18

E-commerce Fundamentals

1. Define e-commerce. Discuss its types/categories.

Ans.: Electronic commerce or e-commerce refers to the electronic means of carrying business communications and transactions over the Internet or any other form of network. It does not refer only to buying and selling of goods and services on the Internet; rather it combines the business and electronic infrastructures, allowing traditional business transactions to be conducted electronically. Here, transaction refers to an exchange taking place between two entities where one sells products or services to the other.

There exist a variety of types of e-commerce and these types can be characterized in different ways. Four major types of e-commerce are discussed as follows:

  1. Business-to-consumer (B2C): In this type of e-commerce, the online businesses (businesses over the Internet) sell to individual consumers. It refers to indirect trading between company and consumer where the consumer can directly buy the products or services from the supplier's website. An example of B2C type e-commerce is virtual Internet shopping malls; the customer can shop online the required items anytime instead of spending time in moving around in crowded supermarkets and have the goods delivered at their doorstep.
  2. Business-to-business (B2B): This type of e-commerce takes place between two companies, where one sells products to another. For example, manufacturers selling products to the distributors and wholesalers selling products to retailers. It is the largest form of e-commerce that provides a way for businesses to trade with each other. B2B is one of the cost effective means of selling products worldwide.
  3. Business-to-administration (B2A): In this system, business community interacts electronically with public sector organizations. B2A application includes the submission of planning applications, tax returns, or patent registration.
  4. Consumer-to-consumer (C2C): This system refers to e-commerce activities, which uses an auction style model. This model consists of person-to-person transaction that completely excludes businesses from the equation. Though C2C system enables customers to directly deal with each other, the transactions cannot be fulfilled without the help of the use of online market maker such as an auction site ebay or amazon. The consumer prepares the products and puts it on the auction site for sale. The market maker is responsible for providing product catalog, search engine, and transaction clearing capabilities so that the product can be displayed, searched, and paid for.

2. Explain various processes involved in e-commerce activity.

Ans.: Generally, there exist five important processes in an e-commerce lifecycle:

  1. Information sharing: Sharing of information on the Internet is the foremost process in e-commerce activities. It makes the customer aware of all the products and services offered by the online vendor. This particular activity is carried out by means of advertising, marketing on the Internet, and through customer information gathering process. Apart from this, there are various networked communities (e.g., chat room, multi-party conference, and newsgroup) available on the Internet for the distribution of information.

    World Wide Web (WWW) provides one of the effective mediums for communication with the customers. Websites are designed to include product catalogues. One can obtain the data for products that are requested. At the same time, it also allows web visitors to provide information about them. Apart from this, timely notification, product upgradation, and new features are sent through e-mail. Large numbers of websites aim at providing information and data to the general public; however, there exist some significant sites on the Internet that cater to the business communities. These sites are called intermediaries and their sole purpose lies in making buyers to interact, trade, and make purchases from the sellers.

  2. Ordering: This process involves customers to electronically place order for the company's goods and services. Placing of order requires use of client/server application where order of goods or services is placed on the electronic form available on the company's website.
  3. Online payment: This process is crucial in e-commerce. The payment activity requires the use of high security to protect online money transactions from any unauthorized use. In most cases, data are transferred in encrypted form on a secured medium. Different mechanisms for payment are available on the Internet and the customers can use any of them.
  4. Fulfilment: Modern businesses are highly dependent on the massive amount of information and precious data, which is continuously being transferred over the computer network across the world. Many online-trading companies make use of the Internet for transferring funds, generating money, and providing information product (e.g., newsletter, articles, stock prices, reports, etc.). However, when product takes the shape of physical entity, the support of EDI (electronic data interchange) is required to clear the sale of product to the buyer with up-to-date-delivery notification issued to the buyer's e-mail.
  5. Support and services: They are regarded as one of the most important processes in e-commerce activity. The continuing relationship of an organization with customer depends on the kind of support and services provided to the customers. The relationship of an organization with the customer starts with the sale of the product. It might happen that customer will require assistance with product and services in future. Therefore, items such as technical notes, FAQs, and support documentation should be available on the company's website.

3. Compare e-commerce with traditional commerce.

Ans.: Both traditional commerce and e-commerce are used as a means of carrying out business. The traditional commerce uses outdated methods, whereas e-commerce adopts easy and fast business methods. The comparison between traditional commerce and e-commerce is listed in Table 18.1.

Table 18.1 Comparison Between Traditional Commerce and E-commerce

S. No.   

 Traditional Commerce E-Commerce

1.

 It refers to buying and selling of goods and services, involving exchange of money, and transporting goods from one place to another by physical means. It refers to carrying business communications and transactions (selling and purchasing of products or services between two entities) using computers over the Internet or any other form of network.

2.

 The customer should be physically present during the exchange of goods. The customer needs not to be present physically.

3.

 It is a very time consuming process. It is a fast and efficient process as compared to its counterpart.

4.

 The information about the products or services can be acquired through catalogs, magazines, or flyers. Product information can be acquired through websites such as www.amazon.com and www.onlineshopping.com.

5.

 Orders are sent or received via fax or mail. Orders can be sent or received through e-mail or EDI.

6.

 It involves heavy overhead cost due to the requirement of maintaining a storefront. Overhead costs are nominal.

7.

 Middleman such as sales representatives need to be hired for interaction between the buyer and the purchaser. The buyer and purchaser can communicate directly with each other to carry out transactions. This eliminates the need of middleman what is known as disintermediation.

8.

 Businesses cannot be moved easily. It requires a huge cost. It is easier, faster, and usually less expensive to move the business and reaching the customers worldwide.

9.

 The business is confined to a small geographic area. An e-commerce business caters to the global market.

4. What is the expected size of worldwide e-commerce market?

Ans.: The era of e-commerce began during 1970s when banks introduced the use of electronic funds transfer (EFT) for payments over secure private networks. During early 1980s, e-commerce was immensely being used in companies in the form of e-mail and EDI. In early 1990s, the advent of WWW on the Internet proved a turning point in the growth of e-commerce. It made e-commerce an economic way of conducting business. Since then, the amount of trade being conducted electronically has dramatically increased. Today, the e-commerce market is vast and it is still growing.

It is very difficult to determine what the exact size of global e-commerce market is because of comparatively high cross-border sales that are taking place. A few market surveys have been conducted worldwide that can be analyzed to estimate the size of e-commerce market. Some of these surveys are described as follows:

images The e-commerce market size of Europe by 2006 was $133 billion and according to analysts, it is likely to reach $407 billion by 2011. This shows how rapid the growth of e-commerce has been.
images The size of British e-commerce market was estimated at $84 billion in 2007 that is 39% higher than the figures of 2006.
images In 2009, the total e-commerce sales in the United States (US) were approximately $134.9 billion—2% increase from 2008.
images In China, the amount of online trade was estimated at 248.35 Yuan in 2009 and it is likely to reach 1 trillion Yuan by 2013.
images Fuelled by sustained growth of online travel industry, the Indian e-commerce market is expected to rise at an impressive growth rate of 47% to over 46,000 crore in 2011 calendar year.

5. Explain the different types of electronic payment systems.

Ans.: The method of making payment on the Internet is essentially the electronic version of the traditional payment system, used in everyday life. The fundamental difference between the electronic payment system and the traditional one is that every transaction is carried in the form of digital string. Generally, there exist three major types of electronic payment systems:

  1. E-cash: It is one of the systems that fit small-scale commercial transactions in real-time environment on the Internet. In e-cash, the currency is transformed into an electronic form. A bank issues electronic money and debits the customer's account by withdrawing the specified amount from the customer's account, which equals the value of currency (token) issued to the customer. The bank then authenticates each token with the digital stamp before transmitting it to the customer's computer. Now, whenever the customer wants to spend e-cash, a token of proper amount to the merchant is transmitted who then relays them to the bank for verification and redemption. To ensure that no fraudulent activity occurs, the bank records the serial number of each token that the customer spends. If the serial number of the token was already recorded in the bank's database, the bank would inform the merchant for its invalidity.
  2. E-cheque: The payment mode for e-cheque is not much different from the paper cheque. A paper cheque is a kind of message given to the consumer's bank to transfer adequate fund from one customer's account to someone else's account. The message is sent to the intended receiver of the fund who presents the cheque to the bank in order to collect the money. In all aspects, it also has the same features as the paper cheque. It sends a message to the receiver who endorses the cheque and presents it in his bank to obtain money. One advantage that e-cheque has over paper cheque is that it provides protection to the customer's account by encoding the account number with the bank's public key. This prevents the merchant from knowing the customer's account, thereby eliminating the chances of fraudulent transactions.
  3. Credit card: In credit card payment, customer gives a preliminary proof of the ability to pay by giving the credit card number to the vendor. The vendor then verifies it from the bank, and issues a purchase slip for the consumer to endorse. The vendor then uses a copy of the purchase slip to collect money from the bank and in the next billing cycle, the consumer receives a statement of recorded transaction at the address specified by the customer. Using the credit card to make purchases over the Internet requires additional steps to make transaction secure for both buyer and seller. Credit card information is sent as encrypted credit card number over the Internet.

6. Explain the various requirements of an e-commerce system.

Ans.: There are several basic requirements that should be met for an e-commerce system:

images Merchant bank account: During online business transactions, the payments are made generally through credit cards. In order to accept credit cards over the Internet, you need an account with a merchant account provider (referred to as acquiring bank). The acquiring bank is responsible for the online authorization of credit cards and payment processing. Today, an endless amount of acquiring banks are available each of which charges a varying processing fee per each transaction processed. You can easily search for the desired one through the Internet and open an account with it.
images Customer issuing bank: It is a financial institution that issues a payment instrument to the customer and is responsible for the debt payment of credit card's holder.
images Credit card association: It is a financial institution that offers credit card services such as MasterCard and Visa card. These services are branded and distributed by the customer issuing bank.
images Web hosting package: To host your website on the Internet, a web hosting package is required. There are two possibilities for hosting your website. First, you can set up or maintain your own web server and second, you can choose some Internet Service Provider (ISP) for web hosting administration. ISP is a company that provides Internet access and some hard drive space on their web servers to host the website. As it proves quite expensive to set up and maintain your own web servers, this option is usually chosen by large organizations.
images Shopping cart application: It is the software that is set up by the merchant for displaying the products and services offered as well as for pricing, shipping charges, and taxes calculations. This application executes on an online transaction server (provided by an online transaction provider) that is located elsewhere on the Internet. An online transaction provider may either sell or rent the use of an online shopping cart (web store) to you for your business. An example of shopping cart application is SoftCart by Mercantec.
images Registered domain name: A domain name is a unique name that identifies a website on the Internet and represents the name of the web server where the web pages reside. For example, www.yahoo.co.in and www.nic.in are some valid domain names. Before you can be online, you need to register for a domain name on the Internet through a domain name registrar. The domain name registrar offers you the available domain names from which you can choose the one you want others to use for finding your website. Note that you also need to pay a registration fee to the registrar for keeping your website active on the Internet.
images Payment gateway: It is a service that connects merchants, customers, and financial networks with one another for processing credit card authorization and payment. Usually, a third party such as VeriSign is responsible for the operation of payment gateway.
images Processor: It is the large data centre that is responsible for processing the credit card transactions and settling funds to merchants’ accounts. It is connected to the merchant's site via the payment gateway on the behalf of the acquiring bank.
images Digital certificate: It is also referred to as secure sockets layer (SSL) server certificate. It is an electronic document that enables SSL on the web server. It provides the basis for secure credit card transactions over the Internet by enabling each person involved in a transaction to verify the identity of others easily and quickly. Every e-commerce company that offers online web store needs to have SSL to enable secure communication.

7. Explain how e-commerce works.

Ans.: To understand the working of e-commerce, consider A is a customer and B is a merchant. A visits B's website through the Internet where he/she finds various products and services offered by B and decides to make a purchase. In a typical scenario, the following steps will be involved in making such transaction to happen:

  1. A visits the web store by clicking on a link or button (such as Buy Now, Shop Online, or image of a shopping cart button) on the web page. As A does this, he/she gets connected to the online transaction server running the shopping cart application.
  2. To make a purchase, A inputs his/her credit card details.
  3. A's web browser encrypts the information and sends it to B's web server. This is done via SSL encryption.
  4. From the B's web server, the transaction information is forwarded to the payment gateway. This is also an SSL encrypted connection.
  5. The payment gateway then sends the transaction information to the processor used by B's acquiring bank.
  6. The processor forwards the transaction information to the credit card association that further sends the information to A's issuing bank.
  7. The issuing bank checks the authorization of credit card and sends the response (either approved or declined) back to the processor.
  8. The processor sends back the response to the payment gateway that further passes the response to B's website.
  9. Depending on the result received, B accepts or rejects the transaction accordingly.
  10. After the payment has been authorized, the settlement process begins where the money is transferred from A's account to B's account. To settle the transaction, B sends a request to the payment gateway.
  11. The payment gateway sends details of the transaction to be settled to the processor.
  12. The processor further passes these details to A's issuing bank as well as to B's acquiring bank.
  13. The issuing bank admits B's charge on A's credit card statement and debts A's account, while the acquiring bank credits B's account.

8. Explain the technology infrastructure components of e-commerce.

Ans.: For making e-commerce to succeed, certain technology infrastructure components are required that include hardware, software, and Internet. For supporting a large volume of transactions happening among customers, suppliers, and other business partners, these components must be integrated.

Hardware

The web server is the basic hardware component of an e-commerce technology infrastructure. It works in conjunction with the software for performing successful e-commerce transactions. One of the major issues in front of e-commerce companies is to decide what should be the storage capacity and computing power of the web server. The required storage capacity and computing power of the web server depends on the software installed on the server as well as the amount of transactions to be processed on the server. Though the software can be easily defined by the IT staff and business managers, estimating the amount of traffic the site will generate is difficult. This is because the number of transactions may increase or decrease at any time.

E-commerce companies can adopt either of the following approaches to set up the web server:

images They can take the web services of a third-party (i.e., ISP) that provides them web space on its web server with a high-speed Internet connection. ISP also provides maintenance service of the web server.
images They can set up and maintain their own web server. This approach requires trained individuals and a large capital.

Whichever approach is chosen, there should be proper hardware back-up in case of any web server failure.

Software

It forms an integral part in e-commerce technology infrastructure as it enables the web server to perform services such as security, authentication, web page access, and web page construction to the clients. Many web server software packages are available in the market out of which Microsoft Internet Information Server (IIS) and Apache HTTP server are commonly used. Various software components included in these packages are discussed as follows:

images Website development tools: These include a HTML/visual web page editor such as Microsoft FrontPage and software development kits that consist of sample code along with coding instructions for programming languages such as Visual Basic and Java. These tools also provide support for uploading web pages from a PC on to a website. Which development tools are included in the web server software package depends on which web server software has been chosen.
images Web page construction software: This software uses the web editors for creating both static and dynamic web pages. Static web pages are the ones that contain information which always remain same. For example, a web page that presents photo of corporate headquarters or contains history of your organization is static. In contrast, information on dynamic web pages can change and these web pages are generated in response to the specific request made by the user. For example, consider a user who wants to check the availability of a particular product. For this, he/she enters the desired product number. To fulfil the user's request, the web server searches through the inventory database and builds a web page showing the current status of the product it found. Now, if the same request is made by the user at some later time, the web server may generate a different web page.
images E-commerce software: After building the host server that includes hardware, operating system, and web server software package, now it is time to install the e-commerce software. It further comprises three software components: catalog management, product configuration, and shopping cart. Catalog management software helps in building and maintaining online catalogs. It adds different products data formats together into a standard format for uniform viewing, aggregating, and integrating catalog data into a central repository. This enables accessing or retrieval of data easier as well as changes in availability and price can be updated easily. An example of catalog management software is the Corporate Express. Product configuration software tools help B2B salespeople in matching their company's products with that of customers’ requirement. The buyers can now build the product they need online using the web-based product configuration software requiring little or no assistance from the salespeople. Shopping cart software is another kind of software used by e-commerce websites to keep track of the items selected for purchase. The customers can view, add, and remove items form the shopping cart any time. Whenever an item is added in the cart, the details of that item such as its price, product number, etc. are automatically stored.

Internet Protocol (IP) Address

IP address is a 32-bit number that uniquely identifies every system connected to the Internet. This 32-bit number is divided into four 8-bit segments that are separated by a period (e.g., 192.168.0.1). By using this address, a user can access a particular site. The IP addresses are hard to remember due to which domain names are assigned to each address for reducing the complexity. A domain name consists of two levels: top-level domain and lower-level domain. The top-level domain name identifies the country, organization, or institutes: for example, ‘in’ stands for India and ‘edu’ for education. The lower-level domain name is a unique name that identifies the host server. When the user types a domain name, the corresponding IP address is located and the server associated with that IP address is accessed. Therefore, IP addresses are used to access the different systems involved in e-commerce business set-up.

ISP

It is a company that provides Internet connection to individuals and organizations, and acts as the lifeline of the e-commerce business. For using the Internet services, you must have an account with an ISP. In addition, having software that allows direct link through TCP/IP is also a must. Apart from an Internet connection, other services provided by ISP include network to connect employees and business partners, host computers to establish websites, web transaction processing, network security, and administration. Many companies avail these services as they do not have the in-house expertise and the time to develop such services. By using the ISP-hosted network, the companies can also tap the ISP's national infrastructure at minimum cost. Mostly, ISPs charge a monthly fee ranging between $15 and $30, while there are some who are experimenting with low or no fee at all.

Internet Presence Providers

As the name implies, the Internet presence providers provide presence on the Internet by hosting the web pages of the user on the Internet. Some companies offer Internet mall having spaces for several vendors to sell their products. To avail space for an electronic store on the Internet, a vendor has to pay some processing fee along with the traffic charge. This space is actually the disk space where the store's website will be saved.

9. Discuss the role of security in e-commerce.

Ans.: With the continual increase in the number of online consumers, e-commerce security is becoming the main concern for merchants and consumers all over the globe. As more and more businesses are switching to e-commerce solutions, the risk of exposing crucial corporate information to external parties is also increasing. A typical e-commerce transaction involves information regarding products or services, order, delivery, and payment (credit card details). All this sensitive information is transferred through the Internet, which is a public and un-trusted network. Though the Internet is an efficient means for communication, it brings with itself many security risks such as virus intrusion, hacking, password cracking, spoofing and sniffing, phishing and identity theft, and denial of service (DoS) attacks. Thus, security is an important issue for companies doing online businesses.

In an e-commerce system, there are six key dimensions to security including integrity, authenticity, nonrepudiation, confidentiality, privacy and availability. If any of these is compromised, it is a security issue:

  1. Integrity: It refers to the ability of ensuring that the message/information sent or received through the Internet or the information displayed on the merchant's website has not been modified by intruders. If any changes have been made, it means the integrity of the information is no longer preserved. This is because the receiver has not got the actual message that was sent by the sender.
  2. Authenticity: It refers to the ability of identifying whom you are communicating with on the Internet. Authentication is must so that no one can spoof or misrepresent himself/herself to the other. For example, the customer must be assured that the merchant is really who he/she says he/she is.
  3. Nonrepudiation: It refers to the ability of ensuring that no party or person involved in an e-commerce transaction can later deny their online actions. This is required because a customer after ordering online may easily claim that he/she has not done so. In such cases, the merchant should be able to prove that the order has come from the intended customer and not from anyone else. Similarly, the merchant after receiving a message should not be able to modify the contents of the message. If it happens, the customer must be able to prove that the merchant has created a forged message.
  4. Confidentiality: It refers to the ability of maintaining secrecy of the message that is being transmitted over the network. Only the sender and the intended receiver should be able to understand and read the message and no eavesdropper should be able to read or modify the contents of the message. Therefore, the users want their message to be transmitted over the network in an encrypted form.
  5. Privacy: It refers to the ability of controlling the use of information provided by oneself. For example, when a customer gives his/her details to the merchant, then this information must not be disclosed to unauthorized users and must be used positively by the merchants. To ensure privacy, the merchants must establish internal policies.
  6. Availability: It refers to the ability of ensuring that the information is available all the time to the authorized users. If the information is unavailable to the authorized users, then it is of no use. It is also equally important for the organization because unavailability of information can adversely affect the day-to-day operations of the organization. For example, imagine the status/service of the bank, if the customers could not be able to make transactions from their accounts.

10. Discuss various security threats in the e-commerce environment.

Ans.: The security of e-commerce can be compromised by different types of security threats.

Malicious Software

Malicious software (shortened form malware) are the programs that generate threats to the computer system and stored data. They could be in any of the following forms:

images Virus: It stands for Vital Information Resources Under Seize. It is a program or small code segment that has the capability to attach itself to existing programs or files and infect them as well as replicate itself without the user's knowledge or permission. It enters into the computer system from external sources like CD, pen drive, or e-mail and executes when an infected program is executed. Further, as an infected computer gets in contact with an uninfected computer (e.g., through computer networks), it may pass on to the uninfected system and destroy the files.
images Worm: It is an independent program capable of replicating itself in the computer memory. In that sense, it is similar to virus. However, it does not attach itself with other existing programs or files in order to get executed by users rather it operates on its own. Therefore, it spreads faster than computer viruses. Both worms and viruses tend to fill the computer memory with useless data thereby preventing you from using the memory space for legal applications or programs. In addition, it can destroy or modify data and programs to produce erroneous results as well as halt the operation of the computer system or network.
images Trojan horse: It is a program that appears to be legal and useful but concurrently does something unexpected like destroying existing programs and files. It does not replicate itself in the computer system and hence, it is not a virus. However, it usually opens the way for other malicious software (like viruses) to enter into the computer system. In addition, it may also allow unauthorized users to access the information stored in the computer.
images Logic bomb: It is a program or portion of a program that lies dormant until a specific part of program logic is activated. The most common activator for a logic bomb is date. It periodically checks the computer system's date and does nothing until a pre-programmed date and time is reached. It could also be programmed to wait for a certain message from the programmer. When it sees the message, it gets activated and executes the code. It can also be programmed to activate on a wide variety of other variables such as when a database grows past a certain size or a user's home directory is deleted. For example, the well-known logic bomb is a Michelangelo, which has a trigger set for Michelangelo's birthday. On the given birth date, it causes system crash or data loss or other unexpected interactions with existing code.

Unwanted Programs

Besides malicious software, certain unwanted programs may also challenge the security of e-commerce environment:

images Spyware: It is a small program that installs itself on the computer to gather data secretly about the computer user without his/her consent and report the collected data to interested users or parties. The information gathered by it may include e-mail addresses and passwords, net-surfing activities, credit card information, etc. It often gets automatically installed on your computer when you download a program from the Internet or click any option from the pop-up window in the browser.
images Adware: While visiting certain sites, you must have noticed that some pop-up ads automatically display. This happens with the help of adware programs. These programs are used typically without any criminal intent; their purpose is just to annoy the users. Examples of adware programs include PurityScan and ZangoSearch.
images Browser parasite: As the name implies, it is a program that is used to monitor and modify the settings of the web browser of a user. For example, it can change the default home page of the browser or can send the detail of sites visited by the user to some remote computer, etc.

Phishing

It refers to a fraudulent attempt made by a third party to acquire the confidential information of a user (such as usernames, passwords, and credit card details) during electronic communication. The attacker misrepresents himself/herself as a legitimate entity and fools the user by directing him/her to enter details at some fake website. The most common targets of phishing attack include online shopping and online banks.

Hacking and Cybervandalism

Hacking refers to an unauthorized access to computer in order to exploit the resources. Hackers are persons with the intention of finding some weak points in the security of websites and other computer systems in order to gain unauthorized access. In hacking community, the hackers with the criminal intent are often termed as crackers, but in mass media, these two terms are often used interchangeably.

The activities of hackers are not limited to only gaining the unauthorized access to systems, but also include stealing and destroying the confidential information. They can also introduce viruses in the network, which can enter database or other applications and crash the whole server. In addition, they can also modify links in websites to redirect the sensitive information to the database of their interests.

Apart form hackers and crackers, there are certain persons with more malicious intents. Such persons may intentionally disrupt, damage, or even destroy the site. This is what is known as cybervandalism.

Credit Card Fraud/Theft

One of the most feared incidents on the Internet is the theft of credit card details. Users are mostly afraid of disclosure of their credit details to malicious persons and thus, generally refrain from doing online transactions. The major reason behind credit card fraud/theft is the hacking of corporate server where the information regarding millions of credit card transactions is stored.

Spoofing and Sniffing

Hackers often spoof by hiding their identity and pretending themselves as someone else by using fake addresses. They can divert a web link to some other address that is of hacker's interest. For example, a link directed to a duplicate e-commerce website created by a hacker can help him in collecting and processing orders, stealing sensitive customer information, etc.

Sniffer programs are used to listen to the data travelling in the network without the permission of the sender of the data. These programs, if used in the right way, can help in finding network trouble spots or criminal activities on the network. They can also be used for criminal activities like extracting e-mail messages, files, and confidential reports.

DoS and distributed DoS attacks

Hackers mischievously flood a network server or a web server with so many false requests for services in order to crash the network. In this situation, the server is not able to serve the genuine requests. This attack is known as DoS attack. A variant of DoS attack is distributed DoS (DDoS) attack in which numerous computers are used to generate the false requests for a network. Using numerous computers help the hacker to flood the network with false requests very quickly.

Note that DoS attack does not damage information or access the restricted areas but it can shut down a website, thereby making the site inaccessible for genuine users. Such kinds of attacks result in a huge loss of business if used on busy e-commerce sites such as eBay and Buy.com because the customers cannot make purchases while the site is shut down.

11. How can we implement security in e-commerce?

Ans.: There exists a variety of security mechanisms that can be used to implement security in e-commerce environment: encryption, digital signature, digital certificate, SSL, and SET.

Encryption

It refers to a process of transforming an original message into an unintelligible form that can be read only by the intended sender and receiver and no one else. The original unencrypted message that the sender sends is referred to as plaintext, while the encrypted message that the receiver receives is referred to as ciphertext. The sender encrypts the plaintext to produce the ciphertext which is then sent to the receiver. To read the message, the receiver needs to transform the ciphertext back into the plaintext. This process is known as decryption. It is mainly used to secure the information transmission as well as stored information. It ensures message integrity, confidentiality, and authentication.

To perform encryption/decryption, an encryption/decryption algorithm and a key are used. A key is usually a number or set of numbers on which the encryption/decryption algorithm operates. Traditionally, the same key was used for encryption and decryption (symmetric-key encryption), while now encryption and decryption are performed using separate keys (asymmetric-key encryption)

The symmetric-key encryption, sometimes also called secret-key encryption, uses a single shared key (secret key) for both encryption and decryption of data. Thus, it is obvious that the key must be known to both the sender and the receiver. The sender uses the shared key and the encryption algorithm to transform the plaintext into the ciphertext. The ciphertext is then sent to the receiver via a communication network. The receiver applies the same key and the decryption algorithm to decrypt the ciphertext and recover the plaintext. Some examples of symmetric-key algorithms include Data Encryption Standard (DES), double DES, triple DES, and Advanced Encryption Standard (AES).

The asymmetric-key encryption, sometimes also called public-key encryption, was introduced by Diffie and Hellman in 1976. It involves the use of two different keys for encryption and decryption. These two keys are referred to as the public key (used for encryption) and the private key (used for decryption). Each authorized user has a pair of public and private keys. The public key of each user is known to everyone, whereas the private key is known to its owner only. Suppose that a user A wants to transfer some information to user B securely. The user A encrypts the data by using the public key of B and sends the encrypted message to B. On receiving the encrypted message, user B decrypts it by using his/her private key. Since decryption process requires the private key of user B, which is only known to B, the information is transferred securely. RSA is a well-known example of asymmetric-key algorithm.

Digital Signature

It is an authentication mechanism that allows the sender to attach an electronic code with the message in order to ensure its authenticity and integrity. This electronic code acts as a signature of the sender and hence, named digital signature. It uses public-key encryption technique. The sender uses his/her private key and a signing algorithm to create a digital signature, and the signed document can be made public. The receiver, on the other hand, uses the public key of the sender and a verifying algorithm to verify the digital signature.

To understand how digital signature works, suppose user A wants to send his/her signed message to user B through the network. To achieve this communication, follow the steps given below:

  1. User A uses his/her private key (EA), applied to a signing algorithm, to sign the message (M).
  2. The message (M) along with A's digital signature (S) is sent to B.
  3. On receiving the message (M) and the signature (S), B uses A's public key (DA), applied to the verifying algorithm, to verify the authenticity of the message. If the message is authentic, B accepts the message; otherwise he/she rejects it.

The private and public keys used in digital signatures are different from the private and public keys used in public-key encryption. In the former case, the private and public keys of the sender are used to create and verify the digital signature, respectively. However, in public-key encryption, the public and private keys of the receiver are used for encryption and decryption of the message, respectively. Digital signature ensures message integrity, authentication, and non-repudiation. It does not ensure message confidentiality directly. For this, it must be used along with encryption.

Digital Certificate

In e-commerce world, one of the major problems that often occur is how one can be sure that the other party really is what it claims to be; anybody having a combination of public and private keys can claim to be what it is not. For example, when a customer wishes to make a transaction through online bank such as sbi.co.in, he/she needs to be assured that it really is sbi.co.in and not a spoofer misrepresenting as sbi.co.in. To provide such assurance in digital world, digital certificates are used.

It is an electronic document that signifies the association between the user and his/her public key. It is digitally signed and issued by a trusted third party, referred to as certificate authority (CA). It contains the name of the user, his/her public key, a digital certificate number, issuance date, expiration date, the digital signature of CA (i.e., the name of the CA encrypted with its private key), and other identification information.

To obtain a digital certificate, a user needs to present his/her public key to the authority. The user can then publish his/her certificate. Now, any other user wishing to get the public key can obtain the certificate and verify its validity by means of the attached digital signature of the CA. The user can also send its key information to another user by transmitting his/her certificate. The users can easily verify that the certificate has been generated by the CA only and is not a fake certificate. Moreover, only CA can create or update the certificates. This way the digital certificates can enable the e-commerce participants to validate each other's identities at the point of purchase, thus, providing the basis for secure online transactions. In addition, they also tend to increase the speed and security of online transactions, thus, making the possibilities of instant sales and communication via the Internet more feasible.

SSL

It is a protocol developed by Netscape Corporation in 1994 to provide exchange of information between a web browser and a web server in a secured manner. Its main aim is to provide entity authentication, message integrity, and confidentiality. It is an additional layer located between the application layer and the transport layer of the TCP/IP protocol suite. All the major web browsers support SSL. It comes in three versions: 2, 3, and 3.1. Among these, version 3 is the most popular version that was released in 1995. It provides authenticity, data integrity, and confidentiality.

To start with, the web browser (client) sends a request for secure session to the merchant's server. If the server can grant the request, the session ID and the method of encryption to be used are negotiated between the two. The client and server exchange their digital certificates to establish one another's identity. The client generates a session key and creates a digital envelope (the container of session key) encrypted using the public key of the server. Then, it sends the digital envelope to the server. The server decrypts the envelope using its private key to retrieve the session key. After the session key has been exchanged, the encrypted transmission using the session key begins; the URL of the documents requested by the client, its contents, cookies exchanged, and contents of forms are encrypted using the session key.

SET

The secure electronic transaction (SET) is a protocol used for secured credit card transactions over the Internet. SET itself is not a payment system; rather it contains the security protocols and formats that are used to provide security to the credit card payments made by a user on a public network such as the Internet. The SET concept was started as early as the year 1996, but the first product came to be available in the year 1998. It mainly provides three services:

  1. It provides a secured medium of communication for all the parties involved in a communication.
  2. It provides trust by the use of X.509v3 digital certificates.
  3. It has got complete privacy as the parties involved in the communication can access the information only when and where necessary.

12. What actions can you take to minimize the risk of being a victim of e-commerce fraud?

Ans.: When dealing with e-commerce, a number of security threats can occur to consumers and site operators. One of the most common threats is identity theft. This threat can happen to anyone as there are numerous methods through which a criminal can steal individual's personal identification information such as social security number, ATM cards, credit card details, etc. After stealing such information, the criminals can use it to impersonate their victims and commit crime. For example, in an e-commerce transaction, where a consumer uses his/her credit/debit card to make payments, the criminal can steal the consumer's confidential details and spend as much money as he/she can in a short period of time.

You cannot prevent an e-commerce fraud completely. However, you can minimize the risk of fraud by following certain tips:

images Use credit card instead of debit card while making payments online. This is because you are better protected from fraud when using credit cards.
images Pay attention to see how the magnetic stripe information is being swiped by the clerk while paying bills through credit or debit cards at restaurant and stores. This is because a fraudulent clerk can use a small handheld device named skimmer for swiping the card quickly and then can later download the user account number on his/her PC.
images Keep a record of all your account numbers, credit/debit card details, and investments at a safe place so that specified organization can be contacted quickly in case of any fraud.
images Use strong passwords and PINs so that they cannot be easily detected by an attacker. For a strong password, use combination of alphabets, letters, and special characters.
images Always take credit/debit card receipts along with you and never throw them in public dustbin.
images Do not provide your credit/debit card number, SSN, or other personal information through phone or e-mail unless you trust the other party.
images Install strong firewall on you PC to protect the confidential data residing on your hard disk from being hacked.
images Install appropriate antivirus software to prevent your PC from malicious software such as virus, worms, etc.
images Always protect the files containing sensitive information with the help of passwords.
images Always transact with those companies that offer transaction security protection and that employ strong security and privacy rules.
images Avoid giving personal information, SSN, and credit/debit card numbers to any instructed party who calls and offers any interesting package to victimize you.
images Never respond to phishing e-mail messages as such e-mails sent by the hackers to obtain personal information of customers.

13. List some advantages and disadvantages of e-commerce.

Ans.: Every innovation in technology comes with certain benefits and limitations. The same is the case with e-commerce.

Some of the advantages of e-commerce are as follows:

images 24/7 access: Online businesses never sleep as opposed to conventional businesses. Consumers can access goods and services anytime they want.
images Reduced prices: The cost of product is reduced since stages along the value chain are decreased. For example, intermediaries can be eliminated by the company by directly selling to the consumer instead of distributing through a retail store.
images Global marketplace: Consumers can shop anywhere in the world. This also provides a wide selection of products and services to consumers.
images Increased potential market share: Internet enables businesses to have access to international markets thereby increasing their market share. Companies can also achieve greater scale of economies.
images Lower cost of advertising: Advertising on the Internet costs relatively less than advertising on print or television media. A company can spend a lot on advertising on the Internet if the company hires an external party to create their advertisement.
images Low start-up cost: Anyone can start a company on the Internet. Start-up costs are lower for companies since there is less need for money for capital assets.
images Secure payment systems: Recent advancements in payment technologies allow encrypted, secure payment online.
images Lower cost of practicing business: Less number of employees; purchasing costs; order-processing costs associated with fax, phone calls, data entry, etc.; and eliminating physical stores result in reduced transaction costs.

Some of the disadvantages of e-commerce are as follows:

images Lack of personal examination of products: Buying products through the Internet do not allow physical examination of products. Images of the products may be available for viewing, however, there is a risk involved in the uncertainty of the quality of the product that the consumer is purchasing.
images Hardware and software: There are specific hardware and software that are essential to start an e-commerce company, which are bulky and costly.
images Distribution problems: Distribution must be very efficient especially when catering to a global market.
images Maintenance of website: E-commerce websites must be maintained and updated regularly, which leads to extra labour costs.
images Extra costs: Even though the company may initially save money by cutting middlemen and not having to invest much on capital assets, other costs may be incurred that include start-up costs of the company in terms of hardware, software, training of employees, costs to maintain the website, and distribution costs.
images Training and maintenance: It is important to have well-skilled and trained workers to create and maintain e-commerce facilities of a company.
images Security risk: An e-commerce business exposes itself to security risks and may be susceptible to destruction and disclosure of confidential data, data transfer, and transaction risks (as in online payments), or virus attacks. The possibility of stealing credit card numbers is one of the major threats in e-commerce activity.

14. List and explain the applications of e-commerce.

Ans.: Nowadays, e-commerce is widely used in various applications:

images E-banking: It is also known as online banking or Internet banking. It allows customers to avail banking services electronically via the Internet. Today, almost all the banks facilitate e-banking, which can be either transactional or non-transactional. Transactional e-banking allows the customers to perform financial transactions like paying a bill, transferring money, etc. on a secure website. On the other hand, non-transactional e-banking allows the customers to access their accounts or view account statements. An account holder can avail the e-banking services by making a request to the bank for activating e-banking for his/her account. In response, bank provides a login id and one (for non-transactional e-banking) or two (for transactional e-banking) passwords. The login id and password(s) are required each time the account holder uses e-banking.
images E-shopping: It is also known as online shopping. It means purchasing products or services via the Internet. The popularity of e-shopping has been increasing day-by-day and you can find many online stores such as ebay.com, indiatimeshopping.com, amazon.com, flipkart.com, etc. The online stores offer almost every type of product like books, toys, clothes, household appliances, etc., and provide the product description along with their prices. Therefore, consumers can easily compare the prices of a product offered by different online stores before purchasing it.
images E-reservation: It is also known as online reservation. It refers to the process of making reservation electronically via the Internet. Nowadays, a number of websites facilitate e-reservation for booking a hotel room; a ticket for railway, airline, or movie; etc. from your home or office. Some of these are irctc.co.in, bookmyshow.com, and makemytrip.com. These sites enable you to view the availability status, reserve a ticket, and cancel a ticket from the Internet. This saves time to hang up in queue waiting for your turn to enquire and reserve/cancel ticket.
images Online stock trading: Today, we can even deal with stocks and shares through e-commerce. Some of the sites that enable to trade online are 5paisa.com and equitymaster.com. You can register with these sites at a nominal cost and take benefit of their services. In addition to online buying/selling of stocks and shares, some other services provided by these sites are market analysis and search, tracking market trends, 24-hour helpdesk, research on equity and mutual funds, and hotline for advice on risk management.
images Online travel and tourism services: The travel and tourism industry is a collection of many suppliers and millions of consumers. Traditionally, travel agents work as intermediary between customers and suppliers for services. However, with the advent of e-commerce, users are encouraged to plan holiday trips online according to their budget and need without contacting any travel agents. Thus, online travel and tourism services play an important role in bridging the gap between travel service providers and customers. Some of the popular sites offering these services are yatra.com, makemytrip.com, etc.
images E-placement: E-commerce has also enabled the provision of online employment services. There are a number of job portals such as naukri.com, monster.com, and timesjob.com that provide job seekers with suitable employment opportunities at the click of a mouse. In these portals, there are different directories that are categorized under Employers and Job Seekers. If you are a job seeker, you can freely register with such sites, while if you are an employer, you need to pay some processing fee. In today's world time, this resource is considered important for both the job seeker and the employer as it saves time.

15. Define e-business.

Ans.: Electronic business or e-business is the broader term that not only comprehends e-commerce but also includes activities that endorse the business transactions like marketing, delivery, advertising, payment, etc. It intends to execute all the activities in a business enterprise using the Internet and digital technologies. It also encompasses activities that are required for managing the firm internally and for coordinating with customers, suppliers, etc.

16. What is e-governance? What are its advantages and disadvantages?

Ans.: Electronic governance or e-governance refers to the application of information technology (IT) in the processes of government functioning in order to make the work simple, moral, accountable, responsive, and transparent. It basically means ‘paperless work’ operation in government organizations. It facilitates initiatives towards synergic utilization of IT tools for efficiency and effectiveness in public administration.

The implementation of e-governance would lead to the following advantages:

images The efficiency of the current system will improve which in turn would save time and money.
images Switching from a heavily paper-based system to an electronic system would lessen the manpower requirement. As a result, the operational cost would reduce.
images A better communication will be provided between the government and businesses; even the small businesses would be able to compete for government contracts along with larger businesses, thus making the economy stronger.
images Since all the government information, policies, and services would be available online, a greater transparency of government services would be reflected.
images Due to the availability of mobile connections throughout the world, the services of an e-government would be accessible to everyone regardless of their locations.

Some of the disadvantages of e-government are as follows:

images Bringing the government services to an electronic form would result in lack of person-to-person communication.
images Websites would have to be maintained and updated on regular basis, thus leading to extra organizational cost.
images An efficient e-governance system would require the accessibility of Internet to all or majority of citizens. To connect to government websites, one would need Internet-enabled devices, routers, and connection infrastructure. All this would incur a great cost that is not possible for less developed economies.
images Almost every citizen should be able to use the computer and access the Internet in order to avail the e-government services; illiterate people would not be able to use the services and would need assistance. Thus, well-skilled and trained customer service officers would be needed.

17. What is EDI? How it works?

Ans.: Earlier, companies used paper medium for conducting business. They used to enter data into a business application, print the form containing data, and mail this form to a trading partner. The exchange of information between companies relied heavily on the postal system. The trading partner, after receiving the form, re-keys the data into another business application. Inherent in this process are poor response times; use of the postal system can add days to the exchange process, excessive paperwork for both companies involved in the exchange, and the potential for errors as information is transcribed. The advent of business computers has enabled companies to process data electronically, that is, exchanging information via electronic means. EDI has been defined as the computer-to-computer transfer of information in a structured and predetermined format.

Working of EDI

EDI software has four layers: business application, internal format conversion, EDI translator, and EDI envelope for document messaging (Figure 18.1). At the sender's side, these four layers package the information and then this package is sent over the value-added network (VAN) to the target side where the four layers follow the reverse process to obtain the original information.

images

Figure 18.1 EDI Transmission of Information

The first layer (business application) in EDI process creates a document, that is, an invoice in a software application. This software application uses internal format conversion to convert the document into the form EDI translator can understand and sends the document to an EDI translator. EDI translator automatically reformats the invoice into the agreed EDI standard by both the business entities. Then this business information is passed on to EDI envelope for document messaging where business information is wrapped in the electronic envelope of ‘EDI package’ and it is mailed to the trading partner over VANs. The receiving trading partner receives this EDI package and the process is reversed to obtain the original invoice in the format the receiving trading partner can understand and it is sent to the application to process the invoice.

To understand the process of EDI, consider an example of an organization that has to send purchase orders to different manufacturers. To accomplish this, the following steps are required:

  1. Preparation of electronic documents: The first step is to collect and organize the data by the organization's internal application systems. Rather than printing out purchase orders, the system builds an electronic file of purchase orders.
  2. Outbound translation: The next step is to translate this electronic file into a standard format. The resulting data file will contain a series of structured transactions related to the purchase orders. Note that the EDI translation software will produce a separate file for each manufacturer.
  3. Communication: The organization's computer automatically makes a connection with the its VAN, and transmits all the files that have been prepared. The VAN will process each file, routing it to the appropriate electronic mailbox for each manufacturer. In case of manufacturers not subscribed to the organization's VAN, the files are automatically routed to the appropriate network service.
  4. Inbound translation: The manufacturers retrieve the files from their electronic mailboxes as per their convenience, and reverse the process that the organization went through, translating the file from the standard purchase order format to the specific format required by the manufacturer's application software.
  5. Processing electronic documents: Each manufacturer processes the purchase orders received in their internal application systems.

18. List some advantages of EDI.

Ans.: EDI offers a number of advantages:

images Speed: Information between computers moves more rapidly, and with little or no human intervention. Sending an electronic message across the country takes minutes or less.
images Accuracy: The alternate means of document transfer suffers from the major drawback of requiring re-entry into the recipient's application system, admitting the opportunity of keying errors. But information that passes directly between computers without having to be re-entered eliminates the chances of transcription errors. There is almost no chance that the receiving computer will invert digits, or add an extra digit.
images Economy: The cost of sending an electronic document is not more than the regular first-class postage. In addition, the cost has also reduced due to the elimination of re-keying of data, human handling, routing, and delivery. The net result is a substantial reduction in the cost of a transaction.

Multiple-choice Questions

1.  In __________ system, business community interacts electronically with public sector organizations.

(a) B2B

(b) B2A

(c) B2C

(d) C2C

2.  Which of the following is a type of electronic payment?

(a) E-cash

(b) E-cheque

(c) Credit card

(d) All of these

3.  A financial institution that provides the merchant bank acccounts is referred to as __________.

(a) Acquiring bank

(b) Issuing bank

(c) Credit card association

(d) None of these

4.  __________ is a service that connects customers, merchants, and financial networks with one another for processing credit card authorization and payment.

(a) Processor

(b) Payment gateway

(c) Digital certificate

(d) Shopping cart application

5.  E-commerce software comprises three software components: catalog management, __________, and shopping cart.

(a) Web page construction

(b) Website develoment

(c) Product configuration

(d) None of these

6.  __________ refers to the ability of ensuring that no party or person involved in an e-commerce transaction can later deny their online actions.

(a) Non-repudiation

(b) Integrity

(c) Authenticity

(d) Availability

7.  __________ is a small program that installs itself on the computer to gather data secretly about the computer user without his/her consent and report the collected data to interested users or parties.

(a) Logic bomb

(b) Virus

(c) Browser parasite

(d) Spyware

8.  Which of the following attacks refers to a fraudulent attempt made by a third party to acquire the confidential information of a user (such as usernames, passwords, and credit card details) during electronic communication?

(a) Hacking

(b) DoS

(c) Phishing

(d) Spoofing

9.  A __________ is an authentication mechanism that allows the sender to attach an electronic code with the message in order to ensure its authenticity and integrity.

(a) Digital certificate

(b) Digital signature

(c) Encryption

(d) None of these

10.  Which of the following Internet security protocol is used for secure credit card transactions over the Internet?

(a) SET

(b) PGP

(c) SSL

(d) TLS

Answers

1. (b)

2. (d)

3. (a)

4. (b)

5. (c)

6. (a)

7. (d)

8. (c)

9. (b)

10. (a)

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.117.146.173