ELECTRONIC COMMERCE

SYSTEMS
• Involves electronic processing and
transmitting data
• Example
1. Electronic buying & selling of goods and
services
2. Online delivery of digital products
3. Electronic fund transfer(EFT)
 INTERNET TECHNOLOGIES
Packet switching Virtual Private Networks
-msg are divided into small packets for -private network within public
transmission network
-each packet of the msg takes a diff routes -private from client’s perspective, but
share with other users
-each packet contains add & sequence
codes -maintaining securiy & privacy in this
setting, required encryption &
authentication.

World Wide Web

Extranets
-password-controlled network
for private users rather than
the general public
-uses internet techn & the pub
telecommunication system to
securely share part of a buss
info/operations with
suppliers, vendors, partners,
customers or other buss
-internet facility that link
user sites locally and around
Internet Address
the world. 1)e-mail add
-HTML : text doc called web 2)Website URL add
page
3)Internet protocol(IP)
-HTTP : web pages are
add of ind computers
maintained at websites
attached to a network
-URL : add of target site in
the web browser
 PROTOCOLS
Definition : rules & std governing the design of
hardware & software that permit user of network
which diff vendors have manufactured to
communicated & share data
-Facilitate the physical connection -Synchronize the transfer of
data btw physical devices
btw network devices -involves defining the rules
-able to identify themselves to other for initiating msg,
determining data transfer &
devices as legitimate network entities acknowledging msg receipt.
-promote network
-provide basis for error -promote compatibility
designs that are flexible,
checking and measuring among network devices.
expandable & cost
network performance -to transmit & receive effective.
-done by comparing data successfully, must
conform to a mutually -users are free to change
measured result vs and enhance their
expectations. acceptable mode
systems
 INTERNET PROTOCOL
TRANSFER CONTROL FILE TRANSFER PROTOCOL
PROTOCOL/INTERNET
PROTOCOL -used to transfer text files, prog,
spreadsheets and databases
- Basic protocols that permits
communication between internet
across the internet.
sites -allows users to run prog and
-how ind packets data are review data from remote
formatted, transmitted & received terminal or computer

SECURITY PROTOCOLS
MAIL PROTOCOLS -SSL
-most popular protocol for -PCT
transmitting e-mail msg -SET
-PEM
 I
N
INTERNET BUSINESS MODELS
F
O
R
M
• To display info about the co, its products, services and buss
A
T policies
I • When customer access website, generally visit the homepage
O
N

L • To display info about the co, its products, services and buss
E policies
V
TRANSACTION • When customer access website, generally visit the homepage
E
LEVEL
L

• Use the internet to sell and deliver digital products to customers.

• Include subscriptions to online news services, software products
DISTRIBUTION and upgrades, music and video products.
LEVEL
 CLOUD COMPUTING
• Platform/ terminal to storage our data/application
• Middleware system(not in desktop)
• Key Features

- Resources are provided over a

- Client firm can acquire IT network
resources from vendors on dd as
needed -accessed through network terminals at
the client location

- Acquisition of resources is rapid and - Computing resources are pooled to meet

infinitely scalable. the needs of multiple client firms.
-client can expand and contract the - consequence; client no control over/
service dd instantly and often knowledge of the physical location of
automatically service being provided
 CLOUD COMPUTING
Software-as-a-Service(SaaS)
- Develop & manage their own web-based software
- Designed to serve multiple buss & users
- Require only Internet connection to access

Infrastructure-as-a-Service(IaaS)
- For storage networks & other computing needs, including
running operating systems & data processing application
- Adv ; IaaS providers owns, houses & maintains the
equipment and the client pay it on a per use basis

Platform-as-a-Service(PaaS)
- Facilities for application development, prog testing, prog
implementation, system documentation & security.
-Adv ; limited internal expertise, rapidly build and deploy
web application
 VIRTUALIZATION
• Concept of running more than one “virtual computer” on
a single physical computer.
• Runs its own application, total computing power is
multiplied with no additional hardware investment

• Increase effective network

NETWORK • Optimize network speed,
VIRTUALIZATION flexibility & improve network
scalability

• Pooling of physical storage from multiple

STORAGE network to be single virtual storage
• Allowing multiple servers to consolidate
VIRTUALIZATION their private data onto array of disks.
 RISK ASSOCIATED WITH
ELECTRONIC COMMERCE
INTERCEPTION OF NETWORK MESSAGES
- Share user ID, password confidential e-mails & fin
Intranet Risks
data files.
- Unauthorized interception network – called sniffing

PRIVILEGED EMPLOYEES AND ACCESS TO

CORPORATE DATABASE
- Risk ; employee will view, corrupt, change & copy data
Outsider bribes employees who have access privileges to
write off AR or sell P&C info.

RELUCTANCE TO PROSECUTE
- Fear of negative publicity
- Weaknesses in policy, procedures and IC
-apart from pub criticism, will likely provoke, abandon the
firm and impose restrictive buss practices
 INTERNET RISKS

RISKS TO RISKS TO
CONSUMERS BUSINESS

1) theft of credit 1) IP Spoofing –

card unauthorized access to a
web server
2) Theft of 2) Denial of service attack
password – SYN flood attack, smurf
attack & distributed
3) Consumer denial of service(DDOS)
privacy 3) Other malicious prog
SECURITY, ASSURANCE & TRUST

DIGITAL
ENCRYPTION AUTHENTICATION FIREWALLS

Conversion of data Digital Signature Used to insulate an

into secret code for orga intranet from
storage in database - Doc has been
encrypted with internet
& transmission
over networks sender private key
Network-level
firewall – basic
Sender uses Digital certificate screening low-
encryption algorithm security msg
to convert original -electronic
msg into chipertext. identification card Application-level
Receiving end, used in conjunction firewall – high-
chipertext is decoded with pub key encrypt level network
into cleartext system security
 SEAL OF ASSURANCE
• Trusted 3rd party orga. Offering seals of assurance
that buss can display on their website home pages
• 6 seal-granting orga:
1)BBB
2)TRUSTe
3)Veri-Sign, Inc.,
4)International Computer Security Association(ICSA)
5)AICPA/CICA WebTrust
6)AICPA/CICA SysTrust
 EXERCISE
• JAN 2019 – Q2(A & B)
• SEPT 2018 – Q2(A, B & C)
• JAN 2018 – Q2(B & C)
• SEPT 2017 – Q2(A & B)