Indian Institute of Technology Kharagpur
Electronic Commerce
Prof. Indranil Sen Gupta
Dept. of Computer Science & Engg.
I.I.T. Kharagpur, INDIA
Lecture 35: Electronic Commerce
On completion, the student will be able to:
1. Illustrate the typical architecture of an electronic
commerce system.
2. Identify the main challenges that need to be solved
in an e-commerce implementation.
3. Explain the various electronic payment systems in
use.
1
� Introduction
• What is E-commerce?
¾Process of buying, selling, or exchanging
products, services, and information
through computer networks.
• How is it different from E-business?
¾EB is a broader form of EC, that also
includes:
Servicing customers.
Collaborating with business partners.
Carry out transactions electronically within an
organization.
Dimensions of E-Commerce
Digital Product
Physical Product
Physical Digital
Agent Agent
Physical
Process
Digital
Process
2
�• Traditional commerce:
¾All the dimensions are physical in nature.
¾Perform all business transactions off-line.
¾Buy and sell products through physical
agents and representatives.
• Pure E-commerce:
¾All the dimensions are digital in nature.
¾Pure online (virtual) organizations.
¾Buy and sell products online.
• Hybrid approach:
¾A combination of digital and physical
dimensions.
¾Primary business carried out in the
physical world.
¾Provide some services on-line.
3
�4
�Classification of E-commerce
by Nature of Transaction
5
�• Business-to-business (B2B):
¾ All the participants are businesses or other
organizations.
• Business-to-consumer (B2C):
¾ The businesses sell their products to
consumers (individual shoppers).
• Business-to-business-to-consumer
(B2B2C)
¾ A business provides some service to a client
business.
¾ The client business maintains its own
customers, to whom the service is finally
provided.
• Consumer-to-business (C2B):
¾ Individuals can sell products or provide services
through the Internet to organizations.
• Consumer-to-consumer (C2C):
¾ An individual can sell products or services
directly to another individual.
• Mobile commerce (M-commerce):
¾ E-commerce in a wireless mobile environment.
• Location commerce (L-commerce):
¾ M-commerce transactions targeted to individuals
in specific locations at specific times.
6
�• Intrabusiness E-commerce:
¾ This includes all internal organizational activities
among various departments and sections in an
organization.
• Collaborative commerce (C-commerce):
¾ Individuals or groups collaborate online.
E-commerce is Interdisciplinary
• Encompasses several disciplines:
¾Computer science
¾Consumer behavior
¾Management information system
¾Business laws and ethics
¾Economics
¾Accounting and auditing
¾Network security
7
� Benefits of E-commerce
• Point-of-view of organizations:
¾Can expand the marketplace beyond
geographic boundaries.
¾Reduce overheads of paper-based
information processing.
¾Lowers communication cost.
¾Allows reduced inventories and
overheads.
• Point-of-view of consumers:
¾Allows shopping 24 hours a day.
¾From any geographic location.
¾Provides a wide variety of choices.
¾Allows quick product and price
comparisons before making final
selection.
¾Allows quick delivery of products.
¾Virtual auctions are possible.
8
�• Point-of-view of society:
¾More number of individuals can work at
home, less traveling for shopping.
Less traffic, less pollution.
¾Enables people to have access to
products which otherwise were out of
their reaches.
Limitations of E-commerce
• Technical issues:
¾Lack of standardization.
¾Security becomes a very big issue.
¾It is sometimes difficult to integrate EC
technologies with existing applications.
9
� Getting it to Work
• A big challenge to organizations
¾How to put together tools and
technologies and get competitive
advantage in implementing EC.
¾Setting up the required connectivity
through networking is most important.
¾Most of EC transactions carried out
through:
Internet
Intranet
Extranet
• Major concern to many:
¾How to transform themselves to take
advantage of E-commerce?
A company selling cookwares.
A company selling toys.
A company selling food items.
10
� Electronic Payment System
Basic Requirements
• An electronic payment system must
possess the following desirable
properties:
¾Widely recognized and accepted.
¾Convenient to use.
¾Hard to tamper with.
¾Based on well-established security
principles.
11
� Payment by Cheques
Payment
Customer Merchant
Submit
Clear
Statement
Bank
• Some issues:
¾Merchant has no way of confirming the
validity of the cheque until it is cleared
by the bank.
¾Consumer cannot detect any fraud
anywhere until the statement arrives
from the bank.
¾Cost of processing errors can be fatal.
Vastly outweighs the cost of normal
actions.
12
� Payment by Credit Cards
Payment
Customer Merchant
Request Receive
Statement authorization authorization
Authorization
Bank System
Settlement
• Some issues:
¾Authentication is carried out online.
Using credit card number, card holder’s name,
date of expiry, etc.
¾Settlement with the bank is usually done
offline.
Processed at the end of the day, for instance.
¾Consumer cannot detect any fraud until
the statement arrives.
This process can be sped up through Internet
statement access.
13
� ¾Merchant carries the risk of fraud in
“card not present” transactions.
Transactions carried out without the
merchant physically verifying the card.
Credit card companies often assume
liabilities for their merchants, which banks
with cheque cannot.
Internet Transactions
Customer Merchant
Payment Authorize
instruction
Authorization
Middleman System
Settlement
Bank
14
�• Some issues:
¾These are “card not present” transactions.
Online nature provides instant verification.
The most important issue is authentication
and confidentiality.
¾All payment systems in existence today in
Internet transaction systems are some
small variation of this general principle.
Payment Systems
• Book entry systems:
¾Credit cards over SSL
¾E-cheque (Netcash)
¾Virtual credit cards (First Virtual)
¾Encrypted credit cards (Cybercash)
¾Secure Electronic Transaction (SET)
¾……
• Bearer certificate systems:
¾True digital cash (Digicash)
15
� SET : A Case Study
Introduction
• SET is based on two earlier protocols:
¾ STT (VISA / Microsoft)
¾ SEPP (MASTERCARD / IBM)
• Some features:
¾ Card details are never disclosed to the merchant.
Encrypted purchase instruction (PI) can only
be decrypted by the acquirer.
PI is cryptographically tied to the order
instruction (OI) processed by the merchant.
Client’s digital signature protects the
merchant from client repudiation.
16
�• The SET protocol is very complex.
• Includes certification management also.
¾SET has complete public key infrastructure
(PKI) using customized X.509 standard.
¾Certificates implemented as X.509 profile
with SET-specific extensions.
¾Card based infrastructure makes certificate
management relatively easy.
17
� SOLUTIONS TO QUIZ
QUESTIONS ON
LECTURE 34
Quiz Solutions on Lecture 34
1. What is the basic purpose of SSL record
protocol?
The SSL record protocol is mainly
responsible for data encryption and
integrity. It is also used to encapsulate data
sent by other higher level SSL protocols.
18
� Quiz Solutions on Lecture 34
2. What does SSL handshake protocol aim
to achieve?
The SSL handshake protocol serves the
following purposes:
Initiate a session between the server
and the client.
Negotiate the algorithms and keys to
be used for data encryption.
Provide mutual authentication.
Quiz Solutions on Lecture 34
3. What is the difference between tunnel
mode and transport mode in IPSec?
The tunnel mode encapsulates the entire
IP packet within IPSec protection.
The transport mode encapsulates only
the transport layer information within
IPSec protection.
19
� Quiz Solutions on Lecture 34
4. What is the difference in the
functionalities of SSL and s-HTTP?
The main difference is:
SSL is designed to establish a secure
connection between two hosts.
s-HTTP is designed to send individual
messages securely.
QUIZ QUESTIONS ON
LECTURE 35
20
� Quiz Questions on Lecture 34
1. How is E-business different from E-
commerce?
2. What is M-commerce? Why is it considered
to be important in modern day scenario?
3. What benefits can E-commerce provide to
consumers?
4. What are the requirements of a good
electronic payment system?
5. What are “card not present” transactions?
How are they handled in Internet shopping?
21
