MBA - 106: e-Business

E-BUSINESS, TYPES OF E-BUSINESS & E-BUSINESS IN INDIA
E-business is broader than e-commerce; including the transaction based e-commerce businesses and those who run traditionally but cater to online activities as well. An e-business can run any portion of its internal processes online, including inventory management, risk management, finance, human resources. For a business to be e-commerce and e-business, it must both sell products online and handle other company activities or additional sales offline.
E-Business in addition to encompassing E-commerce includes both front and back-office applications that form the engine for modern E-commerce. E-business is not just about E-commerce transactions; it's about re-defining old business models, with the aid of technology to maximize customer value. E-Business is the overall strategy and E-commerce is an extremely important facet of E-Business.
Thus e-business involves not merely setting up the company website and being able to accept credit card payments or being able to sell products or services on time. It involves fundamental re-structuring and streamlining of the business using technology by implementing enterprise resource planning (ERP) systems, supply chain management, customer relationship management, data ware housing, data marts, data mining, etc.
While many people use e-commerce and e-business interchangeably, they aren't the same, and the differences matter to businesses in today's economy. The "e" is short for "electronic" or "electronic network," and both words apply to business that utilizes electronic networks to conduct their commerce and other business activities. In the same way that all squares are rectangles, but not all rectangles are squares, all e-commerce companies are e-businesses, but not vice versa.
There are four main categories: B2B, B2C, C2B, and C2C:
B2B (Business to Business) — this kind of e-commerce involves companies doing business with each other. One example is manufacturers selling to distributors and wholesalers selling to retailers.
B2C (Business to Consumer) — this is what most people think of when they hear "e-commerce." B2C consists of businesses selling to the general public through shopping cart software, without needing any human interaction. An example of this would be Amazon.
C2B (Consumer to Business) — in this scenario, a consumer would post a project with a set budget online, and companies bid on the project.  The consumer reviews the bids and selects the company — Elance is an example of this.
C2C (Consumer to Consumer) — this type of e-commerce is made up of online classifieds or forums where individuals can buy and sell their goods, thanks to systems like PayPal. An example of this would be eBay.
E-commerce in India
India is at the cusp of a digital revolution. Declining broadband subscription prices, aided by the launch of 4G services, have been driving this trend. This has led to an ever-increasing number of “netizens.” Furthermore, the recent launch of 4G services is expected to significantly augment the country’s internet user base.
Internet has become an integral part of this growing population segment for remaining connected with friends, accessing emails, buying movie tickets and ordering food. The changing lifestyles of the country’s urban population have also led many people relying on the internet for their shopping needs. The convenience of shopping from the comfort of one’s home and having a wide product assortment to choose from has brought about increased reliance on the online medium.
The trend of online shopping is set to see greater heights in coming years, not just because of India’s rising internet population, but also due to changes in the supporting ecosystem. Players have made intensive efforts to upgrade areas such as logistics and the payment infrastructure. Furthermore, the Indian consumer’s perception of online shopping has undergone a drastic change, and only for the good. Given these developments, venture capital investors, who were restricting themselves to the sidelines, are now taking a keen interest in the country’s e-Commerce market.
The e-Commerce market in India has enjoyed phenomenal growth of almost 50% in the last five years. Although the trend of e-Commerce has been making rounds in India for 15 years, the appropriate ecosystem has now started to fall in place. The considerable rise in the number of internet users, growing acceptability of online payments, the proliferation of internet-enabled devices and favourable demographics are the key factors driving the growth story of e-Commerce in the country. The number of users making online transactions has been on a rapid growth trajectory, and it is expected to grow from 11 million in 2011 to 38 million by the end of 2016.
The online retail segment has evolved and grown significantly over the past few years. Cash-on-delivery has been one of the key growth drivers and is touted to have accounted for 50% to 80% of online retail sales.
In India, the e-commerce industry is a two-billion-dollar industry, which is a fraction of the global industry size. But it is set to grow 10 times in the next 10 years fuelled by increasing Internet and mobile penetration. At present India’s Internet penetration stands only at 12 per cent as against China’s 30-plus per cent.
Web business is powered by many departments, from digital marketing, logistics and warehousing to call centres. There is also a need for business intelligence and technology support professionals, multimedia specialists, researchers and, especially, online fashion retailers like us also employ stylists, merchandisers and photographers. The main challenge of being in this business is that it is technology-driven. One needs to understand how people behave online — consumer behaviour on the Internet. The industry is still at a nascent stage and we can expect to see lots of innovation, especially in the marketing and supply chain departments.
The most unique aspect of online shopping is that you don’t see your customer. As much as this offers a lot of ease to the shopper, it only makes the work of the sellers more challenging. The store front is your website. Therefore, you need to make sure that you are absolutely spot-on with the look and feel, ease of navigation, technical stuff like loading time, etc.
Secondly, you need to be advertising online first before heading offline. This leads to a huge demand for digital marketing professionals, creative designers for creating good Web banner ads. Finally, the fulfilment bit requires some experts from the logistics industry to get the last mile right.
Every aspect of purchase, customer service, processing is done via the web. This creates a lot of unique profiles like merchandising officers and online marketing specialists.
BENEFITS AND BARRIERS OF E-BUSINESS
Benefits of e-Business
E-Business can provide the following benefits over non-electronic commerce:
  Reduced costs by reducing labour, reduced paper work, reduced errors in keying in data, reduce post costs. E-business is one of the cheapest means of doing business as it is e-business development that has made it possible to reduce the cost of promotion of products and services.
  Reduced time: Shorter lead times for payment and return on investment in advertising, faster delivery of product. E-Business reduces delivery time and labour cost thus it has been possible to save the time of both - the vendor and the consumer.
  Flexibility with efficiency: The ability to handle complex situations, product ranges and customer profiles without the situation becoming unmanageable. There is no time barrier in selling the products. One can log on to the internet even at midnight and can sell the products at a single click of mouse.
  Improve relationships with trading partners: Improved communication between trading partners leads to enhanced long-term relationships.
  Lock in Customers: The closer you are to your customer and the more you work with them to change from normal business practices to best practice e-business the harder it is for a competitor to upset your customer relationship. The on-time alerts are meant for the convenience of the consumers and inform the consumers about new products.
  New Markets: The Internet has the potential to expand your business into wider geographical locations.
Barriers of e-Business
  E-Business Lacks That Personal Touch: Not that all physical retailers have a personal approach, but I do know of several retailers who value human relationship. As a result, shopping at those retail outlets is reassuring and refreshing. Clicking on "Buy Now," and piling up products in virtual shopping carts, is just not the same for me. Different people sing to different tunes.
  E-Business Delays Goods: Unless you are using a website to merely order a pizza online, ecommerce websites deliver take a lot longer to get the goods into your hands. Even with express shipping, the earliest you get goods is "tomorrow." But if you want to buy a pen because you need to write something right now, you cannot buy it off an ecommerce website. Likewise with candy that you want to eat now, a book that you want to read tonight, a birthday gift that you need this evening. An exception to this rule is in the case of digital goods, e.g. an e-book or a music file. In this case, ecommerce might actually be faster than purchasing goods from a physical store.
  Many Goods Cannot Be Purchased Online: Despite its many conveniences, there are goods that you cannot buy online. Most of these would be in the categories of "perishable" or "odd-sized." Think about it, you cannot order a Popsicle (also referred to as an ice pop or ice lolly) or a dining table set. Likewise, a dining table set can certainly be purchased online. In some cases, the cost of logistics is bearable. But if you have to return the furniture, you will get well-acquainted with the inconvenience of ecommerce.
  E-Business Does Not Allow You to Experience the Product before Purchase: You cannot touch the fabric of the garment you want to buy. You cannot check how the shoe feels on your feet. You cannot "test" the perfume that you want to buy. In many cases, customers want to experience the product before purchase. E-Business does not allow that. If you buy a music system, you cannot play it online to check if it sounds right? If you are purchasing a home-theatre system, you would much rather sit in the "experience centre" that several retail stores set up.
  Anyone can set up an E-Business Website: We live in an era where online storefront providers bring you the ability to set up an ecommerce store within minutes. But if anybody can set up a store, how do I know that the store I am purchasing from is genuine? The lowered barriers to entry might be a great attraction to the aspiring ecommerce entrepreneur. But for the buyer, reliability can be an issue. This could lead customers to restrict their online purchases to famous ecommerce websites.
  Security: When making an online purchase, you have to provide at least your credit card information and mailing address. In many cases, ecommerce websites are able to harvest other information about your online behaviour and preferences. This could lead to credit card fraud, or worse, identity theft.
BUSINESS MODEL AND THE KEY ELEMENTS OF A BUSINESS MODEL
A business model is a set of planned activities (sometimes referred to as business processes) designed to result in a profit in a marketplace. A business model is not always the same as a business strategy although in some cases they are very close insofar as the business model explicitly takes into account the competitive environment. The business model is at the center of the business plan. A business plan is a document that describes a firm’s business model. A business plan always takes into account the competitive environment. An e-commerce business model aims to use and leverage the unique qualities of the Internet and the World Wide Web.
Eight key elements of a Business model
If you hope to develop a successful business model in any arena, not just e-commerce, you must make sure that the model effectively addresses the eight elements listed in Table 2.1 (next page). These elements are: value proposition, revenue model, market opportunity, competitive environment, competitive advantage, market strategy, organizational development, and management team. Many writers focus on a firm’s value proposition and revenue model. While these may be the most important and most easily identifiable aspects of a company’s business model, the other elements are equally important when evaluating business models and plans, or when attempting to understand why a particular company has succeeded or failed.
Value Proposition: A company’s value proposition is at the very heart of its business model. A value proposition defines how a company’s product or service fulfils the needs of customers. To develop and/or analyze a firm’s value proposition, you need to understand why customers will choose to do business with the firm instead of another company and what the firm provides that other firms do not and cannot. From the consumer point of view, successful e-commerce value propositions include: personalization and customization of product offerings, reduction of product search costs, reduction of price discovery costs, and facilitation of transactions by managing product delivery.
FreshDirect, for instance, primarily is offering customers the freshest perishable food in New York, direct from the growers and manufacturers, at the lowest prices, delivered to their homes at night. Although local supermarkets can offer fresh food also, customers need to spend an hour or two shopping at those stores every week. Convenience and saved time are very important elements in FreshDirect’s value proposition to customers. 
 Revenue Model: A firm’s revenue model describes how the firm will earn revenue, generate profits, and produce a superior return on invested capital. We use the terms revenue model and financial model interchangeably. The function of business organizations is both to generate profits and to produce returns on invested capital that exceed alternative investments. Profits alone are not sufficient to make a company “successful”. In order to be considered successful, a firm must produce returns greater than alternative investments. Firms that fail this test go out of existence.
Retailers, for example, sell a product, such as a personal computer, to a customer who pays for the computer using cash or a credit card. This produces revenue. The merchant typically charges more for the computer than it pays out in operating expenses, producing a profit. But in order to go into business, the computer merchant had to invest capital—either by borrowing or by dipping into personal savings. The profits from the business constitute the return on invested capital, and these returns must be greater than the merchant could obtain elsewhere, say, by investing in real estate or just putting the money into a savings account.
Market Opportunity: The term market opportunity refers to the company’s intended marketspace (i.e., an area of actual or potential commercial value) and the overall potential financial opportunities available to the firm in that marketspace. The market opportunity is usually divided into smaller market niches. The realistic market opportunity is defined by the revenue potential in each of the market niches where you hope to compete. For instance, let’s assume you are analyzing a software training company that creates software-learning systems for sale to corporations over the Internet. The overall size of the software training market for all market segments is approximately $70 billion. The overall market can be broken down, however, into two major market segments: instructor-led training products, which comprise about 70% of the market ($49 billion in revenue), and computer-based training, which accounts for 30% ($21 billion). There are further market niches within each of those major market segments, such as the Fortune 500 computer-based training market and the small business computer-based training market. Because the firm is a start-up firm, it cannot compete effectively in the large business, computer-based training market (about $15 billion). Large brand-name training firms dominate this niche. The start-up firm’s real market opportunity is to sell to the thousands of small business firms who spend about $6 billion on computer-based software training and who desperately need a cost-effective training solution. This is the size of the firm’s realistic market opportunity.
Competitive Environment: A firm’s competitive environment refers to the other companies selling similar products and operating in the same market-space. It also refers to the presence of substitute products and potential new entrants to the market, as well as the power of customers and suppliers over your business. We discuss the firm’s environment later in the chapter. The competitive environment for a company is influenced by several factors: how many competitors are active, how large their operations are, what the market share of each competitor is, how profitable these firms are, and how they price their products.
Firms typically have both direct and indirect competitors. Direct competitors are those companies that sell products and services that are very similar and into the same market segment. For example, Priceline and Travelocity, both of whom sell discount airline tickets online, are direct competitors because both companies sell identical products—cheap tickets. Indirect competitors are companies that may be in different industries but still compete indirectly because their products can substitute for one another. For instance, automobile manufacturers and airline companies operate in different industries, but they still compete indirectly because they offer consumers alternative means of transportation. CNN.com, a news outlet, is an indirect competitor of ESPN.com not because they sell identical products, but because they both compete for consumers’ time online.
The existence of a large number of competitors in any one segment may be a sign that the market is saturated and that it may be difficult to become profitable. On the other hand, a lack of competitors could either signal an untapped market niche ripe for the picking or a market that has already been tried without success because there is no money to be made. Analysis of the competitive environment can help you decide which it is.
Competitive Advantage: Firms achieve a competitive advantage when they can produce a superior product and/or bring the product to market at a lower price than most, or all, of their competitors (Porter, 1985). Firms also compete on scope. Some firms can develop global markets, while other firms can only develop a national or regional market. Firms that can provide superior products at lowest cost on a global basis are truly advantaged.
Firms achieve competitive advantages because they have somehow been able to obtain differential access to the factors of production that are denied to their competitors—at least in the short term (Barney, 1991). Perhaps the firm has been able to obtain very favourable terms from suppliers, shippers, or sources of labour. Or perhaps the firm has more experienced, knowledgeable, and loyal employees than any competitors. Maybe the firm has a patent on a product that others cannot imitate, or access to investment capital through a network of former business colleagues or a brand name and popular image that other firms cannot duplicate. An asymmetry exists whenever one participant in a market has more resources—financial backing, knowledge, information, and/or power—than other participants. Asymmetries lead to some firms having an edge over others, permitting them to come to market with better products, faster than competitors, and sometimes at lower cost.
For instance, when Steven Jobs, CEO and founder of Apple Computer, announced iTunes, a new service offering legal, downloadable individual song tracks for 99 cents a tune that would be playable on Apple iPods or Apple desktops, the company was given better than average odds of success simply because of Apple’s prior success with innovative hardware designs, and the large stable of music labels which Apple had meticulously lined up to support its online music catalogue. Few competitors could match the combination of cheap, legal songs and powerful hardware to play them on.
One rather unique competitive advantage derives from being first mover. A first-mover advantage is a competitive market advantage for a firm that results from being the first into a marketplace with a serviceable product or service. If first movers develop a loyal following or a unique interface that is difficult to imitate, they can sustain their first-mover advantage for long periods. Amazon provides a good example. However, in the history of technology-driven business innovation, most first movers lack the complimentary resources needed to sustain their advantages, and often follower firms reap the largest rewards. Indeed, many of the success stories we discuss in this book are those of companies that were slow followers—businesses that gained knowledge from failure of pioneering firms and entered into the market late.
Companies are said to leverage their competitive assets when they use their competitive advantages to achieve more advantage in surrounding markets. For instance, Amazon’s move into the online grocery business leverages the company’s huge customer database and years of e-commerce experience.
Market Strategy: No matter how tremendous a firm’s qualities, its marketing strategy and execution are often just as important. The best business concept, or idea, will fail if it is not properly marketed to potential customers.
Everything you do to promote your company’s products and services to potential customers is known as marketing. Market strategy is the plan you put together that details exactly how you intend to enter a new market and attract new customers. Part of FreshDirect’s strategy, for instance, is to develop close supply chain partnerships with growers and manufacturers so it purchases goods at lower prices directly from the source. This helps FreshDirect lower its prices for consumers.
By partnering with suppliers that could benefit from FreshDirect’s access to consumers, FreshDirect is attempting to extend its competitive advantages. YouTube and PhotoBucket have a social network marketing strategy which encourages users to post their content on the sites for free, build personal profile pages, contact their friends, and build a community. In these cases, the customer is the marketing staff!
Organizational Development: Although many entrepreneurial ventures are started by one visionary individual, it is rare that one person alone can grow an idea into a multi-million dollar company.
In most cases, fast-growth companies—especially e-commerce businesses—need employees and a set of business procedures. In short, all firms—new ones in particular—need an organization to efficiently implement their business plans and strategies. Many e-commerce firms and many traditional firms who attempt an e-commerce strategy have failed because they lacked the organizational structures and supportive cultural values required to support new forms of commerce.
Companies that hope to grow and thrive need to have a plan for organizational development that describes how the company will organize the work that needs to be accomplished. Typically, work is divided into functional departments, such as production, shipping, marketing, customer support, and finance. Jobs within these functional areas are defined, and then recruitment begins for specific job titles and responsibilities. Typically, in the beginning, generalists who can perform multiple tasks are hired. As the company grows, recruiting becomes more specialized.
For instance, at the outset, a business may have one marketing manager. But after two or three years of steady growth, that one marketing position may be broken down into seven separate jobs done by seven individuals.
Management Team: Arguably, the single most important element of a business model is the management team responsible for making the model work. A strong management team gives a model instant credibility to outside investors, immediate market-specific knowledge, and experience in implementing business plans. A strong management team may not be able to salvage a weak business model, but the team should be able to change the model and redefine the business as it becomes necessary.
Eventually, most companies get to the point of having several senior executives or managers. How skilled managers are, however, can be a source of competitive advantage or disadvantage. The challenge is to find people who have both the experience and the ability to apply that experience to new situations.
To be able to identify good managers for a business start-up, first consider the kinds of experiences that would be helpful to a manager joining your company. What kind of technical background is desirable? What kind of supervisory experience is necessary? How many years in a particular function should be required? What job functions should be fulfilled first: marketing, production, finance, or operations? Especially in situations where financing will be needed to get a company off the ground, do prospective senior managers have experience and contacts for raising financing from outside investors?
VALUE CHAINS IN E-COMMERCE AND VALUE CHAIN AREAS
A value chain for a product is the chain of actions that are performed by the business to add value in creating and delivering the product. For example, when you buy a product in a store or from the web, the value chain includes the business selecting products to be sold, purchasing the components or tools necessary to build them from a wholesaler or manufacturer, arranging the display, marketing and advertising the product, and delivering the product to the client.
In the book ‘Designing Systems for Internet Commerce’ by G. Winfield Treese and Lawrence C. Stewart, the authors suggest breaking down the aspects of your business into four general value-chain areas:
§ Attract-in which you get and keep customer interest, and includes advertising and marketing
§ Interact-in which you turn interest into orders, and includes sales and catalogues
§ Act-in which you manage orders, and includes order capture, payment, and fulfilment
§ React-in which you service customers, and includes technical support, customer service, and order tracking
Value Proposition
The value proposition describes the value that the company will provide to its customers and, sometimes, to others as well. With a value proposition the company attempts to offer better value than competitors so that the buyer will benefit most with this product.
A value proposition may include one or more of the following points:
§ Reduced price
§ Improved service or convenience such as the "1 click" checkout
§ Speed of delivery and assistance
§ Products that lead to increased efficiency and productivity
§ Access to a large and available inventory that presents options for the buyer
Providing value in an e-business uses the same approach as providing value in any business, although it may require different capabilities. But common to both are the customers who seek out value in a business transaction. The value proposition helps focus the business on the well-being of the customer, where it remains in successful companies.
Value Delivery through Integration of Activities
Integration of Organization or Enterprise Operations
The integration of systems inside and outside the organization can provide value for both customers and the organization. One of the requirements for e-business is to link front-end with back-end systems in order to automate the online operations of the organization.
Front-end activities deal directly with the customer while back-end systems include all of the internal support activities that do not deal directly with the customer. Some enterprises have different geographic locations for front-end and back-end office activities and rely on the integration of the associated computer and network systems for successful corporate operations.
ELECTRONIC DATA INTERCHANGE: ITS BENEFITS, PROCESS AND COMPONENTS
Electronic Data Interchange (EDI) is the computer-to-computer exchange of business documents in a standard electronic format between business partners.
By moving from a paper-based exchange of business document to one that is electronic, businesses enjoy major benefits such as reduced cost, increased processing speed, reduced errors and improved relationships with business partners.
Technically, EDI is a set of standards that define common formats for the information so it can be exchanged in this way.
Each term in the definition is significant:
  Computer-to-computer– EDI replaces postal mail, fax and email. While email is also an electronic approach, the documents exchanged via email must still be handled by people rather than computers. Having people involved slows down the processing of the documents and also introduces errors. Instead, EDI documents can flow straight through to the appropriate application on the receiver’s computer (e.g. the Order Management System) and processing can begin immediately.
A typical manual process looks like this, with lots of paper and people involvement:
 The EDI process looks like this – no paper, no people involved:
  Business documents – These are any of the documents that are typically exchanged between businesses. The most common documents exchanged via EDI are purchase orders, invoices and Advance Ship Notices. But there are many, many others such as bill of lading, customs documents, inventory documents, shipping status documents.
  Standard format– Because EDI documents must be processed by computers rather than humans, a standard format must be used so that the computer will be able to read and understand the documents. A standard format describes what each piece of information is and in what format (e.g. integer, decimal, mmddyy). Without a standard format, each company would send documents using its company-specific format and, much as an English-speaking person probably doesn’t understand Japanese, the receiver’s computer system doesn’t understand the company-specific format of the sender’s format. There are several EDI standards in use today, including ANSI, EDIFACT, TRADACOMS and XML. And, for each standard there are many different versions, e.g. ANSI 5010 or EDIFACT version D12, Release A. When two businesses decide to exchange EDI documents, they must agree on the specific EDI standard and version. Businesses typically use an EDI translator – either as in-house software or via an EDI service provider – to translate the EDI format so the data can be used by their internal applications and thus enable straight through processing of documents.
  Business partners – The exchange of EDI documents is typically between two different companies, referred to as business partners or trading partners. For example, Company A may buy goods from Company B. Company A sends orders to Company B. Company A and Company B are business partners.
EDI – the Process
There are 3 steps to sending EDI documents – Prepare the documents, Translate the documents into EDI format, Transmit the EDI documents to your partner.
Step 1: Prepare the documents to be sent
The first step is to collect and organize the data. For example, instead of printing a purchase order, your system creates an electronic file with the necessary information to build an EDI document. The sources of data and the methods available to generate the electronic documents can include:
§  Human data entry via screens
§  Exporting PC-based data from spreadsheets or databases
§  Reformatted electronic reports into data files
§  Enhancing existing applications to automatically create output files that are ready for translation into an EDI standard
§  Purchasing application software that has built-in interfaces for EDI files
Step 2: Translate the documents into EDI format
The next step is to feed your electronic data through translator software to convert your internal data format into the EDI standard format using the appropriate segments and data elements. You can purchase EDI translation software that you manage and maintain on your premises. This requires specialized mapping expertise in order to define how your internal data is to be mapped (i.e. correlated) to the EDI data. Translation software is available to suit just about any computing environment and budget, from large systems that handle thousands of transactions daily to PC-based software that need only process a few hundred transactions per week.
Alternatively, you can use the translation services of an EDI service provider. In that case, you send your data to the provider, who handles translation to and from the EDI format on your behalf.
Step 3: Connect and transmit your EDI documents to your business partner
Once your business documents are translated to the appropriate EDI format they are ready to be transmitted to your business partner. You must decide how you will connect to each of your partners to perform that transmission. There are several ways, the most common of which include 1) to connect directly using AS2 or another secure internet protocol, 2) connect to an EDI Network provider (also referred to as a VAN provider) using your preferred communications protocol and rely on the network provider to connect to your business partners using whatever communications protocol your partners prefer, or 3) a combination of both, depending on the particular partner and the volume of transactions you expect to exchange.
EDI – the Benefits
For many companies, EDI is really not a choice. It may be a requirement of doing business with larger organizations, including big retailers, manufacturers and government agencies.
Once you are communicating via EDI, the door is open to maximizing its value to your business. By integrating your EDI workflow with your back-end business or accounting system, you can streamline the entire process of how information flows through your organization. The benefits can be tremendous, including:
§  Lower costsBy reducing the manual keying of data, handling of documents and other processes, you can potentially reduce the costs of labour and paper, and reduce errors (and their associated costs).
§  Higher efficiencySending and receiving EDI data happens in seconds, and the information can be acted on immediately. This means time savings for you and your trading partners.
§  Improved accuracyYou can reduce errors by using EDI because manual and duplicate entry is eliminated. Everything flows untouched, leaving a trail for easy future tracking.
§  More supply chain visibilityWith EDI, product sales data, product inventory status, demand forecasts and other metrics can be shared with suppliers and their suppliers. This allows for better inventory management and supports just-in-time delivery.
§  Enhanced securityThanks to numerous communications protocols addressing encryption and other security issues, critical business or personal data may be exchanged with higher levels of security via EDI than by any other means.
§  Greater management informationBecause EDI data is electronic data, you have a source of information to guide management decisions or to mine for further analysis.
The process improvements that EDI offers are significant and can be dramatic. For example, consider the difference between the traditional paper purchase order and its electronic counterpart:
A Traditional Document Exchange of a Purchase Order
§  This process normally takes between three and five days.
§  Buyer makes a buying decision, creates the purchase order and prints it.
§  Buyer mails the purchase order to the supplier.
§  Supplier receives the purchase order and enters it into the order entry system.
§  Buyer calls supplier to determine if purchase order has been received, or supplier mails buyer an acknowledgment of the order.
An EDI Document Exchange of a Purchase Order
§  Buyer makes a buying decision, creates the purchase order but does not print it.
§  EDI software creates an electronic version of the purchase order and transmits it automatically to the supplier.
§  Supplier's order entry system receives the purchase order and updates the system immediately on receipt.
§  Supplier's order entry system creates an acknowledgment and transmits it back to confirm receipt.
This process normally occurs overnight and can take less than an hour.
EDI – the components
Since EDI started to get popular it has been many years and during all this time, there were many EDI Software packages out there allowing companies to use EDI easily.
In an EDI Software there are couples of components that are crucial to the success of the EDI Software solution in the organization. In this article we focus on some of the main components that every EDI software package must have in order to offer the user a positive experience and actually be used by company EDI Administrator or one of the company advanced user who is in charge of the EDI transactions, sending and receiving and the whole process involved in it.
§  Mapping
§  Translation
§  Validation
§  Import/Export
§  Reporting
§  Documents Turn Around
§  Monitoring and Alerting
EDI Mapping
EDI mapping a process through which EDI data is translated to a format that is more easily used in new environments. Through EDI Mapping you can, for example, translate EDI messages into ASCII formats like flat-file, XML and other similar forms.
EDI Translation
An EDI Translator is also referred to as EDI software, or EDI translation software. An EDI Translator provides a means of transforming EDI data to and from formats suited for the enterprise. In other words, an EDI Translator converts data from irregular, enterprise-specific forms into an ordered and standardized structure that is compliant with EDI standards. The EDI Translator also performs the same function in reverse, converting an EDI document into a data structure that is appropriate for the enterprise. An EDI Translator can be developed in house, or it can be purchased through third party EDI Translator providers.
EDI Validation
EDI Validation is the process of making sure that all the data in the EDI file are correct, sitting in the appropriate location, that mandatory elements are not missing and that element that are from a list of possible value for that specific dictionary id, are correct.
The file in the right format and follow the guidelines of the EDI Version and standard.
Because computers do not have the flexibility of reading and translating documents like humans do,  it is important to have a standard file format in EDI so that computers can read and translate EDI documents correctly.  It is also just as important for users who are processing EDI files to adhere to the EDI standard.  One method of enforcing the EDI standard is to validate any incoming EDI documents before they get translated.  Validation not only ensures a more accurate EDI translation, but also ensures a more robust automated process by detecting and rejecting EDI files with anomalies that could break the translation program and interrupt production.
EDI Import and EDI Export
EDI Import and EDI Export is the process of importing data from a text file/excel file or any other file format used by the organization into EDI file structure, export is the same but the other way around. This option is vital in case the user need some interface with his/her ERP software and many of those ERP software packages have Import/Export routings, so in order to integrate between the two software packages, the user can import and export data between the ERP and the EDI software packages.
EDI Reporting
EDI Reporting is the option to view reports on the transactions activity on a given time frame. That way an EDI Administrator can see how many EDI Transactions went through, how many of each document type, how many were with errors and more.
Each EDI software has its own set of EDI Reports, but the main point is that it has to give the EDI Administrator some tools to look at the EDI Activity in the organization so he can determine on what type of action to take in different situation, for example if he receive too many transactions with errors.
EDI Documents Turn Around
EDI Documents Turn Around is the part when user takes an EDI document like Purchase Order (850, 875) and creates an Invoice of it, saving the user time and typing errors.
SECURITY ISSUES OF E-COMMERCE AND ELECTRONIC COMMERCE THREATS
The Internet and e-Commerce are becoming a more and more popular sources for people to carry out their shopping. The e-Commerce refers to the exchange of goods and services over the Internet. This shopping covers everything from groceries to large electronic goods and even cars. The rapid evolution of computing and communication technologies and their standardizations have made the boom in e-Commerce possible. Along with these there is also substantial growth in the areas of credit card fraud and identity theft, by the very nature of it the internet is a worldwide public network with thousands of millions of users. Amongst these thousands of millions of users there is a percentage of those that are described as crackers or hackers, it is these people that carry out the credit card fraud and identity theft, there are numerous ways in which they do this and many of these methods are facilitated with poor security on e-Commerce web servers and in users computers.
Information security is the protection against security threats that are defined as a circumstance, condition, or event with the potential to cause economic hardship to data or network resources in the form of destruction, disclosure, and modification of data, denial of service, fraud, waste, and or abuse. Security has become one of the most important issues that must be resolved first to ensure success of e-Commerce. The first step toward reducing the risk of e-Commerce security threats is to identify the vulnerable areas where security threats can happen.
The main vulnerable areas for an e-Commerce are hardware security, software security, and environment security.
Hardware security includes any devices used in running the e-Commerce website like network devices and servers. Protecting the network with a properly configured firewall device that is only allowing ports needed for accessing the e-Commerce website is an essential part of network security.
Software security includes any software used in running the e-Commerce website such as the operating system, web server software and database software. The operating system should be configured for security through the process of operating system hardening. Software should be contently being kept updated as patches are routinely released to fix holes in security.
Environment security is the area around the hardware running the e-Commerce website and includes human resources. Secure physical access to network and server devices by using fences, locks, or other methods. Network, server, and software access credentials should be highly complex and well guarded. Once a staff member has left the company or moved to a different position, remove all access privileges for that person that is no longer needed.
E-Commerce security requirements can be studied by examining the overall process, beginning with the consumer and ending with the commerce server. Considering each logical link in the “commerce chain”, the assets that must be protected to ensure secure e-commerce include client computers, the messages travelling on the communication channel, and the web and commerce servers – including any hardware attached to the servers. While telecommunications are certainly one of the major assets to be protected, the telecommunications links are not the only concern in computer and e-commerce security. For instance, if the telecommunications links were made secure but no security measures were implemented for either client computers or commerce and web-servers, then no communications security would exist at all.
Client threats
Until the introduction of executable web content, Web pages were mainly static. Coded in HTML, static pages could do little more than display content and provide links to related pages with additional information. However, the widespread use of active content has changed this perception.
1. Active content: Active content refers to programs that are embedded transparently in web pages and that cause action to occur. Active content can display moving graphics, download and play audio, or implement web-based spreadsheet programs. Active content is used in e-commerce to place items one wishes to purchase into a shopping cart and to compute the total invoice amount, including sales tax, handling, and shipping costs. The best known active content forms are Java applets, ActiveX controls, JavaScript, and VBScript.
Since active content modules are embedded in web pages, they can be completely transparent to anyone browsing a page containing them. Anyone can embed malicious active content in web pages. This delivery technique, called a trojan horse, immediately begins executing and taking actions that cause harm. Embedding active content to web pages involved in e-commerce introduces several security risks. Malicious programs delivered quietly via web pages could reveal credit card numbers, usernames, and passwords that are frequently stored in special files called cookies. Because the internet is stateless and cannot remember a response from one web page view to another, cookies help solve the problem of remembering customer order information or usernames or passwords. Malicious active content delivered by means of cookies can reveal the contents of client-side files or even destroy files stored on client computers.
2. Malicious codes: Computer viruses, worms and trojan-horses are examples of malicious code. A trojan horse is a program which performs a useful function, but performs an unexpected action as well. Virus is a code segment which replicates by attaching copies to existing executables. A worm is a program which replicates itself and causes execution of the new copy. These can create havoc on the client side.
3. Server-side masquerading: Masquerading lures a victim into believing that the entity with which it is communicating is a different entity. For example, if a user tries to log into a computer across the internet but instead reaches another computer that claims to be the desired one, the user has been spoofed. This may be a passive attack (in which the user does not attempt to authenticate the recipient, but merely accesses it), but it is usually an active attack (in which the masquerader issues responses to mislead the user about its identity).
Communication channel threats
The internet serves as the electronic chain linking a consumer (client) to an e-commerce resource (commerce server). Messages on the internet travel a random path from a source node to a destination node. The message passes through a number of intermediate computers on the network before reaching the final destination. It is impossible to guarantee that every computer on the internet through which messages pass is safe, secure, and non-hostile.
1. Confidentiality threats: Confidentiality is the prevention of unauthorized information disclosure. Breaching confidentiality on the internet is not difficult. Suppose one logs on to a website – say www.anybiz.com – that contains a form with text boxes for name, address, and e-mail address. When one fills out those text boxes and clicks the submit button, the information is sent to the web-server for processing. One popular method of transmitting data to a web-server is to collect the text box responses and place them at the end of the target server’s URL. The captured data and the HTTP request to send the data to the server is then sent. Now, suppose the user changes his mind, decides not to wait for a response from the anybiz.com server, and jumps to another website instead – say www.somecompany.com. The server somecompany.com may choose to collect web demographics and log the URL from which the user just came (www.anybiz.com). By doing this, somecompany.com has breached confidentiality by recording the secret information the user has just entered.
2. Integrity threats: An integrity threat exists when an unauthorized party can alter a message stream of information. Unprotected banking transactions are subject to integrity violations. Cyber vandalism is an example of an integrity violation. Cyber vandalism is the electronic defacing of an existing website page. Masquerading or spoofing – pretending to be someone you are not or representing a website as an original when it really is a fake – is one means of creating havoc on websites. Using a security hole in a domain name server (DNS), perpetrators can substitute the address of their website in place of the real one to spoof website visitors. Integrity threats can alter vital financial, medical, or military information. It can have very serious consequences for businesses and people.
3. Availability threats: The purpose of availability threats, also known as delay or denial threats, is to disrupt normal computer processing or to deny processing entirely. For example, if the processing-speed of a single ATM machine transaction slows from one or two seconds to 30 seconds, users will abandon ATM machines entirely. Similarly, slowing any internet service will drive customers to competitors’ web or commerce sites.
Server threats
The server is the third link in the client-internet-server trio embodying the e-commerce path between the user and a commerce server. Servers have vulnerabilities that can be exploited by anyone determined to cause destruction or to illegally acquire information.
1. Web-server threats: Web-server software is designed to deliver web pages by responding to HTTP requests. While web-server software is not inherently high-risk, it has been designed with web service and convenience as the main design goal. The more complex the software is, the higher is the probability that it contains coding errors (bugs) and security holes – security weaknesses that provide openings through which evildoers can enter.
2. Commerce server threats: The commerce server, along with the web-server, responds to requests from web browsers through the HTTP protocol and CGI scripts. Several pieces of software comprise the commerce server software suite, including an FTP server, a mail server, a remote login server, and operating systems on host machines. Each of this software can have security holes and bugs.
3. Database threats: E-commerce systems store user data and retrieve product information from databases connected to the web-server. Besides product information, databases connected to the web contain valuable and private information that could irreparably damage a company if it were disclosed or altered. Some databases store username/password pairs in a non-secure way. If someone obtains user authentication information, then he or she can masquerade as a legitimate database user and reveal private and costly information.
4. Common gateway interface threats: A common gateway interface (CGI) implements the transfer of information from a web-server to another program, such as a database program. CGI and the programs to which they transfer data provide active content to web pages. Because CGIs are programs, they present a security threat if misused. Just like web-servers, CGI scripts can be set up to run with their privileges set to high – unconstrained. Defective or malicious CGIs with free access to system resources are capable of disabling the system, calling privileged (and dangerous) base system programs that delete files, or viewing confidential customer information, including usernames and passwords.
5. Password hacking: The simplest attack against a password-based system is to guess passwords. Guessing of passwords requires that access to the complement, the complementation functions, and the authentication functions be obtained. If none of these have changed by the time the password is guessed, then the attacker can use the password to access the system.

ENCRYPTION, DECRYPTION AND CRYPTOGRAPHY

Data that can be read and understood without any special measures is called plaintext or cleartext. The method of disguising plaintext in such a way as to hide its substance is called encryption. Encrypting plaintext results in unreadable gibberish called ciphertext. You use encryption to ensure that information is hidden from anyone for whom it is not intended, even those who can see the encrypted data. The process of reverting ciphertext to its original plaintext is called decryption.
Encryption is the conversion of data into seemingly random, incomprehensible data. Its meaningless form ensures that it remains unintelligible to everyone for whom it is not intended, even if the intended have access to the encrypted data.
The only way to transform the data back into intelligible form is to reverse the encryption (known as decryption). Public Key Cryptography encryption and decryption is performed with Public and Private Keys.
Keys
A key is a value that works with a cryptographic algorithm to produce a specific ciphertext. Keys are basically really, really, really big numbers. Key size is measured in bits; the number representing a 1024-bit key is darn huge. In public key cryptography, the bigger the key, the more secure the ciphertext.
While the public and private keys are mathematically related, it’s very difficult to derive the private key given only the public key; however, deriving the private key is always possible given enough time and computing power. This makes it very important to pick keys of the right size; large enough to be secure, but small enough to be applied fairly quickly. Additionally, you need to consider who might be trying to read your files, how determined they are, how much time they have, and what their resources might be.
Public Key and Private Keys
The Public key and Private key-pair comprises of two uniquely related cryptographic keys (basically long random numbers). Below is an example of a Public Key:
3048 0241 00C9 18FA CF8D EB2D EFD5 FD37 89B9 E069 EA97 FC20 5E35 F577 EE31 C4FB C6E4 4811 7D86 BC8F BAFA 362F 922B F01B 2F40 C744 2654 C0DD 2881 D673 CA2B 4003 C266 E2CD CB02 0301 0001
The Public Key is what its name suggests - Public. It is made available to everyone via a publicly accessible repository or directory. On the other hand, the Private Key must remain confidential to its respective owner.
Because the key pair is mathematically related, whatever is encrypted with a Public Key may only be decrypted by its corresponding Private Key and vice versa.
For example, if Bob wants to send sensitive data to Alice, and wants to be sure that only Alice may be able to read it, he will encrypt the data with Alice's Public Key. Only Alice has access to her corresponding Private Key and as a result is the only person with the capability of decrypting the encrypted data back into its original form.
As only Alice has access to her Private Key, it is possible that only Alice can decrypt the encrypted data. Even if someone else gains access to the encrypted data, it will remain confidential as they should not have access to Alice's Private Key.
Public Key Cryptography can therefore achieve Confidentiality. However another important aspect of Public Key Cryptography is its ability to create a Digital Signature.
Cryptography
Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables you to store sensitive information or transmit it across insecure networks (like the Internet) so that it cannot be read by anyone except the intended recipient.
A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and decryption process. A cryptographic algorithm works in combination with a key—a word, number, or phrase—to encrypt the plaintext. The same plaintext encrypts to different ciphertext with different keys. The security of encrypted data is entirely dependent on two things: the strength of the cryptographic algorithm and the secrecy of the key. A cryptographic algorithm, plus all possible keys and all the protocols that make it work comprise a cryptosystem such as PGP (Pretty Good Privacy). Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication.
Public Key Cryptography
Public key cryptography is an asymmetric scheme that uses a pair of keys for encryption: a public key, which encrypts data, and a corresponding private, or secret key for decryption. You publish your public key to the world while keeping your private key secret. Anyone with a copy of your public key can then encrypt information that only you can read.
It is computationally infeasible to deduce the private key from the public key. Anyone who has a public key can encrypt information but cannot decrypt it. Only the person who has the corresponding private key can decrypt the information.

PUBLIC KEY INFRASTRUCTURE (PKI) AND DIGITAL SIGNATURES

Public Key Infrastructure (PKI) refers to the technical mechanisms, procedures and policies that collectively provide a framework for addressing the previously illustrated fundamentals of security-authentication, confidentiality, integrity, non-repudiation and access control.
PKI enables people and businesses to utilise a number of secure Internet applications. For example, secure and legally binding emails and Internet based transactions, and services delivery can all be achieved through the use of PKI.
PKI utilises two core elements; Public Key Cryptography and Certification Authorities.
The benefits of PKI are delivered through the use of Public Key Cryptography. A core aspect of Public Key Cryptography is the encryption and decryption of digital data.
A major benefit of public key cryptography is that it provides a method for employing digital signatures. Digital signatures enable the recipient of information to verify the authenticity of the information’s origin, and also verify that the information is intact. Thus, public key digital signatures provide authentication and data integrity. A digital signature also provides non-repudiation, which means that it prevents the sender from claiming that he or she did not actually send the information. These features are every bit as fundamental to cryptography as privacy, if not more.
A digital signature serves the same purpose as a handwritten signature. However, a handwritten signature is easy to counterfeit. A digital signature is superior to a handwritten signature in that it is nearly impossible to counterfeit, plus it attests to the contents of the information as well as to the identity of the signer.
The basic manner in which digital signatures are created is illustrated in the figure given on the previous page. Instead of encrypting information using someone else’s public key, you encrypt it with your private key. If the information can be decrypted with your public key, then it must have originated with you.
Digital Signatures apply the same functionality to an e-mail message or data file that a handwritten signature does for a paper-based document. The Digital Signature vouches for the origin and integrity of a message, document or other data file.
The creation of a Digital Signature is a complex mathematical process. However as the complexities of the process are computed by the computer, applying a Digital Signature is no more difficult that creating a handwritten one!
The following process illustrates in general terms the processes behind the generation of a Digital Signature:
1.    Alice clicks 'sign' in her email application or selects which file is to be signed.
2.    Alice's computer calculates the 'hash' (the message is applied to a publicly known mathematical hashing function that coverts the message into a long number referred to as the hash).
3.    The hash is encrypted with Alice's Private Key (in this case it is known as the Signing Key) to create the Digital Signature.
4.    The original message and its Digital Signature are transmitted to Bob.
5.    Bob receives the signed message. It is identified as being signed, so his email application knows which actions need to be performed to verify it.
6.    Bob's computer decrypts the Digital Signature using Alice's Public Key.
7.    Bob's computer also calculates the hash of the original message (remember - the mathematical function used by Alice to do this is publicly known).
8.    Bob's computer compares the hashes it has computed from the received message with the now decrypted hashes received with Alice's message.
Represented diagrammatically:
If the message has remained integral during its transit (i.e. it has not been tampered with), when compared the two hashes will be identical.
However, if the two hashes differ when compared then the integrity of the original message has been compromised. If the original message is tampered with it will result in Bob's computer calculating a different hash value. If a different hash value is created, then the original message will have been altered. As a result the verification of the Digital Signature will fail and Bob will be informed.

DIGITAL CERTIFICATE AND ITS TYPES

In a public key environment, it is vital that you are assured that the public key to which you are encrypting data is in fact the public key of the intended recipient and not a forgery. You could simply encrypt only to those keys which have been physically handed to you. But suppose you need to exchange information with people you have never met; how can you tell that you have the correct key?
Digital certificates, or Certs, simplify the task of establishing whether a public key truly belongs to the purported owner.
A certificate is a form of credential. Examples might be your driver’s license, your social security card, or your birth certificate. Each of these has some information on it identifying you and some authorization stating that someone else has confirmed your identity. Some certificates, such as your passport, are important enough confirmation of your identity that you would not want to lose them, lest someone use them to impersonate you.
A digital certificate is data that functions much like a physical certificate. A digital certificate is information included with a person’s public key that helps others verify that a key is genuine or valid. Digital certificates are used to thwart attempts to substitute one person’s key for another.
A digital certificate consists of three things:
§  A public key.
§  Certificate information (“Identity” information about the user, such as name, user ID, and so on.)
§  One or more digital signatures.
Digital Certificate is a digital file used to cryptographically bind an entity's Public Key to specific attributes relating to its identity. The entity may be a person, organisation, and web entity or software application. Like a driving license or passport binds a photograph to personal information about its holder, a Digital Certificate binds a Public Key to information about its owner.
In other words, Alice's Digital Certificate attests to the fact that her Public Key belongs to her, and only her. As well as the Public Key, a Digital Certificate also contains personal or corporate information used to identify the Certificate holder, and as Certificates are finite, a Certificate expiry date.

Digital Certificates and Certification Authorities

Digital Certificates are issued by Certification Authorities (CA). Like a central trusted body is used to issue driving licenses or passports, a CA fulfils the role of the Trusted Third Party by accepting Certificate applications from entities, authenticating applications, issuing Certificates and maintaining status information about the Certificates issued. The incorporation of a CA into PKI ensures that people cannot masquerade on the Internet as people they are not by issuing their own fake Digital Certificates for illegitimate use.
The Trusted Third Party CAs will verify the identity of the Certificate applicant before attesting to their identity by Digitally Signing the applicant's Certificate. Because the Digital Certificate itself is now a signed data file, its authenticity can be ascertained by verifying its Digital Signature. Therefore, in the same way we verify the Digital Signature of a signed message, we can verify the authenticity of a Digital Certificate by verifying its signature. Because CAs are trusted, their own Public Keys used to verify the signatures of issued Digital Certificates are publicised through many mediums widely.
The CA provides a Certification Practice Statement (CPS) that clearly states its policies and practices regarding the issuance and maintenance of Certificates within the PKI. The CPS contains operational information and legal information on the roles and responsibilities of all entities involved in the Certificate lifecycle (from the day it is issued to the day it expires). Digital Certificates are issued under the technical recommendations of the x.509 Digital Certificate format as published by the International Telecommunication Union-Telecommunications Standardization Sector (ITU-T).

Enrolling for a Digital Certificate

Users may en-roll for a Digital Certificate via the Web. Upon completion of the necessary forms, the user's Internet Browser will create a Public Key Pair. The Public half of the key pair is then sent to the CA along with all other data to appear in the Digital Certificate, while the Private Key is secured on the user's chosen storage medium (hard disk, floppy or hardware token, etc).
The CA must verify the submitted data before binding the identification data to the submitted Public Key. This prevents an impostor obtaining a Certificate that binds his Public Key to someone else's identity and conducting fraudulent transactions using that identity. If submitted data is in good order the CA will issue a Digital Certificate to the applicant stated within the submitted information. Upon issuance, the CA will enter the Digital Certificate into a public repository.
Distributing Digital Certificates:
As well as Digital Certificates being available in public repositories, they may also be distributed through the use of Digital Signatures. For example, when Alice Digitally signs a message for Bob she also attaches her Certificate to the outgoing message. Therefore, upon receiving the signed message Bob can verify the validity of Alice's Certificate. If it is successfully verified, Bob now has Alice's Public Key and can verify the validity of the original message signed by Alice.

Different types of Digital Certificate

Dependent on their usage Digital Certificates are available in a number of different types:
   Personal: Used by Individuals requiring secure email and web based transactions.
   Organisation: Used by corporate to identify employees for secure email and web based transactions.
   Server: To prove ownership of a domain name and establish SSL / TLS encrypted sessions between their website and a visitor.
   Developer: To prove authorship and retain integrity of distributed software programs.
Using Digital Certificates to deliver the 5 primary security functions:

1.    Identification / Authentication: The CA attests to the identity of the Certificate applicant when it signs the Digital Certificate.

2.    Confidentiality: The Public Key within the Digital Certificate is used to encrypt data to ensure that only the intended recipient can decrypt and read it.

3.    Integrity: By Digitally Signing the message or data, the recipient has a means of identifying any tampering made on the signed message or data.

4.    Non-Repudiation: A signed message proves origin, as only the sender has access to the Private Key used to sign the data.

5.    Access Control: Access Control may be achieved through use of the Digital Certificate for identification (and hence the replacement of passwords etc). Additionally, as data can be encrypted for specific individuals, we can ensure that only the intended individuals gain access to the information within the encrypted data.

FIREWALL: COMMON FIREWALL TECHNIQUES AND PERSONAL FIREWALL
A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.
A firewall is a system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.
Common Firewall Techniques
Firewalls are used to protect both home and corporate networks. A typical firewall program or hardware device filters all information coming through the Internet to your network or computer system. There are several types of firewall techniques that will prevent potentially harmful information from getting through:
§  Packet Filter
Looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.
§  Application Gateway
Applies security mechanisms to specific applications such as FTP (File Transfer Protocol) and Telnet servers. This is very effective but can impose performance degradation.
§  Circuit-level Gateway
Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.
§  Proxy Server
Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.
In practice, many firewalls use two or more of these techniques in concert. A firewall is considered a first line of defence in protecting private information. For greater security, data can be encrypted.
PERSONAL FIREWALL
A personal firewall is the software installed in a user's computer that offers protection against unwanted intrusion and attacks coming from the Internet.
A personal firewall (sometimes called a desktop firewall) is a software application used to protect a single Internet-connected computer from intruders. Personal firewall protection is especially useful for users with "always-on" connections such as DSL* (Digital Subscriber Line) or cable modem. Such connections use a static IP address that makes them especially vulnerable to potential hackers. Often compared to anti-virus applications, personal firewalls work in the background at the device (link layer) level to protect the integrity of the system from malicious computer code by controlling Internet connections to and from a user's computer, filtering inbound and outbound traffic, and alerting the user to attempted intrusions.
It is an application which controls network traffic to and from a computer, permitting or denying communications based on a security policy. Typically it works as an application layer firewall.
A personal firewall differs from a conventional firewall in terms of scale. A personal firewall will usually protect only the computer on which it is installed, as compared to a conventional firewall which is normally installed on a designated interface between two or more networks, such as a router or proxy server. Hence, personal firewalls allow a security policy to be defined for individual computers, whereas a conventional firewall controls the policy between the networks that it connects.
The per-computer scope of personal firewalls is useful to protect machines that are moved across different networks. For example, a laptop computer may be used on a trusted intranet at a workplace where minimal protection is needed as a conventional firewall is already in place, and services that require open ports such as file and printer sharing are useful. The same laptop could be used at public Wi-Fi hotspots, where strict security is required to protect from malicious activity. Most personal firewalls will prompt the user when a new network is connected for the first time to decide the level of trust, and can set individual security policies for each network.
*DSL-It is a technology for bringing high-bandwidth information to homes and small businesses over ordinary copper telephone lines.
Features of a Personal Firewall
Common personal firewall features:
  Protects the user from unwanted incoming connection attempts
  Allows the user to control which programs can and cannot access the local network and/or Internet and provide the user with information about an application that makes a connection attempt
  Block or alert the user about outgoing connection attempts
  Hide the computer from port scans by not responding to unsolicited network traffic
  Monitor applications that are listening for incoming connections
  Monitor and regulate all incoming and outgoing Internet users
  Prevent unwanted network traffic from locally installed applications
  Provide information about the destination server with which an application is attempting to communicate
SECURITY PROTOCOLS
The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. HTTP has been in use by the World-Wide Web global information initiative since 1990. The first version of HTTP, referred to as HTTP/0.9, was a simple protocol for raw data transfer across the Internet. HTTP/1.0, as defined by RFC* 1945 [6], improved the protocol by allowing messages to be in the format of MIME-like messages, containing meta-information about the data transferred and modifiers on the request/response semantics. However, HTTP/1.0 does not sufficiently take into consideration the effects of hierarchical proxies, caching, the need for persistent connections, or virtual hosts. In addition, the proliferation of incompletely-implemented applications known as "HTTP/1.0" has necessitated a protocol version change in order for two communicating applications to determine each other's true capabilities.
*Request for Comments-A Request for Comments (RFC) is a formal document from the Internet Engineering Task Force (IETF) that is the result of committee drafting and subsequent review by interested parties.
The HyperText Transfer Protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. For example, when you enter a URL in your browser, this actually sends an HTTP command to the Web server directing it to fetch and transmit the requested Web page.
HTTP is designed to permit intermediate network elements to improve or enable communications between clients and servers. HTTP functions as a request-response protocol in the client-server computing model. A web browser, for example, may be the client and an application running on a computer hosting a web site may be the server. The client submits an HTTP request message to the server. The server which provides resources, such as HTML files and other content, or performs other functions on behalf of the client returns a response message to the client. The response contains completion status information about the request and may also contain requested content in its message body.
The other main standard that controls how the World Wide Web works is HTML (HyperText Markup Language: it is the main markup language for creating web pages and other information that can be displayed in a web browser), which covers how Web pages are formatted and displayed.
HTTP is called a stateless protocol because each command is executed independently, without any knowledge of the commands that came before it. This is the main reason that it is difficult to implement Web sites that react intelligently to user input. This shortcoming of HTTP is being addressed in a number of new technologies, including ActiveX, Java, JavaScript and cookies.
The Secure Socket Layer (SSL) and Transport Layer Security (TLS) is the most widely deployed security protocol used today. It is essentially a protocol that provides a secure channel between two machines operating over the Internet or an internal network. In today’s Internet focused world, the SSL protocol is typically used when a web browser needs to securely connect to a web server over the inherently insecure Internet.
Technically, SSL is a transparent protocol which requires little interaction from the end user when establishing a secure session. In the case of a browser for instance, users are alerted to the presence of SSL when the browser displays a padlock, or, in the case of Extended Validation SSL, when the address bar displays both a padlock and a green bar. This is the key to the success of SSL – it is an incredibly simple experience for end users.
Usage of SSL, in practice, in today’s modern e-commerce enabled / online workflow and service society:
§  To secure online credit card transactions.
§  To secure system logins and any sensitive information exchanged online.
§  To secure webmail and applications like Outlook Web Access, Exchange and Office Communications Server.
§  To secure workflow and virtualisation applications like Citrix Delivery Platforms or cloud-based computing platforms.
§  To secure the connection between an email client such as Microsoft Outlook and an email server such as Microsoft Exchange.
§  To secure the transfer of files over https and FTP(s) services such as website owners updating new pages to their websites or transferring large files.
§  To secure hosting control panel logins and activity like Parallels, cPanel, and others.
§  To secure intranet based traffic such as internal networks, file sharing, extranets, and database connections.
§  To secure network logins and other network traffic with SSL VPNs such as VPN Access Servers or applications like the Citrix Access Gateway.
All these applications have a number of shared themes:
§  The data being transmitted over the Internet or network needs confidentiality. In other words, people do not want their credit card number, account login, passwords or personal information to be exposed over the Internet.
§  The data needs to remain integral, which means that once credit card details and the amount to be charged to the credit card have been sent, a hacker sitting in the middle cannot change the amount to be charged and where the funds should go.
§  Your organisation needs identity assurance to authenticate itself to customers / extranet users and ensure them they are dealing with the right organisation.
§  Your organisation needs to comply with regional, national or international regulations on data privacy, security and integrity.
Standard SSL Certificates (such as GlobalSign DomainSSL and OrganizationSSL) display:


Extended Validation (EV) SSL Certificates (such as GlobalSign ExtendedSSL) display visible trust indicators:
As opposed to unsecured HTTP URLs which begin with "http://" and use port 80 by default, secure HTTPS URLs begin with "https://" and use port 443 by default.
HTTP is insecure and is subject to eavesdropping attacks which, if critical information like credit card details and account logins is transmitted and picked up, can let attackers gain access to online accounts and sensitive information. Ensuring data is either sent or posted through the browser using HTTPS is ensuring that such information is encrypted and secure.
INTRUSION DETECTION SYSTEM (IDS) AND VIRTUAL PRIVATE NETWORK (VPN)
Intrusion Detection System (IDS) is a type of security management system for computers and networks. An ID system gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organization) and misuse (attacks from within the organization). ID uses vulnerability assessment (sometimes referred to as scanning), which is a technology developed to assess the security of a computer system or network.
Typically, an ID system follows a two-step process. The first procedures are host-based and are considered the passive component, these include: inspection of the system's configuration files to detect inadvisable settings; inspection of the password files to detect inadvisable passwords; and inspection of other system areas to detect policy violations. The second procedures are network-based and are considered the active component: mechanisms are set in place to re-enact known methods of attack and to record system responses.
Intrusion detection functions include:
  Monitoring and analyzing both user and system activities
  Analyzing system configurations and vulnerabilities
  Assessing system and file integrity
  Ability to recognize patterns typical of attacks
  Analysis of abnormal activity patterns
  Tracking user policy violations
An intrusion detection system (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system.
There are several ways to categorize the IDS:
§  Misuse detection vs. Anomaly detection: In misuse detection, the IDS analyses the information it gathers and compares it to large databases of attack signatures. Essentially, the IDS look for a specific attack that has already been documented. Like a virus detection system, misuse detection software is only as good as the database of attack signatures that it uses to compare packets against. In anomaly detection, the system administrator defines the baseline, or normal, state of the network’s traffic load, breakdown, protocol, and typical packet size. The anomaly detector monitors network segments to compare their state to the normal baseline and look for anomalies.
§  Network-based vs. Host-based systems: In a network-based system, or NIDS, the individual packets flowing through a network are analyzed. The NIDS can detect malicious packets that are designed to be overlooked by a firewall’s simplistic filtering rules. In a host-based system, the IDS examines at the activity on each individual computer or host.
§  Passive system vs. Reactive system: In a passive system, the IDS detect a potential security breach, log the information and signal an alert. In a reactive system, the IDS respond to the suspicious activity by logging off a user or by reprogramming the firewall to block network traffic from the suspected malicious source.
Though they both relate to network security, the IDS differ from a firewall in that a firewall looks out for intrusions in order to stop them from happening. The firewall limits the access between networks in order to prevent intrusion and does not signal an attack from inside the network. The IDS evaluates a suspected intrusion once it has taken place and signals an alarm. The IDS also watches for attacks that originate from within a system.
A Virtual Private Network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. A virtual private network can be contrasted with an expensive system of owned or leased lines that can only be used by one organization. The goal of a VPN is to provide the organization with the same capabilities, but at a much lower cost.
A VPN works by using the shared public infrastructure while maintaining privacy through security procedures and tunnelling protocols such as the Layer Two Tunnelling Protocol (L2TP). In effect, the protocols, by encrypting data at the sending end and decrypting it at the receiving end, send the data through a "tunnel" that cannot be "entered" by data that is not properly encrypted. An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses.
VPN is a network that is constructed by using public wires — usually the Internet — to connect to a private network, such as a company's internal network.  There are a number of systems that enable you to create networks using the Internet as the medium for transporting data. These systems use encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.
Consumer VPN Services
Consumers use a private VPN service, also known as a VPN tunnel, to protect their online activity and identity. By using an anonymous VPN service, a user's Internet traffic and data remain encrypted, which prevents eavesdroppers from sniffing Internet activity.  A VPN service is especially useful when accessing public Wi-Fi hotspots because the public wireless services might not be secure. In addition to public Wi-Fi security, a private VPN service also provides consumers with uncensored Internet access and can help prevent data theft and unblock websites.
Corporate VPN Communications
Companies and organizations will use a VPN to communicate confidentially over a public network and to send voice, video or data. It is also an excellent option for remote workers and organizations with global offices and partners to share data in a private manner.
One of the most common types of VPNs used by businesses is called a virtual private dial-up network (VPDN). A VPDN is a user-to-LAN connection, where remote users need to connect to the company LAN. Another type of VPN is commonly called a site-to-site VPN. Here the company would invest in dedicated hardware to connect multiple sites to their LAN though a public network, usually the Internet.
Key terms to understanding virtual private networks:
§  VPN: A network that is constructed by using public wires to connect nodes. For example, there are a number of systems that enable you to create networks using the Internet as the medium for transporting data.
§  VPDN: A network that extends remote access to a private network using a shared infrastructure.
§  Tunnelling: It is a technology that enables one network to send its data via another network's connections. Tunnelling works by encapsulating a network protocol within packets carried by the second network.
§  Split tunnelling: The process of allowing a remote VPN user to access a public network, most commonly the Internet, at the same time that the user is allowed to access resources on the VPN.
§  Encryption: The translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. There are two main types of encryption: asymmetric encryption (also called public-key encryption) and symmetric encryption.
THE CONCEPT OF E-MONEY AND ELECTRONIC PAYMENT SYSTEM
Electronic money is money which exists only in banking computer systems and is not held in any physical form. In the United States, only a small fraction of the currency in circulation exists in physical form. The need for physical currency has declined as more and more citizens use electronic alternatives to physical currency.
E-money is electronic money which is exchanged electronically over a technical device such as a computer or mobile phone.
ELECTRONIC PAYMENT SYSTEMS (EPS)
The definition of an electronic payment system is a way of paying for goods or services electronically, instead of using cash or a check, in person or by mail.
  An example of an electronic payment system is Pay Pal.
  An example of an electronic payment system is the use of a credit card.
Issues of trust and acceptance play a more significant role in the e-commerce world than in traditional businesses as far as payment systems are concerned.
Traditionally, a customer sees a product, examines it, and then pays for it by cash, check, or credit card. In the e-commerce world, in most cases the customer does not actually see the concrete product at the time of transaction, and the method of payment is performed electronically.
EPS enables a customer to pay for the goods and services online by using integrated hardware and software systems. The main objectives of EPS are to increase efficiency, improve security, and enhance customer convenience and ease of use.
While customers pay for goods/services by cash, check, or credit cards in conventional businesses, online buyers may use one of the following EPS to pay for products/services purchased online:
·      Electronic funds transfer (EFT): EFT involves electronic transfer of money by financial institutions.
·      Payment cards: They contain stored financial value that can be transferred from the customer's computer to the businessman's computer.
·      Credit cards: They are the most popular method used in EPSs and are used by charging against the customer credit.
·      Smart cards: They include stored financial value and other important personal and financial information used for online payments.
·      Electronic money (e-money/e-cash): This is standard money converted into an electronic format to pay for online purchases.
·      Online payment: This can be used for monthly payment for Internet, phone bills, etc.
·      Electronic wallets (e-wallets): They are similar to smart cards as they include stored financial value for online payments.
·      Micro-payment systems: They are similar to e-wallets in that they include stored financial value for online payments; on the other hand, they are used for small payments.
·      Electronic gifts: They are one way of sending electronic currency or gift certificates from one individual to another. The receiver can spend these gifts in their favourite online stores provided they accept this type of currency.
TYPES OF ELECTRONIC PAYMENT SYSTEMS
1.    Credit card payment is the most common type of payment method, which account for 80 percent of online payments in the US and 50 percent of online purchases outside the US. To use the digital credit card payment systems on web, it has been extended the functionality and security to validate authentic owner of the card. Verified by visa is introduced by Visa.
2.    Digital wallets are quicker, efficient and easy way to pay online. Unlike credit card, payers need not to enter credit card information every time of purchase, instead payers can pay by one or two mouse click. Amazon’s 1-Click Shopping is one of the best-fitted examples. Digital Wallets offer the storing of the buyers personal information and fills this in at checkout making it un-necessary for the buyer to have to manually input this each time they want to make a purchase.
3.    Micro payment is designed to purchase less than US$ 10. In other words, Micro payment is designed for payments under $10 that are generally too small for credit card payments. Accumulated balance digital payment systems enable the user to make micropayments as well as purchases and the debit balance it stored for future payment through credit card or phone bill. Accumulated balance digital payment systems are used to make micropayment and purchases on the web. The shoppers receive invoice through their convenient utility bills such as telephone bill, electricity bill, internet bill etc. For example, Payment One charges its customers to their monthly telephone bill. Digital accumulating balance payment systems are more like utility bills. This system allows users to make multiple purchases, which will be totalled up and billed for at the end of a time period.
This is ideal for micro-transactions heavy websites, where numerous cheap items are purchased frequently. The micro-payment system uses a technology similar to the digital wallet, where the customer transfers some money into the online stored value system and uses it to pay for digital products.
Many vendors are involved in micro-payment systems, as it can be used for transactions by
  Banks
  Internet Service Providers (ISPs)
  Telecommunications
  Content providers
  Premium search engines
4.    Stored value payment systems enable the user to make instant payments based on a stored digital balance like PayPal. Stored value payment system is instant online payment and the maximum amount of purchase depends on the value stored in a digital account. The digital account relies on the amount stored in customers’ bank, checking, credit card account etc. It’s kind of online debit account; E-Account offers a prepaid debit account for online purchases.
5.    Smart card is another type of stored value system used for micropayment. It’s kind of electronic purse stored digital money with necessary information. To pay online by smart card, a digital card reader (a device that read the information in smart card) is necessary to attach with shoppers computer. American Express’s Blue smart card is one of the good examples.
6.    Digital cash or electronic cash or e-cash is used for micropayment or larger purchases. Digital cash represents the electronic form of currency which is not same as conventional currency in the market. Users use specific software for trading and transacting this electronic currency with other e-cash user or retailer through Internet. ECoin.net is an example of a digital cash service.
7.    Web-based peer-to-peer payment system us becoming very popular and its growing. The vendors or individual who does not have any facility to accept payment through credit card payment or any other convenient method, they can use this peer-to-peer to accept payment. For example, millions of eBay buyers and sellers are using PayPal to pay and receive payment.
8.    Digital checking enables the user to extend the functionality of their existing checking accounts for online shopping and they are processed much faster than the conventional checking systems. Digital checking payment systems extend traditional checking system so they can be used for online payment. It is less expensive than credit card and much faster than traditional paper based checking. For example, Western Union Money Zap and e-Check.
9.    Electronic billing presentment and payment systems are used to pay routine monthly bills through electronic fund transfer from bank account and credit card account. Transaction occurs online. Electronic billing presentment and payment systems are used for the payment of recurring bills. They offer viewing of the account transactions and reminders of due dates as well as payment options through existing credit card accounts or bank transfers.
SMART CARDS AND STORED-VALUE CARDS
Smart Cards
A smart card, typically a type of chip card, is a plastic card that contains an embedded computer chip–either a memory or microprocessor type–that stores and transacts data. This data is usually associated with either value, information, or both and is stored and processed within the card's chip. The card data is transacted via a reader that is part of a computing system. Systems that are enhanced with smart cards are in use today throughout several key applications, including healthcare, banking, entertainment, and transportation. All applications can benefit from the added features and security that smart cards provide. Markets that have been traditionally served by other machine readable card technologies, such as barcode and magnetic stripe, are converting to smart cards as the calculated return on investment is revisited by each card issuer year after year.
Applications of Smart Cards
First introduced in Europe nearly three decades ago, smart cards debuted as a stored value tool for payphones to reduce theft. People found new ways to use smart cards and other chip-based cards as they advanced, including charge cards for credit purchases and for record keeping in place of paper.
In the U.S., consumers have been using chip cards for everything from visiting libraries to buying groceries to attending movies, firmly integrating them into our everyday lives. Several U.S. states have chip card programs in progress for government applications ranging from the Department of Motor Vehicles to Electronic Benefit Transfers (EBTs). Many industries have implemented the power of smart cards in their products, such as the GSM digital cellular phones as well as TV-satellite decoders.
Smart cards improve the convenience and security of any transaction. They provide tamper-proof storage of user and account identity. Smart card systems have proven to be more reliable than other machine-readable cards, like magnetic stripe and barcode, with many studies showing card read life and reader life improvements demonstrating much lower cost of system maintenance. Smart cards also provide vital components of system security for the exchange of data throughout virtually any type of network. They protect against a full range of security threats, from careless storage of user passwords to sophisticated system hacks. The costs to manage password resets for an organization or enterprise are very high, thus making smart cards a cost-effective solution in these environments. Multifunction cards can also be used to manage network system access and store value and other data. Worldwide, people are now using smart cards for a wide variety of daily tasks
Stored Value Cards
A stored value card is like a universal gift card. It is issued in a given amount of money, and it is not associated with any individual name or person. Instead, this card can be used at any time in order to make a purchase; it is like cash. With a prepaid card, the individual holding the card physically deposits money into an account. The person's name is on the card and the magnetic strip on the card accesses the account in this same person's name. A stored value card is totally independent from any bank account, giving it unique benefits and risks.
Today, there are Electronic Benefits Transfer (EBT) cards, gift cards, payroll cards and even “teen” cards (usually purchased by a parent on behalf of a teenager).
Stored-value cards can either be single purpose (closed loop) or multipurpose (open loop). Single-purpose cards, such as store and EBT cards, are good only at a specific retailer or group of retailers — hence the phrase “closed loop.” In a closed-loop transaction, a nonbank service provider issues cards on behalf of its customer. When consumers use these cards to purchase goods, the service provider authorizes the transaction against a proprietary database and debits the “prefunded” account for the amount of the transaction. In essence, the transaction stays on the store’s books.
FIs typically offer the multipurpose variety of stored-value cards, including gift cards, teen cards and payroll cards. These types of cards are issued with card association branding, such as Visa®, MasterCard® and Discover®. Therefore, they are accepted anywhere the association brand is accepted, making them “open loop”.
Benefits to Financial Institutions
From a financial institution’s (FI) perspective, offering stored-value cards helps attract new customers and provide an alternative acquisition tool for those that do not qualify for traditional credit or debit card products. In addition, it enables FIs to create a new stream of incremental and recurring revenue from usage and interchange fees generated from transactions.
Advantages of using a stored-value card
Use in "Credit Card Only" Scenarios: For an individual without a credit card, it can be very challenging to complete certain purchases. For example, credit cards are required to book plane tickets and hotel rooms and to make other reservations. Some retailers have even begun to operate on a "plastic only" basis. If you find yourself in one of these scenarios, having a stored value card can save you from failure to make a payment. The card has a magnetic strip and a credit card number. Either can be used to make your purchase.
Control Costs and Expenses: You may find a situation where you need to control your costs and expenses with a firmer hand than usual. For example, you may be travelling or giving a credit card to your children or employees. In this type of situation, having control over just how much can be spent is important. You can purchase a stored value card in nearly any grocery store or convenience store today. Once you do, you no longer have to worry about carrying cash, overcharging on your credit card or giving into unnecessary expenses. Your card will work only until you have spent all of the stored value.
Disadvantages of using a stored-value card
High Fees: The card you purchase costs money. For example, a `200 stored value card may cost `220. The additional `20 goes to pay for the physical card, the packaging, and the fees associated with the card's usage. Ultimately, if you compare using a stored value card to using cash on each purchase, you will find you spend more money by using the stored value card. For example, if you want to give your child a gift, you may think `100 is appropriate. You could give him or her `100 in cash, or you could provide a `90 stored value card.
"Like Cash": Since the card is not associated with any individual name or account, it is like cash. You can spend it anywhere cards are accepted without unique charges and fees. However, on the flip side, if you lose the card, you cannot retain its value. The card is not associated with you or your bank account. Any person who picks up the card can use it for a purchase. The cashier accepting the card will not even ask for identification. You cannot call the card issuer to have the card replaced. You have simply lost the money.
INFRASTRUCTURE ISSUES IN USING ELECTRONIC PAYMENT SYSTEM
Infrastructure is necessary for the successful implementation of electronic payments. Proper infrastructure for electronic payments is a challenge.
1.    For electronic payments to be successful there is the need to have reliable and cost effective infrastructure that can be accessed by majority of the population.
2.    Electronic payments communication infrastructure includes computer network such as the internet and mobile network used for mobile phone.
3.    In addition, banking activities and operations need to be automated. A network that links banks and other financial institutions for clearing and payment confirmation is a pre-requisite for electronic payment systems. Mobile network and Internet are readily available in the developed world and users usually do not have problems with communication infrastructure.
4.    Good communication Infrastructure: “Poor communication infrastructure (Internet and mobile networking) is one of the reasons that hinder the e-payment system”. Low level of internet penetration and poorly developed telecommunication infrastructure impede smooth development and improvements in e-commerce. Efforts by the government and other financial and ICT (Information and Communications Technology) stakeholders to move country’s payment system from a cash-dependent platform to the globally acceptable electronic-driven alternative may be impeded by dearth of critical telecommunication infrastructure.
5.    In developing countries, many of the rural areas are unbanked and lack access to critical infrastructure that drives electronic payments.
6.    Some of the debit cards technologies like Automated Teller Machines (ATMs) are still seen by many as unreliable for financial transactions as stories told by people suggested that they could lose their money through fraudulent deductions, debits and other lapses for which the technology had been associated with by many over the last few years.
7.    Telecommunication and electricity are not available throughout the country, which negatively affect the development of e-payments. The development of information and communication technology is a major challenge for e-payments development. Since ICT is in its infant stages in Nepal, the country faces difficulty promoting e-payment development.
8.    Regulatory and Legal issues: National, regional or international set of laws, rules and other regulations are important requirements for the successful implementation of e-payment schemes. Some of the major elements include rules on money laundering, supervision of commercial banks and e-money institutions by supervisory authorities, payment system oversight by central banks, consumer and data protection, cooperation and competition issues. The virtual and global nature of e-payment also raises legal questions such as which jurisdiction will be competent and about applicable laws in disputed cases, validity of electronic, electronic contracts and electronic signature. A legal and regulatory framework that builds trust and confidence supporting technical efforts is an important issue to be addressed in implementing e-payments.
ELECTRONIC FUND TRANSFER
An Electronic Funds Transfer (EFT) is a transaction that takes place over a computerized network, either among accounts at the same bank or to different accounts at separate financial institutions.
Today, electronic funds transfer allows you to exchange funds between individuals as well as organizations via electronic gateways which can be accessed using internet, computers and smart phones. Funds can be transferred instantly from one account to another, either within the same bank or to a different bank network at any given time.
Electronic funds transfer is a much more preferred money transfer options it allows customers to make money transfers at the comfort of their homes using integrated banking tools such as internet and mobile banking.
Besides being convenient, electronic transfer modes are considered to be safe, secure and make transferring money much simpler. Electronic transfers are processed immediately with the transferred amount being deducted from one account and credited to the other in real time, thus saving time and effort involved in physically transferring a sum of money. Opting for electronic transferring system also reduces the possibilities of any mistakes as a transaction is only authorized with complete details which include the correct account number of the beneficiary and the target bank’s specific IFSC code.
EFT is one of the oldest electronic payment systems. EFT is the groundwork of the cash-less and check-less culture where and paper bills, checks, envelopes, stamps are eliminated. EFT is used for transferring money from one bank account directly to another without any paper money changing hands. The most popular application of EFT is that instead of getting a pay-check and putting it into a bank account, the money is deposited to an account electronically.
EFT is considered to be a safe, reliable, and convenient way to conduct business. The advantages of EFT contain the following:
·      Simplified accounting
·      Improved efficiency
·      Reduced administrative costs
·      Improved security
Today, many users make payments electronically rather than in person. Hundreds of electronic payment systems have been developed to provide secure Internet transactions. Electronic payment systems are generally classified into four categories: credit card and debit cards; electronic cash; micropayment systems; and session-level protocols for secure communications.
A secure electronic financial transaction has to meet the following four requirements:
1)   Ensure that communications are private;
2)   Verify that the communications have not been changed in transmission;
3)   Ensure that the client and server are who each claims to be; and
4)   Ensure that the data to be transferred was, in fact, generated by the signed author.
Transferring funds via electronic gateway is much simpler than the conventional methods. You can choose to:-
§  Transfer funds into your own linked accounts of the same bank network.
§  Transfer funds into different account of the same bank.
§  Transfer funds into different bank’s accounts using NEFT.
§  Transfer funds into other bank accounts using RTGS
§  Transfer funds into various accounts using IMPS.
Types of electronic funds transfer
§  NEFT or National Electronics Funds Transfer
§  RTGS or Real Time Gross Settlement
§  IMPS or Immediate Payment Service
NEFT
The National Electronic Funds Transfer is a nation-wide money transfer system which allows customers with the facility to electronically transfer funds from their respective bank accounts to any other account of the same bank or of any other bank network. Not just individuals but also firms and corporate organizations may use the NEFT system to transfer funds to and fro.
Funds transfer through NEFT requires a transferring bank and a destination bank. With the RBI organizing the records of all the bank branches at a centralized database, almost all the banks are enabled to carry out an NEFT transaction. Before transferring funds via NEFT you register the beneficiary, receiving funds. For this you must possess information such as name of the recipient, recipient’s bank name, a valid account number belonging to the recipient and his respective bank’s IFSC code. These fields are mandatory for a funds transfer to be authorized and processed. NEFT transactions can be ordered anytime you want, even on holidays except for Sundays which are designated bank holidays. However, the transactions are settled in batches defined by the Reserve Bank of India depending upon specific time slots. There are 12 settlement batches operating at present between the time slot of 8 a.m. to 7 p.m. on weekdays and from 8 a.m. to 1 p.m. on Saturdays with 6 settlement batches.
RTGS
Real Time Gross Settlement as the name suggests is a real time funds transfer system which facilitates you to transfer funds from one bank to another in real time or on a gross basis. The transaction isn’t put on a waiting list and cleared out instantly. RTGS payment gateway, maintained by the Reserve Bank of India makes transactions between banks electronically. The transferred amount is instantly deducted from the account of one banks and credited to the other bank’s account.
Users such as individuals, companies or firms can transfer large sums using the RTGS system. The minimum value that can be transferred using RTGS is `2 Lakhs and above. However there is no upper cap on the amount that can be transacted. The remitting customer needs to add the beneficiary and his bank account details prior to transacting funds via RTGS. A beneficiary can be registered through your internet banking portal. The details required while transferring funds would be the beneficiary’s name; his/her account number, receiver’s bank address and the IFSC code of the respective bank.
On successful transfer the Reserve Bank of India acknowledges the receiver bank and based on this the both the remitting bank as well as the receiving bank may/ may not notify the customers.
IMPS
Majority of the funds transferred using electronic channels are processed via NEFT or RTGS. But as the funds could only be cleared in batches using these transfer gateways, the National Payments Corporation of India introduced a pilot mobile payment project also known as the Immediate Payment Service (IMPS). Available to Indian public, IMPS offers instant electronic transfer service using mobile phones. IMPS interbank transfer service is available 24X7 and allows you to use your mobile phones to access your account and to authorize transfer of funds between accounts and banks. The IMPS service also features a secure transfer gateway and an immediate confirmation on fulfilled orders.
IMPS are offered on all the cellular devices via Mobile Banking or through SMS facility. To be able to transfer money via IMPS route you must first register for the immediate payment services with your bank. On obtaining the Mobile Money Identifier (MMID) and MPIN from the bank you can login or make a request via SMS to transfer a certain amount to a beneficiary. Meanwhile the beneficiary must link his/her mobile number with his/her respective account and obtain the MMID from the bank to be able to receive money.
To initiate a transfer you must enter the beneficiary’s mobile number, beneficiary MMID, the transfer amount and your MPIN while requesting the fund transfer. As soon as the transaction is cleared, you receive a confirmation SMS on deduction from your account and the money credited into the beneficiary’s account. The transaction reference number can be noted for future reference.
Thus IMPS enables customers to use mobile instruments as an instant money transfer gateway, facilitating user convenience and saving time and effort involved in other modes of transfer.
Difference between NEFT, RTGS and IMPS
There is no cap on the minimum value that can be transacted via NEFT. RTGS system however only process transactions of a value starting from `2 Lakhs and above as it caters to gross settlements. While the NEFT system settles transactions in batches, RTGS option transfer funds in real time. Using NEFT if a transfer order is received after the defined cut-off time, the transaction will have to wait until the next clearance to be fulfilled whereas RTGS transactions are processed continuously throughout the RTGS business hours. IMPS stands out as the most convenient and instant mode of money transfer, allowing transfer of money across various accounts and banks on the go using a mobile device.
BUSINESS TO CONSUMER MODEL AND ITS TYPES
Business-to-consumer (B2C) is an Internet and electronic commerce (e-commerce) model that denotes a financial transaction or online sale between a business and consumer. B2C involves a service or product exchange from a business to a consumer, whereby merchants sell products to consumers. B2C is also known as business-to-customer (B2C).
Business-to-consumer (B2C) is business or transactions conducted directly between a company and consumers who are the end-users of its products or services.
While most companies that sell directly to consumers can be referred to as B2C companies, the term became immensely popular during the dotcom boom of the late 1990s, when it was used mainly to refer to online retailers, as well as other companies that sold products and services to consumers through the Internet.
Portal
Portals such as Yahoo, MSN/Windows Live, and AOL offer users powerful Web search tools as well as an integrated package of content and services, such as news, e-mail, instant messaging, calendars, shopping, music downloads, video streaming, and more, all in one place. Initially, portals sought to be viewed as “gateways” to the Internet. Today, however, the portal business model is to be a destination site. They are marketed as places where consumers will want to start their Web searching and hopefully stay a long time to read news, find entertainment, and meet other people.
E-Tailer
Online retail stores, often called e-tailers, come in all sizes, from giant Amazon to tiny local stores that have Web sites. E-tailers are similar to the typical bricks-and-mortar storefront, except that customers only have to connect to the Internet to check their inventory and place an order. Some e-tailers, which are referred to as “bricks-and-clicks,” are subsidiaries or divisions of existing physical stores and carry the same products. JCPenney, Barnes & Noble, Wal-Mart, and Staples are four examples of companies with complementary online stores. Others, however, operate only in the virtual world, without any ties to physical locations. Amazon, BlueNile.com, and Drugstore.com are examples of this type of e-tailer.
Content Provider
Although there are many different ways the Internet can be useful, “information content,” which can be defined broadly to include all forms of intellectual property, is one of the largest types of Internet usage. Intellectual property refers to all forms of human expression that can be put into a tangible medium such as text, CDs, or the Web. Content providers distribute information content, such as digital video, music, photos, text, and artwork, over the Web. Content providers make money by charging a subscription fee. For instance, in the case of Real.com’s Rhapsody Unlimited service, a monthly subscription fee provides users with access to thousands of song tracks. Other content providers, such as WSJ.com (The Wall Street Journal’s online newspaper), Harvard Business Review, and many others, charge customers for content downloads in addition to or in place of a subscription fee.
Transaction Broker
Sites that process transactions for consumers normally handled in person, by phone, or by mail are transaction brokers. The largest industries using this model are financial services, travel services, and job placement services. The online transaction broker’s primary value propositions are savings of money and time. In addition, most transaction brokers provide timely information and opinions. Sites, such as ‘Monster.com’ offer job searchers a national marketplace for their talents and employers a national resource for that talent. Both employers and job seekers are attracted by the convenience and currency of information.
BUSINESS TO BUSINESS MODEL AND ITS TYPES
Business to business refers to business that is conducted between companies, rather than between a company and individual consumers. This is in contrast to business to consumer (B2C) and business to government (B2G).
Business to business (B2B) is a type of commerce transaction that exists between businesses, such as those involving a manufacturer and wholesaler, or a wholesaler and a retailer.
An example that illustrates the business to business concept is automobile manufacturing. Many of a vehicle's components are manufactured independently and the auto manufacturer must purchase these parts separately. For instance, the tires, batteries, electronics, hoses and door locks may be manufactured elsewhere and sold directly to the automobile manufacturer.
There are many different types of e-marketplace based on a range of business models. They can be broadly divided into categories based on the way in which they are operated.
Independent e-marketplace
An independent e-marketplace is usually a business-to-business online platform operated by a third party which is open to buyers or sellers in a particular industry. By registering on an independent e-marketplace, you can access classified ads or requests for quotations or bids in your industry sector. There will typically be some form of payment required to participate.
For example, Hitachi, IBM, LG Electronics, Matsushita Electric (Panasonic), Nortel Networks, Seagate Technology, Solectron, and Toshiba, along with technology partners Ariba and i2, announced the creation of e2open.com, an independent, global business-to-business e-marketplace for the computer, electronics and telecommunications industries. The new e-marketplace will run on technology provided by Ariba, IBM and i2.
Buyer-oriented e-marketplace
A buyer-oriented e-marketplace is normally run by a consortium of buyers in order to establish an efficient purchasing environment. If you are looking to purchase, participating in this sort of e-marketplace can help you lower your administrative costs and achieve the best price from suppliers. As a supplier you can use a buyer-oriented e-marketplace to advertise your catalogue to a pool of relevant customers who are looking to buy. For example, TimberWeb.com, www.citeulike.org
Supplier-oriented e-marketplace
Also known as a supplier directory, this marketplace is set up and operated by a number of suppliers who are seeking to establish an efficient sales channel via the internet to a large number of buyers. They are usually searchable by the product or service being offered. Supplier directories benefit buyers by providing information about suppliers for markets and regions they may not be familiar with. Sellers can use these types of marketplace to increase their visibility to potential buyers and to get leads.
For example, in the Yellow Pages.com network alone in America, handles about 100 million business-related searches per month. The internet is ubiquitous people can access it at home, at school, wirelessly, and on their phones. The chances of having internet access when you need to look up business listings are greater than having a phone book around; this is why internet business directories can be so effective.
Vertical and horizontal e-marketplaces
A vertical e-marketplace provides online access to businesses vertically up and down every segment of a particular industry sector such as automotive, chemical, construction or textiles. Buying or selling using a vertical e-marketplace for your industry sector can increase your operating efficiency and help to decrease supply chain costs, inventories and procurement-cycle time.
A horizontal e-marketplace connects buyers and sellers across different industries or regions. You can use a horizontal e-marketplace to purchase indirect products such as office equipment or stationery.
For example, W.W. Grainger, the powerful MRO supplies group, provides a perfect example of the horizontal trading community. Their exchange, OrderZone.com, went online in May 1999, and provides a single Web portal that gives customers access to six industry-leading MRO suppliers. The service includes online ordering and invoicing and provides customers with a single point of contact for access to a wide variety of indirect products. Only one registration on this single Web site is necessary to gain access to not only Grainger.com and its MRO catalogues, but to catalogues of other leading indirect suppliers for items such as office and computer supplies, laboratory equipment, and uniforms.
BUSINESS TO GOVERNMENT, CONSUMER TO CONSUMER AND CONSUMER TO BUSINESS MODELS
Business to Government (B to G) Business Model
B2G are the professional affairs conducted between companies and regional, municipal or federal governing bodies. Business to government typically encompasses the determination and evaluation of government agency needs, the creation and submission of proposals and the completion of the contracted work.
On the Internet, B2G is business-to-government (a variation of the term B2B or business-to-business), the concept that businesses and government agencies can use central Web sites to exchange information and do business with each other more efficiently than they usually can off the Web. B2G may also support the idea of a virtual workplace in which a business and an agency could coordinate the work on a contracted project by sharing a common site to coordinate online meetings, review plans, and manage progress. B2G may also include the rental of online applications and databases designed especially for use by government agencies.
An example of a business-to-government company is a firm that offers IT consulting services to a government agency. The government uses the B2G arrangement in order to keep its technology up to date and in working condition, while at the same time limiting expenses by not taking on full-time staff who would require benefits.
Consumer to Consumer (C to C) Business Model
It is a business model that facilitates an environment where customers can trade with each other.
Consumer-to-consumer e-commerce is the practice of individual consumers buying and selling goods via the Internet. The most common type of this form of transaction comes via auction sites, although online forums and classifieds also offer this type of commerce to consumers. In most cases, consumer-to-consumer e-commerce, also known as C2C e-commerce, is helped along by a third party, who officiates, the transaction to make sure goods are received and payments are made. This offers some protection for consumers partaking in C2C e-commerce, allowing them the chance to take advantage of the prices offered by motivated sellers.
C2C or Consumer-to-consumer is a business model where two individuals transact or conduct business with each other directly. Generally an intermediary/third party may be involved, but the purpose of the intermediary is only to facilitate the transaction and provide a platform for the people to connect. The intermediary would receive a fee or commission, but is not responsible for the products exchanged. C2C normally takes the form of an auction where the bidding is done online. Ebay.com and Amazon.com are the most notable sites performing such actions. C2C reduces the cost with the similar interest consumers interact directly, thus eliminating the need of a physical store. C2C can also take the form of virtual communities where people who share the same interests interact with each other and share ideas.
Auction websites, like the extremely popular eBay, have recently sprung up all over the Internet and represent the most popular form of consumer-to-consumer e-commerce. On an auction site, one consumer will post the item or items for sale and then other users will bid on the items. The user who comes up with the highest price in the allotted time for the sale will receive the item in question.
Other sites exist that are devoted to the process of consumer-to-consumer e-commerce. Online classified sites work just like the typical classified ad in a newspaper. One user puts up an ad describing the goods or services being offered and the desired price, and other users seeking those goods or services can respond.
Consumer to Business (C to B) Business Model
C2B or Consumer-to-Business is a business model where the end consumers create products and services which are consumed by businesses and organizations. It is diametrically opposite to the popular concept of B2C or Business- to- Consumer where the companies make goods and services available to the end consumers.
In C2B, the companies typically pay for the product or service. However, it can assume different forms like an idea generated by an individual (like an innovative business practice) which may be used and implemented by an organization. Another possible form of C2B is where a consumer specifies a need and the various businesses compete or bid to fulfil that need.
Consumer-to-business (C2B) is a business model in which consumers (individuals) create value, and firms consume this value. For example, when a consumer writes reviews, or when a consumer gives a useful idea for new product development, then this individual is creating value to the firm, if the firm adopts the input. Another form of C2B is the electronic commerce business model, in which consumers can offer products and services to companies and the companies pay them. This business model is a complete reversal of traditional business model where companies offer goods and services to consumers (business-to-consumer = B2C). We can see this example in blogs or internet forums where the author offers a link back to an online business facilitating the purchase of some product (like a book on Amazon.com), and the author might receive affiliate revenue from a successful sale.
REVENUE MODELS OF E-BUSINESS
A firm’s revenue model describes how the firm will earn revenue, generate profits, and produce a superior return on invested capital. We use the terms revenue model and financial model interchangeably. The function of business organizations is both to generate profits and to produce returns on invested capital that exceed alternative investments. Profits alone are not sufficient to make a company “successful” (Porter, 1985). In order to be considered successful, a firm must produce returns greater than alternative investments. Firms that fail this test go out of existence.
Retailers, for example, sell a product, such as a personal computer, to a customer who pays for the computer using cash or a credit card. This produces revenue. The merchant typically charges more for the computer than it pays out in operating expenses, producing a profit. But in order to go into business, the computer merchant had to invest capital—either by borrowing or by dipping into personal savings. The profits from the business constitute the return on invested capital, and these returns must be greater than the merchant could obtain elsewhere, say, by investing in real estate or just putting the money into a savings account.
Although there are many different e-commerce revenue models that have been developed, most companies rely on one, or some combination, of the following major revenue models: the advertising model, the subscription model, the transaction fee model, the sales model, and the affiliate model.
In the Advertising Revenue Model, a Web site that offers its users content, services, and/or products also provides a forum for advertisements and receives fees from advertisers. Those Web sites that are able to attract the greatest viewership or that have a highly specialized, differentiated viewership and are able to retain user attention (“stickiness”) are able to charge higher advertising rates. Yahoo, for instance, derives a significant amount of revenue from search engine and other forms of online advertising.
In the Subscription Revenue Model, a Web site that offers its users content or services charges a subscription fee for access to some or all of its offerings. For instance, the online version of Consumer Reports provides access to premium content, such as detailed ratings, reviews and recommendations, only to subscribers, who have a choice of paying a $5.95 monthly subscription fee or a $26.00 annual fee. Experience with the subscription revenue model indicates that to successfully overcome the disinclination of users to pay for content on the Web, the content offered must be perceived as a high-value-added, premium offering that is not readily available elsewhere nor easily replicated. Companies successfully offering content or services online on a subscription basis include Match.com and eHarmony (dating services), Ancestry.com and Genealogy.com (genealogy research), Microsoft's Xboxlive.com (video games), Rhapsody Online (music), among others.
In the Transaction Fee Revenue Model, a company receives a fee for enabling or executing a transaction. For example, eBay provides an online auction marketplace and receives a small transaction fee from a seller if the seller is successful in selling the item. E*Trade, an online stockbroker, receives transaction fees each time it executes a stock transaction on behalf of a customer.
In the Sales Revenue Model, companies derive revenue by selling goods, information, or services to customers. Companies such as Amazon (which sells books, music, and other products), LLBean.com, and Gap.com, all have sales revenue models.
In the Affiliate Revenue Model, sites that steer business to an “affiliate” receive a referral fee or percentage of the revenue from any resulting sales. For example, MyPoints makes money by connecting companies with potential customers by offering special deals to its members. When they take advantage of an offer and make a purchase, members earn “points” they can redeem for freebies, and MyPoints receives a fee. Community feedback sites such as Epinions receive much of their revenue from steering potential customers to Web sites where they make a purchase. 

MOBILE COMMERCE
M-commerce (mobile commerce) is the buying and selling of goods and services through wireless handheld devices such as cellular telephone and personal digital assistants (PDAs). Known as next-generation e-commerce, m-commerce enables users to access the Internet without needing to find a place to plug in. The emerging technology behind m-commerce, which is based on the Wireless Application Protocol (WAP), has made far greater strides in Europe, where mobile devices equipped with Web-ready micro-browsers are much more common than in the United States.
"Mobile Commerce is the use of information technologies and communication technologies for the purpose of mobile integration of different value chains an business processes, and for the purpose of management of business relationships.
Mobile Commerce is the use of wireless handheld devices such as cellular phones and laptops to conduct commercial transactions online. Mobile commerce transactions continue to grow, and the term includes the purchase and sale of a wide range of goods and services, online banking, bill payment, information delivery and so on.
The term ‘m-commerce’ stands for mobile commerce, and it’s the browsing, buying and selling of products and services on mobile devices. In other words, it’s a complete online shopping experience, but with all the convenience of being on a cell phone or tablet.
As content delivery over wireless devices becomes faster, more secure, and scalable, there is wide speculation that m-commerce will surpass wire-line e-commerce as the method of choice for digital commerce transactions. The industries affected by m-commerce include:
  Financial services, which includes mobile banking (when customers use their handheld devices to access their accounts and pay their bills) as well as brokerage services, in which stock quotes can be displayed and trading conducted from the same handheld device.
  Telecommunications, in which service changes, bill payment and account reviews can all be conducted from the same handheld device.
  Service/retail, as consumers are given the ability to place and pay for orders on-the-fly.
  Information services, which include the delivery of financial news, sports figures and traffic updates to a single mobile device.
IBM and other companies are experimenting with speech recognition software as a way to ensure security for m-commerce transactions.
The range of devices that are enabled for mobile commerce is growing, having expanded in recent years to include smart phones and tablet computers. The increasing adoption of electronic commerce provided a strong foundation for mobile commerce, which is on a very strong growth trajectory for years to come.
Mobile Commerce, or m-Commerce, is about the explosion of applications and services that are becoming accessible from Internet-enabled mobile devices. It involves new technologies, services and business models. It is quite different from traditional e-Commerce. Mobile phones impose very different constraints than desktop computers. But they also open the door to a slew of new applications and services. They follow you wherever you go, making it possible to look for a nearby restaurant, stay in touch with colleagues, or pay for items at a store.
As the Internet finds its way into our purses or shirt pockets, the devices we use to access it are becoming more personal too. Already today, mobile phones know the phone numbers of our friends and colleagues. They are starting to track our location. Tomorrow, they will replace our wallets and credit cards. One day, they may very well turn into intelligent assistants capable of anticipating many of our wishes and needs, such as automatically arranging for taxis to come and pick us up after business meetings or providing us with summaries of relevant news and messages left by colleagues. But, for all these changes to happen, key issues of interoperability, usability, security, and privacy still need to be addressed.
ETHICAL, LEGAL AND SOCIETAL IMPACTS OF E-COMMERCE
E-Commerce has the ability to provide secure shopping transactions coupled with instant verification and validation of credit card transactions. E-Commerce is not about the technology itself, it is about doing business leveraging the technology. A technological innovation is followed by frequent incorporation of ethical standards into law. New forms of E-Commerce that enables new business practices have many advantages but also bring numerous risks.  Let’s discuss about the ethical, legal and societal issues related to e-business.
ETHICAL ISSUES
In general, many ethical and global issues of Information Technology apply to e-business. Let’s list some of the ethical issues initiated with the growing field of e-commerce.
Web tracking: E-businesses draw information on how visitors use a site through log files. Analysis of log file means turning log data into application service or installing software that can pluck relevant information from files in-house. Companies track individual’s movement through tracking software and cookie analysis. Programs such as cookies raise a batch of privacy concerns. The tracking history is stored on your PC’s hard disk, and any time you revisit a website, the computer knows it. Many smart end users install programs such as Cookie cutters, Spam Butcher, etc which can provide users some control over the cookies. The battle between computer end users and web trackers is always going on with a range of application programs.  For example, software such as Privacy Guardian, My Privacy, etc can protect user’s online privacy by erasing browser’s cache, surfing history and cookies.  To detect and remove spyware specially designed programs like Ad-Aware are present. A data miner application, SahAgent collects and combines Internet browsing history of users and sends it to servers.
Privacy: Most Electronic Payment Systems knows the identity of the buyer. So it is necessary to protect the identity of a buyer who uses Electronic Payment System. A privacy issue related to the employees of company is tracking. Monitoring systems are installed in many companies to monitor e-mail and other web activities in order to identify employees who extensively use business hours for non-business activities. The e-commerce activities performed by a buyer can be tracked by organizations. For example, reserving railway tickets for their personal journey purpose can be tracked. Many employees don’t want to be under the monitoring system even while at work.   As far as brokers and some of the company employees are concerned, E-Commerce puts them in danger zone and results in elimination from their jobs.  The manner in which employees are treated may raise ethical issues, such as how to handle displacement and whether to offer retraining programs.
Disintermediation and Re-intermediation: Intermediation is one of the most important and interesting e-commerce issue related to loss of jobs. The services provided by intermediaries are
(i)   Matching and providing information.
(ii) Value added services such as consulting.
The first type of service (matching and providing information) can be fully automated, and this service is likely to be in e-marketplaces and portals that provide free services. The value added service requires expertise and this can only be partially automated.  The phenomenon by which Intermediaries, who provide mainly, matching and providing information, services are eliminated is called Disintermediation. The brokers who provide value added services or who manage electronic intermediation (also known as info-mediation), are not only surviving but may actually prosper, this phenomenon is called Re-intermediation. The traditional sales channel will be negatively affected by disintermediation. The services required to support or complement e-commerce are provided by the web as new opportunities for re-intermediation. The factors that should be considered here are the enormous number of participants, extensive information processing, delicate negotiations, etc. They need a computer mediator to be more predictable.
LEGAL ISSUES
Internet fraud and its sophistication have grown even faster than the Internet itself. There is a chance of a crime over the internet when buyers and sellers do not know each other and cannot even see each other. During the first few years of e-commerce, the public witnessed many frauds committed over the internet. Let’s discuss the legal issues specific to e-commerce.
Fraud on the Internet: E-commerce fraud popped out with the rapid increase in popularity of websites. It is a hot issue for both cyber and click-and-mortar merchants. The swindlers are active mainly in the area of stocks. The small investors are lured by the promise of false profits by the stock promoters. Auctions are also conductive to fraud, by both sellers and buyers. The availability of e-mails and pop up ads has paved the way for financial criminals to have access to many people. Other areas of potential fraud include phantom business opportunities and bogus investments.
Copyright: The copyright laws protect Intellectual property in its various forms, and cannot be used freely.  It is very difficult to protect Intellectual property in E-Commerce. For example, if you buy software you have the right to use it and not the right to distribute it. The distribution rights are with the copyright holder. Also, copying contents from the website also violates copy right laws.
Domain Names: The competition over domain names is another legal issue. Internet addresses are known as domain names and they appear in levels. A top level name is qburst.com or microsoft.com. A second level name will be qburst.com/blog. Top level domain names are assigned by a central non-profit organization which also checks for conflicts or possible infringement of trademarks. Problems arise when several companies having similar names competing over the same domain name.  The problem of domain names was alleviated somewhat in 2001 after several upper level names were added to com. Another issue to look out for is Cyber-squatting, which refers to the practice of registering domain names with the desire of selling it at higher prices. Security features such as authentication, non-repudiation and escrow services can protect the sellers in e-commerce.
One needs to be careful while doing e-commerce activities. The need to educate the public about the ethical and legal issues related to e-commerce is highly important from a buyer as well as seller perspective.
Ecommerce allows for items which may not be sold by outlets to be found online without having to go from shop to shop, things such as distance also come into this as some things may only be found in certain locations and thus by looking on the internet for websites which sell these stuff you don’t have to travel to the destination to get what you are looking for.
SOCIETAL ISSUES
Elimination of Distance: Ecommerce has allowed companies to become more profitable because they don’t have to wait for customers to come through the door to receive service, therefore putting their products or services online, people could find this and buy the product or service from them, things such as distance again apply in this.
Availability: Items can be brought online on ecommerce as it allows products to be brought online at anytime during the day or night as they don’t have times to work by. This also allows for problems such as postage and items to be tracked when they are being sent to a customer.
Cost-Saving: Ecommerce allows for special offers because it gives different companies the chance to undercut each other and to potentially make a lot of money because they don’t have the overheads which a normal company has, such as hiring loads of staff to assist a customer to buy extra things such as printing material or advertising banners to hang up outside a store. Also ecommerce entities don’t need to buy or rent a shop, thus cutting the cost right down because of this.
Phishing: Because ecommerce websites have become popular many different websites are now mimicked as to get people to falsely enter their details, websites are often phished and thus spring up exact replicates of the original such as ASDA (ASDA Stores Ltd. is a British supermarket chain) being mimicked and people enter their personal bank details. If this happens then a potential customer may think it was ASDA who did this and therefore, if the customer is not knowledgeable about security issues it may give ASDA or a different company a bad name thus defaming a company and the original company may lose future customers because of this issue.
Information Disclosure: Because different people use ecommerce information is normally sold onto third-parties such as customer address and phone number and other companies may try and force a person to by a shop or item.
Hacking: Depending upon the authentication methods of the website, the website may be subjected to ‘hacking’ techniques for example if a authentication technique such as session authorisation is on, then a attacker may change his/her session value and thus impersonate different user on the website and dependent upon the website, he/she may be in legal trouble.
Health Issues: Ecommerce is so quick now that people don’t want to be going out of their houses and because of this, problems with things such as health may arise and thus people need to grasp that they sometimes benefit from shopping around.
E-GOVERNANCE: ITS PHASES AND BENEFITS
E-government refers to the delivery of national or local government information and services via the Internet or other digital means to citizens or businesses or other governmental agencies.
E-government is a one-stop Internet gateway to major government services. E-government facilitates provision of relevant government information in electronic form to the citizens in a timely manner; better service delivery to citizens; empowerment of the people through access to information without the bureaucracy; improved productivity and cost savings in doing business with suppliers and customers of government; and participation in public policy decision-making. E-Governance refers to how managers and supervisors utilize IT and Internet to execute their functions of supervising, planning, organizing, coordinating, and staffing effectively. The emergence of Information and Communications Technology (ICT) has provided means for faster and better communication, efficient storage, retrieval and processing of data and exchange and utilization of information to its users, be they individuals, groups, businesses, organizations or governments.
According to the World Bank, “E-Government refers to the use by government agencies of information technologies (such as Wide Area Networks, the Internet, and mobile computing) that have the ability to transform relations with citizens, businesses, and other arms of government. These technologies can serve a variety of different ends: better delivery of government services to citizens, improved interactions with business and industry, citizen empowerment through access to information, or more efficient government management. The resulting benefits can be less corruption, increased transparency, greater convenience, revenue growth, and/or cost reductions.”
UNESCO defines e-Governance as: “Governance refers to the exercise of political, economic and administrative authority in the management of a country’s affairs, including citizens’ articulation of their interests and exercise of their legal rights and obligations. E-Governance may be understood as the performance of this governance via the electronic medium in order to facilitate an efficient, speedy and transparent process of disseminating information to the public, and other agencies, and for performing government administration activities.”
Gartner Group’s definition: “the continuous optimization of service delivery, constituency participation, and governance by transforming internal and external relationships through technology, the Internet and new media.”
(Late) Dr. APJ Abdul Kalam, former President of India, had visualized e-Governance in the Indian context to mean: “A transparent smart e-Governance with seamless access, secure and authentic flow of information crossing the interdepartmental barrier and providing a fair and unbiased service to the citizen.”
Phases of E-Governance: Gartner, an international consultancy firm, has formulated four-phase e-governance model. This can serve as a reference for governments to position where a project fits in the overall evolution of an e-governance strategy.
Phase I – Presence
This first phase calls for making the intentions and objectives of the government known. Development of an inclusive government website, or a network of sites dedicated to different ministries and departments would set the stage for further advancements. These sites would convey the government’s initiatives, providing information such as official addresses, working hours, as well as forms and applications to the public, economic reviews, corporate regulations for business and budgetary allocations and spending as a reference for government agencies.
Phase II – Interaction
This phase would allow for basic interaction with the government. Besides hosting search engines on the sites for easy navigation, information detailing social records and job application forms for the public, permit and license documentation for businesses and census details, submission of requests and approvals to the centre by local government officers would have to be provided.
Phase III – Transaction
This phase onwards would signify direct interaction of the government and relevant entities. With the infrastructure in place, complete online service suites can be put forth for the public, businesses and governmental agencies. Services for the public such as bill and fine payments, license renewal, aggregating opinion etc online procurement tax returns etc for businesses, cooperative budget preparation, tax records, etc for governmental agencies can be envisaged here.
Phase IV – Transformation
This final phase would strive to achieve the true vision of e-Governance.
  A single point of contact to constituent entities would provide an integrated platform for government services and organization totally transparent to citizens and businesses.
  Focus on ‘virtual agencies’ where government information is readily available to all allowing a seamless interface to respective agencies involved in the transactions.
  State-of-the-art Intranets linking government employees in different agencies extranets allowing seamless flow of information thereby facilitating collaborative decisions among government agencies, NGO’s and the public.
Types of Interactions in e-Governance
  G2G (Government to Government)In this case, Information and Communications Technology is used not only to restructure the governmental processes involved in the functioning of government entities but also to increase the flow of information and services within and between different entities.
  G2C (Government to Citizens)In this case, an interface is created between the government and citizens which enables the citizens to benefit from efficient delivery of a large range of public services.
  G2B (Government to Business)Here, e-Governance tools are used to aid the business community – providers of goods and services – to seamlessly interact with the government.
  G2E (Government to Employees)Government is by far the biggest employer and like any organisation, it has to interact with its employees on a regular basis. This interaction is a two-way process between the organisation and the employee. Use of ICT tools helps in making these interactions fast and efficient on the one hand and increase satisfaction levels of employees on the other.
Benefits of e-Governance
1.    Better access to information and quality services for citizens: ICT would make available timely and reliable information on various aspects of governance.
2.    Simplicity, efficiency and accountability in the government: Application of ICT to governance combined with detailed business process reengineering would lead to simplification of complicated processes, weeding out of redundant processes, simplification in structures and changes in statutes and regulations.
3.    Expanded reach of governance: Rapid growth of communications technology and its adoption in governance would help in bringing government machinery to the doorsteps of the citizens.
EMERGING TRENDS IN E-BUSINESS
1.        Real-time Shopping Experience at Online Shopping: There is no doubt the people prefer to talk to real sales person and hold the product in their hand! But do not think that e-commerce sites cannot offer you such pleasure. Most online retailers have facilities to chat online, get suggestions and answer all your queries. Online subscription even allow you to hold the product and touch it (i.e. Stylemint, Birchbox), and some even lets you chat all along while you are shopping with Chatalog.
2.        Less importance to conversion ratio over customer engagements: Till date the conversion rates were given the most priority but with the rise in e-commerce sites, gathering new customers will be very tough. So naturally retailers will depend on holding on to the existing customers. Customer engagement will ensure people develop a liking for your site and follow you regularly. Currently conversion ratio (visitors/orders) is of paramount importance. It sounds counter intuitive, but this will reduce quite a lot over the coming period. Customer engagement and making sure people have an emotional attachment with you and your product will be the key. This means attracting consumers to the website with no intention of buying on site, eventually driving more visitors on the site rather than conversion ratio improvements. This eventually creates brand affinity and has in turn positive impact on conversion and average order value (AOV) in other channels.
3.        Personalization: In an extremely volatile market one must be ready for change all times- not otherwise but for personalization. Personalized recommendations will find more prominence in the market. Although not new, it will be more and more adopted as we go. Personalized recommendations or targeted content will be the key medium to surface any content. There will be two distinct sets of consumers; one who expects the retailer to make use of cross domain data (i.e., if one has provided his data to Facebook or Twitter, then he would expect it will be available to affiliates) and others who will be wary of their data being shared between sites. Numbers-wise the former will be higher than the latter.
4.        Social Networking Sites: As the social networking sites increase in popularity, retailers must be using this platform for marketing and selling their products! Facebook, Twitter, LinkedIn will be the platforms where you will get data about the latest discounts and offers. Facebook has more than 850M+ subscribers, and it is a known fact that number grows by 20% or more every year in emerging countries. Companies will take more and more advantage from the various set of data about users’ daily activity using Facebook Connect, like offering promotions on products which they most commented on or identifying what their friends mostly like and recommending the same when they visit the store. Others like Pinterest, Groupon and the likes are catching up slowly but with the existing user base, Facebook will continue to lead the race. Social media sites increasingly act as points of entry to e-commerce sites, and vice versa, as e-commerce sites build rating, loyalty and referral systems tied to social media. Group buying (e.g., Groupon) is also gaining mainstream ground, with many “deal of the day” sites competing for an increasingly savvy consumer base, but improvements lie ahead as the social aspects and user experience are refined.
5.        Mobile technologies: The potential growth of mobile/ iPad in retail e-Commerce is enormous. With the current projections, in the next couple of years mobile/ iPad will exceed desktop numbers. With the mobile devices outnumbering the desktops, the use of these devices for buying will increase in the near future. More people access the Internet on their mobile devices than on any other device. We are rapidly approaching the time (if we are not already there) where designs must be created for the mobile web first, and for the desktop second. Mobile technologies facilitate comparison shopping; with the advent of barcode reader apps and price-comparison databases, a consumer could snap a bar code in Walmart and quickly reference product reviews and prices on walmart.com (or compare prices with Walmart competitors).  Mobile technologies also facilitate impulse buys – especially with the advent of micro-payments tied to the mobile device.  Just recently, Starbucks customers can not only place an order with their Smartphone, but also make a purchase.
6.        Mobile POS and Accessing via Mobile: The idea of Mobile POS is to make each and every employee work and allow the customer transact without being to the billing counter. Thanks to the Android 4.2 Jellybean and iOS 6 that allows apps that lets the customer do endless jobs with such apps. Apple started this trend and most retailers do see significant advantage in this approach as you can not only access the entire product range, but also drive assisted conversations. With iOS 6 and Android 4.2 Jellybean, the features you can enable in the customer assisted app are endless, starting from basic tools such as using the camera for barcode scanning to doing a virtual makeover for customers in store.
7.        Push notifications: Current reactive nature of “pull browsing” is changing very quickly to “push browsing”, whereby marketers are reaching out to consumers with more relevancy than before to pull them to buying things. What were earlier only marketing emails will turn into relevant SMS notifications when a customer is standing outside the physical store or relevant basket notifications when you are tweeting or Facebook updates for selected products to your mobile home screen every morning. Pull browsing is the latest trend now, but it is not far when push browsing will overtake it. Messaging notifications, basket notifications for selective items on your home page- are all going to catch up momentum.
8.        Multi-channel: Consumers will expect a seamless shopping experience. They expect that a commodity added to the cart will be available if one calls the customer care or land up in the store. In other words a product added in a basket at home is expected to be found in the basket when you go to the store or if you call up the call centre. This will drive investment by IT directors in commerce packages, CRM systems and more importantly integrating commerce system with POS.
9.        Big data: Big Data or Hadoop methodology is handling a lot of data. This has been a concept that has been drawing the interest of the e-commerce site owners, and it is here to stay. It is synching offline data and online data together so that the retailers’ decision-making capacity may be enhanced. In a nutshell, it allows retailers to understand the hidden consumer patterns. The beauty of combining online and offline data from various channels whether structured or unstructured at lightning speed is something which retailers need in order to enhance decision making as it provides those hidden consumer patterns which were never thought of.
10.    Micro-payments: Among the most revolutionary changes in the coming months—not years—is the use of micro-payment systems from a variety of financial firms, e.g., Paypal, Visa, WesternUnion, among others, including banks.  This trend is facilitated by the W3C (World Wide Web Consortium) working group that approved these protocols and technical standards for the interworking. These systems will change not only how we carry money but how we value money and think about purchases. Payment systems that make it easier to buy online, coupled with mobile technologies will accelerate the usage of global e-commerce applications.

Comments

  1. Unknown25 May 2018 at 02:59

    Indiaedatasolutions offers Ecommerce Image Processing Services, As your eCommerce business expands ecommerce data entry Services, work progress updation on daily basis WordPress (Website) Outsource ecommerce Product Data entry services at lowest rates. http://www.indiaedatasolutions.com/product-image-editing-services/

    ReplyDelete
  2. Digicars13 September 2018 at 02:07

    Why it’s important to check your credit score? getting your credit score is affordable

    ReplyDelete
  3. Smirti Bam23 October 2018 at 21:21

    Wonderful Contents.Thank you for sharing.Convenience products

    ReplyDelete
  4. highrisk19 December 2018 at 02:52

    Superb article. It's very informative and useful for merchants who are looking for 2D Payment Gateway
     or want to know more about 2D Payment

    ReplyDelete
  5. ePay Global20 December 2018 at 01:42

    Superb article. It's very informative and useful for merchants who are looking for Retail Merchant Account or want to know more about Online Retail Merchant Account.

    ReplyDelete
  6. swathi27 December 2018 at 20:54


    In this post having more usefull information and improve our knowledge.Can you share more valuable information present Technology.
    Thanks for great information you write it very clean. I am very lucky to get this tips from you.
    Logistics Software
    Fleet Management systemERP Software Companies
    Manufacturing ERP
    Human Resources Management Software

    ReplyDelete
  7. Subhash Komuravelli16 January 2019 at 23:45

    Nice blog, very interesting to read
    I have bookmarked this article page as i received good information from this.

    ERP Software in India | ERP Software Companies in India

    Cloud Based ERP Software in India | ERP Software for Manufacturing Industries in India

    ReplyDelete
  8. jack rayn20 June 2019 at 23:24

    thanks for the information nice blogs
    e commerce companies

    ReplyDelete

Post a Comment

Popular Posts