the affiliate model, sites receive referral fees or a percentage of the revenue
from any sales that result from steering business to the affiliate.
25. What is EDI? Explain the layered architecture of EDI.

Electronic Data Interchange (EDI) is used by organizations for transactions that occur on
regular basis to a pre-determined format. It is one of the electronic commerce
technologies.
It is used in number of trade sectors for inter-organization, regular, repeat transactions.

These systems require EDI standards, EDI software, an EDI network and trading
community.
Layered Architecture of EDI:

EDI is most commonly applied in the Execution and settlement phases of the trade cycle.
In execution of a simple trade exchange, the customers’ orders can be sent by EDI and the
For settlement the supplier can use EDI to send the invoice and the customer can finish
the cycle with an electronic funds transfer via the bank and an EDI payment notification
to the supplier.
EDI can be used for Pre-Sales transactions; there have been EDI messages for
transactions such as contract but are not wisely implemented.
Page 126 of 139

EDI can be used for After -Sales transactions but only if they were in a standardized
26. Why is targeting a market niche generally smarter for a community provider than
targeting a large market segment?
Targeting a market niche is generally a smarter strategy for a community provider than
targeting a large market segment because targeting large market segments will only pit a
company against bigger and more established competitors. Small sub segments of larger
markets have a greater potential for growth without the intense competitive pressure.
Communities that place a strong emphasis on the advertising revenue model will find
marketers more interested in placing ads on a site that targets a specific niche.
27. Besides music, what other forms of information could be shared via peer-to-peer
sites? Are there legitimate commercial uses for P2P commerce?
Some other forms of information that could be shared through peer-to-peer sites using
shareware are organizational materials and digital video. You can use P2P software to
efficiently distribute massive amounts of information across an organization, and also
make it searchable. P2P software can be used to transmit movies over the Internet as
encrypted files. Furthermore, it can be used to search other computers for the sorts of
information found on Web sites. For example, it can establish a direct peer-to-peer
exchange where buyers could gather information, check out suppliers, and collect prices
not from a centralized server hub, but directly from each of the supplier’s client server
computers.
28. Besides advertising and product sampling, what are some other market strategies a
company might pursue?
One market strategy is to form strategic alliances with business partners who will help
you to attract new customers and extend your market reach. Another market strategy is to
use product name, packaging, and advertising to create a distinct mood or feeling about
each of your product lines, and carefully target each line to a specific audience. Some
Page 127 of 139

firms may choose to pursue a marketing strategy that positions them as a “one-stop-shop”
which carries a broad based line of products, saving the customer search time. Others may
choose to position themselves as category experts who have an in-depth and “personal”
knowledge of their customers. Such firms will offer extensive customer support networks
to assist their customers in their purchasing decisions and will advertise themselves
accordingly. One critical factor is that a company needs to find a way to differentiate
itself from the competition.
29. Why is it difficult to categorize e-commerce business models?
It is difficult to categorize e-commerce business models because the number of models is
limited only by the human imagination, and new business models are being invented
daily. Even within the broad-based generic types, there are overlaps, and fundamentally
similar business models may appear in more than one. The type of e-commerce
technology used can also affect the classification of a business model. Also, some
companies may employ multiple business models. For example, eBay is essentially a C2C
marketplace, but also functions as a B2C market maker, and in addition, has an m-
commerce business model.
30. Besides news and articles, what other forms of information or content do content
providers offer?
Besides news and articles, content providers may also supply music, photos, video,
artwork, educational materials, or games.
31. What is a reverse auction? What company is an example of this type of business?
A reverse auction is one in which a consumer offers to pay a certain price for a product or
service and the bid is either accepted or not. The premier example of this type of business
is Priceline, in which the consumer makes an offer for airline tickets, hotel rooms, car
rentals, and other travel accommodations.
32. How have the unique features of e-commerce technology changed industry structure
in the travel business?
The ubiquity of e-commerce has created new marketing channels and expanded the size
of the overall market. The global reach of e-commerce has changed industry structure by
lowering barriers to entry, but at the same time expanding the market. The costs of
industry and firm operations have decreased, enabling global competition. The universal
standards of e-commerce have also lowered barriers to entry and intensified competition.
However, firms have cheaper costs for computing and communication enabling broad-
scope business strategies.
The richness of e-commerce reduces the strength of distribution channels, decreases a

firm’s reliance on traditional sales forces, and helps a firm develop better post-sales
support strategies. Firms can use the interactive properties of e-commerce to develop
differentiation strategies and customization techniques to reduce the threat from
substitutes. Interactivity, personalization, and customization techniques also decrease a
firm’s reliance on traditional sales forces, helping them to reduce operational costs. Using
these techniques, some firms are successful in differentiating themselves from the
competition, thereby raising barriers to entry for potential competitors. The information
density of e-commerce weakens powerful sales channels, shifting some bargaining power
to consumers. It also lowers the operational costs for firms associated with obtaining,
processing, and distributing information about suppliers and consumers.
33. What are the three basic building blocks of the Internet?
Page 128 of 139

The three basic building blocks are packet switching, the Transmission Control
Protocol/Internet Protocol (TCP/IP) communications protocol, and client/server
computing.
 Packet switching is a method of splitting messages up into parcels, routing them
along available communications paths, and reassembling them at the destination
point.
 The TCP protocol is the set of rules that specifies how these messages should be
formatted, ordered, compressed, and error checked. The IP protocol provides the
addressing scheme for the Internet.
 Client/server computing refers to networks of powerful client computers that are
connected to one or more server computers. The clients are powerful enough to
display, process, and store very large files including graphics and sound files. The
servers are dedicated to common functions that all of the clients need including
file storage, and they also house many software applications and utility programs
that the clients frequently use.
34. What is latency, and how does it interfere with Internet functioning?
Latency is a delay in messages caused by the uneven flow of information packets through
the network. It interferes with the functioning of the Internet today because with
streaming video or synchronous communication transmissions, there may be noticeable
gaps causing the video or voice to arrive looking or sounding jerky.
35. Explain how packet switching works.
In packet-switched networks, messages are broken up into fragments (packets) and a
digital code with the source address is attached. Sequencing and error-control instructions
are also added. Instead of being sent directly to their destination, the packets travel
between router computers that interconnect the thousands of networks that make up the
Internet. The routers use programs called routing algorithms to ensure that each packet
takes the best available communication path toward its destination. If some lines are
disabled or busy, the packets can be sent along any available line. At the destination
point, the packets are reassembled and delivered. This method enables nearly full use of
all of the available communication lines and capacity.
36. How is the TCP/IP protocol related to information transfer on the Internet?
The TCP/IP protocol determines how messages are formatted, compressed and error-
checked, and how they are addressed so that they reach the correct destination in the
correct order and format. TCP establishes the connections between sending and receiving
computers, and it handles the assembly of packets at the point of transmission and their
reassembly at the receiving end. IP provides the Internet’s addressing scheme, and is
responsible for the actual delivery of the packets.
37. What technological innovation made client/server computing possible? What impact
has client/server computing had on the Internet?
The technological innovation that made client/server computing possible is the personal
computer. Without the invention of the PC and local area networks, we would not have
the Internet and the Web. In client/server computing, capacity can be expanded constantly
by adding servers and clients to the network. A client/server network is much less
vulnerable than the centralized computing architecture that preceded it because if one
server malfunctions, backup servers can take over. If a client is down, the rest of the
system continues to operate without a hitch. The processing load can be balanced over
many powerful, smaller machines rather than being concentrated in a single huge
mainframe computer, both the software and the hardware can be more economically built.
38. Despite the number of PCs connected to the Internet, rich information sharing is
still limited. Why?
Page 129 of 139

Rich information sharing is still limited because much of the Internet’s infrastructure is
already over 30 years old. Bandwidth limitations throughout the backbone, and especially
to most small businesses and houses, cause congested service and only a limited ability to
transmit video and voice files. Because packet switching involves the use of a circuitous
route, latency causes uneven transmission of these files. Today’s Internet also gives each
packet the same level of service no matter who the user or what type of file. A higher
quality of service will have to be developed in which packets are given priority service
based upon the type of content they contain in order for information sharing to continue
to improve. Furthermore, there are some architectural limitations that slow Internet
transmissions down: a file cannot be transmitted once to all who request it. Instead, the
file must be downloaded separately to each person placing a request. Finally, there are
some language development limitations as HTML, the language of Web pages, is not
adequate for defining and communicating databases, business documents, and graphics.
39. Why isn’t the Internet overloaded? Will it ever be at capacity?
The Internet is not overloaded and will never be at capacity because client/server
computing is highly extensible. Capacity can be continually expanded by adding client
computers and server computers to the network. In this way, the population of Internet
users can continue to grow indefinitely. It is also not overloaded because the Internet
architecture is built in layers so that each layer can change without disturbing
developments in other layers.
40. Compare and contrast intranets, extranets, and the Internet as a whole.
An intranet is a TCP/IP network located within a single organization whose function is to
fulfil the communication and information processing needs of the organization. An
extranet on the other hand, is formed when organizations allow outsiders to access their
internal TCP/IP network. For example, a company may permit suppliers to gain access to
their intranet in order to view information (like production schedules or inventory
allotments) so that the suppliers will know when the company will need to restock. It is
the exact same technology that enables the operation of the Internet. It provides
capabilities for private or governmental organizations to operate their own internal
networks and to create extranets to allow for the exchange of information across
organizational boundaries. All of the protocols that are used on the Internet are also used
on private intranets and extranets. Also, all applications available on the Internet are
compatible with intranets and extranets.
41. What are the four major limitations of today’s Internet?
The four major limitations of today’s Internet are bandwidth, quality of service, network
architecture, and language development. There is insufficient bandwidth capacity
throughout the backbone, the metropolitan switching centres, and most importantly, to the
houses and small businesses at the end of the information pipeline. Due to insufficient
bandwidth and the circuitous nature of packet switching, video and voice traffic suffers
from latency. This causes these types of messages to arrive with noticeable delays and a
jerky quality. Because today’s Internet uses “best efforts” quality of service, each packet
is provided with the same level of service. This means that all packets travelling through
the communication system are treated the same, no matter who is sending them or what
type of message they are.
Network architecture restrictions also limit the performance of the Internet. A thousand
requests for the same file result in a server having to download the file one thousand
times rather than being able to transmit it once to all one thousand computers at the same
time. This significantly slows down network performance. Finally, HTML, the language
Page 130 of 139

for displaying Web pages, has proven to be insufficient for displaying rich documents
such as database files, business documents, and graphics.
42. What are some of the challenges of policing the Internet? Who has the final say
when it comes to content?
One challenge of policing the Internet is that there are multiple organizations that
influence the system and monitor its operations. It is hard to make the Internet conform to
the laws of the sovereign nation states in which it operates, and it is difficult to enforce
the various and often contradictory laws of all of these nations. Many countries want to
put far stricter restrictions on freedom of expression than the United States does. Different
cultures have different social morals, and what is acceptable in some countries is
decidedly not in others. The issue of who has the final say is also quite controversial and
varies from country to country. For instance, in China, the Chinese government has “the
final say” about what content is available to viewers who access the Internet from within
China. Other countries also regulate the availability of certain types of content. Critics
complain that attempting to create “legal harmony” will result in major content
restrictions on the Internet with only content that is legally acceptable worldwide being
made accessible.
43. Why was the development of the browser so significant for the growth of the Web?
The development of the browser was an extremely significant breakthrough that enabled
rapid growth of the Web. Once it progressed from a simple line interface device to a
graphical user interface (GUI), it made it possible to view documents with colored
backgrounds, images, and animations. Besides the natural interest stimulated by viewing
such documents, the graphical Web browser also created the possibility of universal
computing: the sharing of files including graphics, sound, video, and all sorts of different
information by all computer users in the world, no matter what platform or operating
system they were using. A browser could be made for each operating system, and Web
pages created for one system could be displayed either exactly or nearly the same on a
computer using a different operating system.
44. Name the six main pieces of the e-commerce site puzzle.
The six main pieces of the e-commerce site puzzle are the organizational capabilities and
human resources you will need to build and manage the site, the hardware, the software,
the telecommunications infrastructure you will need to meet the demands of your
customers, and the site design you will need to implement your business objectives.
45. Discuss the differences between a simple logical and simple physical Web site design.
A simple logical design for a Web site describes the flow of information at the site
including the processing functions that must be performed and the databases that will
provide information. It also includes a description of the security and emergency backup
procedures and the controls that will be used in the system. A simple physical design, on
the other hand, translates the logical design into the physical components that will be
needed such as the servers, software, and size of the telecommunications link, backup
servers, and security system.
46. Why is system testing important? Name the three types of testing and their relation
to one another.
System testing is important because there can be up to thousands of different pathways
within a typical e-commerce Web site and you must make sure that customers can find
what they want easily and quickly and, most importantly, that they can complete a
purchase without a hitch. The three types of testing that must be completed are unit
testing, which involves checking each program module; system testing, which includes
testing the site as a whole in the way a “typical” user might navigate and make requests
for functionality; and acceptance testing, which requires the firm’s key personnel and
Page 131 of 139

managers to use the system to verify that the business objectives as originally conceived
are being met.
47. Compare the costs for system development and system maintenance. Which is more
expensive, and why?
The costs for system maintenance for an e-commerce Web site, can run anywhere from
50 percent to 100 percent, per year, of the original systems development costs. For small
sites the annual maintenance cost can parallel the development costs, with larger sites
achieving some economies of scale. Maintenance is more expensive because e-commerce
sites are always in a process of change, improvement, and correction. E-commerce sites
are in fact, never finished. They are always in the process of being built and rebuilt.
48. Why is a Web site so costly to maintain? Discuss the main factors that impact cost?
Web sites are so costly to maintain because code must be debugged, hyperlinks must be
tested and repaired continually; emergencies must be handled; and reports, data files, and
links to backend databases must be maintained and updated as necessary. General
administrative tasks of the site require attention including updating the products and
prices. Changes and enhancements to the system are also continually being made so that
the site is always adapting to changing market conditions. All of this requires a Web team
that includes programmers, designers, and business managers from the marketing, sales
support, and production departments. This will ensure timely response to customer
feedback and that the site is adequately monitored for correct prices and links with
updated page display.
49. What are the main differences between single-tier and multi-tier site architectures?
Single-tier site architecture simply consists of a server machine running the basic Web
server software. Multi-tier site architecture, on the other hand, provides much more
functionality by linking a Web server layer that can include multiple Web servers to a
middle tier that includes many Web application servers, which provide a wide variety of
transaction processing tasks. This middle layer is also linked to a backend layer that
includes existing databases, human resources systems, corporate applications, financial
data, and enterprise systems. A multi-tiered site typically employs several or more
physical computers each running some of the software applications and sharing the
workload across many computers.
50. What are the three main factors to consider when choosing the best platform for
your Web site?
In choosing the best platform to use for your Web site, the three main factors to consider
are:
 The anticipated number of simultaneous users who will likely visit your site
 the customer user profile with their expected requests and behaviour while at the site,
and
 the nature of the content on your site
The more visitors you have, the greater the demand will be on your system. If the users
will be viewing dynamic pages and large multimedia files, far more capacity will be
required.
51. What are the eight most important factors impacting Web site design, and how do
they affect a site’s operation?
The eight most important factors impacting Web site design are:
(i) Functionality: The site must have pages that load quickly, perform correctly, and send
the user to the requested information about the product offerings.
(j) Informational: The site must have links that the customer can find easily in order to
obtain information about the company and the products it offers.
(k) Ease of use: The site must have a simple foolproof navigation scheme.
Page 132 of 139

(l) Redundant navigation: The site must have alternative paths to reach the same content.
(m)Ease of purchase: There should be no more than one or two clicks required for the
purchasing procedure.
(n) Multibrowser functionality: The site should work with the popular browsers.
(o) Simple graphics: The site should not use distracting graphics and/or sounds that the
user cannot control.
(p) Legible text: The site should avoid the use of backgrounds that distort text or make it
difficult to read.
Failure to pay attention to these factors will adversely affect the operation of a site because
users will find the site frustrating to navigate and view, they will have difficulty obtaining
information about the products, and they will determine that making a purchase will be far
too complicated.
52. Name and describe three tools used to treat customers individually. Why are they
significant to e-commerce?
The primary method for treating customers individually through personalization and
customization is the placement of cookie files on the user’s client machine. Cookies can
be used to store information about the customer such as their customer ID, a campaign
ID, and their prior purchases from the site. When a user returns to a site, the prior viewing
and purchasing behavior can be accessed from a database, and the customer can be
greeted by name and related products can be recommended.
Other tools that enable personalization and customization include tools for interactivity
and active content, such as CGI scripts, Active Server Pages, and Java Server Pages.
Personalization and customization are significant to e-commerce because they can
potentially make it nearly as powerful as a traditional marketplace and perhaps even more
powerful than direct mail or shopping at an anonymous suburban shopping mall.
Speaking directly to a customer and tailoring a product to that customer are potentially
powerful marketing tools that could help to increase sales and revenues.
53. What are some of the policies e-commerce businesses must develop before launching
a site and why?
Some of the policies that an e-commerce business site must develop prior to launching are
a privacy policy, accessibility rules, and financial reporting policies. The privacy policy is
a public statement detailing to customers how the personal information that is gathered at
the site will be treated. Accessibility rules are a set of design objectives that ensure
disabled users can effectively access a site.
54. Why is it less risky to steal online? Explain some of the ways criminals deceive
consumers and merchants.
The potential for anonymity on the Internet can allow criminals to assume identities that
look legitimate and at the same time, shield them from law enforcement agencies. Using
these assumed identities, criminals can place fraudulent orders with online merchants,
intercept e-mail, steal customer information, and shut down e-commerce sites using
software viruses.
55. Explain why an e-commerce site might not want to report being the target of
cybercriminals.
E-commerce sites are often hesitant to report that they have been the target of
cybercriminals because companies fear losing the trust of consumers. The actual amount
of crime is difficult to estimate because of these fears. Companies fear that if they reveal
Page 133 of 139

the full extent of the theft of proprietary information and financial fraud legitimate
customers will lose confidence in the e-marketing channel and will take their business
back offline.
56. Give an example of security breaches as they relate to each of the six dimensions of
e-commerce security. For instance, what would be a privacy incident?
• Integrity: This is the ability to ensure that information being displayed on a Web
site or being transmitted/received over the Internet has not been altered in any way
by an unauthorized party. One type of integrity security breach would be an
unauthorized person intercepting and redirecting a bank wire transfer into a
different account.
• Nonrepudiation: the ability to ensure that e-commerce participants do not deny
their online actions. An example of a repudiation incident would be a customer
ordering merchandise online and later denying that he or she had done so. The
credit card issuer will usually side with the customer because the merchant has no
legally valid proof that the customer ordered the merchandise.
• Authenticity: Authenticity is the ability to identify the identity of a person or
entity you are transacting with on the Internet. One instance of an authenticity
security breach is “spoofing,” in which someone uses a fake e-mail address, or
poses as someone else. This can also involve redirecting a Web link to a different
address.
• Confidentiality: The ability to ensure that messages and data are available only to
authorized viewers. One type of confidentiality security breach is “sniffing” in
which a program is used to steal proprietary information on a network including e-
mail messages, company files, or confidential reports.
• Privacy: The ability to control the use of information a customer provides about
him or herself to an e-commerce merchant. An example of a privacy security
breach is a hacker breaking into an e-commerce site and gaining access to credit
card or other customer information. This violates the confidentiality of the data
and also the privacy of the people who supplied the data.
• Availability: This is the ability to ensure that an e-commerce site continues to
function as intended. One availability security breach is a DoS (Denial of Service)
attack in which hackers flood a Web site with useless traffic that causes it to shut
down, making it impossible for users to access the site.
57. Name the major points of vulnerability in a typical online transaction.

The major points of vulnerability are at the client level, at the server level, and over the
Internet communications channels.
58. How does spoofing threaten a Web site’s operations?
Spoofing can redirect customers to a knock-off Web site where the customers are fooled
into completing an online order with a fraudulent or different company from the one with
whom they intended to do business. In this way, business can be stolen away from a site.
Spoof hackers can also alter orders by inflating them or changing the products ordered.
The orders can then be sent on to the original site for processing and delivery. Customers
will become irate at the poor customer service and will take their business elsewhere.
Huge inventory fluctuations caused by these actions can also significantly harm
operations.
59. Why is adware or spyware considered to be a security threat?
Spyware and (to a lesser degree) adware are considered to be security threats because
they are covertly placed on Web users’ computers, where they then collect and distribute
Page 134 of 139

private personal information. Spyware can obtain passwords, e-mail and instant
messages, and so on, whereas adware is slightly less harmful once installed.
60. What are some of the steps a company can take to curtail cybercriminal activity
from within a business?
One measure a company can take is to implement access controls to determine which
insiders can gain access to the firm’s networks. Insider access controls typically consist of
login procedures using usernames, passwords, and access codes. Authorization
management systems regulate where and when a user is permitted to access certain parts
of a Web site. Entry rules are established up front for each user, and the authorization
management system “knows” who is permitted to go where at all times. The authorization
management system encrypts a user session and functions like a passkey following a user
from page to page and only allowing access to areas where the user has been granted
permission based on data that has been entered in the system database.
61. Explain some of the modern-day flaws associated with encryption. Why is
encryption not as secure today as it was earlier in the century?
Public key encryption is computationally slow: if 128 or 256-bit keys were used to
encode large documents, transmission speeds and significant increases in processing
times would occur. Symmetric key encryption is computationally faster, but requires that
the sender and the receiver share the same key, which must be sent over insecure
transmission lines. Encryption is also not as secure today as it was earlier in the century
because computers are so much more powerful and faster, that ancient means of
encryption can be easily broken. Furthermore, in order to effectively use symmetric key
encryption for commercial uses today, you would need a secret key for each of the parties
in a transaction: one for the bank, one for the merchant, and one for the government.
Thousands of millions of keys would be needed to accommodate all e-commerce users.
62. Briefly explain how public key cryptography works.
Public key cryptography solves the problem of exchanging keys by creating a
mathematically related public key and private key. The private key is kept secret by the
owner, whereas the public key is widely disseminated. The main concept behind this
method is that a one-way, irreversible mathematical function is used to produce the keys.
Both keys can be used to encrypt and decrypt a message, but after it is encrypted, the
same key cannot be used to decrypt a message. Only a person with possession of the
recipient’s private key can decrypt a message. The addition of a digital signature ensures
the authenticity of the message and guarantees nonrepudiation. The sender uses his or her
own private key to encrypt the message along with a hash function, which has been added
to create a unique digest of the message. When used with the hash function, the digital
signature is even more unique than a handwritten signature. This irreversible process
creates a cipher text that can be read only by the recipient using his or her private key.
63. Compare and contrast firewalls and proxy servers and their security functions.
Firewalls and proxy servers are used to build a wall around private networks as well as
the attached servers and clients. Firewalls refer to either hardware or software that filter
communication packets and prevent packets from entering the network based on a
security policy. Proxy servers are software servers that handle all communications
originating from or being sent to the Internet. Their primary function is to limit the access
of internal clients to external Internet servers; user HTTP requests are routed to a proxy
server. The user and the nature of the request must be validated before the request is sent
on to the Internet. Pages sent by external Internet servers must pass through the proxy
server and be deemed acceptable before they can enter the internal network and be routed
to the client machine. Proxy servers also improve Web performance by storing frequently
Page 135 of 139

used pages locally, reducing upload times, and hiding the internal network’s address so
that hackers will have a difficult time monitoring the network.
64. Identify and discuss the five steps in developing an e-commerce security plan.
The five steps in developing an e-commerce security plan are:
• Perform a risk assessment: First, an inventory of the information and knowledge
assets of a company is taken, and a dollar value amount is placed on each asset. Then,
this amount is multiplied by the estimated probability that the information could be
compromised. This computation is used to produce a ranked list of the information
assets of the firm prioritized by their value.
• Develop a security policy: A set of statements should be developed that prioritizes the
information risks, identifies acceptable risk targets, and sets out the goals for
achieving these targets. Included in the security policy should be a list of the
personnel who are or will be entrusted with the information assets. It should also
include a description of the security policies that presently exist for these assets and
suggestions for improvements. Finally, it should outline the level of risk the firm is
willing to accept for each asset, and the estimated cost to achieve this level of
acceptable risk.
• Develop an implementation plan: The actions that must be taken to achieve the
security plan goals must be set out. The tools, technologies, policies, and procedures
needed to achieve the acceptable levels of risk must be developed.
• Create a security organization: A security organization must be established that will
train users and keep management apprised of the security threats and breakdowns.
The access controls that will determine who can gain legitimate access to the firm’s
networks and the authentication procedures that will be used to protect data from
intruders must be determined. Authorization policies must also be established for the
differing levels of access to information assets for different users.
• Perform a security audit: A security audit must be conducted to identify how outsiders
are using the site and how insiders are accessing the site’s assets. A monthly report
should be generated that will establish the routine and nonroutine accesses to the
system and identify any unusual patterns.
65. How do biometric devices help improve security? What particular type of security
breach do they particularly reduce?
Biometric devices help improve security by working in conjunction with digital
signatures to ensure the authenticity of messages. They guarantee nonrepudiation by
verifying the physical attributes of an individual. Fingerprints, retina scans, or speech
recognition systems can be used to identify individuals before they are allowed to access
a Web site or pay for merchandise with a credit card. Biometrics devices also make a
spoofing security breach less likely by making it more difficult for hackers to break into a
site.
66. Compare and contrast stored value payment systems and checking transfers.
Stored value payment systems are created by depositing funds into accounts from which
funds can be withdrawn as needed. They are similar to checking transfers in that funds are
stored and withdrawn, but a paper check need not be written. Stored value payment
systems include prepaid phone cards, debit cards, gift certificates, and smart cards. Both
stored value payment systems and checking transfers are dependent upon funds being
available in an account. Neither is convertible without intermediation, and both involve
only a small transaction fee for large purchases. However, stored value systems do not
give the consumer any float time, and they are more expensive for the merchant because
special hardware is required to read and process the stored numbers on the cards.
Page 136 of 139

67. Why is a credit card not considered an accumulating balance payment system?
A credit card is not considered an accumulating balance system because the balance
accumulated is not restricted to a certain time period. Utility and phone accounts
accumulate a balance that must be paid in full at the end of a time period (usually one
month). Credit cards, however, permit purchases to be made on a deferred payment plan
with no restriction on time and interest charged on the balance due. Whereas credit cards
involve a significant transaction cost for small purchases, accumulating balance systems
involve only a small transaction cost for small purchases.
68. Name six advantages and six disadvantages of using cash as a form of payment.
The advantages of using cash as a form of payment are:
• It is instantly convertible without intermediation.
• It involves only a very low or no cost transaction for small purchases.
• There are only low fixed transaction costs for the merchant for such items as cash
registers and safes.
• There is no financial risk for the merchant.
• It is an anonymous payment system for both the consumer and the merchant.
• It is a tamper-proof payment system.
• It does not require any authentication.
• The sale cannot be repudiated (an advantage for the merchant).
• No expensive special hardware is required to complete a sale.
The disadvantages of using cash as a form of payment are:

• It is difficult, or would require significant transaction costs, to use for large
purchases such as a house or a car.
• There is financial risk to the consumer in carrying cash for purchases as it can be
easily lost or stolen.
• It does not provide any float time for the consumer: there is no time period between
the purchase of the item and the actual payment.
• Cash purchases tend to be final and irreversible unless the seller agrees upon a return
policy.
• There is no security against unauthorized use.
69. Describe the relationship between credit card associations and issuing banks.
Credit card associations such as Visa and MasterCard are nonprofit organizations that set
the standards for the banks that issue the credit cards. The banks are the institutions that
actually issue the cards, process the transactions, receive and calculate the payments, and
charge and receive the interest. Third party processing centers or clearinghouses usually
handle verification of accounts and balances.
70. Name four improvements Web merchants could make to encourage more browsers
to become buyers.
Improvements that Web merchants could make to encourage more browsers to become
buyers are:
• Target the goal-oriented, intentional shoppers with communications directed at them.
• Design Web sites to provide easy-to-access and simple-to-use product information.
• Make it easier to comparison shop.
• Make it easier to return merchandise.
• Create policies for better credit card and personal information security.
• Make it easier to locate items on the Web site.
• Create customer service facilities where users can get the answers to their questions
and product advice.
Page 137 of 139

• Increase delivery speeds.
• Present products more clearly.
• Create loyalty reward programs.
• Make the buying process quicker to complete.
• Name the five stages in the buyer decision process, and briefly describe the online and
offline marketing activities used to influence each.
71. Name five basic functionalities a Web server should provide.

The basic functionalities a Web server should provide are:
(a) processing HTTP requests (requests for HTML pages)
(b) providing security services to verify the username and password or process the
certificates and private/public key information required for credit card processing
(Secure Sockets Layer or SSL)
(c) processing FTP requests (transfers of very large files from server to server)
(d) providing search engine services
(e) capturing data such as logs of visits, time, duration, and referral sources
(f) providing e-mail services including the ability to send, receive, and store e-mail
(g) providing site management tools to calculate and display key site statistics such as
unique visitors, page requests, and the origin of requests, as well as to check the links
on the site
72. List and describe some Web site design features that impact online purchasing.
Some Web site design features that impact online purchasing are:
 Compelling experience: Sites that offer entertainment and interactivity along with
commerce or that are perceived as “fun” to use, are more successful in attracting and
retaining visitors.
 Short download times: Sites that take too long to download will experience higher
abandonment rates, although this can be diminished somewhat by providing online
amusement to distract the consumer.
 Simplicity of design: The most important aspects of site design for generating sales are
product list navigation and choice features that save consumers time.
 Interactive consumer decision aids: Recommendation agents (programs) that are used to
recommend a product based on the consumer completing a survey, a review of the
consumer’s profile, or based on the purchases of other consumers who have bought the
same product can also drive sales.
 Responsiveness to consumer inquiries: Prompt and complete responses through
automated customer response systems or online customer service centres can also
positively affect return visits and purchases.
73. Why did most communities in the early days of e-commerce fail? What factors
enable some online social networks to prosper today?
Most communities in the early years of e-commerce failed because non-commercial could
not survive or grow based on subscription fees alone and most for-profit communities
experienced great difficulty in generating profits. The costs of content, technology, and
customer acquisition as well as the marketing required to achieve a large audience,
typically overwhelmed the weak stream of revenues from advertising,
tenancy/sponsorship, and subscriptions for premium content. The availability of venture
capital finance and Internet technology resulted in many sites serving the same interest
and affinity groups, splitting the market into fragments, making it impossible for any one
of them to become profitable.
Page 138 of 139

The factors that may enable some online vertical communities to prosper today are first,
consolidation, which may enable them to attract sufficient market share to become
profitable. Second, some are focusing on narrow vertical communities of intensely
interested members and keeping marketing costs to a minimum. Third, some are showing
signs of enjoying network effects, becoming the dominant players in their small vertical
niches. Fourth, as the Internet audience becomes more sophisticated and targeted in its
behaviour, engaging in less general surfing and more purposive use of the Internet, online
vertical communities may yet prosper.
Page 139 of 139

E Commerce Notes

Uploaded by

Copyright:

Available Formats

You might also like

E Commerce Notes

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

E Commerce Notes

Uploaded by

Copyright:

Available Formats

BIT 412 E-COMMERCE

ACADEMIC YEAR: 2020/2021

LECTURER: DR. ROSELIDA MAROKO ONGARE

Email Address: rongare@kibu.ac.ke

AIM/PURPOSE: This course focuses on e-commerce and e-commerce application. It

Course Hours per Week: Class 3. Semester Hours Credit 3.

EXPECTED LEARNING OUTCOMES

2 Business to business infrastructure

9 Internet Business strategy

E-commerce (Electronic Commerce)

Electronic commerce draws on technologies such as mobile commerce, electronic funds

Many define mobile commerce as a retail outlet in your customer’s pocket.

Differences between e-commerce and e-business

Why study e-commerce?

The nature of e-commerce

Seven Unique Features of E-Commerce Technology

From a consumer point of view, ubiquity reduces transaction costs—the costs of

In contrast, most traditional commerce is local or regional; it involves local merchants or

Interactivity allows an online merchant to engage a consumer in ways similar to a face-to-

A number of business consequences result from the growth in information density. In e-

There are advantages for merchants as well.

Differences between E-Commerce and Traditional Commerce

For example, Amazon.com began as an online bookstore but quickly expanded

The traditional Commerce is based on the following rules.

E-Commerce has important phases:

The Historical Development of E-Commerce

Electronic Data Interchange

The dot-com boom, bust and rebirth (E-Commerce I)

Limitations that define the first wave of e-commerce:

The second wave (E-Commerce II)

The three stages of E-commerce Evolution

Business‐to‐Consumer (B2C) E-Commerce

Unlike B2C, there is a strong element of customization. For example, Priceline

Mobile Commerce (M-commerce)

Peer-to-Peer (P2P) E-commerce

Online shopping (e-tail from "electronic retail" or e-shopping)

Mobile commerce (or m-commerce) describes purchasing from an online retailer's mobile

Supply chain management (SCM)

Electronic funds transfer (EFT)

The term covers a number of different payment systems, for example:

Online advertising (online marketing or Internet advertising)

Online transaction processing (OLTP)

Electronic data interchange (EDI)

Business models, revenue models, and business processes

Traditional commerce and business processes

Classic business processes include:

Web catalogue revenue models

Digital content revenue models

Advertising-supported revenue models

Advertising-subscription mixed revenue models

Fee-for-transaction revenue models

Fee-for-service revenue models

Subscription to advertising-supported model

Advertising-supported to advertising-subscription mixed model

Advertising-supported to fee-for-services model

Advertising-supported to subscription model

By 1999, disappointed by low subscription sales, Britannica converted to a free, advertiser-

Revenue Strategy Issues