BMIT 326 E-commerce

KABARAK UNIVERSITY DEPARTMENT OF COMPUTING SCIENCES Module No: Module Title: Module Leader Cell: BMIT 326 E-COMMERCE Mr. Masese 0727171725

Purpose To introduce the strategic and implementation of business issues that utilize electronic technologies To utilize electronic technologies for business implementation and/or business marketing

UNIT1 : FOUNDATIONS OF E-COMMERCE Introduction to E-commerce Categories E-Commerce based on the transacting parties Supply chain management , E-Procurement UNIT 2 : NETWORK INFRASTRUCTURE FOR E-COMMERCE Network infrastructure for E-commerce The internet, intranet and extranets as E-commerce infrastructure UNIT 3 ELECTRONIC DATA EXCHANGE AND ELECTRONIC PAYMENT SYSTEMS EDI(electronic data exchange ) Classification of electronic payment systems

Unit 4

MOBILE COMMERCE Study on mobile commerce WAP(Wireless application protocol) legal requirements in E-commerce & web security

Unit 5

Teaching and learning Strategy: Lectures, Presentations by members of the class, Case discussions, Tutorials, Assignments, Continuous assessment tests, Lab Practical, Library, appropriate software, manual/notes

prepared by Masese

BMIT 326 E-commerce

Instructional Materials/Equipment: Course text, Handouts, White board, Presentation slides, Journals Learning Outcomes By the end of the course unit a student shall be able to: Define electronic commerce as utilized in business Outline the techniques, systems and strategies involved in business electronic commerce Develop a business plan for an electronic commerce venture Describe the technology that underlies E commerce Transactions Enumerate and discuss various issues of E-commerce such as security. Payments etc Assessment Strategy: Continuous Assessment Tests: Class test I Class test II Assignments Total module work End-of-semester examination Total . Main texts 50% 100% 20% 20% 10% 50%

1) Ravi Kalakota, Andrew b.Whinston, Frontiers of Electronic Commerce, Awl International 2) .Bajaj KK and Nag Debjani, From EDI to Electronic Commerce, TataMcGraw-Hill 3) .Bajaj and Nag, Electronic Commerce: The cutting edge of Business, Tata Mcgraw-Hill 4) .Greg Holden, Starting An E-commerce Business For Dummies,2nd edition,IDG books India 5) .David Kosiur, Understanding Electronic Commerce, Microsoft Press

prepared by Masese

BMIT 326 E-commerce

FOUNDATIONS OF E-COMMERCE Electronic commerce is an emerging concept that describes the process of buying and selling or exchanging of products, services and information via telecommunication and computer network including internet Kalakota and Whinston (1997) define electronic commerce from various perspectives as : 1) From a Communication Perspective, E-Commerce is the delivery of information, products /services, orders and payments over telephone lines, computer networks or any other electronic means 2) From a Business Process Perspective, E-Commerce is the use of technology towards the automation of business translations and work flows 3) From a Service Perspective, E-Commerce is a tool that caters to the need of firms, consumers and management to cut down the translation costs while improving the quality of goods/services and increasing the speed of delivery 4) From a Online Perspective, E-Commerce provides the capacity of buying and selling products and information on the internet and other online service The infrastructure for E-Commerce is networked computing, which is emerging as the

standard computing environment in business, home and government, networked computing connects several computers and other electronic devices by telecommunication networks E-business it refers to broader definition of e-commerce i.e just not buying and selling but

also servicing customers and collaborating with business partners and conducting electronic translations within an organization

prepared by Masese

BMIT 326 E-commerce

E-business is all about globalization in business in terms of speed, cycle time, enhanced

productivity, reaching new customers and sharing knowledge across the world
E- Commerce In Action

Three primary processes are enhanced in e-business:

1. Production processes, which include procurement, ordering and replenishment of stocks; processing of payments; electronic links with suppliers; and production control processes, among others; 2. Customer-focused processes, which include promotional and marketing efforts, selling over the Internet, processing of customers purchase orders and payments, and customer support, among others; 3. Internal management processes, which include employee services, training, internal information-sharing, video-conferencing, and recruiting. Electronic applications enhance

prepared by Masese

BMIT 326 E-commerce

information flow between production and sales forces to improve sales force productivity. Workgroup communications and electronic publishing of internal business information are likewise made more efficient

E-commerce can take many forms depending upon the degree of digitization of the product/ services sold the delivery process and the payment process. A product can be physical or digital, a payment process can be physical or digital and a delivery process can be physical or digital (pure commerce & partial commerce) GOALS OF ECOMMERCE The goals of ecommerce include reducing the costs associated with transactions, lowering product cycle times, improving the speed of customer response, and improving service quality. Most of these goals have been partially fulfilled. However, there is still a lot of progress to be made in these areas Others include Access new markets and extend service offerings to customers 1) 2) 3) 4) 5) Broaden current geographical parameters to operate globally Reduce the cost of marketing and promotion Improve customer service Strengthen relationships with customers and suppliers Streamline business processes and administrative functions

Categories E-Commerce based on the transacting parties

prepared by Masese

BMIT 326 E-commerce

Business Categories: A business organization can organize itself to conduct e-commerce with its trading partners, which are businesses, and/or with its customers. The resulting modes of doing business are referred to as Business-to-Business (B2B), and Business-to-Customer (B2C) e-commerce. There is yet another category of e-commerce, referred to as Customerto-Customer (C2C) 1) B2B: BUSINESS TO BUSINESS B2B Websites and Trading Transactions:This is e-commerce between businesses. The exchange of products, service or information between businesses on the Internet in B2B ecommerce. Some examples of B2B websites include company websites, product supply and procurement exchanges, specialized or vertical industry portals, brokering sites, information sites, and banking and financial sites that provide information for its business customers and employees. 2) B2C: Business with Retail transactions: This is business-to-consumer e-commerce. It may be defined as any business selling its products or services to consumers over the Internet for their own use 3) C2C: Virtual Market place with consumer to consumer: This is consumer-to-consumer e-commerce. A virtual marketplace on the Internet in the form of a website enables sellers and buyers to meet and exchange goods, including used goods, at a negotiated price in C2C 4)Consumer To Business this category includes individuals who sell products and services to organizations for example online consultancy to a business manufacturing machine parts The Driving forces for E-commerce Todays business environment is influenced greatly by markets, economical, societal and

prepared by Masese

BMIT 326 E-commerce

technological factors Market and economic pressure
1) Strong competition 2) Global economy 3) Extremely low labour cost in some countries 4) Frequent changes in market demands 5) Increased expectations 6) Awareness among consumers

Societal and environmental pressure

1) Reduction in government subsidies 2) Increased importance of ethical and legal issues 3) Rapid political changes

Technological pressure
1) Rapid technologies 2) Information overload (availability of information from different sources)

prepared by Masese

BMIT 326 E-commerce

An electronic market translations chart

Purchaser 1/3 2/8 8 Sellers bank

Purchasers bank

Seller/Supplie rs
Paymen 10

payme nts

4 9
Automated clearing house

t advice

11. Request for payment

5. Verification of credit status 6. Status of credit card ok 6 status of credit card ok 12 payment

1-Product/ service information request 2 - Product/ service information 3. Purchase request with payment (eg credit card no) 4. Authentication of purchaser and verification of credit status 7. Status of credit card ok 8. Purchase/service delivery (if online) or shipping document 10. Payments

prepared by Masese

BMIT 326 E-commerce

Unique Features of E-commerce Technology Global reach The technology reaches across national boundaries, around Earth Effect: Commerce enabled across cultural and national boundaries seamlessly and without modification Market space includes, potentially, billions of consumers and millions of businesses worldwide Ubiquity Internet/Web technology available everywhere: work, home, etc., anytime. Effect: Marketplace removed from temporal, geographic locations to become market space Enhanced customer convenience and reduced shopping costs Global reach The technology reaches across national boundaries, around Earth Effect:

prepared by Masese

Commerce enabled across cultural and national boundaries seamlessly and without modification Market space includes, potentially, billions of consumers and millions of businesses worldwide Universal standards One set of technology standards: Internet standards Effect: Disparate computer systems easily communicate with each other Lower market entry costscosts merchants must pay to bring goods to market Lower consumers search costseffort required to find suitable products Personalization/Customization Technology permits modification of messages, goods Effect Personalized messages can be sent to individuals as well as groups Products and services can be customized to individual preferences Social technology The technology promotes user content generation and social networking Effect New Internet social and business models enable user content creation and distribution, and support social networks

BMIT 326 E-commerce

10

prepared by Masese

BMIT 326 E-commerce

E-COMMERCE APPLICATIONS SUPPLY CHAIN MANAGEMENT It is a network of relations that organizations maintain with trading partners to source, manufactures and deliver the products it consist of the facilities for acquiring the raw materials, transferring them and storing the intermediate products and selling finished goods, SCM is the co-retardation of material, information and financial flows SCM BUSINESS OBJECTIVES 1) to get the right product, right place at the least cost 2) to keep inventory as low as possible 3) to reduce the cycle times between customer orders and dispatch of finished goods SCM COMPONENTS 1) SUPPLIER MANAGEMENT: It is concerned with building relations with geographically dispersed suppliers and also reducing the number of suppliers though e-commerce 2) INVENTORY MANAGEMENT: It is concerned with shorting the cycle between order and dispatch and keeping the inventory levels to minimum 3) CHANNEL MANAGEMENT : It is concerned with disseminating information about changing patterns ) 4) DISTRIBUTION MANAGEMENT : it is concerted with using EDI to move document(eg shipping information) trading partners 5) PAYMENT MANAGEMENT :it is concerned with sending and receiving the payments operating operations conditions(policies, prices, delivery, schedules to trading

between companies and supplies electronically through electronic funds transfer(EFT) 6) SALES FORCE MANAGEMENT: is concerned with improving the communications and flow of information among the sales, customers services and production functions through automation

11

prepared by Masese

BMIT 326 E-commerce

E-PROCUREMENT E- procurement has shifted the procurement paradigm from paper to automation thereby increasing efficiently and effectiveness efficiency through lowering procurement cost, fast cycle times, elimination of unauthorized buying effectiveness though increased control over supply chain, higher quality purchasing decisions

GOALS OF E- PROCUREMENT 1) Reduce in purchase cycle time and cost 2) enhancement in budgetary control 3) elimination of administrative errors 4) increase in buyer 's productivity 5) improvement in payment process

Product selection

Requisition

Approval cycle

B2B e- commerce
e-payments

Purchase order

Supplier fulfillment

Product received

Product shipped

Physical or digitally delivery

12

prepared by Masese

BMIT 326 E-commerce

E -PROCUMENT CHAIN FUNCTIONS 1) Management control management control deals with decisions on which products are availably to different employees departments and projects 2) on line product selection on-line catalogs make product selections easier and less expensive, beside saving time all suppliers are accessible from the system 3) electronic ordering -e- procurement system should facilitate the order placement via online forms-faxing or emailing in a systematic manner 4) application integration a good e- procurement system should be interacted with the existing application such as general ledger, accounts payable, purchasing orders 5) information and reporting : the system should be able to track what was purchased, by whom, at what price and how long it took to complete each step of the cycle

JUST IN TIME MANUFACTURING is an interacted management system in manufacturing as well as retailing which focuses on the elimination of wastes such as time ,material ,lab our and equipments in the production cycle major benefits a) Production cost will decrease as the stock is reduced and hence overheads of maintaining large inventories are reduced b) Market risks are passed on through the supplier chain c) Quality control of production is enhanced only the goods are required at a specific period of production E-CRM What is Customer Relationship Management Increased competition, globalization, the growing cost of customer acquisition, and high customer turnover are major issues in organizations today. CRM is a combination of business process and technology that seeks understand a companys customers from a multi faceted perspective: who are they, what they do and what they like? Customer life cycle: The three phases of CRM There are three phases of CRM: Acquisition, Enhancement and Retention. Each has a different impact on the customer relationship and each can more closely tie a firm to its customers. The three phases of

13

prepared by Masese

BMIT 326 E-commerce

CRM have been explained below: 1. Acquiring New Customers You acquire new customers by promoting product/service leadership that pushes performance boundaries with respect to convenience and innovation. The value proposition to the customer is the offer of a superior product backed by excellent service. 2. Enhancing the Profitability of Existing Customers You enhance the relationship by encouraging excellence in cross-selling and up-selling. This deepens the relationship. The value proposition to the customer is an offer of greater convenience at lower cost. 3. Retaining profitable customers for life Retention focuses on service adaptability - delivering not what the market wants, but what the customer wants. The value proposition to the customer is an offer of a proactive relationship that works in his or her best interest. Today, leading companies focus on retention much more than on attracting new customers This because the cost of attracting a new customer is higher than the cost of retaining an existing customer

Strategic Model for e-Business/CMS/CRM- Software Development 1. Stage of Orientation Define your short, medium and long term targets to discuss your individual requirements 2. Stage of Analysis Analyses of special requirements for your application 3. Stage of Design and Layout Visual displays based on your ideas 4. Stage of Transformation Realizing requirements and ideas in the software solutions 5. Stage of Implementation Full implementation of your e Business solutions

14

prepared by Masese

BMIT 326 E-commerce

Network infrastructure for E -commerce electronic commerce needs a network infrastructure to transport the content data, audio,visual,text, animation, this network infrastructure is provided by what is known as the I- WAY or information super highway. The information highway is a high capacity, electronic pipeline to a consumer or business premise that is capable of simultaneously supporting a large of e-commerce applications and providing interactive connectivity between users and between users and other users the I way has changed the way business advertise, market or sell their products or services, it has also changed the relationships between business and customers and between business and their

collaborators

Generic Framework of Electronic Commerce

Electronic Commerce Applications
Technical standards for electronic documents, multimedia contents, business transactions, and network protocols
Supply Chain Management Procurement & Purchasing Audio and Video on Demand Entertainment and Gaming Online Marketing and Advertising Online Shopping Online Financial Transaction Education and Research

Multimedia Content for E-Commerce Applications Multimedia content can be considered both fuel and traffic for electronic commerce

Public policy, legal, economical development, and privacy issues

Common Business Services Infrastructure

(Security/Authentication, Electronic Payment, Directories/Catalogs)

Multimedia Content & Network Publishing Infrastructure

(Digital Video, Electronic Books, World Wide Web)

Messaging & Information Distribution Infrastructure

(EDI, E-Mail, HyperText Transfer Protocol)

Information Superhighway Infrastructure

(Telecom, Cable TV, Wireless, Internet)

15

prepared by Masese

BMIT 326 E-commerce

applications. The technical definition of multimedia is the use of digital data in more than one format, such as the combination of text, audio, video, images, graphics, numerical data, holograms, and animations in a computer file/document. See in Fig. Multimedia is associated with Hardware components in different networks. The Accessing of multimedia content depends on the hardware capabilities of the customer

Information Delivery/Transport & E-Commerce Applications Transport providers are principally telecommunications, cable, & wireless industries. Transport Routers Information Transport Providers Telecommunication companies Information Delivery Methods long-distance telephone lines; local telephone lines Cable television companies Cable TV coaxial, fiber optic & satellite lines Computer-based on-line servers Internet; commercial on-line service providers Wireless communications Cellular & radio networks; paging systems

Consumer Access Devices Information Consumers Computers with audio & video capabilities Access Devices Personal/desktop computing Mobile computing

Telephonic devices Consumer electronics

Videophone Television + set-top box Game systems

Personal digital assistants (PDAs)

Pen-based computing, voicedriven computing

16

prepared by Masese

BMIT 326 E-commerce

Components of the I way The I way or information super high way consists of various components which can be broadly categorized as : 1) Network access equipment : which is at the consumer end and enables the consumer to access the network .it consist of the hardware such as computers, modems, routers, switches for computer network. 2) Access roads or media : provide the communications backbone for the transmission of data and information, the access provides may be differentiated into four categories : telecoms based, cable TV based, wireless based or computer based on line systems The main function of the access providers is to link the users and the e-commerce application providers such as the telecoms networks, satellite works and the Internet 1. Global information distribution networks : providing the infrastructures for connecting across the countries and continents, they include such networks as the long distance telephone lines, the satellite networks and the Internet components of the information super highway network access equipments access media Telecom based access Telecom networks Consumer access equipment internet,intranet,extranet Based access Cable Tv Based access Satellite networks internet

global information distribution

Wireles based access

17

prepared by Masese

BMIT 326 E-commerce

Consumer access equipment : The consumer may access equipment or consumer premises equipment or the terminal equipment consist of the equipment that the customer uses to connect to the network. It may consist of the TV setup boxes or the TV signal ,computer and the modem, pagers and cellular phones, the type of consumer access equipment being used depends on the communication mode being used Access Roads or Access Media: the access roads or access media is the way in which the consumer homes and work places are linked with the backbone of the network infrastructure for E- commerce They include : 1) Telecoms based -long distance and local telephone 2) Cable Tv Based used to provide high speed data to homes 3) Wired cable Tv the cable is employed with high capacity broad band coaxial cable to link millions of subscribes with the same cable 4) Internet, intra net and extra net

GLOBAL INFORMATION DISTRIBUTION NETWORKS They consist of the infrastructure crossing the countries and continents; they include the long distance telephone lines, satellite networks and Internet 1) Long distance networks -long distance telephone connectivity is provident through cable by the inter exchange carriers 2) Satellite networks - they are accessible from any point of the globe, they also provide broad band digital service to many points without the cost acquiring wire or cable connection 3) Internet -is a group of worldwide information highways and resources that enables the world to become an information society. It has been viewed as a prototype for the National Information Infrastructure (NII). It provides a platform for E-COMMERCE Internet Mail enables one to send information in the form of letters, messages, advertisements, spreadsheets, game programs, binary files, multimedia data files across the Net to one or more Internet addressees. Intranet. Is an intra business or intra-organization delivery system .Intranet is a technology that uses Internet technology to deliver an organizations internal information. This includes integration of E-mail, FTP, Mail Server(s) and Web server(s) with the internal

18

prepared by Masese

BMIT 326 E-commerce

applications. It is a corporate of LAN and Wan Objective of an Intranet. The objective of an Intranet is to organize each individuals desktop with minimal cost, time and effort to be more productive, cost-efficient, timely and competitive. Access to all information, applications and data can be made available through the same browser. Applications of Intranets Intranets provide the infrastructure for many intra business commerce applications such as: 1) cross functional integration : Intranets may be used to create a cross functional enterprise system that integrates and automates many of the business processes across the enterprises enables information sharing and helps in improving the efficiency and effectiveness of the business processes 2) Enterprise E-commerce Applications : centralized sale and purchase can be done online 3) Enhanced knowledge sharing : knowledge and information can be shared through 4) Enhanced group decision : web based group ware and work flow is becoming the standard Internet platform 5) Document management : employers can access and exchange pictures, photos, charts, maps over the Internet 6) Software distribution : an Intranet server may be used as an application ware house thus avoiding many maintenance and support problems 7) Project management : share the design and reports and check the projects progress 8) Training : intra-organization training can be provided using the Intranet Achievements of Intranet in an organization. 1) Reduced cost 2) Reduced telephone expenses 3) Easier, faster access to remote locations 4) Easier, faster access to technical and marketing information 5) Increased access to competitive information 6) Easier access to customers and partners 7) Latest, up-to-date research base.

19

prepared by Masese

BMIT 326 E-commerce

The extranet An extranet or extended Intranet links the intranet in different locations for communication and collaborations with geographically dispersed branches, suppliers, customers and other business partners. Extranet transmissions are usually conducted over the Internet, using the TCP/IP protocols Applications of Extranet 1) enhanced communications They help to improve communications between geographically dispersed branches 2) productivity enhancements Just in time information delivery helps to enhance the productivity of businesses as availability of information when needed is more useful then information that is late or never 3) cost reduction Errors are reduced due to automation, paper publishing costs are reduced and sometimes even eliminated

Electronic Data Interchange ( EDI) EDI and Networks: Short for Electronic Data Interchange, the transfer of data between different companies using networks such as VANs or the Internet. As more and more companies get connected to the Internet, EDI is becoming increasingly important as an easy mechanism for companies to buy, sell, and trade information. ANSI has approved a set of EDI standards known as the X12 standards. EDI and Process: Basically, the electronic data interchange process is the computer-to-computer exchange of business documents between companies. EDI documents: EDI replaces the faxing and mailing of paper documents. EDI documents use specific computer record formats that are based on widely accepted standards. However, each company may use the flexibility allowed by the standards in a unique way that fits their business needs. EDI for Industries: EDI is used in a variety of industries. In fact over 80,000 companies have made the switch to EDI to improve their efficiencies. Many of these companies require all of their partners to also use EDI.

20

prepared by Masese

BMIT 326 E-commerce

Example for EDI: 1. Invoice, Shipping Notice, Receiving Advice: EDI can be used to electronically transmit documents such purchase orders, invoices, shipping notices, receiving advice and other standard business correspondence between trading partners. 2. Financial EDI or EFT (Electornic Fund Transfer): EDI can also be used to transmit financial information and payments in electronic form. EDI is usually referred to as Financial EDI and Electronic Funds Transfer. 3.BPR (Business Process Reengineering): EDI allows a new look at the Process within an organization, with a view to reengineer them in what has come to be known as Business Process Reengineering (BPR). Overview of EDI Benefits 1. Cost Benefits: The EDI process provides many benefits. Computer-to-computer exchange of information is much less expensive than handling paper documents. 2. Compare with manual and EDI as cheaper: Studies have shown that processing a paper-based order can cost $70 or more while processing an EDI order costs a dollar or less. Much less labor time is required. Fewer errors occur because computer systems process the documents rather than processing by hand. 3. EDI Transactions and reliable: EDI transactions between companies flow faster and more reliably than paper documents. Faster transactions support reduction in inventory levels, better use of warehouse space, fewer out-of-stock occurrences and lower freight costs through fewer emergency expedites. 4. EDI Purchase and Orders with reduce the time interval : Paper purchase orders can take up to 10 days from the time the buyer prepares the order to when the supplier ships it. EDI orders can take as little as one day. 5. EDI eliminates many of the problems: The use of EDI eliminates many of the problems associated with traditional information flow.

21

prepared by Masese

BMIT 326 E-commerce

The delay associated with making documents is eliminated. Since data is not repeatedly keyed, the chance of error are reduced Time required to re-enter data is saved. As data is not re-entered at each step in the process, labour costs can be reduced Because time delays are reduced, there is more certainty in information flow. The other advantage in the use of EDI is that it generates functional acknowledgement whenever an EDI message is received, and it is electronically transmitted to the sender. This acknowledgement state that the message is received. 6. Core Concept of EDI without human intervention: is that data is transferred electronically in machine processable form, that is, the EDI message can be immediately processed by the receiving computer without any human intervention, or interpretation or rekeying. 7. EDI and characteristics of situation: EDI is more suited in the areas where any of the following characteristics exist: A large volume of repetitive standard actions Very tight operating margins Strong competition requiring significant productivity improvements. Operational time Constraints Trading partners request for paperless exchange of documents.

Disadvantage: Drawbacks are few and far between, but there are some. For example, companies choosing to implement both paper and EDI processes must manage both of these processes. However, as stated before, using EDI is much more efficient than using paper, lending strength to the argument against paper documents. Also, companies must ensure that they have the resources in place to make an EDI program work; however, the need for these resources (or their hiring) may be offset by the increased efficiency that EDI provides.

22

prepared by Masese

BMIT 326 E-commerce

Data Security for EDI Applications: Data security and control are maintained through out the transmission process using passwords, user identification and encryption. Both the buyers and the suppliers EDI applications edit and check the documents for accuracy. Value Added Networks VAN: A Value Added Network is defined as a telecommunication network, primarily for data, that process or transforms data and information in some way, and thereby provides services beyond simple transport of information.

EDI Communication Systems and translation software: VAN is a third-party link in the EDI communication system that provide the EDI translation software-service. Value Added Network (VAN): VANs are private networks that add value to the basic communication provided by common carriers by offering specialized services such as access to commercial data bases, E-mail and video conferencing. Safaricom broadband is an example of a VAN. VANs present an attraction for companies that exploit the benefits of telecommunication without any major investment. A value-added network (VAN) is a hosted service offering that acts as an intermediary between business partners sharing standards based or proprietary data via shared business processes. VANs traditionally transmitted data formatted as Electronic Data Interchange (EDI).

Traditional methods of business document handling versus sending these documents over EDI.

23

prepared by Masese

BMIT 326 E-commerce

Computerized business applications and standard formats: Since data is exchanged in standard predefined formats, it becomes, possible to exchange business documents irrespective of the computerised business application at either end of communication. Accounts Receivable application as example: For example, the supplier's Accounts

Receivable application for raising an Invoice for payment could still be implemented on a file system using COBOL while the customer's Accounts Payable may be based on an RDBMS such as ORACLE.

24

prepared by Masese

BMIT 326 E-commerce

EDI messages can be used to totally automate the procurement process between two trading partners.

Application-to-application without rekeying: Once data is entered into the buyer's computer system and transmitted electronically, the same data gets entered into the seller's computer, without the need for rekeying or re-entry. This is normally referred to as application-toapplication EDI.

Integrated with application programs: EDI can be fully integrated with application programs. This allows data to flow electronically between trading partners without the need for rekeying, and between internal applications of each of the trading partners.

25

prepared by Masese

BMIT 326 E-commerce

Traditional documents with problems: The repeated keying of identical information in the traditional paper-based business communication creates a number of problems that can be significantly reduced through the usage of EDI. These problems include:

increased time low accuracy high labour charges increased uncertainty

Standardised electronic message formats: EDI consists of standardised electronic message formats for common business documents such as Request for Quotation, Purchase Order, Purchase Order Change, Bill of Lading, Receiving Advice, Invoice, and similar documents. Without paper documents: These electronic transaction sets enable the computer in an organization to communicate with a computer in another organization without actually producing paper documents. Automation: To take full advantage of EDIs benefits, a company must computerise its basic business applications. Agreement and EDI with Trading partners: Trading partners are individual organizations that agree to exchange EDI transactions. Cooperation and active participation of trading partners: EDI cannot be undertaken unilaterally but requires the cooperation and active participation of trading partners. Trading partners

26

prepared by Masese

BMIT 326 E-commerce

normally consist of an organization's principal suppliers and wholesale customers. Retail stores with EDI: Since large retail stores transact business with a large number of suppliers, they were among the early supporters of EDI. Manufacturing sector with EDI: In the manufacturing sector, EDI has enabled /the concept of Just-In-Time (JIT) inventory to be implemented. / JIT reduces inventory and operating capital requirements.

Costs and Benefits Direct benefits 1. No need to rekey: Since the transfer of information from computer to computer is automatic, there is no need to rekey information. Data is only entered at the source* 2. Cost of processing EDI documents is much smaller than that of processing paper documents. 3. Customer service is improved. The quick transfer of business documents and marked decrease in errors allow orders to be fulfilled faster. 4. Information is managed more effectively . 5. There is improved job satisfaction among data entry operators, clerks etc. when redeployed in more creative activities Strategic benefits 1. Customer relations are improved through better quality and speed of service.

27

prepared by Masese

BMIT 326 E-commerce

2. Competitive edge is maintained and enhanced. 3. Reduction in product costs can be achieved. 4. Business relations with trading partners are improved. 5. More accurate sales forecasting and business planning is possible due to information availability at the right place at the right time.

COMPONENTS OF EDI SYSTEMS

Three Main Components of EDI: The three main components required to be able to send or receive EDI messages are: 1) EDI standards 2) EDI software 3) third party networks for communications.

EDI STANDARDS EDI and Business application and hardware: Using EDI it becomes possible for a business application on the computer of one organization to communicate directly with the business application on the computer of another organization. This exchange of information should be independent of hardware, software or the nature of implementation at either of these two organizations.

28

prepared by Masese

BMIT 326 E-commerce

EDI and standard format: To achieve this, it is required to extract data from the business application and to transform it into a standard format which is widely, if not universally, acceptable. This standard data when received at the destination is interpreted and automatically delivered to the recipient application in an acceptable form. EDI and structured format of business documents: The exchange of business documents in a commonly agreed structured format necessitated the development of EDI standards.

EDI SOFTWARE Structured EDI format: EDI software consists of computer instructions that translate the information from unstructured, company-specific format to the structured EDI format, and then communicate the EDI message. EDI software and translates: EDI software also receives the message and translates from standard format to company-specific formats Thus the major functions of the EDI software are data conversion, data formatting and message communication. EDI software available for computers: EDI software is available for mainframes, minicomputers, and microcomputers. The requirements of EDI are: a computer, a communication interface and appropriate software. EDI Translators: EDI Translators perform the important function of translating business data from company-specific formats to standard formats and vice-versa. When a document is

29

prepared by Masese

BMIT 326 E-commerce

received, the EDI translation software automatically changes the standard format into the proprietary format of the document-processing software. Good EDI translation Software: The most important concern when buying EDI translation software is flexibility. A good EDI translation software product can handle multiple standards and version/release upgrades. It will output the same flat-file structure regardless of standard or version of standard. EDI users: EDI users in different parts of the world began electronic trading before UN/EDIFACT was established.

THIRD PARTY NETWORKS FOR COMMUNICATIONS.

Networks EDI server with mailboxes: EDI documents are electronically exchanged over communication networks which connect trading partners to one another. These documents are stored in user mailboxes on the network's EDI server from where they can be downloaded/uploaded at the user's convenience. VAN and Trading partners: These Value Added Networks (VANs) provide users with a single point interface to the trading community freeing the user from the worries of handling different communication protocols, time zones and availability of the computer system at the other endcommon problems in cases where direct links have to be maintained with each trading prepared by Masese partner

30

BMIT 326 E-commerce

ELECTRONIC PAYMENT SYSTEMS The concept of electronic commence relates to selling goods or services over the internet. this involves making payment over the internet, Thus online payment system and E-commerce are intricately given that online consumers must pay for products and services

Electronic payments systems are proliferating in banking, retail, health care, online markets and even governments. It provides cost effective and provide higher quality service to the end users(customers)

EFT(Electronic Funds Transfer) is any transfer of funds initiated through an electronic terminal, telephonic instrument or computer so as to order, instruct or authorize a financial institution to debit or credit an amount EFT uses computer and telecommunication components both to supply and transfer money or financial assets Electronic payment requirement need to fulfill the following: 1) Acceptability : in order to be successful, the payment system needs to be widely accepted 2) Convertibility : the digital money should be able to be converted into other types of funds 3) Efficiency : the cost per transaction should be low or nearly zero

4) Flexibility : several methods of payment should be supported 5) Scalability : payment should be easy as in the real world 6) Security : electronic payment systems should allow financial transactions over open networks such as the internet Types of electronic payments systems

31

prepared by Masese

BMIT 326 E-commerce

1) Instant paid or cash : translations are settled with the exchange of electronic currency. An example of on line currency exchange is electronic cash or e-cash. 2) Debit or pre paid : users have to first pay in advance and then can buy a product or service eg smart cards al called as electronic wallets 3) Credit or post paid : allows the users to buy a product or service and pay after wards credit cards Electronic commerce users hold different view points to these payments mechanisms depending on various factors : 1) The nature of the translation for which mechanism is designed : the choice of the payment mechanism depends on the type of the parties involved in the translation, amount involved 2) The Means Of Settlement Used : the electronic payment mechanism may be backed by cash or credit , the choice of the payment mechanism to be used depends greatly on whether translations will deal in cash or credit 3) Approach to security, anonymity and authentication: electronic payments vary in the protection of privacy and confidentially of the translation . 4) Risk involved :the risk rises if the translation has long lag times between the product delivery and payment to merchants eg

Electronic cash Electronic cash ,digital money,e-cash provide the means to transfer money between transacting over a network such as the internet. Electronic cash must satisfy some properties of digital money : 1) monetary value :e-cash must have a monetary value either by cash or bank authorized credit 2) interoperability : exchangeable as payment for other e-cash, paper cash, goods and

services and also between multiple banks and multiple currencies

32

prepared by Masese

BMIT 326 E-commerce

3) storability and retrievability : remote storage and retrieval of e- cash using telephone or personal communication device , would allow users to exchange e cash for products and services from home or office or while traveling 4) security : to avoid double spending of the amount 5) divisibility : e cash must be available in several denominations, it should also be divisible in a way similar to real cash

33

prepared by Masese

BMIT 326 E-commerce

ELECTRONIC CASH Digital cash is a payment message bearing a digital signature which functions as a medium of exchange or store of value. Paper currency and coins represent value because they are backed by a trusted third party, the government and the banking industry. How does Digital Cash work?

There are a number of electronic cash protocols. To a degree, all digital cash schemes operate in the following manner: A user installs a "cyber wallet" onto computer. 1) Money can be put in the wallet by deciding how much is needed and then sending an encrypted message to the bank asking for this amount to be deducted from the user's account. 2) The bank reads the message with private key decryption and verifies if it has been digitally signed in order to identify the user. 3) The bank then generates "serial numbers", encrypts the message, signs it with its digital signature and returns it. The user is now entitled to use the message (coin or token) to spend it at merchant sites. Merchants receive e-cash during a transaction and see that it has been authorized by a bank. 4) They then contact the bank to make sure the coins have not been spent somewhere else,

34

prepared by Masese

BMIT 326 E-commerce

and the amount is credited to the merchant's account. Categorization of Digital Cash It is apparent that various authors have different specifications for e-cash. There are a number of categories in which these descriptions may be distinguished. 1. Anonymous or Identified. Anonymous e-cash works just like real paper cash. Once anonymous ecash is withdrawn from an account, it can be spent or given away without leaving a transaction trail. This however, can be considered contentious, such as Paypal, a recognized form of digital cash, is not considered to be entirely anonymous. 2. Online or Offline. Online means you need to interact with a bank (via modem or network) to conduct a transaction with a third party. Offline means you can conduct a transaction without having to directly involve a bank. 3.Smart Cards or Purely Electronic. Smart cards are similar to credit cards, but store money-related information on a chip within the card. They may be used in digital cash applications. Again, there is ambivalence as to whether smart cards represent "true" digital cash

As it was mentioned in the introduction, there are two types of system for digital cash, namely, the online system and offline system. In the following, systems structure, advantages and disadvantages are discussed.

Online Digital Cash

Link with other

Bank Result
Deposit

banks

Withdraw Coins

Deposit Coins

Coins

User

Payment

Merchant

Receipt

35

prepared by Masese

BMIT 326 E-commerce

The diagram above shows the structure of the online digital cash system, the structure is indeed very similar to the one which is being used in the existing paper cash system. In this system, we have got three main components; the bank, customers and merchants, the user withdraw coins from the bank, spend in the shop and the shop deposit the coin back to the bank.

The user ID in this online digital cash system is fully anonymous and it is done by using a protocol called Blind Signature Protocol. Blind signatures are typically employed in privacy-related

protocols where the signer and message author are different parties.
This protocol simply eliminates the association between the user ID and the serial number of the coin. Although it is good to hide users identity totally, but this raises the problem of double spending since the digital cash is digitally represented, it is very easy to duplicate and let the user spend the coin twice.

To tackle the double spending problem, the merchant has to verify the coin with the bank at the point of sale in each of the transaction, this verification of the legitimacy of the coin requires extra bandwidth and is a potential bottleneck of the system especially when the traffic is high. The real time verification also means there is a need for the synchronization between bank servers.

Pros and Cons of the online digital cash system Here is the summary of the pros and cons of the online system: Pros

Provides fully anonymous and untraceable digital cash: - Provides user with confident that their user ID will not be revealed in anyways. No double spending problems. - Double spending is not possible at all due to the fact that coins are checked in real time during the transaction. Don't require additional secure hardware - No additional hardware is needed for the implementation; existing POS (Point of Sale)

36

prepared by Masese

BMIT 326 E-commerce

devices could be used with a software update.

Cons Communications overhead between merchant and the bank. - The cost of the extra security and anonymity also becomes the bottleneck of the system due to real time verification. Huge database of coin records. - The bank server needs to maintain an ever-growing database for all the used coins serial numbers. Difficult to scale, need synchronization between bank servers. - There is a need to perform synchronization of coins serial numbers every time a coin is deposit into the bank. This is simply impractical. Coins are not reusable - It has to be deposited back to the bank for verification; therefore, coins can only be used once.

2. Offline Digital Cash

Bank 1

Bank
Others

Temperresistant device Users Merchant

T.R.D.

T.R.D - Temper Resistant Device

In the off-line scheme, the withdrawal and disposal of the coins are very similar to the one in the online scheme; the main difference is in the transaction part of the model. Instead of verifying coins during every transaction, the security of each entity in the system is guaranteed without a direct

37

prepared by Masese

BMIT 326 E-commerce

involvement with the bank. This is achieved by adding an additional component in the model called the Temper Resistant Device. In a real life example, you could think of it as the Smart Card Reader at the Point of Sale. The device is trusted by the bank and is used to verify the authenticity of the coin but does not check whether the coin has been double spent. This device makes the whole transaction offline but let the system suffers from the double spending problem. Therefore, we need a new method to let the bank to trace back who double spent the money but at the same time, keeping the system to be anonymous. One may ask that how could a system be traceable and anonymous? Are they not the opposite of each other in the first place? A method called Secret Splitting is commonly used to allow the user to be anonymous as long as he/she doesnt double spend.

Pros and Cons of the offline digital cash system Pros

Off-line scheme
-The offline model is a fully offline and portable system.

User is fully anonymous unless double spend

- The user is as anonymous as the online system if and only if they did not double spend.

Bank can detect double spender

- The ID of the double spender would be revealed, this is an advantage towards the bank as it might worries about double spending problem.

Banks dont need to synchronize database in each transaction.

- The frequency of the synchronization between the bank servers is kept to a minimum as these are always done via batch updates.

Coins could be reusable

- Depending on the implementation, coins in the system could be reusable which further reduces the overhead and the size of the coin in the database. Cons

Might not prevent double spending immediately

- As the user could in theory still double spend by risking the chance of being caught. (The chance is really high indeed!)

38

prepared by Masese

BMIT 326 E-commerce

More expensive to implement
- The extra security hardware needed in the system requires an additional cost. Overall advantages of digital cash E-cash is basically software; it can be programmed to do things that paper money could never do. This ability opens up a whole range of exciting functionality that money may offer. Besides this, there are many other advantages on offer. 1. For the Users: 1.1 Convenience. One of the most apparent benefits of digital cash is convenience. Users may access funds, pay for items or be paid from the comfort of their home. With smart card implementation, users will also be able to initiate financial transactions wherever they may be. Cell phones are being developed to process electronic cash transactions; this will ensure convenience reaches unimaginable heights. Not only is such ease of use desirable, but it saves time and effort and inevitably money. Such capability will also empower the disabled, making them more competitive in the financial world. 1.2 Security. The user is also protected against the bank's refusal to honor a legitimate note, since nobody is able to counterfeit the bank's digital signature on the note. Another important benefit for the user is improved security. Passwords for the electronic wallet could safeguard itself from abuse by thieves by making encrypted backup copies of its contents 1.3 Intractability. The primary advantage digital cash promises over other electronic payments are anonymity. True anonymous digital cash would also provide unconditional intractability. The blinding carried out by the user's own device makes it impossible for anyone to link payment to payer. But users can prove unequivocally that they did or did not make a particular payment, without revealing anything more, if they need to. 2. For the Bank: 2.1 Less Processing. Single transactions need not be authorized on line, debited from the customer's account or printed for the customer. This greatly reduces processing effort, meaning time is saved and less staff is required 2.2 Security. With the security measures built into the electronic wallet, fraud costs and costs for clarifying disputed transactions could be reduced. Nowadays, card fraud is a very important problem. The same applies to card counterfeiting and forged bank notes. 2.3 Handling. Handling costs for paper cash are exorbitant. This includes guarding, transporting, counting, storing and the like. With weightless cash bereft of any volume, these massive savings will be made. 3. For the Retailer: 3.1 Time saving. The instantaneous quality of electronic transactions, means retailers accounts will be credited for immediate use if necessary.

39

prepared by Masese

BMIT 326 E-commerce

3.2 Transaction Costs. Retailers must pay a fee of 2 to 7 percent of the purchased amount to the credit card company. The fees for digital cash transactions are likely to be smaller than for today's cards because of smaller operating costs for the issuer. Costs for counting, storing and transporting cash would also decrease. Global Disadvantages: 1. Safety. The safety of any system is only as strong as its weakest link. German national television recently showed how a hacker could create a Web page, with an embedded ActiveX control, that is able to snatch money from one bank account and deposit it into another, bypassing the customary personal identification number that is meant to protect theft. 2. Algorithm. Most algorithms used in these monetary systems have been around for many years already. Numerous cryptology experts have attempted breaking them without success. However, one can never rule out the possibility of a security break in the future. 3. Physical Securities. Another weak spot is the users personal hardware (e.g. the smart card) and his copy of the software. Only complete physical security can guarantee the safety of the stored money. There are some skeptical of the physical safety of the smart card chips. 4. Economic Disruption. Another disadvantage is a possible uncontrolled growth of E-cash systems. Such a monetary explosion could undermine bank- and government-controlled money systems, giving rise to a confusing and inefficient system. Economists also predict that speed and ease of e-cash will increase monetary velocity which in turn will cause unnecessary inflation. 5. Users. First of all, fewer people can understand the technology behind digital money, and thus it does not inspire confidence. Conventional money on the other hand does not require any profound knowledge in order to use it. This is an often underestimated topic as user confidence is the key to the success of digital cash. The rising of e-cash could also foster a have and have-not society: Those with PCs would have ready access to the new technology, while those without, many of them low-income consumers, would not. 6. Legal problems. Digital cash's untraceable nature will loosen government's control over financial information. Money laundering and tax evasion could proliferate in stateless e-money systems. A major fear is that criminals will take advantage of such systems to aid illegal activities.

40

prepared by Masese

BMIT 326 E-commerce

ELECTRONIC CHECKS Electronic checks, also known as digital token based systems, pertains to the use of networking service to issue and process payments that emulate real world chequeing., the payer issues a digital cheque to the payee and the payee deposits it in the bank to redeem the amount . Each translation is carried over the internet, the payer must register with a third party account server before being able to write electronic cheques . The registration process varies depending on the account server and may requires a credit card or a bank account to back the cheques, the account servers performs the task of authenticating the payer. Once registered, the buyer or payer can issue electronic cheques for the purchase of goods and services

Buyers bank

Sellers bank
4) forward cheque

5) Forward cheque

7. Transfer money 3) Forward e-cheque to bank

6) Transfer money

Accounting server

(1) Access and browse

Buyers browse r

Sellers server
2) Select goods, transfer e-cheque

41

prepared by Masese

BMIT 326 E-commerce

An e-check translation involves the following steps: 5) The buyer accesses the sellers server to select the goods or services 6) The buyer purchases the goods/service by sending an electronic cheque to sellers server-it may be sent through e-mail 7) The seller forwards the cheque to his bank electronically 8) The sellers bank forwards the e-cheque to the accounting server for payer authentication and clearing. 9) The accounting server works with the buyers bank, clears the cheque and transfers the money to the sellers bank updates the sellers account 10) The buyers bank updates the buyers account 11) The accounting server forwards the cheque to the buyers bank and updates the buyers account 12) The buyers bank transfers the money to the accounting server 13) The accounting server sends the translation money, the accounting server will return the cheque to the sellers bank An e cheque, like a paper cheque, contains the name of the payer, the name of payers bank, the payers account number, the name of the payee and the amount of the cheque. Like the paper cheque the e-cheque bears the digital equivalent of a signature which is a computed number that authenticates the cheque from the owner of the cheque, also the cheque needs to be endorsed by the payee using another signature before the cheque can be paid.

CREDIT CARD BASED ELECTRONIC PAYMENT SYSTEM A credit card is a small plastic card that has a magnetic strip on the exterior; the magnetic strip carries some encoded form of encoded information about the card number and the card holder. The data that is encoded onto the card the card may be encrypted making it difficult for potential thieves to decode or copy the information onto another card. A card reader I required to read as well write information to the magnetic strip

Magnetic strip card: Holds a value that can be recharged by inserting it into the appropriate machines, inserting currency into the machine, and withdrawing the card; the

42

prepared by Masese

BMIT 326 E-commerce

cards strip stores the increased cash value. Magnetic strip cards are passive; that is, they cannot send or receive information, nor can they increment or decrement the value of cash stored on the card
Magnetic strip cards are vulnerable to compromise because the informarion is magnetically encoded and stored on the exterior of the card.(this can be copied, forged or altered ) Another drawback is that magnetically stored data is vulnerable to damage, if the card is placed close to a magnet or to another magnetically encoded device

Categories of on line payments over the internet 1) Payments using plain credit card details 2) Payments using encrypted credit card details 3) Payments using third party verification Payments using plain credit card details The earliest method of payment was through unencrypted credit card numbers over the internet ,the low level of security inherent in the design of the internet makes this method problematic. Authentication is also a significant problem and the vendor is usually responsible to ensure that the person using the credit card is its owner.

Once registered, the buyer or payer can issue electronic cheques for the purchase of goods and services Card issuers server
4 request 3. forward to issuer

5.Sends authorization to accept credit card

Acquirers server

9.Request for payment forwarded and money transferred Account update to customer and transfer of funds 8.request to clear payment

6) Check for
6.authorisati on forward

credit card authenticity and credit status

43
Customers browser

(1) Access vendor server

prepared by Masese
2. Select goods and make credit card
Payment through credit card number

Vendors server

BMIT 326 E-commerce

Payment using Encrypted credit card Details The problem with plain credit card on-line payments is that of confidentiality of the credit card number and authenticity of the customer. The problem can be solved through encryption of the credit card number and the message contents.

Smart card: A stored-value card that is a plastic card with an embedded microchip that can store information. Credit, debit, and charge cards currently store limited information on a magnetic strip. A smart card can store about 100 times the amount of information that a magnetic strip plastic card can store. A smart card can hold private user data, such as financial facts, encryption keys, account information, credit card numbers, health insurance information, medical records,
However, this would add to the cost of the credit card translation itself and hence encryption may be restricted to only high value, sensitive payments The scheme uses two sets of public private keys, one belonging to the customer and the other to the credit card issuer ,the credit card number is doubly encrypted using the banker s(issuers) public key for the confidentiality(only the bank can decrypt the credit the credit card) and the customers private key for authenticity of the sender(only the customer could have encrypted card number) Payments using third party verification In third-party processing, the consumer register with a third party on the internet to verify electronic transactions via credit cards. such third parties are commonly referred to as on-line third party processors(OTPPS) OTPPS requires an OTPP account number by filling out the registration form consisting of the customer information profile that is backed by a traditional financial instrument such as a credit card.

44

prepared by Masese

BMIT 326 E-commerce

1.Request for purchase and OTP A/C

Customer cu browser

Vendor server

5. Authorisation 2. Request for verification of customer account and credit status 4.approval

3. Request for approval of payment

OTPP server

6..Debit customer account

Smart cards and electronic payment systems Smart cards have been in existence since 1980s and have become a widely accepted and secure means of handling off-line as well as transactions A smart card is a small plastic that contains a microprocessor and a storage unit. Smart card technology has been able to overcome most of the limitations of the magnetic strip cards. However they are expensive to implement. But they hold greater amounts of data compared to magnetic strip cards Smart cards are classified as follows: 1. Memory smart cards or electronic purses or debit cards 2. Intelligent or relationship- based smart cards

Memory smart cards or electronic purses or debit cards Electronic purses are smart cards that are capable of storing monetary value onto their microprocessor chip, this money can be used by the consumer for purchase. These are used as debit cards for the payments against purchase of goods/services or as pre

45

prepared by Masese

BMIT 326 E-commerce

paid telephone cards , they contain less information and processing capabilities than the intelligent smart cards, they are loaded with money using smart card reader. Intelligent or relationship- based smart cards Relationship based smart cards are enhanced smart cards that store card holder information including Name, Birth Date, Personal Shopping Preferences And Actual Purchase Records , such information will enable the merchants to accurately promotional programs to increase shopping loyalty Relationship based smart cards are expected to offer consumers far grater options including the following : 1) Access to multiple services such as debit, credit, investment or stored value for e-cash on a single card. 2) Variety of functions such as access to cash, bill payment, balance inquiry 3) Multiple service at multiple locations using multiple device types such as ATM, Screen Phone, Personal Computer, Personal Digital Assistant(PDA) Designing Electronic Payment System There are many factors that are to addressed when designing any new electronic payment system for the complete success of the system : track consumers behaviour and develop

1. Privacy : the user must not be exploited ,the payments should be anonymous as possible 2. Security: security of the translation can be achieved through user authentication and restriction of the information/ service through access control 3. User friendly interface : users value convenience is vital hence the interface should be easy to use 4. Brokers : a network broker i.e someone to broker goods and services, settle conflicts and facilitate financial translations electronically must be available . 5. Pricing :there should be subsidies to encourage the customers to move the traditional payment systems to e- payment systems 6. Standards : standardization of the electronic payment systems is desirable for

interoperability, giving the users the ability to buy and receive information, regardless of which financial institutions is managing their accounts

46

prepared by Masese

BMIT 326 E-commerce

Mobile commerce Mobile commerce is concerned with E-commerce applications via the media of wires and mobile computing a mobile commerce environment allows the users to access personal or business information and carry out all E commence translations while traveling away from home or work place . This is further more important as the size, cost and power requirement of the equipment and services are declining fast as the demand is increasing, the key feature of Mobile computing environment is that the user does need not maintain a fixed position in the network. Mobile commerce are wireless transmission method that enables mobile computing i.e it enables communication without wires. The main aim is to over come limitations in communications due to dispersed locations and geography Mobile computing it focus on the application side. it builds on the concept of being able to compute no matter where the user is, choice for mobile computing include infrared, cellular, packet radio service, microwave and satellite services. The goal of mobile computing is to provide true computing freedom, free from the limitations of locations and geography, so that the users can connect to a network from anywhere ,any time and use the services provided. Users with the following kind of profiles are candidates for mobile computing 1) who need to send and receive emails while away from the office 2) who need to access software applications such as corporate databases 3) who are constantly on road but need to process data constantly

Benefits of wireless and mobile computing 1) MOBILITY: mobility indicates constant physical movement of a person and his network

appliance i.e extending the office to any location in which a person might be. 2) Ease of installation in difficult to wire areas : the implementations of wireless networks offers many tangible cost saving when performing installations in difficult to wire areas such as rivers, freeways or other obstacles separating the building you want to connect 3) Reduced installation time : the installations of cabling is often a time consuming activity, on other hand the deployment of wireless LANS,MANS and WANS greatly reduces the need for

47

prepared by Masese

BMIT 326 E-commerce

cable installations, making the network available for use much sooner. 4) Long term saving : organizations reorganize resulting in the movement of people,new floor plans, office partitions and other renovations, these changes often require re-cabling the network, incurring both labour and materials cost. Mobile computing applications 1) Remote communications The traditional real time communications required people to structure their work around predetermined or fixed place in the form of an office or home and during fixed hours. However mobile computing has helped to balance the working environment and hours according to the needs of the organizations and the individuals. 2) Remote Data Access A mobile user needs to have access to various applications and data files that reside on the server in the organizations network, these include accounting packages, product and price informations The aim of the mobile computing environment is to allow workers to be effective while at a remote locations as they are in their usual offices when fully connected Today a growing list of applications are being built on the mobile computing infrastructure include Point of sale Customer service Field sales automation Virtual meetings taxi dispatching Mobile information access devices Information can be sent over co-axial cables, fiber optic and the wireless networks in many forms which include text, audio, video, animation. The mobile users may use a wide variety of information access devices for utilizing this information these include portable computers, personal assistants and data communication equipment 1) Portable computers: these are divided into three distinct types laptops, notebooks and hand held, they vary on their method of entering storing, displaying and processing the data

2) Personal Digital Assistant : the personal digital assistant may be thought of a PC reduced in size to fit inside the coat pocket, however, optimization in size and weight means limiting the functionality The PDA may be subdivided as follows

48

prepared by Masese

BMIT 326 E-commerce

a) Digital assistant: they are small hand held device capable of capturing and digitizing data, digital assistants can carry out functions of information processing as well as voice, data and fax communication They rely on pen based user interface in place of a key board and make heavy use of handwriting recognition b) Personal communicator : personal communicators couple a cellular telephone with a pen based interface. They are capable of carrying out functions of e-mails, fax transmission and reception and personal information management besides the normal functions of a cellular phone . The major draw back is they are accommodate only limited amount of text and user can not read the screen and talk on the phone at the same, time c) Palm tops : Palmtops also called personal organizers are designed to provide support for such personal tasks such as diary maintance, notepad, calculator functions and computing functions limited by the software available only in the ROM(read only memory ) they use keyboard and the screen as the user interface

49

prepared by Masese

BMIT 326 E-commerce

B91901156

Mobile Commerce

Mobile commerce from the Customers point of view 1) The customer wants to access information, goods and services any time and in any place on his mobile device. 2) He can use his mobile device to purchase tickets for events or public transport, pay for parking, download content and even order books and CDs. 3) He should be offered appropriate payment methods. They can range from secure mobile micro payment to service subscriptions Providers point of view

50

prepared by Masese

BMIT 326 E-commerce

1) The future development of the mobile telecommunication sector is heading more and more towards value-added services. Analysts forecast that soon half of mobile operators revenue will be earned through mobile commerce. 2) Consequently operators as well as third party providers will focus on value-added-services. To enable mobile services, providers with expertise on different sectors will have to cooperate. 3) Innovative service scenarios will be needed that meet the customers expectations and business models that satisfy all partners involved. Attributes of M-Commerce and Its Economic Advantages 1) Mobilityusers carry cell phones or other mobile devices 2) Broad reachpeople can be reached at any time 3) Ubiquityeasier information access in real-time 4) Conveniencedevices that store data and have Internet, intranet, extranet connections 5) Instant connectivityeasy and quick connection to Internet, intranets, other mobile devices, databases 6) Personalizationpreparation of information for individual consumers 7) Localization of products and servicesknowing where the user is located at any given time and match service to them Mobile Computing Infrastructure Hardware 1) Cellular (mobile) phones, Attachable keyboard, PDAs, Interactive pagers

51

prepared by Masese

BMIT 326 E-commerce

2) Other devices Notebooks, Handhelds ,Smart pads Screenphones-a telephone equipped with color screen, keyboard, e-mail, and Internet capabilities E-mail handhelds and Wire lined-connected by wires to a network Unseen Infrastructure Requirements 1) Suitably configured wireline or wireless WAN modem 2) Web server with wireless support 3) Application or database server - for specific translations 4) Large enterprise application server for the organizational information 5) GPS locator used to determine the location of mobile computing device carrier Software 1) Micro browser extract information 2) Mobile client operating system (OS) 3) Bluetootha chip technology and WPAN standard that enables voice and data communications between wireless devices over short-range radio frequency (RF) 4) Mobile application user interface 5) Back-end legacy application software 6) Application middleware 7) Wireless middleware

52

prepared by Masese

BMIT 326 E-commerce

Networks and access a. Wireless transmission media i. Microwave ii. Satellites iii. Radio iv. Infrared v. Cellular radio technology What Do You Need In Place To Support M-Commerce An operator offering m-commerce needs to be able to provide a clear and compelling message to the market of the accessibility, usability and trustworthiness of the m-commerce service, and also for the service to be cost-effective to run. This leads to many operational requirements. 1)Available to both prepaid and postpaid customers Prepaid mobile customers are now in the majority in Kenya , and contrary to initial expectations, they are more likely to make use of higher margin mobile services like SMS and ring-tone download. This is most likely as a result of their younger profile, being more open to next-generation services like m-commerce. These buying habits suggest they will be valuable m-commerce customers in the future. 2) Pre-advice of charge M-commerce customers will expect to know before executing a purchase all information relevant to the decision to agree to proceed with the purchase, including availability and price. The rating system must be able to provide pre-advice of charge information to the payment system, so that the customer knows exactly what amount will appear on their bill or be deducted from their

53

prepared by Masese

BMIT 326 E-commerce

balance. 3) Pre-event authorization and authorization of delayed spend Based on the same information as is used for pre-advice of charge, the operator needs to be able make a decision on whether the customer has sufficient account balance or credit limit to cover the cost of the transaction 4) Balance management With the advent of m-commerce and other next generation mobile services the customer may well wish to fund different services in different ways. For example, to hold a monthly postpaid contract for voice calls, but pay for all m-commerce purchases from a dedicated prepaid account. 5) Authentication and authorization M-commerce requires the customer and merchant to be initially authenticated in order to ensure that they both have the right to conduct the transaction, and the individual transactions need to be authorized by the payment issuer to ensure that funds or credit is available. Authentication & authorization need to be very lightweight - requiring little user interaction, otherwise users will be put off. Subscriber management Providing a simple and compelling subscriber experience is vital for mobile operators wishing to speed the uptake of next-generation services. The advent of technologies such as wireless Java and MMS are providing operators with the ability to offer a wide range of content services to subscribers. To do so, operators will need to be able to deal effectively with a complex array of content partners, business models, access devices, bandwidth and network issues. The functionality includes: 1) Being able to make customers aware of services relevant to their lifestyle 2) Ensuring that a service is compatible with the subscriber's mobile device 3) Controlling operators' exposure to risk by careful revenue assurance during the transaction process 4) Settling between the various parties to a transaction, including sponsors and advertisers as well as the content owner and the customer.

54

prepared by Masese

BMIT 326 E-commerce

Case study M Commerce in Kenya Drivers enhancing the growth of M-commerce 1) Widespread availability of devices 2) No need for a PC 3) Handset culture handset can provide multiple functions 4) Declining prices of hand sets and service charge compared to organizations offering the same service 5) Improvement of bandwidth like 3G network 6) Explosion of EC in general Classification of M-Commerce Services 1) Financial e.g. Secure banking services 2) Entertainment e.g. Mobile Gambling 3) Shopping e.g. Purchase of goods 4) Information e.g. Local Information 5) Payment e.g. Electronic Wallet 6) Advertising e.g. Intelligent Advertising Enabling Technologies Introduce two transmission mode, GPRS and W-CDMA 1) 2) 3) 4) 1) 2) GPRS (General Packet Radio Service) A step between GSM and 3G cellular networks. Transmission rate via a GSM network within 9.6Kbps ~ 115Kbps. GPRS supports the widespread range of bandwidth, it is a effective application under the limited bandwidth. Mobile phone can receive and transmit data at the same time. (e.g. make a phone call and receives e-mail at the same time) W-CDMA (Wideband Code-Division Multiple Acces) the transmission technology for third generation (3G) UMTS mobile communication. The transmission rate is up to 2Mbps, it makes mobile multimedia grows rapidly.

WAP(Protocol) and i-mode(Service) WAP(Wireless Application Protocol) It is a open and standard wireless application software protocol. The WAP system are composed of two main factors 1) 2) 3) 4) 1) 2) WMLWireless Markup Language: similar to HTML WAP Gateway / Proxy : to change the webpage source code to the suitable one. Need a connecting action Payment according to time used. i-mode The first packet-based, always-on, mobile Internet service Various services available : Banking, game, wallpaper, music.

55

prepared by Masese

BMIT 326 E-commerce

3) Payment according to packets received Other related technologies J2ME (Java 2 Micro Edition) A kind of programming language used in small, connectable consumer and embedded devices. it makes mobile phones have a ability to execute program. XMLeXtensible Markup Language A Standard for structured document interchange on the Web. It makes the description language used by different browsers can be changed more quickly. IPv6 IPv4 use 32bit, this is not enough. IPv6 expand it to 128bit, so that every mobile phone can get its own IP.

IPv4 Addresses are 32 bits (4 bytes) in length. Must support a 576-byte packet size (possibly fragmented).

IPv6 Addresses are 128 bits (16 bytes) in length Must support a 1280-byte packet size (without fragmentation).

Mobile Payment Issues

User Network Operator Financial Institution Content Provider/ Merchant

Security Privacy Ease of Use Devices Issues

Open Standards Interoperability Roaming

Authentication Integrity Fraud reduction

Getting Paid User adoption

Non-repudiation Low Cost

Non-repudiation refers to a state of affairs where the purported maker of a statement will not be able to successfully challenge the validity of the statement or contract

56

prepared by Masese

BMIT 326 E-commerce

Vending Machine

Mobipay system
OR Internet Merchant Mobipay System with Access Node router 8 4 5 3 GSM 6 8 4 7 +

Product .....: REF. 1234

WEB WEB 2 1

Processor +Issuer/ Acquirer

REF:REF: )))) Delivery 01021234 01021234 1234 REF 1500 ptas OPERATOR Store X x Store NETWORK Alternative: PIN:OK + PIN 12345 -----

4. Data validation 1. User chooses Mobipay payment method on merchant site 2. Merchant sends unique Mobipay reference asociated with amount 3. User sends reference (+ PIN) 5. PIN request 6. PIN response 7. Authorisation 8. Confirmation
If PIN not entered directly

User

57

prepared by Masese

BMIT 326 E-commerce

Limiting technological factors

Networks Networks Bandwidth Bandwidth Interoperability Interoperability Cell Range Cell Range Roaming Roaming Mobile Middleware Standards Distribution Localisation Upgrade of Network Upgrade of Mobile Devices Precision

Security Mobile Device Network Gateway

Mobile Devices Battery Memory CPU Display Size

Difference between m commerce and e commerce

1)

E commerce is available to only those places where we have net connectivity, but with m commerce we are free from all such boundaries.

2)

Video conferencing has become possible with m commerce even in places where there is no internet.

3)

E commerce not only needs internet but also electricity whereas there is no such requirement with m commerce.

4)

M commerce is easier to get to in comparison to e commerce but at present, using m commerce is costlier than using e commerce

58

prepared by Masese

BMIT 326 E-commerce

Web security Network Security Data on the network is analogous to possessions of a person. It has to be kept secure from others with malicious intent. This intent ranges from bringing down servers on the network to

using people's private information like credit card numbers to sabotage of major organizations with a presence on a network. To secure data, one has to ensure that it makes sense only to
those for whom it is meant. This is the case for data transactions where we want to prevent eavesdroppers from listening to and stealing data. Other aspects of security involve protecting user data on a computer by providing password

restricted access to the data and maybe some resources so that only authorized people get to use these, and identifying miscreants(trouble maker) and thwarting(upsetting) their attempts
to cause damage to the network among other things. Network security includes the following four steps: Secure: Lock your networks with a combination of authentication, encryption, firewalls, and continuous patching of system vulnerabilities. Examine: To maintain a secure network, you have to regularly monitor the state of security mechanisms, readiness, and incident handling procedures. Network vulnerability scanners from a number of reputable vendors will proactively locate areas of weakness, and IDSs can alert and respond to security events when they occur. Your organization can get high visibility of the network data stream and the security condition of the network using emerging security solutions.

59

prepared by Masese

BMIT 326 E-commerce

Test: Equally as vital as network examination and assessment is testing. Without adequate testing of the security solutions, it's tough to know about new threats and attacks. The hacker community is an ever-changing continuum with menacing designs on your systems and data. You can perform this testing yourself or you can outsource it to a third party. Enhance: Use the information gathered from the Examine and Test phases to constantly enhance and improve the corporate security implementation and modify the security policy as new vulnerabilities and risks are identified and the business model changes.

Security service Is something that enhances the security of the data processing systems and the information transfers of an organization, intended to counter security attacks make use of one or more security mechanisms to provide the service, replicate functions normally associated with physical documents eg have signatures, dates; need protection from disclosure, tampering, or destruction; be

notarized or witnessed; be recorded or licensed

they include :

Message Integrity. Would message alteration by a third party be harmful?

60

prepared by Masese

BMIT 326 E-commerce

Authentication. Does the receiver care where the message originated from? Confidentiality. Would a third party gain from the disclosure of message content? 1) Message Integrity Message integrity is required to ensure that messages have not been altered in transit. Typical alterations to a message could include: Altering the originating user's identity Altering the identity of the application sending the message Altering data in the message Altering configuration information in the message To support verification of message integrity, messages are signed. Rather than sign the message elements directly, digest values are calculated, and these values are signed. This can improve performance, because less computer resource is used to create a hash of data than to digitally sign it. 2) Authentication Authentication is required to allow the receiver to determine where the message has

originated from.
In practice the recipient of a message will often authenticate the sender of a message that is

received by first checking that the signed data in the message has been signed using the public certificate whose private key was used to sign the message for message integrity purposes and then checking the credentials in that public certificate to determine the identity of the sender.

61

prepared by Masese

BMIT 326 E-commerce

3) Confidentiality Confidentiality is required to conceal sensitive information in messages. Not all parts of messages are necessarily sensitive, and in some cases a message may not be considered sensitive at all, and so there may be no need for confidentiality. In the SCM Sample application, parts of the message that are typically considered sensitive include: The Soap Body this could contain information such as order data, which could aid competitors The Signature in some cases the body of the message will contain predictable variations, making it subject to guessing attacks. To prevent this the signature data should also be encrypted The Start Header this custom SOAP header includes the location of a callback service 4) Confidentiality Indicates whether or not the message is encrypted. It contains one of the following: None. The security analysis concluded that confidentiality was not required Certificate : MessageParts. In which case confidentiality was applied as described below.

Certificate identifies the public key which is used to encrypt the symmetric key which is used
to encrypt the various parts of the message. Its structure and semantics is the same as Certificate as defined under Message Integrity.

Message Parts are a list of the parts of the message that are encrypted. Each part is
encrypted separately. It may contain some combination of: Body, Start Header and Signature. Signature means the digital signature that results from signing the message is encrypted.

62

prepared by Masese

BMIT 326 E-commerce

Security attacks Interruption :An asset of the system is destroyed or becomes unavailable, this is a threat to availability Interception : an unauthorized party gain access to an asset, this is a threat to secrecy Modification : an unauthorized party gains access but tampers with an asset Fabrication : this is also a threat to integrity, an unauthorized party inserts counterfeits objects into the system

Model for Network Security

using this model requires us to: generate the secret information (keys) used by the algorithm develop methods to distribute and share the secret information design a suitable algorithm for the security transformation

63

prepared by Masese

BMIT 326 E-commerce

specify a protocol enabling the principals to use the transformation and secret information for a security service Model for Network Access Security The second model is concerned with controlled access to information or resources on a computer system, in the presence of possible opponents. Here appropriate controls are needed on the access and within the system, to provide suitable security. Some cryptographic techniques are useful here also.

USING THIS MODEL REQUIRES US TO: Select appropriate gatekeeper functions to identify users Implement security controls to ensure only authorised users access designated information or resources

Trusted computer systems can be used to implement this model

COMMUNICATION SECURITY GOALS The basic goal inn protecting communications will be to provide reasonable assurance that

64

prepared by Masese

BMIT 326 E-commerce

outsiders cannot read or modify your message 1.economy in both procurement costs and easy to use Expensive, hard to use solutions are unrealistic for many organizations, however some organizations will accept higher costs for better security

2. Easy communication with multiple hosts Each host in the organization need to communicate with a growing communicate of other hosts, it must be connected to LAN

3. Generic internet access Internet provides a wealthy of information and communication opportunities ,but it also brings a broadly based international threat directly to you desk top 4. Strongly secrecy Leaking a single message can seriously compromise the organization goals and cause damage from which it is very difficult to recover strongly secrecy is very expensive to achieve. Cryptography Data that can be read and understood without any special measures is called plaintext or cleartext. The method of disguising plaintext in such a way as to hide its substance is called encryption. Encrypting plaintext results in unreadable gibberish called ciphertext. You use encryption to

65

prepared by Masese

BMIT 326 E-commerce

make sure that information is hidden from anyone for whom it is not intended, even those who can see the encrypted data. The process of reverting ciphertext to its original plaintext is called decryption.

Plaintext _____ Encryption ________ cipher______text plaintext _decry encryption Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables you to store sensitive information or transmit it across insecure networks (like the Internet) so that it cannot be read by anyone except the intended recipient.

Social Engineering It is the means of breaking and entering into a computer system by extracting information

such as passwords, firewall configurations data, network operating system data from
unsuspecting company employers or employers or employees willing to help Social engineers play on the general trusting nature of human beings and their natural instinct

to help others do their jobs.

Many times the social engineer may also use anger or draw employees sympathy to get

information, most commonly social engineers use the telephone to gain information by calling and posing as a service person or high level executive or a person from the help desk
Hence the rule should be not to divulge sensitive information over the phone ,even if the

66

prepared by Masese

BMIT 326 E-commerce

claimant is the system administrator as no problem requires an administrator to obtain a users password.

67

prepared by Masese

BMIT 326 E-commerce

LEGAL REQUIREMENTS IN E- COMMERCE Internet provide the largest opportunity for free speech that has ever existed, yet this freedom may offend some people and may be illegal under the (indecency) offensiveness act or may be just considered unethical Privacy issues The threats of users or individuals on the internet include: 1) Computer matching This consists of collecting customer information through web site registration and cookies; this information is generally used to market additional business services. Another threat is the unauthorized matching and sale of information about users from databases of sales transactions processing systems 2) Computer monitoring This consists of monitoring the productivity and behavior of the employees by the employers, such monitoring is considered unethical because it monitors individuals and not just work 4) Corporate E- MAIL Privacy For many companies monitoring the private e-mails of their employees is a policy for they may suspect their employees for illegal or unauthorized activity. 5) Spamming Spamming is the indiscriminate sending of unsolicited emails to many internet users and is generally used for mass-mailing of advertisements and junk mail 6) Flaming It is the practice of sending extremely critical, derogatory and vulgar email message or electronic bulletin board posting to users on the internet.

Privacy protection The privacy issues on the internet are of concern and protecting the privacy of users a number of regulatory and self regulatory frameworks have come up 1. Self regulatory acts There are some suggestions how the users can protect their privacy a) Think before you give out personal information on a site b) Use encryption for sending critical information as credit numbers

68

prepared by Masese

BMIT 326 E-commerce

c) Avoid cookies, this can be achieved by Deleting cookies files stored in your computer 2. Privacy policies Most organizations and ISPs have now began to understand that the collection of vast amounts of personal information on customer, clients and employees requires that the information and therefore the individual is protected . it involvesData collection : data should be collected on individuals only to accomplish a legitimate business objective Data accuracy: sensitive data gathered on individuals should be verified before it is entered into the database

Intellectual property issues Intellectual property is the intangible created by individual or corporations which is protected under copyright, trade secret and patent laws Copy right is a statutory grant that provides the creators of intellectual property with ownership of it for 28 years, they are entitled to collect fees from anyone who wants to copy or use the property Trade secret is intellectual work which is a company secret and not based on public information Patent is a document that grants the holder exclusive rights on an invention for 17 years

Copy righting is the major intellectual property issues related to E-commerce include : 1)The internet and cyber space are fast encouraging and enabling the use of pirated soft wares, cds, music and movies- destroying thousands of jobs and millions in revenue 2) Software is a major issue on the internet, reproduction and distribution of copyrighted works is common on the internet 3) Another controversial issues in the electronic world is the expansion of library and distance over the internet without compromising copyrights

69

prepared by Masese