INT882 Submitted by Shekhar bhardwaj 10808799

E-COMMERCE

DOS 25/2/2012 Submitted to Miss Navjot kaur

Ques.: -A website offering e-commerce services are vulnerable to attacks. How can you avoid the possible attacks on a commercial e-commerce website? Ans: -As mentioned, the vulnerability of a system exists at the entry and exit points within the system. E-Commerce system with several points that the attacker can target:

Shopper Shopper' computer Network connection between shopper and Web site's server Web site's server How we protect our e commerce website from different vulnerabilities.
Education: - Peoples must know about the different attacks and their results. If

a shopper chooses a weak password, or does not keep their password confidential, then an attacker can pose as that user. Users need to use good judgment when giving out information, and be educated about possible phishing schemes and other social engineering attacks. Authentication and authorization methods:-For different-different transaction we used the authentication and authorization method. We provide the user name and password for confidential transaction and also provide the privileges to the user what they can do or not on the web site. Personal firewalls: - When connecting your computer to a network, it becomes vulnerable to attack. A personal firewall helps protect your computer by limiting the types of traffic initiated by and directed to your computer. The intruder can also scan the hard drive to detect any stored passwords. Secure Socket Layer (SSL): - Secure Socket Layer (SSL) is a protocol that encrypts data between the shopper's computer and the site's server. When an SSL-protected page is requested, the browser identifies the server as a trusted entity and initiates a handshake to pass encryption key information back and forth. Now, on subsequent requests to the server, the information flowing back and forth is encrypted so that a hacker sniffing the network cannot read the contents. Intrusion detection and audits of security logs: - One of the cornerstones of an effective security strategy is to prevent attacks and to detect potential attackers. This helps understand the nature of the system's traffic, or as a starting point for litigation against the attackers.e.g if a shopper makes 6 failed logon attempts, then his account is locked out. In this scenario, the company sends an email to the customer, informing them that his account is locked. This

event should also be logged in the system, either by sending an email to the administrator, writing the event to a security log, or both. Que. 2: EDI is quite different from just sending the electronic mail or documents over the network. How has EDI revolutionized the e-commerce business? Discuss the various pros and cons related with this. Ans:-Because EDI provide the VAN (value added network) which makes its different from electronic mail or documents over the network. EDI system, including: 1) Format standards to facilitate automated processing by all users, 2) Translation software to translate from a user's proprietary format for internal data storage into the generic external format and back again, 3) Value-added networks to solve the technical problems of sending information between computers. 4) Inexpensive microcomputers to bring all potential userseven small onesinto the market, 5) Procedures for complying with legal rules. The electronic communication of business transactions, such as orders, confirmations and invoices, between organizations. Third parties provide EDI services that enable organizations with different equipment to connect that is VAN. Although interactive access may be a part of it, EDI implies direct computer-to-computer transactions into vendors' databases and ordering systems. EDI revolutionized the e commerce business by: By replacing the paper documents work with electronically sending of the data. By sending the data electronically it takes the less time as compare to traditional methods

of sending document. It provides the highest security as compare the traditional method of security. Example:-in traditional method when we want to place an order then we need to write the order in paper then it send to the vendor with the help of post it takes 2-3 days and then vendor replies back . There can be errors while sending the data and there is no security. But when EDI comes is market it remove these errors with electronic mail and provide higher security and less time consuming. Benefits of EDI:Time delays:-Paper documents may take days to transport from one location to another, while manual processing methodologies necessitate steps like keying and filing that are rendered unnecessary through EDI. Labour costs:-In non-EDI systems, manual processing is required for data keying, document storage and retrieval, sorting, matching, reconciling, envelope stuffing, stamping, signing, etc. While automated equipment can help with some of these processes, most managers will agree that labour costs for document processing represent a significant

proportion of their overhead. In general, labour-based processes are much more expensive in the long term EDI alternatives. Accuracy:-EDI systems are more accurate than their manual processing counterparts because there are fewer points at which errors can be introduced into the system. Information Access:-EDI systems permit myriad users access to a vast amount of detailed transaction data in a timely fashion. In a non-EDI environment, in which information is held in offices and file cabinets, such dissemination of information is possible only with great effort, and it cannot hope to match an EDI system's timeliness. Because EDI data is already in computer-retrievable form, it is subject to automated processing and analysis. It also requires far less storage space. Disadvantages of EDI: Costly for smaller companies - Many small companies are facing resources

problems in getting starter with the initial implementation of EDI system. It is beyond the resources these companies to invest tens or hundreds of thousands of dollars in setting and implementation costs, as well as weeks of personnel training, to get an EDI system running.
Difficult to agree on standard used - Even though there are widely-accepted and

widely-used standards, there are no ways to force trading partners to accept these standards. Cooperation between trading partners is needed in order to develop a common rules to avoid differ in interpretation. Que. 3: -Why do we need to tracking- tools in e-commerce? List few tracking tools available which help you in E-commerce ? Ans: - There is need of tracking tools in e commerce because: To know the movement of goods that are being traded or used
To know the location of goods, articles if they are lost, and give information to the

agencies so it can be tracked with the help of these tools It helps to maximize the benefits in e commerce
E.g. in the library if the book is not issued to the student and he or she tries to get

that book out of the library then it can be tracked with the unique number placed on that book which is called bar codes. The tracking tools which are used in E Commerce: EAN: EAN is European Article Numbering. It guarantees us to do unique

identification of the articles. It is used by the manufacturer, exporter, importer, wholesaler or retailer to communicate regarding the goods. It is the key to access the database.

 EANCOM: Physical flow of goods using the bar codes and business document

flow using
EDI: integrated with one another through the use of the EAN label. Bar Codes: EAN numbers which are used for identifying items can be represented

by the bar codes. Bar codes allow numbers to be encoded in machine readable form the data can be automatically captured quickly and securely. The numeric value of the code is printed beneath the bar code symbol which can be read in Omni directionally by the scanner.
RFAID: with the help of radio frequencies the articles can be tracked. Point of Sale: read bar codes through software

Que.4: -There are different types of transactions in e-commerce. Enlist all type of transactions available in e-commerce along with real life examples for each. Ans: -There are various types of e commerce models or transactions which have made
it popular among the merchants.

B2B e commerce model: - This is one of the most prevalent types of e commerce
transactions. B2B e commerce or the business to business e commerce is the selling of the products within the several companies. In the beginning, it did not receive the desired response, but in the years later it had grown exponentially and has now become a crucial part in every e commerce entity. There have been higher profits with the use of these e commerce models when compared to the other types of e commerce models. B2B model there are a number of software that have been behind the success of this method. Example: -manufacturers are selling to distributors and wholesalers selling to retailers.

B2C e commerce model: - B2C is one of the e commerce models which involve the business and consumers and the most common segment of e commerce.
This is a business where the sales are made generally to the consumers instead of other businesses. Here you will have to pay attention to the ways of attracting customers to your website and gain their trust.

 The advantage of this type of e commerce models is that there are no huge investments required for beginning a business. This is because the different types of e commerce applications have seen far more developments of the template based online stores using which they are introduced to the customers. Some of the other advantages that the consumers can enjoy are that the shopping done over the internet can be faster and easier with a number of deals offered by the retailers. Examples: -online stock trading markets, on-line auction for computers and other goods.

B2E e commerce model: -B2E or business to employee model is the next one of the
various types of e commerce transaction which refers to the demanding of supplies by the employees for their job. The B2E e commerce model has grown along with the technology and enable the employee to access the employee records for the updating of address, maintenance of the internal resume or any shift investments. Though the up keeping of the employee records has less to do with commerce, it has a major part to play in the definition of the business to employee e commerce model.

C2C e commerce model: - The C2C e commerce model is the type of e commerce model
which involves two people in business online with no intermediary entailed in the process. This has largely helped to create a society that is individual and independent. There are various types of e commerce payment systems through which the required payments can be made out of which the large value payment system and retail payment system are primary ones. Example: -Ebay.com, for instance is one of the best online auction site where the trade can be made by any individual. C2B e commerce model: - A business enterprise can gain largely through the individual projects of a consumer and this is done with the help of the C2B e commerce model where the consumer sells any of his remarkable projects online. E-commerce model in which individuals use the Internet to sell products or services to organizations or individuals seek sellers to bid on products or services they need. A consumer posts his project with a set budget online and within hours companies review the consumer's requirements and bid on the project. The consumer reviews the bids and selects the company that will complete the project.

Example: -If someone want to go on a trip then he set the budget online and trip organiser or traveller show him the where he make trip with his budget.