Vous êtes sur la page 1sur 37


E-commerce can be broadly defined as any form of business transaction in which the parties interact electronically rather than by physical exchanges of documents or direct meeting amongst officials. ECommerce is simply doing business online. It means selling and buying (Transaction) of goods and services through no human intervention. Main Areas for Conducting Business Online 1. Direct marketing, selling and services 2. Online banking and billing. 3. Secure distribution of information 4. Value-chain trading and corporate purchasing


Cost: hardware, software, staffing and training. Value: investment in E-Commerce will return value or not. Leveraging Existing System: Balancing Ecommerce technologies with existing system, so that duplicacy of existing system. Interoperability: communication between two or more business organisations for exchange of documents without manual intervention, achieve cost reduction and improve performance.

1. Distance do not matter. 2. Works round the clock, i.e. 24 hours a day, 7 days a week and 365 days a year. 3. As compared to opening a new showroom / retail outlet the cost of creation of E-commerce website is less. 4. E-commerce website is more flexible to edit as compared to brochures and catalogues. 5. E commerce provides a large size market place and large variety goods. 6. Funds transfer is faster. 7. Disinter mediation: i.e. no middle man involved in the process. 8. Large number of potential business partners can be found while working through internet 9. Order is placed online therefore error reduction in order entry system

Psychological Barrier: Inability to feel and touch the products. Online stores do not exist for long due to lack of perfect technical know-how. Computer system has threat from hackers. In present scenario internet is being used by young highly educated man. Elderly and older people are away from this technology. E-commerce depends upon Internet availability. Payment through credit cards requires faith in system security. E-commerce may reduce social contacts. E-commerce website may carry virus to the system

Elements of typical commerce Product or Services Place Marketing Method of accepting orders Methods of accepting money Methods of Delivery Methods of accepting returns Warranty claims

Elements of E-Commerce Product or a service A place to sell the product A way to get customers to visit your website A way to accept orders A way to accept money A fulfillment facility to ship product to customers A way to accept returns A way to handle warranty claims A way to provide customer service

INTRANET It refers to a private network which uses internet technology and is designed to meet the internal information needs of the employees. It is accessible only by the authorised employees, contractors and customers. Advantages:
Easy, economic and fast system of communication within enterprise Based on internet protocol which expands accessibility Serves information automatically Permits inter-employee communication with more transparency Improve productivity of executives Ready to access the information globally Handles multimedia data effortlessly

DISADVANTAGES: Risk of security. Needs to change the work culture. Danger of reduction in face to face interaction between employees leading to impersonalisation of the company

Mobile Commerce (also known as M-Commerce) is the ability to conduct commerce, using a mobile device e.g. a mobile phone, a PDA, a smart phone while on the move, and other emerging mobile equipment, like desktop mobile devices. In an academic definition it is characterized in the following terms: "Mobile Commerce is any transaction, involving the transfer of ownership or rights to use goods and services, which is initiated and/or completed by using mobile access to computer-mediated networks with the help of an electronic device."

As content delivery over wireless devices becomes faster, more secure, and scalable, there is wide speculation that mcommerce will surpass wireline e-commerce as the method of choice for digital commerce transactions. The industries affected by m-commerce include:
Financial services, which includes mobile banking (when customers use their handheld devices to access their accounts and pay their bills) as well as brokerage services, in which stock quotes can be displayed and trading conducted from the same handheld device Telecommunications, in which service changes, bill payment and account reviews can all be conducted from the same handheld device Service/retail, as consumers are given the ability to place and pay for orders on-the-fly Information services, which include the delivery of financial news, sports figures and traffic updates to a single mobile device

MOBILE INFORMATION ACCESS DEVICES Mobile information devices are one of the dimensions of mobile computing. We know that data are transferred from one place to another via some means of media. To access data a wide variety of information access devices are needed like portable computers, hybrid pen computers, personal digital assistant and data communication equipments. The description of some of devices is as follows:
a) Laptops b) Notebook c) Handheld systems d) Hybrid pen computers e) PDA (Personal Digital Assistant)


WAP is open, global standard, application environment and a set of protocols for wireless devices that format web data for transmission over wireless internet connection letting you surf with a mobile phone or wireless device. It bridges the gap between the mobile world and the internet as well as corporate intranets and offers the ability to deliver an unlimited range of mobile value added services to subscriber. Based on internet model the wireless devices contains a micro browser, while content and applications are hosted on web servers. BENEFITS: 1. WAP delivers revenue opportunities for carriers. 2. WAP offers a broad market for developers. 3. WAP means increased sales for device, infrastructure and gateway manufacturers. 4. WAP means freedom to the end user

I WAY is also known as Information Superhighways. As it is known that the effective and efficient linkage between the consumer and the supplier is the demand of e-commerce. To make the website attractive and to provide a user friendly interface with multiple forms to consumers more and more multimedia contents are added to the site. Multimedia contents includes combination of text, audio, video and graphics. Therefore a large database and high speed networking are required to store and distribute large amounts of information with multimedia contents to customers. Just as to delivery goods to the consumers in traditional business activities a good transportation system and fine roads are required, in the same manner in e-commerce suppliers require better and improved ways of information known as I-way





Consumer Access Equipment (Hardware): are those instruments or hardware devices that are affordable by customers as well as can be provided by a provider at distribution level. Eg. TV System, Computer system, hub, switches etc. Local On-Ramps: This component is communicational backbone: TV based, Computer based and Telecom Based considered as Wireless Based,

Selection is done on the basis of cost, security and privacy

GLOBAL INFORMATION DISTRIBUTION NETWORKS This component deals with infrastructure issues in different countries and continents. Cable companies and telephone departments are providing most of infrastructure for these I-ways components over last three decades. It includes infrastructure, such as networks as long distance telephone lines and satellite networks that need heavy interaction of hardware devices and protocols their regulations. The two major technologies are:
Long Distance Networks Satellite Networks

LONG DISTANCE NETWORKS Eg. Cables, fibers Optical Fiber is fastest bounded communication media. Advantages: Noise resistance Less signal Attenuation Higher bandwidth

Disadvantages: Cost Installation and maintenance fragility

SATELLITE NETWORKS Advantages Accessible from any part of the globe High speed transmission


The world has changed a lot in the last couple of decades. Instead of simply dealing with local or regional concerns, many businesses now have to think about global markets and logistics. Many companies have facilities spread out across the country or around the world, and there is one thing that they all need. A way to maintain fast, secure and reliable communications wherever their offices are.

Home office

POP: Point of Presence

Business Partner

Mobile Workers

Basically, a VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together. Instead of using a dedicated, real-world connection such as leased line, a VPN uses "virtual" connections routed through the Internet from the company's private network to the remote site or employee. VPN TYPE
Remote-access. Also called a virtual private dial-up network (VPDN), this is a user-to-LAN connection used by a company that has employees who need to connect to the private network from various remote locations. Typically, a corporation that wishes to set up a large remote-access VPN will outsource to an enterprise service provider (ESP). The ESP sets up a network access -server (NAS) and provides the remote users with desktop client software for their computers. The telecommuters can then dial a toll-free number to reach the NAS and use their VPN client software to access the corporate network. A good example of a company that needs a remote-access VPN would be a large firm with hundreds of sales people in the field. Remote-access VPNs permit secure, encrypted connections between a company's private network and remote users through a third-party service provider. Site-to-site. Through the use of dedicated equipment and large-scale encryption, a company can connect multiple fixed sites over a public network such as the Internet. Site-to-site VPN s can be either: Intranet-based. If a company has one or more remote locations that they wish to join in a single private network, they can create an intranet VPN to connect LAN to LAN. Extranet-based. When a company has a close relationship with another company (for example, a partner, supplier or customer), they can build an extranet VPN that connects LAN to LAN, and that allows all the various companies to work in a shared environment.

A virtual private network (VPN) is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. A virtual private network can be contrasted with a system of owned or leased lines that can only be used by one company. The main purpose of a VPN is to give the company the same capabilities as private leased lines at much lower cost by using the shared public infrastructure. Phone companies have provided private shared resources for voice messages for over a decade. A virtual private network makes it possible to have the same protected sharing of public resources for data. Companies today are looking at using a private virtual network for both extranets and wide-area intranets. The three important VPN technologies are as follows: trusted VPN s secure VPNs and hybrid VPN s

The privacy afforded by VPNs was only that the communications provider assured the customer that no one else would use the same circuit. This allowed customers to have their own IP addressing and their own security policies. A leased circuit ran through one or more communications switches, any of which could be compromised by someone wanting to observe the network traffic. The VPN customer trusted the VPN provider to maintain the integrity of the circuits and to use the best available business practices. Thus, these are called TRUSTED VPNs. As the Internet became more popular as a corporate communications medium, security became much more of a pressing issue for both customers and providers. Seeing that trusted VPNs offered no real security, vendors started to create protocols that would allow traffic to be encrypted at the edge of one network or at the originating computer, moved over the Internet like any other data, and then decrypted when it reached the corporate network or a receiving computer. This encrypted traffic acts like it is in a tunnel between the two networks: even if an attacker can see the traffic, they cannot read it, and they cannot change the traffic without the changes being seen by the receiving party and therefore rejected. Networks that are constructed using encryption are called SECURE VPNs.

SECURE VPNs VS. TRUSTED VPNs The main reason that companies use secure VPNs is that they can transmit sensitive information over the Internet without needing to worry about who might see it. Everything that goes over a secure VPN is encrypted to such a level that even if someone captured a copy of the traffic, they could not read the traffic. Further, using a secure VPN allows the company to know that an attacker cannot alter the contents of their transmissions. Companies who use trusted VPNs do so because they want to know that their data is moving over a set of paths that has specified properties and is controlled by one ISP or a trusted confederation of ISPs. This allows the customer to use their own private IP addressing schemes, and possibly to handle their own routing. The customer trusts that the paths will be maintained according to an agreement and that people whom the customer does not trust (such as an attacker) cannot either change the paths of any part of the VPN or insert traffic on the VPN. It is usually impossible for a customer to know the paths used by trusted VPNs, or even to validate that a trusted VPN is in place, they must trust their provider completely.

A well-designed VPN can greatly benefit a company. For example, it can Extend geographic connectivity Improve security Reduce operational costs versus traditional WAN Reduce transit time and transportation costs for remote users Improve productivity Simplify network topology Provide global networking opportunities Provide telecommuter support Provide broadband networking compatibility Provide faster ROI (return on investment) than traditional WAN

Computer networks are generally designed to allow any computer connected to the network to freely exchange information with any other computer also connected to the same network. In an ideal world, this is a perfect way for a network to operate facilitating universal communications between connected systems. Individual computers are then free to decide who they want to communicate with, what information they want to allow access to and which services they will make available. This way of operating is called "host based security", because individual computers or hosts, implement security mechanisms. The Internet is designed in this way, as is the network in your office.

In practice individual computers on say, an office network, are not terribly good at defining and securely enforcing a consistent security policy. They run very complex, and therefore by definition error prone software systems, and it is very difficult to ensure that they are consistently kept secure, much less that their users obey basic advice like choosing difficult to guess passwords etc. This situation may be adequate where individual users on a network have a similar level of trust such that there is little chance or motive for a user to subvert host security, such as a small company network where everyone with physical access is trusted (e.g employee etc). Once that network is connected to other networks where the trust relationships simply do not exist in the same way, then other mechanisms need to be put in place to provide adequate security by protecting resources on the trusted network from potential access by attackers on the un-trusted part of the network.

The way this is done is by partially breaking connectivity at the network level so that nodes on the trusted and untrusted parts of the network can no longer freely exchange information in an free-for-all way. The device which does this is called a "Firewall". A Firewall disrupts free communication between trusted and untrusted networks, attempting to manage the information flow and restrict dangerous free access. There are numerous mechanisms employed to do this, each one being somewhere between completely preventing packets flowing, which would be equivalent to completely disconnected networks, and allowing free exchange of data, which would be equivalent to having no Firewall.


There are two main reasons to use firewall in an organisation: The large number of benefits of internet connectivity also comes with risks. All businesses connected to the internet need to make sure they have a firewall security solution in place to allow employees to access the internet, e-mail and FTP services while at the same time limiting the risk of unauthorised access to your network. The amount of information collected, stored and available on computer servers as well as the volume and types of business activities conducting online, makes sensitive corporate information vulnerable to being stolen or corrupted from both internal and external sources
APPLICATIONS OF FIREWALL Defense from External risks Defense from Internal risks

TYPES OF FIREWALL SOLUTIONS: 1. Packet filtering (Network Level) Firewall: A packet filtering firewall looks at each packets entering or leaving the network. Each packet is either forwarded or blocked based on a set of rules defined by the firewall administrator. Packet filtering is fairly effective and transparent to users, but it requires knowledge to configure effectively. 2. Proxy Server (Application Level) Firewalls: The proxy server type of firewall attempts to hide the configuration of the network behind the firewall by acting on behalf of that network or as a proxy. Proxy server firewalls are also known as application level firewalls as they provide access control at the application level layer. It acts as an application-level gateway between two networks. The major difference between proxy server and packet filters is that packet filters operate on individual packets, where as proxy servers must be involved in the entire session.

Payment Gateway
A payment gateway is a service that gives merchants the ability to perform real time credit card authorizations from a website over the internet. The payment gateway is a financial intermediary. It takes care of settlement of e-commerce transaction between the merchants shopping cart and all the financial networks involved with the transaction, including the customers credit card issuer and the merchant account. This is a seamless process and the customer does not directly interact with the gateway, as data is forwarded to the gateway via shopping cart and a secured connection. Since the payment gateway is the secure connection and transmission of the orders through to banking networks, it is independent of the interface that you use to transmit the order information through the payment gateway. A payment gateway can be set up by a bank. It needs a software which is linked to customers and suppliers and which is used to setup all other validations and checks. A typical e-commerce transaction consists of bill presentment, bill payment and settlement.

Role of payment gateway The payment gateway is your credit card processing agent. This agent is responsible for verifying credit card information, confirming that there are sufficient funds to cover the purchase and ensuring that there are sufficient funds to cover a purchase and ensuring that the credit card has not been reported stolen. These agents pass the information to their merchant banks, which, in turn, contact the credit card issuer for approval or denial of credit. The approval or denial of credit is then forwarded back down the chain to the payment gateway and to the e-merchant.


Payment gateways can be implemented through two methods. As a merchant, you can either house the gateway on your server, which requires installation of software, or you can choose to implement the payment gateway on your payment processing company's server i.e., financial institution. Housing the payment gateway on your site requires you to have appropriate security measures in place to encrypt and protect customer information. If you implement a payment gateway separate from the rest of your shopping cart solution, all the components will require configuration to ensure they work properly together, which can require high level technical capabilities. The advantage of housing your own gateway is that customer information can be collected in your database, enabling you to better manage your customers and site. If a payment processing company houses your payment gateway, then customer information will not be at your easy disposal. As well, since you do not gain access, customers' credit card information, it is more difficult to track charge backs. However, since the gateway is out of your hands, problems that occur are the responsibility of the payment gateway provider.

BENEFITS OF HAVING A PAYMENT GATEWAY SECURITY: Gateways keep customers' credit card data behind firewalls so that the merchant doesn't have to worry about someone "hacking in" to their system ENCRYPTION: Gateways use encryption to prevent message tampering while the credit card information is being transmitted over the Internet. BACK-UP REDUNDANCY: Gateways have a backup system in place to ensure that merchants can continue processing in the event of an emergency. COST BENEFITS: Gateways are services that are constantly upgraded to be upgraded to-date with the latest technology. And, because the gateways are not on merchant computers, there is no need for the merchants to upgrade their hardware.

A system that allows individuals to perform banking activities at home via the internet is called online banking. Some online banks are traditional banks which also offer online banking, while others are online only and have no physical presence. Online banking through traditional banks enables customers to perform all routine transactions, such as account transfers, balance inquiries, bill payments, and stop-payment -requests, and some even offer online loan and credit card applications. Account information can be accessed anytime, day or night, and can be done from anywhere. A few online banks update information in real-time, while others do it daily. Online banking uses today's computer technology to give one the option of bypassing the time-consuming, paperbased aspects of traditional banking in order to manage one's finances more quickly and efficiently.

ORIGIN OF ONLINE BANKING The advent of the Internet and the popularity of personal computers presented both an opportunity and a challenge for the banking industry. For years, financial institutions have used powerful computer networks to automate millions of daily transactions; today, often the only paper record is the customer's receipt at the point of sale. Now that its customers are connected to the Internet via personal computers, banks envision similar economic advantages by adapting those same internal electronic processes to home use. Banks view online banking as a powerful "value added" tool to attract and retain new customers, while helping to eliminate costly paper handling and teller interactions in an increasing competitive banking environment.


Convenience: Unlike one's corner bank, online banking sites never close; they're available 24 hours a day, seven days a week and they're only a mouse click away. Ubiquity: If one is out of state or even out of the country when a money problem arises, one can log on instantly to one's online bank and take care of business, 24/7. Transaction speed: Online bank sites generally execute and confirm transactions at or quicker than ATM processing speeds. Efficiency: One can access and manage all of one's bank accounts, including IRAs, CDs, even securities, from one secure site. Effectiveness: Many online banking sites now offer sophisticated tools, including account aggregation, stock quotes, rate alerts and portfolio managing programs to help one manage all of one's assets more effectively. Most are also compatible with money managing programs' such as Quicken and Microsoft Money.


Start-up may take time: In order to register for one's bank's online program, one will probably have to provide ID and sign a form at a bank branch. If a person and his/ her spouse wishes to view and manage their assets together online, one of them may have to sign a durable power of attorney before the bank will display all their holdings together. Learning curve: Banking sites can be difficult to navigate at first. One should plan to invest some time and/or read the tutorials in order to become comfortable in one's virtual lobby. Bank site changes: Even the largest banks periodically upgrade their online programs, adding new features in unfamiliar places. In some cases, one may have to re-enter account information. The trust thing: For many people, the biggest hurdle to online banking is learning to trust it. The frequent confusions are whether one's transaction got through, whether one pushed the transfer button once or twice, etc.? Best bet is always to print the transaction receipt and keep it with one's bank records until it shows up on one's personal site and/or one's bank statement.