UNIT-03

Electronic Data Exchange

Electronic Data Exchange Automation (EDI) is the ability of computer systems to
communicate with each other. In this way, it provides many benefits to businesses in
reducing paper usage, increasing operational efficiency, and improving virtual
exchange with new commercial partners.

While Electronic Data Interchange (EDI) has been in use since the late 1960s, there
are still many organizations that use their existing legacy systems for processing B2B
transactions. Traditional B2B transactions like Purchase Order, Sales Order, Invoice,
Advance Ship Notice, and Functional Acknowledgement often involve a series of
steps to process. And processing these transactions involves many paper documents
and a great deal of human intervention, which makes them prone to mistakes and
human errors. But with the use of EDI, paper documents are eliminated and human
intervention is minimized.

EDI enables organizations to automate the exchange of data between applications

across a supply chain. This process ensures that business-critical data is sent on time.

Electronic Data Exchange Automation is the process of electronically exchanging

data between two or more businesses. In other words, it is a system that enables
commercial partners to communicate through computer systems and exchange data or
business documents in electronic format. EDI enables businesses to transfer data
between their systems quickly and accurately, eliminating the need for manual data
entry and reducing errors.

It usually involves transferring data about business processes such as purchases,

customer records, financial transactions, inventory, etc.

Despite being a decades-old technology, EDI continues to be the dominant protocol in

the B2B world. EDI hasn’t changed much over the years, but the systems that
exchange EDI documents between businesses have mostly moved to the cloud,
become cheaper, easier to use, and more feature-rich.

Electronic data interchange is the electronic movement of data between or within an

organization in a computer retrievable data format that allows the transfer of data
from one location to another without rekeying. It is based on agreed message
standards, and it can be done without the need for any human intervention.

Features of EDI:

• Support for EDI standard- You should know that the influx of EDI standards is
not new as it has been happening for almost 50 years. In addition to this, EDI
document formats have appeared to meet the requirements of specific industries like
RosettaNet in High Tech and PEPPOL in European Public Sector. An ideal EDI
solution should be able to provide support for all the EDI standards.

Deepa M., Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru.
• Support for EDI document types - The initial objective of EDI was limited to
invoices and EDI payments only; it quickly addressed the business documents that
underpin other key business processes. There are different types of EDI documents
like purchase orders, invoices, acknowledgement, shipping notices, financial
statements, products and sales catalogues. A good EDI solution offers all the EDI
documents.

• Support for communication protocols - The list of communication protocols

supporting EDI transactions is very long. Some of the most common communication
protocols are FTP, OFTP, HTTP, etc. If you don’t want any such hassle, then you
should choose EDI solution that supports most of the communication protocols. It
helps you to connect with all the trading partners easily.

Benefits of Electronic Data Exchange Automation to Businesses:

 Lower Costs- EDI eliminates business processes such as paper handling,

printing, storing, and mailing documents thanks to its ability to exchange data
through computer systems. In this way, EDI enables businesses that exchange
large amounts of documents each month to save significant costs.

 Decreased Errors- EDI automates manual data entry, eliminating paper-based

processes. This significantly reduces the occurrence of human errors during
manual entry. As a result, EDI provides businesses with fewer errors, greater
accuracy, and improved customer service.

 Increased Speed and Accuracy-EDI enables transactions to be processed

electronically, helping to enter data much faster and more accurately. This
eliminates the time loss and high error rate associated with paper-based manual
processes. At the same time, Electronic Data Exchange Automation helps
businesses verify data thanks to its advanced technology. The accuracy rate
obtained by the enterprises also ensures that the operations are carried out
quickly.

 Increased Efficiency- EDI helps businesses focus on other areas of their

operations by reducing the time spent manually processing orders and data.
Reduced costs, reduced human errors and faster data processing enable
businesses to increase productivity and profitability.

 Improved Customer Service- EDI enables businesses to process customer

orders quickly and accurately, resulting in faster delivery times and better
customer service.

 Increased Security- Electronic Data Exchange Automation uses encryption and

authentication technologies to prevent unauthorized access. In this way, it is
much safer than traditional paper-based methods. Enhanced security creates a
secure environment for information exchange by protecting businesses from data
breaches and other security threats.

Limitations of EDI:

Deepa M., Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru.
  Perceived high upfront costs- It is true that EDI used to require
substantial upfront investment has been a barrier in the past, especially
for smaller businesses. However, like most technologies, EDI has
become less expensive over time. EDI systems have also become more
mature with features that automate and accelerate internal business
processes that can quickly cover more than the investment with time and
money saved.
 Initial setup is time consuming- Not only has EDI become less
expensive, it has also become faster to deploy and integrate into existing
applications and easier to use with Web EDI options that even non-
technical users can operate.
 Too many standards- Many organizations also consider EDI to have too
many standards and versions. This could limit smaller businesses in
trading with larger organizations that use an updated version of a
document standard. Here are some of the standards: UN/EDIFACT,
ANSI ASC X12, GS1 EDI, TRADACOMS, and HL7. It is therefore
imperative that a provider is chosen that supports a wide range of
standards and who commits to keeping up with new protocols in the
future.
 Investing in system protection- EDI may also require a heavy
investment in computer networks. It will need protection from viruses,
hacking, malware and other cyber security threats if an on-premises
system is chosen. However, many providers offer a cloud solution which
includes system protection.
 Robust data backups of systems- EDI needs constant maintenance
since the business depends on it. Robust data backups must be in place in
the event of a system crash. But again, if a cloud solution is chosen then
this responsibility lies mostly with the provider.

EDI Standards:

Industries around the world are increasingly recognizing the pivotal role of Electronic
Data Interchange (EDI) standards in streamlining operations and enabling seamless
communication. From retail and healthcare to manufacturing and logistics, businesses
across a diverse array of sectors are embracing EDI as the universal language of data
exchange. In fact, the global EDI software market is projected to reach a substantial
value of $4.52 billion by 2030.

Businesses operating in different regions have unique requirements and protocols.

The ability to adapt to these variations is essential for organizations seeking
successful cross-border collaborations and efficient internal processes. Regardless of
the industry or geographical location, adopting EDI standards gives businesses the
power to optimize their operations, strengthen collaboration, and unlock new
opportunities for growth in the digital era.

EDI is the electronic exchange of structured business data between trading partners.
EDI standards define the formats, structures, and rules that enable seamless data
interchange. By adhering to these standards, organizations can ensure consistent and
accurate data transmission, regardless of the systems or software employed.

Deepa M., Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru.
Embracing EDI standards is not just a best practice but a strategic advantage that
propels organizations into a dynamic and interconnected digital landscape. By
establishing a common language for data exchange, EDI enables interoperability
between diverse systems regardless of the underlying technologies or software
platforms. This harmonization of data formats and protocols fosters better
coordination, optimizes business processes, and enables businesses to allocate
resources more efficiently.

EDI standards provide a common language for data exchange and establish a
framework for data formatting, message structure, and content. EDIFACT (Electronic
Data Interchange for Administration, Commerce, and Transport) and ANSI X12
(American National Standards Institute X12) are two commonly used EDI standards.
The former is widely used across Europe, while ANSI X12 is prevalent in North
America.

Types of EDI standards:

 EDIFACT is a standard that allows businesses to exchange electronic

documents with each other. The EDIFACT standard was developed by the
United Nations Economic Commission for Europe (UNECE) in 1987. It was
created to provide a universal format for electronic data interchange (EDI)
between different companies and industries, regardless of their location or the
computer systems they use.
 ANSI X12 was created in 1979 by the ANSI subsidiary Accredited Standards
Committee (ASC). This standard describes the structure and content of
electronic data interchange (EDI) documents that businesses use to exchange
transaction information. ANSI X12 is flexible and supports a variety of
documents, including purchase orders, invoices, and shipping notices,
facilitating seamless communication and collaboration between different
organizations while ensuring the security and integrity of sensitive business
information.

Four Key Principles of EDI Standards:

1. Syntax: Syntax encompasses the rules and conventions governing the

structure and formatting of EDI data. It establishes a standardized language for
representing information. For example, widely used syntaxes like EDIFACT
and ANSI X12 define specific guidelines for organizing segments, data
elements, and control structures within an EDI message.
2. Codes: Codes are standardized values used in EDI to represent specific
information. They provide a common language for identifying and describing
various attributes. For instance, the UN/EDIFACT Product Code (UNPC)
assigns unique values to different products, allowing trading partners to
identify and reference items across EDI messages consistently.
3. Message Designs: Message designs define the structure and content of
specific types of EDI messages. They serve as templates that outline the
arrangement and sequence of data elements and segments within an EDI
message. For example, a Purchase Order (PO) message design specifies
segments for buyer and seller information, item details, quantities, prices, and
delivery instructions.
Deepa M., Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru.
 4. Identification Values: Identification values are unique identifiers assigned to
entities within an EDI message. They enable accurate referencing and
identification of relevant information. For instance, Global Location Numbers
(GLNs) are used to identify physical locations involved in supply chain
processes uniquely.

Benefits of EDI Standards:

1) Streamlined Operations and Cost Savings - EDI standards eliminate manual

processes and reduce reliance on paper-based documentation. By automating data
entry, validation, and transmission, organizations can streamline their operations and
reduce administrative costs. Faster order processing, shorter transaction cycles, and
improved efficiency lead to significant cost savings, enhanced productivity, and more
satisfied customers.

2) Enhanced Data Accuracy and Reliability - EDI standards significantly improve

the accuracy and reliability of data exchange. With structured and validated data
transmitted electronically, the risk of errors such as typos or omissions is essentially
eliminated. Standardized formats and automated validation processes ensure
consistent data interpretation, enabling organizations to make informed decisions
based on reliable information.

3) Increased Business Connectivity and Collaboration - EDI standards facilitate

seamless integration and connectivity with trading partners, enhancing collaboration
across the supply chain. By adhering to common EDI standards, organizations
effortlessly exchange information like purchase orders, invoices, and shipping notices.
This optimizes supply chain management, improves visibility, and fosters stronger
relationships with stakeholders, driving operational efficiency and faster decision-
making.

EDI Communication Protocols:

Today many companies, be they small-scale firms or medium to large-scale industries
are adopting the use of EDI technology to streamline their communication process.
EDI helps exchange business documents between organizations via the use of
communication protocols.

EDI (Electronic Data Interchange) communication protocols are a set of standardized

rules and conventions that govern the exchange of electronic business documents
between different computer systems. These protocols ensure that data is transmitted
accurately, securely, and efficiently between trading partners in various industries.

Types of EDI Communication Protocols:

 API (Application Programming Interface): An Application Programming

Interface, commonly referred to as an API, is a set of rules and protocols that
allows different software applications to communicate with each other real-
time. It defines the methods and data formats that developers can use to
request and exchange information between software systems. APIs

Deepa M., Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru.
 and EDI serve the purpose of enabling different business systems to
communicate and share data. They are essential for connecting vendors to the
retailers they do business with and integrating with various systems. However,
the choice between using an API or EDI for integration depends on whether
the systems involved offer API support. If they do, an API can be used to
establish a new EDI integration, making the process more seamless and
efficient.

API serves as a communication method that not only facilitates EDI

connections but also provides a broader range of capabilities and flexibility.
When EDI integration is built using an API, it allows companies to go beyond
the limitations of standard EDI.

 AS2 (Applicability Statement 2): AS2, which stands for "Applicability

Statement 2," is a widely used protocol for secure and reliable data
transmission over the Internet. It is commonly employed for Electronic Data
Interchange transactions, allowing businesses to exchange sensitive data, such
as purchase orders and invoices, in a secure and standardized manner. AS2
EDI uses MDNs to provide real-time feedback on message delivery and
processing status, enhancing visibility into the transmission process. It is part
of the EDIINT (Electronic Data Interchange-Internet Integration) standards,
which define how EDI data can be securely transmitted over the Internet using
various protocols, with AS2 being one of the most popular options.

 FTP (File Transfer Protocol): File Transfer Protocol (FTP) is a standard

network protocol used for transferring files between computers over a TCP/IP-
based network, such as the Internet. FTP is widely used for sharing and
managing files and is supported by various operating systems and
applications. It operates on a client-server model. One computer (the client)
initiates a connection to another computer (the server) to request and transfer
files. The client sends commands to the server, and the server responds
accordingly.

 HTTP (HyperText Transfer Protocol): HyperText Transfer Protocol,

commonly known as HTTP, is a fundamental protocol used for
communication between a client (typically a web browser) and a web server
on the World Wide Web. HTTP governs the way web pages and other
resources are requested and transferred over the Internet. It operates on a
request-response model. A client sends an HTTP request to a server,
specifying an HTTP method (such as GET, POST, PUT, DELETE) and a
Uniform Resource Locator (URL) that identifies the resource to be retrieved
or manipulated. The server processes the request and sends back an HTTP
response, which includes status information and, optionally, the requested
content.

 HTTPS (HyperText Transfer Protocol Secure): HyperText Transfer

Protocol Secure (HTTPS) is an extension of the standard HTTP used for
secure communication over a computer network, most commonly the internet.
HTTPS adds a layer of security by encrypting the data exchanged between a
user's web browser and a website's server, ensuring the confidentiality and

Deepa M., Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru.
 integrity of the information being transmitted.

 SFTP (Secure File Transfer Protocol): Secure File Transfer Protocol (SFTP)
is a network protocol used for securely transferring files between a client and a
server over any reliable data stream. SFTP is designed to provide a high level
of security during file transfers, making it a preferred choice for organizations
that require secure data exchange. SFTP is often run over the SSH (Secure
Shell) protocol, providing a secure communication channel for file transfers.
SSH provides additional security features such as strong encryption and
public-key authentication. It is an open standard and widely adopted in the
industry. Many software applications and server platforms support SFTP for
secure file transfer needs.

 SMTP (Simple Mail Transfer Protocol): Simple Mail Transfer Protocol

(SMTP) is an EDI Communication Method used to transmit EDI files over the
internet via email.

 VAN (Value Added Network): A Value Added Network (VAN) is a third-

party service provider that offers enhanced features and services to facilitate
EDI and other data communication between businesses. VANs play a crucial
role in enabling secure and efficient communication between trading partners,
helping businesses exchange electronic documents, such as purchase orders,
invoices, and shipping notices.

Choosing the Right EDI Communication Method:

Choosing the right EDI file communication method is crucial for ensuring efficient
and secure data exchange between your business and its trading partners. Several
factors need to be considered when making this decision:

 Trading Partner Requirements: Start by understanding the EDI

requirements of your trading partners. Different partners may have specific
preferences or mandates for the communication method they support (e.g.,
AS2, SFTP, FTPS, VAN). Ensure that your choice aligns with the protocols
they can accommodate.
 Security Level: Security is paramount when transmitting sensitive business
data. Evaluate the security features of each communication method. Protocols
like AS2, SFTP, and FTPS offer encryption and authentication, providing a
secure way to transmit EDI files. Make sure your chosen method aligns with
your data security requirements.
 Ease of Implementation: Consider how easily you can implement the chosen
method within your existing infrastructure. Some methods may require more
extensive setup and configuration, while others may integrate seamlessly with
your systems. Assess your technical capabilities and resources available for
implementation.
 Compliance and Standards: Ensure that the chosen method complies with
EDI standards relevant to your industry. Different industries may have specific
standards (e.g., ANSI X12, EDIFACT) that must be followed. Confirm that
your communication method can handle these standards appropriately.

Deepa M., Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru.
  Implementation Cost: Evaluate the cost associated with each communication
method. Some methods may have upfront implementation costs, ongoing
subscription fees, or usage-based charges. Compare these costs against your
budget and the expected ROI of EDI integration.
 Redundancy and Reliability: Look for redundancy and reliability features.
Can the chosen method handle failover to ensure continuous operation in case
of server or network failures? Reliability is essential to prevent disruptions in
your EDI processes.
 Integration with Existing Systems: Assess how well the chosen method
integrates with your existing business systems, including your Enterprise
Resource Planning (ERP) software. Seamless integration can streamline data
flow and reduce manual intervention.

Ultimately, the right EDI file communication method will depend on your specific
business needs, trading partner requirements, and technical capabilities. Careful
evaluation of these factors will help you make an informed decision that supports
your EDI integration goals.

EDI Implementation:

Implementing EDI across your organization and network of business partners can be
complex. Taking a systematic approach will help you deliver an effective EDI
program.

A Structured 10-Step Process for Successful EDI Implementation:

Step 1: Develop the Organizational Structure

EDI is a significant investment and developing the correct organizational structure

from the outset will pay dividends as the program evolves.

Key elements of the structure includes:

 The EDI Coordinator: An IT professional with in-depth experience in

delivering EDI. The Coordinator may come from in-house or be hired
externally, depending on the EDI experience the organization already has
 The Steering Committee: Headed by the EDI Coordinator, the committee
typically consists of department heads of affected business units, the head of
IT and legal representatives
 Senior Management Sponsor: As with any major IT program, there needs to
be senior management commitment if the EDI implementation is to be a
success
 Dedicated EDI Team: The EDI team will be responsible for the actual
implementation of the system.

Step 2: Undertake a Strategic Review

Deepa M., Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru.
This analysis identifies the most likely corporate applications for EDI deployment and
sets priorities for conversion to EDI. To this end, factors to be considered include the
number of suppliers, customers or other business partners, and the volume and type of
transactions to be exchanged. It includes a description of the present systems in each
functional area and an explanation of how EDI will improve them.

The issuance and receipt of each type of business document is based on a system of
human and machine procedures, all of which have to be documented and analyzed for
EDI efficiencies. For best results, the goal should be to improve the business cycle
rather than simply automate it.

Step 3: Conduct In-depth Analysis

The strategic review highlights where in your organization EDI could have the most
benefit. However, there are other elements to consider before selecting which
business cycle to focus on initially.

These considerations include:

 Which part of the organization is most ready for EDI?

 Which cycle will cost the least to implement EDI?
 Which will deliver the greatest savings/increase in profitability?
Answers to these questions require a different type of analysis. Many companies use
two effective tools: Cost Benefits Analysis (CBA) & EDI Survey

Step 4: Develop a Business-Focused EDI Solution

The results of the analysis step provides an organization with the knowledge to
develop a comprehensive specification for the EDI system.

This includes:

 The volume of expected EDI traffic and the IT infrastructure needed to

support it
 The capacity of internal network infrastructure to support EDI data
 The network connections needed to manage traffic with business partners
 The programming required to ensure that internal systems comply with the
data required by business partners and with EDI standards
 The amount of customization required to integrate internal and EDI systems
With this information, an EDI system can be designed. There are two particularly
important elements to an EDI system: the EDI translator and the communications
model.

Step 5: Select the Correct EDI Network Provider (VAN)

Deepa M., Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru.
Your selection of an EDI Network Provider should be focused on your business
requirements more than the provider’s technical capabilities. There are many
important issues to consider.

What do you want the EDI Network Provider to do?

What is the Provider’s reach?

What is the Provider’s pricing structure?

What is the Provider’s influence in your industry?

Will the EDI Network Provider be around tomorrow?

Step 6: Integrate EDI with the Business

For most EDI systems, the greatest development task is integrating EDI systems with
existing corporate applications. Data required by business partners and EDI standards
must be “mapped” onto data contained in existing systems.

Step 7: Integrate Data across the Business

Before integrating data across the business, you will have to undertake a good deal of
data analysis. It is wise to start this process at the ultimate destination for that data.
For example, if you wish to use EDI for your purchase orders, the first thing to do is
understand the data requirements of the order processing system.

An important reason to analyze each affected business system is to ensure its ability to
share data. Sometimes, obstacles need to be overcome, such as different business
systems may contain the same data, but in different formats.

Step 8: Undertake Data Mapping

Once the data analysis is complete and data structures understood, the ‘map’ is
defined to the EDI translation software. For most EDI software packages or VAN
services, the EDI Coordinator will be able to define the map.

The map defines how the data in the EDI transaction relates to the data in the internal
system. The EDI software stores the map, usually in tabular form. When a transaction
enters the system, the EDI Translator uses the map to determine where each incoming
field goes and whether the data needs to be reformatted.

The major goal within mapping is to avoid the need for custom interfaces as much as
possible – especially custom edits per individual business partner. The more
standardized the data formats, the better the system performance and the less need for
specific programming.

Deepa M., Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru.
Step 9: Establish a Pilot Project

Once an organization has developed and tested its EDI system to the best of its ability,
further system tests are conducted in pilot mode with selected business partners. The
EDI pilot is critical. It enables an organization to refine its own system, show the
benefits that can be achieved and ensure that it can integrate with business partners.

Organizations should set up a pilot project with a small number of business partners.
The organizations with the most EDI experience make the best pilot partners. To be
successful, the pilot must focus on one primary EDI application such as simple
purchase orders.

Step 10: Roll out EDI to Business Partners

If you are the initiator of the program with your business partners – for example, you
want all your suppliers to receive your purchase orders via EDI and return EDI
invoices – you must have the skilled resources to develop, manage and maintain an
EDI rollout program to your supplier community.

This includes:

 surveying your community to understand each supplier’s level of EDI

readiness
 developing and implementing a community communication plan to convey
your program goals and provide education needed
 offering various EDI options, such as web-based forms or Excel-based options
for those suppliers that are not ready to integrate EDI with their back-end
systems
 supporting each supplier through the start-up process
Even after rolling out EDI to your business partners, you need to manage and
maintain your program ongoing. Invest in skilled personnel resources to manage your
EDI program, including:

 monitoring and troubleshooting communication to ensure documents continue

to flow
 responding to inquiries from partners 24×7 as issues arise
 reporting on business partner activity and system usage
 making updates to translation maps and/or communication protocols as you or
your partners add new documents, make changes to current documents or
upgrade their communication processes

EDI Agreement:
It is a legal agreement formed between your firm and its trading partner. It regulates
the exchange of key business documents and will be formed as per ANSI X12
standards. All the terms conditions for business documents’ exchange among trading
partners have been mentioned in it.

Deepa M., Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru.
 EDI Agreement:
Article 1: Objective and Scope
 The main purpose of the entire EDI process will be described in this section. All the
specific terms as well as conditions will be mentioned clearly.

 The provisions of the agreement along with Technical Annexe will be mentioned in
this section.

Article 2: Definitions
The related description of all the important terms involved in the EDI transaction will
be defined in this section.
 Electronic Data Interchange (EDI): Exchange of key business documents between
many trade partners.

 Electronic Data Interchange Message (EDI Message): Set of data elements organized
in a standard format. It should be easily readable/processable by any trading partner’s
system.

 Electronic Data Interchange Agreement (EDI Agreement): Approved set of standard

formats and norms for the exchange process.
Acknowledgement of receipt: A letter sent by the receiver after accepting the receipt
of an EDI message. It usually includes:
o Network Acknowledgement

o Protocol Acknowledgement

o Functional Acknowledgement

o Technical Acknowledgement
 Functional Domain: A particular business area for which this specific EDI exchange
process is intended.

 Issuer or sender: The firm that issues the EDI message.

 Provider of network services: Describes the third-party that facilitates data transfer.

 Integrity: A feature that ensures the quality and reliability of the data. The data should
be sent without any modification in an unauthorized way.

 Data Log: Describes the format in which all the transactions are required to be
mentioned. It should be done according to their processing date and time.

 Standards: Defines the standards used for the exchanging process.

 Message Implementation Guideline: Define norms for creating and sending a specific
EDI message.

 Receiver: The firm to whom the EDI message is being sent.

Deepa M., Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru.
 Re-send: A request sent by the receiver to the issuer or the network service provider
for resending an EDI message.

Article 3: Validity and Formation of Contract

All the details related to the contents of the contract and its validity will be mentioned
in this section. Furthermore, all the possible consequences linked with the contract
breach will be also stated in this section.

Article 4: Admissibility in evidence of EDI messages

Describe all the frameworks under which, this agreement may be produced in front of
the respective Courts.

Article 5: EDI message’s processing and acknowledgement of receipt

The information related to the deadline for processing and acknowledging different
EDI messages. It also includes provisions related to these time-limits. Apart from that,
this section also contains info on notice issuing in case of deadline failure.

Article 6: Security of EDI messages

This particular section contains all the information related to security procedures. It
focuses on all the steps taken out for ensuring complete protection for EDI messages
against legal activities. For instance, unauthorized access, modification, destruction,
delay, or loss. Besides, this section also provides info on data verification and error
handling.

Article 7: Confidentiality of personal data and protection policy

All the norms related to confidentiality and the protection policy will be mentioned in
this section. It becomes highly important since every country’s privacy laws will be
different.

Article 8: Recording and storage of EDI messages

All the details related to recording and storing of different EDI messages can be found
in this section. It also consists of information on the accessibility of the saved data in
a human-readable format. Moreover, a list of all operational equipment that are used
in this setup will be included in this section.

Article 9: Operational requirements for EDI

This section focuses on all the equipment and procedures that are important for
maintaining a perfect operational environment. It includes:

Deepa M., Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru.
 Operational Equipment:
Details on installation and maintenance of the entire setup will be available in this
section. Also, all the concerned software and support services will be mentioned here.

 Communication Modes:
Information on the method of communication and related protocols are available.
Also, a description of the third-party service providers will be provided.

 EDI message agreements:

All the approved file formats and processing methods will be mentioned in this
section.

 Codes:
The list of EDI standards along with transaction codes that are going to be used in the
exchange process will be stated in this section.

 System Availability:
All the systems involved in the exchange process will be noted in this section. For
instance, among many trading partners, any partner might wish to replace his entire
system or some specific parts. The guidelines related to providing information to
other trading partners about this change in the system(s) will also be available.

Article 10: Technical specifications and requirements

In this section, all the technical requirements and specifications related to each part of
the entire set-up will be available.
Article 11: Liability
All the responsibilities related to damages caused by the firm or any of the trading
partners will be noted in this section.
Article 12: Modification, Schedule, and Termination
 Modification:
Info on provisions related to the modification of this agreement will be available in
this section.

 Schedule:
The effective date of the agreement will be
noted in this section.

 Termination:
The norms related to the termination of the agreement will be noted in this section. It
also includes information on the rights as well as obligations related to each part
involved in this agreement.

EDI Security:

Electronic Data Interchange (EDI) security refers to the measures and practices that
protect the electronic exchange of important information between businesses. It
employs measures like block chain to defend against cyber threats and unauthorized

Deepa M., Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru.
access. EDI security also follows the established rules and standards to maintain trust
and dependability during business transactions.

EDI has revolutionized how businesses communicate smoothly. However, as more

and more businesses depend on EDI, enhancing its security is crucial. The world of
EDI security is evolving rapidly, bringing exciting developments that guarantee
businesses can share important information with confidence and strong protection.

Challenges of EDI Security:

1. Rise of Sophisticated Cyber Threats - Cyber threats have become more complex.
Malicious actors use fancy techniques such as ransomware, phishing attacks, and
sophisticated malware to target weaknesses in EDI security systems. To keep your
digital information safe, you need to be proactive and strengthen the security of these
systems against these tricky threats.
2. Vulnerabilities in Data Transmission - Intruders take advantage of
vulnerabilities in EDI networks’ data transmission process. They seize unprotected
data or manipulate the transmission of information, finding ways to access crucial
data without permission. This shows that it is really important to have strong security
to protect against these kinds of attacks.
3. Data Privacy and Regulatory Challenges - The increasing number of data
privacy regulations complicate EDI security. The GDPR and CCPA are two examples
of these regulations, and they make it necessary to take extra steps to ensure that
personal and important information shared through EDI is kept safe.
4. Emerging Threats from Quantum Computing - The rise of quantum computing
could be a problem for regular ways we keep information safe. Quantum systems are
really powerful and might make our usual encryption methods not work as well. So,
we must start thinking ahead and develop new ways to keep our digital information
safe from these super-strong quantum-enabled threats.
Impact EDI Security:
Encryption is a key protector of data integrity and confidentiality in EDI security. It
uses advanced algorithms to secure transmitted data, making it unreadable to
unauthorized parties. In response to the emergence of quantum computing, developers
have actively created quantum-resistant encryption algorithms to combat future
threats.

Features of EDI Security:

1. Unchangeable Record for Safe Data - Blockchain acts like a super-secure digital
notebook that creates an absolute record of transactions. Once it writes something
down, it can’t be erased or changed. It ensures that all the information in digital
documents is trustworthy.
2. Safety and Clearness from Many Places - Imagine keeping your important
information in multiple places instead of just one. That’s what blockchain does. It
spreads the data to keep your information safe if one place has a problem. Also,
everyone involved can see what’s happening, which makes things clear and builds
trust.

Deepa M., Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru.
3. Protecting Data with Secret Codes - Blockchain uses secret codes to ensure the
safety of information. Each piece of data has its secret code, and if someone tries to
change something, it becomes really obvious. It keeps our information secure and
prevents anyone from playing tricks.
4. Easy Tracking and Checking Records- Blockchain makes it easy to follow and
check all the actions in a digital exchange. Everything is easy to track and check,
whether buying or selling. It helps solve problems and ensures everyone is
accountable for what they do.

Compliance and Regulatory Adherence:

Businesses need to follow the rules and standards in their industry. EDI tools now
work with specific rules like HIPAA and GDPR to ensure they protect information
properly. It helps companies avoid legal problems and build trust with their
coworkers. Here are some key points ensuring compliance and best practices in
business EDI security:

1. Ensuring Data Integrity and Authenticity- The rules frequently require ensuring
the safety of data in EDI transmissions. It employs encryption, digital signatures, and
audit trails to verify the data’s origin, confirm its authenticity, and demonstrate that it
remains unchanged. These measures aid in adhering to the rules and establishing trust
in the information for everyone involved.
2. Standardization and Interoperability with Industry Norms - Businesses need to
use the same formats for their data. It could be like ANSI X12, EDIFACT, XML, or
other industry-specific protocols. Using these formats helps different businesses
understand each other easily and follow the rules.
3. Documentation and Record-Keeping Practices - Businesses need to keep good
records of their transactions and communications. It helps show that they follow the
rules and makes it easier to solve problems or answer questions if there’s a
disagreement.
4. Risk Management and Mitigation Strategies- Following the rules means being
ready for things that might go wrong. Businesses need to think about possible
problems, find ways to stop them and have backup plans just in case. It helps them
stay on track and keep following the rules.
5. Continuous Monitoring and Adaptation - Following the rules isn’t a one-time
thing. Businesses must keep watching and be ready to change if the rules or
technology change. It helps them always follow the rules and stay on the right track.

Electronic Payment System:

An Electronic Payment System is defined as a mode of payment over an electronic
network, such as the Internet. The Indian economy has developed at a rapid pace since
the growth of e-commerce, electronic payments, and digital payments have gone a
long way. Electronic payments have been rising since the implementation of
demonetization and will continue to do so with the current government ensuring that
these types of payments are promoted.

Electronic Payment System allows people to make online payments for their
purchases of goods and services without the physical transfer of cash and cheques,

Deepa M., Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru.
irrespective of time and location. The key components of this payment system are the
payers and payees, financial institutions, electronic devices, communication networks,
payment gateways, and mobile payment apps. As the global economy continues to
evolve, the dependency on physical modes of payment is gradually giving way to
digital alternatives that offer speed, convenience, and efficiency. These systems
facilitate a diverse range of financial activities, from online purchases and bill
payments to person-to-person transfers.

Reasons for the Need of Electronic Payment System:

 Electronic Payment System allows customers to pay for goods and services
electronically without the use of cheques or cash.
 Businesses need a strong and secure electronic payment system in online dealings.
 Electronic Payment System is regulated in India by the RBI.
 The system is safe, speedy, and cost-effective in comparison with paper-based
payment systems.

Advantages of Electronic Payment System

 24/7 Accessibility: Electronic Payments can be made at any time, providing

round-the-clock access to financial transactions.
 Global Accessibility: Users can make payments and transfer funds globally
without being restricted by geographical boundaries.
 Instant Transactions: Electronic Payments are processed quickly, allowing for
near-instantaneous transfer of funds between accounts.
 Faster Settlement: Compared to traditional payment methods, electronic
transactions often result in faster settlement times.
 Record-Keeping and Tracking: Electronic Payment Systems facilitate easy
record-keeping for both businesses and individuals.
 Encryption and Authentication: Electronic Payment Systems employ robust
encryption and authentication protocols to secure transactions and protect
sensitive information.

Disadvantages of Electronic Payment System

 Security Concerns: Electronic Payment Systems are susceptible to security

breaches, including hacking, phishing, and identity theft.
 Technical Issues: Electronic Payment Systems rely on technology, and technical
glitches or system failures can disrupt transactions.
 Fraud Risk: Despite security measures, Electronic Payment Systems are not
immune to fraud. Unauthorized transactions, stolen credentials, or fraudulent
activities can occur, leading to financial losses for individuals and businesses.
 Privacy Concerns: Users may be concerned about the collection and storage of
personal information by electronic payment providers.
 Transaction Fees: Some electronic payment systems impose transaction fees,
which can add up over time.

Deepa M., Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru.
Types of Electronic Payment System
1. Unified Payments Interface (UPI): UPI has become a widely adopted and popular
electronic payment system in India. It enables users to link multiple bank accounts to
a single mobile application, allowing seamless and instant fund transfers between
individuals and merchants.
2. Mobile Wallets: Mobile Wallet services like Paytm, PhonePe, and Google Pay
have gained widespread acceptance. Users can load money into these digital wallets
and use the balance for various transactions, including mobile recharge, bill payments,
and online shopping.
3. Debit and Credit Cards: Debit and Credit card usage is prevalent in India, with
various banks issuing these cards for electronic transactions. Cards are commonly
used for Point-of-Sale (POS) transactions, online purchases, and cash withdrawals
from ATMs.
4. Immediate Payment Service (IMPS): IMPS enables instant interbank electronic
fund transfers through mobile phones, internet banking, or ATMs. It is particularly
useful for peer-to-peer transactions and small-value payments.
5. National Electronic Funds Transfer (NEFT): NEFT is a nationwide electronic
payment system that facilitates one-to-one funds transfer between bank accounts. It
operates on a deferred settlement basis and is widely used for both individual and
corporate transactions.
6. Real-Time Gross Settlement (RTGS): RTGS is another electronic fund transfer
system that allows real-time settlement of large-value transactions. It is typically used
for high-value interbank transfers.
7. Prepaid Instruments: Prepaid Instruments, including prepaid cards and gift cards,
provide users with a convenient way to make electronic payments with a pre-loaded
amount.

Regulatory Bodies Governing Electronic Payment System in India

 The Regulatory Framework for the Electronic Payment System in India is
governed by the Reserve Bank of India and other relevant authorities. The
Reserve Bank of India has the authority to oversee and regulate payment and
settlement systems.
 The Payment and Settlement Systems Act, 2007 provides the legal framework
for the regulation and supervision of payment systems in India.
 The National Payments Corporation of India (NPCI) issues guidelines for the
UPI. The Information Technology Act, 2000, provides a legal framework for
electronic transactions and addresses issues related to electronic governance.
 The Securities and Exchange Board of India (SEBI) regulates securities and
capital markets, and it also regulates electronic payments where security
transactions are involved.
 The Ministry of Finance, through its various departments, provides overarching
policy direction and guidance related to the financial sector, including Electronic
Payment Systems.
 The Department of Telecommunication oversees the Telecommunications
sector, and its regulations impact mobile-based electronic payment services.
Mobile network operators and telecom service providers are subject to the
regulations set by the DoT.

Deepa M., Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru.
 The Insurance Regulatory and Development Authority of India
(IRDAI) regulates the insurance sector in India. In the context of electronic
payments, it may have oversight over the insurance-related transactions conducted
through digital payment systems.

Regulations Relating to Electronic Payment System

1. Reserve Bank of India (RBI)
The RBI plays a central role in regulating EPS in India through various guidelines and
frameworks:
 Payment and Settlement Systems Act, 2007: This legislation provides the legal
foundation for the regulation and oversight of payment systems in India. It
empowers the RBI to supervise and regulate the functioning of EPS to maintain
financial stability and consumer protection.
 Guidelines on Prepaid Payment Instruments (PPIs): The RBI issues guidelines
that govern the issuance and operation of prepaid payment instruments, including
digital wallets and prepaid cards. These guidelines outline parameters, such as
issuance limits, reload limits, and Know Your Customer (KYC) requirements.
 Unified Payments Interface (UPI): The RBI regulates UPI, a real-time payment
system, through guidelines that cover transaction limits, security protocols, and
dispute resolution mechanisms. UPI has emerged as a popular channel for peer-to-
peer and merchant transactions.
2. National Payments Corporation of India (NPCI)
 Operational Guidelines: NPCI develops and enforces operational guidelines for
payment systems it manages, including UPI, Immediate Payment Service (IMPS),
and Bharat Bill Payment System (BBPS). These guidelines ensure standardized
and secure operations.
 Security and Risk Mitigation Measures: NPCI implements security measures
and risk mitigation strategies to safeguard electronic transactions. These measures
include encryption standards, two-factor authentication, and continuous
monitoring for potentially fraudulent activities.
3. Other Regulatory Bodies
Several other regulatory bodies also have a role in governing EPS
 Securities and Exchange Board of India (SEBI): SEBI, while primarily focused
on securities market regulations, may have implications for EPS, especially in
areas related to digital wallets and financial instruments.
 Insurance Regulatory and Development Authority of India (IRDAI): IRDAI
oversees the insurance sector, and regulations related to EPS in insurance
transactions may fall under its purview.
 Consumer Protection Regulations: Consumer protection regulations, focusing
on transparency, disclosure, and dispute resolution, impact EPS to safeguard user
interests.
 Data Protection and Privacy Laws: The introduction of data protection laws,
such as the Personal Data Protection Bill, addresses concerns related to the
handling and protection of user data within EPS. These regulations collectively
form a robust framework, ensuring the secure and efficient functioning of
electronic payment systems in India. It’s important to stay updated on any
amendments or new regulations introduced by these regulatory bodies.
Conclusion
In conclusion, the Electronic Payment System refers to a mode of payment which
does not include physical cash or cheques but rather includes Debit Card, UPI, etc.

Deepa M., Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru.
Regulated by the RBI, NPCI, and other regulatory authorities possess various legal
issues but hold advantages too. The recent announcement of the linkage of fast digital
payment systems of the central bank of India and Singapore, Unified Payments
Interface (UPI) and Pay. Now, closely aligns with the G20 financial inclusion
priorities of driving faster, cheaper and more transparent cross-border payments and
shows that the future is in electronic payment systems.

Electronic Payments:

E-commerce sites use electronic payment, where electronic payment refers to

paperless monetary transactions. Electronic payment has revolutionized the business
processing by reducing the paperwork, transaction costs, and labor cost. Being user
friendly and less time-consuming than manual processing, it helps business
organization to expand its market reach/expansion. Listed below are some of the
modes of electronic payments −

 Credit Card
 Debit Card
 Smart Card
 E-Money
 Electronic Fund Transfer (EFT)

Credit Card- Payment using credit card is one of most common mode of electronic
payment. Credit card is small plastic card with a unique number attached with an
account. It has also a magnetic strip embedded in it which is used to read credit card
via card readers. When a customer purchases a product via credit card, credit card
issuer bank pays on behalf of the customer and customer has a certain time period
after which he/she can pay the credit card bill. It is usually credit card monthly
payment cycle. Following are the actors in the credit card system.

 The card holder − Customer

 The merchant − seller of product who can accept credit card payments.
 The card issuer bank − card holder's bank
 The acquirer bank − the merchant's bank
 The card brand − for example , visa or Mastercard.

Credit Card Payment Process

Step Description

Bank issues and activates a credit card to the customer on his/her

Step 1
request.

The customer presents the credit card information to the merchant site
Step 2 or to the merchant from whom he/she wants to purchase a
product/service.

Deepa M., Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru.
 Merchant validates the customer's identity by asking for approval
Step 3
from the card brand company.

Card brand company authenticates the credit card and pays the
Step 4
transaction by credit. Merchant keeps the sales slip.

Merchant submits the sales slip to acquirer banks and gets the service
Step 5
charges paid to him/her.

Acquirer bank requests the card brand company to clear the credit
Step 6
amount and gets the payment.

Now the card brand company asks to clear the amount from the issuer
Step 6
bank and the amount gets transferred to the card brand company.

Debit Card

Debit card, like credit card, is a small plastic card with a unique number mapped with
the bank account number. It is required to have a bank account before getting a debit
card from the bank. The major difference between a debit card and a credit card is that
in case of payment through debit card, the amount gets deducted from the card's bank
account immediately and there should be sufficient balance in the bank account for
the transaction to get completed; whereas in case of a credit card transaction, there is
no such compulsion.

Debit cards free the customer to carry cash and cheques. Even merchants accept a
debit card readily. Having a restriction on the amount that can be withdrawn in a day
using a debit card helps the customer to keep a check on his/her spending.

Smart Card

Smart card is again similar to a credit card or a debit card in appearance, but it has a
small microprocessor chip embedded in it. It has the capacity to store a customer’s
work-related and/or personal information. Smart cards are also used to store money
and the amount gets deducted after every transaction.

Smart cards can only be accessed using a PIN that every customer is assigned with.
Smart cards are secure, as they store information in encrypted format and are less
expensive/provides faster processing. Mondex and Visa Cash cards are examples of
smart cards.

E-Money

E-Money transactions refer to situation where payment is done over the network and
the amount gets transferred from one financial body to another financial body without
any involvement of a middleman. E-money transactions are faster, convenient, and
saves a lot of time.

Deepa M., Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru.
Online payments done via credit cards, debit cards, or smart cards are examples of
emoney transactions. Another popular example is e-cash. In case of e-cash, both
customer and merchant have to sign up with the bank or company issuing e-cash.

Electronic Fund Transfer

It is a very popular electronic payment method to transfer money from one bank
account to another bank account. Accounts can be in the same bank or different
banks. Fund transfer can be done using ATM (Automated Teller Machine) or using a
computer.

Nowadays, internet-based EFT is getting popular. In this case, a customer uses the
website provided by the bank, logs in to the bank's website and registers another bank
account. He/she then places a request to transfer certain amount to that account.
Customer's bank transfers the amount to other account if it is in the same bank,
otherwise the transfer request is forwarded to an ACH (Automated Clearing House) to
transfer the amount to other account and the amount is deducted from the customer's
account. Once the amount is transferred to other account, the customer is notified of
the fund transfer by the bank.

E-Commerce - Security Systems:

Security is an essential part of any transaction that takes place over the internet.
Customers will lose his/her faith in e-business if its security is compromised.
Following are the essential requirements for safe e-payments/transactions −

 Confidentiality − Information should not be accessible to an unauthorized

person. It should not be intercepted during the transmission.
 Integrity − Information should not be altered during its transmission over the
network.
 Availability − Information should be available wherever and whenever
required within a time limit specified.
 Authenticity − There should be a mechanism to authenticate a user before
giving him/her an access to the required information.
 Non-Repudiability − It is the protection against the denial of order or denial
of payment. Once a sender sends a message, the sender should not be able to
deny sending the message. Similarly, the recipient of message should not be
able to deny the receipt.
 Encryption − Information should be encrypted and decrypted only by an
authorized user.
 Auditability − Data should be recorded in such a way that it can be audited
for integrity requirements.

Measures to ensure Security

Major security measures are following −

 Encryption − It is a very effective and practical way to safeguard the data

being transmitted over the network. Sender of the information encrypts the

Deepa M., Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru.
 data using a secret code and only the specified receiver can decrypt the data
using the same or a different secret code.
 Digital Signature − Digital signature ensures the authenticity of the
information. A digital signature is an e-signature authenticated through
encryption and password.
 Security Certificates − Security certificate is a unique digital id used to verify
the identity of an individual website or user.

Security Protocols in Internet

Some of the popular protocols used over the internet to ensure secured online
transactions.

Secure Socket Layer (SSL): It is the most commonly used protocol and is widely
used across the industry. It meets following security requirements −

 Authentication
 Encryption
 Integrity
 Non-reputability

"https://" is to be used for HTTP urls with SSL, where as "http:/" is to be used for
HTTP urls without SSL.

Secure Hypertext Transfer Protocol (SHTTP)- SHTTP extends the HTTP internet
protocol with public key encryption, authentication, and digital signature over the
internet. Secure HTTP supports multiple security mechanism, providing security to
the end-users. SHTTP works by negotiating encryption scheme types used between
the client and the server.

Secure Electronic Transaction- It is a secure protocol developed by MasterCard and

Visa in collaboration. Theoretically, it is the best security protocol. It has the
following components −

 Card Holder's Digital Wallet Software − Digital Wallet allows the card
holder to make secure purchases online via point and click interface.
 Merchant Software − This software helps merchants to communicate with
potential customers and financial institutions in a secure manner.
 Payment Gateway Server Software − Payment gateway provides automatic
and standard payment process. It supports the process for merchant's
certificate request.
 Certificate Authority Software − This software is used by financial
institutions to issue digital certificates to card holders and merchants, and to
enable them to register their account agreements for secure electronic
commerce.

Deepa M., Asst., Prof., Dept., of Com., & Mgt., Vvfgc., Mysuru.